I want to keep a log with the attempted log-in to a machine. The OS is Windows Embbeded Standard. Is it possible to make Windows execute an application or a script after every login attempt to enable me to save that information in my database?
EDIT:
Extract from Superuser:
"Here, you can set auditing to all types of events. I believe the one you want is "Audit logon events", Set it to Failure (or Success as well if you want).
All events will now get sent to Event Viewer. ..."
Is it possible to access the Event Viewer info via WMI?
From a security viewpoint, I would assume this would not be possible. But it is possible to write your specialized GINA library which would replace the standard login system of Windows. This was done to support fingerprint readers and smart card readers, and many other alternative login methods.
But out of curiosity, what kind of problem are you trying to solve here? Windows already has plenty of build-in functionality which can be analysed by anyone who can log in.
Follow this link to see how it's done in Windows 2003. I've checked with Windows XP on a virtual machine and it works exactly the same there. So I assume it also works in embedded XP versions.For reading the event log, this link from MSDN will be practical too. This will require .NET though, which is optional on Windows XP.
WMI might be a good place to start. You could use WMI (or another method) to query the security event log for sucessful/failed logon events, too.
http://www.computerperformance.co.uk/vbscript/wmi_event_log_administrator.htm
Related
I am writing an application that when is running should modify SystemConfiguration to set system wide proxy.
I know it is possible to do that using "Authorization Services" framework provided by Apple, however I see that it keeps asking for a user password to allow changes.
On the other hand I have 3rd party application (not the one I am writing) that does the same, but does not require user password. The application is not even written in Objective-C, but written in FreePascal (FPC) instead. Unfortunately I have no source code for this application to see how it does this trick.
I know I should be able to achieve the same (system config changes without sudo password) by either having Privileged Helper Tool supplied with the application (and perhaps install it on first run) or by going even nastier and loading a kext.
However I see that this application does neither of above. It only performs system calls and no password asked! I am completely puzzled how did they achieve that and would like to find a way to do the same.
So the question is - how to achieve complete "no password asked" for changing System Configuration on Mac OS X with an application?
PS: Application I have at hand runs as user, not root. And there is no modifications to sudoers neither.
This is silly, but after 2 days straight of searching for a solution I found that there is no special code nor any tricks required.
This is easily done via setting setuid bit to binary that requires escalated privilege and calling setuid(0) in the code before doing operations that require privilege (not sure if second part is necessary).
Relevant links:
Apple documentation
Related question on SO
PS: This works basically on any Unix-like system (BSD, Linux Solaris etc) with one details - this does not work on scripts (the ones that require hash-bang #! in order to execute interpreter) with exception of Solaris, where it seems to work just fine.
Here's what I want to be able to do:
Run a program on my local computer which logs in to a citrix server (using citrix receiver or doing so in a similar way), on the server in the citrix session open a web browser, load a website, and then bring the html of that site back out of the citrix session and onto my local computer. Bascially I want to get data out of a citrix remote session.
How can I do this programmatically?
I'm fine with whatever programming language/modality you are comfortable in answering the question using.
I've looked a little into the citrix apis but while I find some things about logging in and even sending keystrokes and mouse clicks I found nothing about obtaining data. I could just log in and then use a program like wireshark to get the information, but I'm guessing it's all encrypted (plus then I wouldn't be doing my task all programmatically). I know of at least one open source program which seems to be able to replace a citrix reciever/client (openthinclient.org) but before I got digging through all its source code to try to answer my question I thought I'd ask here in case someone had an easier answer.
If all you want is to automate the task, is having the program act as a citrix client necessary?
I assume you don't have install privileges inside your citrix session, so are unable to install one of the many automation tools available (such as http://docs.seleniumhq.org/)?
Given the above...
If you have/allow java on your local machine, have a look at http://www.sikuli.org/
The main difference between this and other automation tools I've come across is that Sikuli uses the image on screen to navigate the gui, rather than grabbing calls to the widgets (which wont work in a citrix session).
So, assuming you can take a screenshot of your citrix session, it could be useful to you.
I am running my C++ servi ce on Win2008 server machine. It crashes randomaly, and i do not know why. This is happening on multiple machines in customer site.
How can i configure the system to auto generate a dump of the process?
I need a method that will require minimal installations and UI, preferably only some registry hacks.
Thanks.
[edit] waiting...
You can use Windows Error Reporting locally on a machine without having to involve Microsoft and without having to sign your code. WER can be configured to store local copies of dumps. The MSDN documentation is here:
http://msdn.microsoft.com/en-us/library/bb787181(v=vs.85).aspx
It's a simple, well thought-out system, and is only a couple of registry settings to configure.
If your customer allows then i would suggest you to install DebugDiag from Microsoft. You can configure the tool to generate dumps when your application crashes and ask them to send you those dumps. I have used this quite often and found it to be successfull. If any help required please let me know.
Sign your executable then register with Microsoft for Windows Error Reporting (the signing certificate costs but WER is free). This will then collect the crash logs when the user hits the 'Send to Microsoft' button. These logs will then sit there until you log in to retrieve them. This requires no other installations on the user's machine.
I'm trying to write automated test, to ensure that the installer for my program works okay.
The program can be installed for all users (requires admin privs), or for current user (does not require admin privs). The program can also autoupdate itself, which in some cases requires admin privileges, and in some cases doesn't.
I'm looking for a way where I can have an automated test click "Yes, Allow" on the UAC dialogs, so I can write tests for all different scenarios, on many different operating systems, so that I can be confident when I make changes to the installer that I didn't break anything.
Obviously, the installer process itself cannot do this. However, I control the complete machine, and could easily start some sort of daemon process with administrative rights, that the testprogram could make a socket connection to, to request it to "please click ok on the UAC now".
I actually figured out how to do this while looking to answer a similar question about UAC. Here is what you can do:
Write a service that runs as SYSTEM.
Open the process token of the winlogon.exe instance running in your logon session.
Use that token to launch a helper process on the Winlogon desktop via CreateProcessAsUser.
At this point, you have a helper process running as SYSTEM in your logon session on the Winlogon (secure) desktop. From here you can use some kind of IPC mechanism to communicate from your automated test program to the helper process. In the helper process you can EnumDesktopWindows to find the UAC prompt. This is as far as I took it; I didn't actually try to simulate clicking Yes or No, but I don't see any reason why it wouldn't work. Also, I only tested on Windows 7 32-bit; I believe the UAC architecture is identical to Vista, but I didn't test on it.
It took me a while to figure all this out; I can provide some code if you want.
EDIT: Just as a follow up I added code to use FindWindow() to find the "Yes" button and I was able to successfully send it a BM_CLICK message; the UAC prompt went away and the application was allowed to run.
An alternative solution might be to turn UAC off
The least bad solution I've found so far is to run the tests in a VMWare session, and control the mouse/keyboard trough the vmware sdk. Would love to hear about other solutions
Remote Desktop to it or run it as a guest VM (using Virtual PC or whatever, just don't boot to it.) This is also the best way to take a screenshot or video of the UAC prompt.
I want to pop a browser with a given url from within a windows service. Like so:
System.Diagnostics.Process.Start("http://www.venganza.org/");
Works fine when running in a console but not from within the service. No error messages, no exceptions, the Process.Start() command just seem to do nothing. It smells of some security issue, maybe something with the service properties and/or logon options? Annoying stuff this... Anybody? (Oh, and on windows 7/.NET framework 3.5.)
A service should never pop up anything to the user. Don't do this with a service.
You will problably need elevated rights to do this aswell. You will have to sign in as the user.
Even if you manage to do this, don't. This is not what services is ment for and it is really bad practise. If you really want someting to pop up, have a seperate process instead.
It is popping up, but on the Window Station associated with the service.
I would suggest that you tweak your design such that your service doesn't need to interact in this manner. There are ways to get it to appear on an interactive desktop (you'd have to cope with issues such as impersonating the relevant user, targeting the correct desktop if nobody is logged on or if more than one person is logged on, etc.)
Just on a side note Windows services aren't built for interactivity. They are used to process behind-the-scenes type stuff. However, have you tried enabling the Interact with Desktop option on the service itself?