My data is being collected without my consent.
I'm a novice looking for honest answers many sites are sketchy.
please tell me if this cookie is related to rogue and malicious apps that have been added without my consent. i have all kinds of user accounts that I don't recognize. please advise.
I reset my hard drive and i also have seen commands in PowerShell and PowerShell 64 from other users. I am the only user however I have administrators and administrator access - expired certificates that are trusted.
Related
In my app, i am checking if a user has a password set/enabled on Windows as part of a security app(vulnerability scanning).
I myself come from a software development background thus i am fairly new to new when it comes to system administration. So far im aware of of the LogonUsers API which works but using this API and attempting to "login" will empty credentials counts towards the account lock policy if set thus making using the API impracticable.
A cmd command i recently discovered, net use \\%COMPUTERNAME% "/user:%USERNAME%", works "sometimes" but more often than not it would not be able to check if there is a password set as it produces the same output.
In the program Bit defender Internet Security, the vulnerability scanning utility has a check to do just this question with high accuracy without triggering/counting towards the "failed login attempts" counter when the Group Policy Account lockout policy is set. I tried using Sysinternals process monitor to reverse engineer this functionality but could not find anything(its possible I missed something). Another puzzle is figuring out how Bit defender is capable of getting the password "length".
I was wondering if anyone has any advice on checking if a user account has a password set/enabled?
Once the password has changed, even windows does not know what the length of the password is. The password are stored as fixed length hash in the SAM database. There are undocumented APIs to query the SAM database to get the password, but it essentially only returns the hash of the password which is fixed length.
You can retrieve the various information about the password policy using NetUserModalsGet() api, but that will only return the minimum password length, etc. There is another api to get information about user account called NetUserGetInfo() and that will return password age and maybe you can use that to check when the password was last changed, but it may not be of much help. One way to do this would be to call LogonUser using blank password and if it failed, reset the bad_pw_count to what it was before your attempt. In any case, I guarantee you that any program that claims to know the length of the user password in windows is bullshit.
Ok, so I'm guessing the answer to this question is no (sensing privacy issues here), but let's check anyway.
Is it possible to read the username of the computer user (think SSO)? This could perhaps be read from the owner of the Firefox process.
I'm not really seeing anything about it in the SDK docs, and searching for username just gives me a bunch of password managers.
api-utils/environment provides access to the user's shell environment variables:
https://addons.mozilla.org/en-US/developers/docs/sdk/latest/packages/api-utils/environment.html
Here is some basic usage:
https://builder.addons.mozilla.org/package/156370/latest/
Depending on what info you need, you can run system commands with the priviledges of Firefox itself to get info from, say, the Windows registry. You should be aware that malicious use of code like this would not be allowed when your add-on is reviewed by the Mozilla Addons site.
Is there a reliably way to determine the last user name to login to the system? I've looked at LsaEnumerateLogonSessions() and LsaGetLogonSessionData() however they require elevation on Vista and later (which I'm keen to avoid). WMI has the same problem (presumably it's just calling Lsa behind the scenes).
I've also looked at "SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\LastLoggedOnUser" in HKLM, but in testing that's unreliable and doesn't get updated.
I'm really only interested in console logons, rather than Fast User Switching or TS logons.
I've read various articles, but have yet to come up with a good solution.
You might be able to use Audit Logon events - this requires your service to have a user access right to see the Security log, but not be a full Administrator.
Eventid 528 indicates who logged on, you'd have to find the most recent instance of this.
We have developed a ASP.NET 3.5 web application with Web Server 2008 and has implemented a custom authentication solution using active directory as the credentials store. Our front end application uses a normal login form to capture the user name and password and leverages the Win32 LogonUser method to authenticate the user’s credentials. When we are calling the LogonUser method, we are using the LOGON32_LOGON_NETWORK as the logon type.
The issue we have found is that user profile folders are being created under the C:\Users folder of the web server. The folder seems to be created when a new user who has never logged on before is logging in for the first time. As the number of new users logging into the application grows, disk space is shrinking due to the large number of new user folders getting created.
I need to get the token back after the authentication (authenticated \ password locked \ wrong password ) its futher use and based on logic showing different web pages
Has anyone seen this behavior with the Win32 LogonUser method?
Please answer the following issue:
Is it possible to disable this behavior to create the folder as taking 2.78 MB of space for every new user and it eating my disck space?
I have tried LOGON32_LOGON_BATCH but it was giving an error 1385 in authentication user.
For any solution related to LOGON32_LOGON_BATCH, can you please confirm if that will stop creating the folders at location C:\users.
Also for any possible solution I need either
I am able to disable the folder to be created at C:\user or
Any other option to authenticated user which will not creat folders.
Pass LOGON32_LOGON_BATCH and grant the users permission to log on as a batch job on that machine using Group Policy.
The MSDN documentation for LogonUser recommends LOGON32_LOGON_BATCH as the logon type for web services:
This logon type is intended for batch
servers, where processes may be
executing on behalf of a user without
their direct intervention. This type
is also for higher performance servers
that process many plaintext
authentication attempts at a time,
such as mail or Web servers. The
LogonUser function does not cache
credentials for this logon type.
Have you tried that?
You don't write any information about the version of products (.NET, Windows Server which you use) and the best answer on your question can depend on this. Moreover the best way for your solution depend on what you want to do with the users token after logon. Do you really want to use this token or you want only verify the user? So I try to answer most general on your question.
In general, error 1385 (ERROR_LOGON_TYPE_NOT_GRANTED) means following (see http://support.microsoft.com/kb/155012/en):
A user has requested a type of logon,
such as interactive or network, that
was not granted. An administrator has
control over who may logon
interactively and through the network.
There are SE_BATCH_LOGON_NAME and SE_DENY_BATCH_LOGON_NAME (NTSecAPI.h) privileges which can be disabled/enabled in your case (see http://msdn.microsoft.com/en-us/library/bb545671%28VS.85%29.aspx for description). Use Process Explorer started with administrator rights (see http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx) to see which privileges has a process and which from there are enabled (see "Security" tab of a process). If your account used for the application pool don't have SE_BATCH_LOGON_NAME granted or this privilege is not enabled before call of LogonUser, you should add the corresponding code in your program.
By the way sometimes you don't really want to do much with an user account and want only verify a password. To do this you can use an old way with SSPI (see http://support.microsoft.com/kb/180548/en) which are used inside of LogonUser implementation. This way is the most smart and quick way to verify an user account which I know.
You can look at "The SSPI Workaround" (see http://alt.pluralsight.com/wiki/default.aspx/Keith.GuideBook/HowToGetATokenForAUser.html) for more information of usage SSPI in .NET 2.0.
As we all know,we can use such api as "LockWorkStation()" in "user32.dll" to lock windows.
But how to unlock it?
For example, if i run an app at first, I want the app to unlock windows by itself after 30 second.
How to do it? In another word, if auto-logging in, windows will read the username and password from regedit and then use an api to login by those.
Now i need the api. It must exist, but it seems not to make public.
I can get the app the username and password of the windows.
It seems that there is some Api in WBF.But you know,the resource is too less.
I don't want to send keyboard message to solve the problem,for it is the worst method.
Promoting my comment because it needs more explanation:
You really want to write a GINA (for XP) or a Credential Provider for Windows Vista and beyond.
Fundamentally the Windows authentication model is based on the user providing evidence (identification) that they're authorized to access the computer (either by their credentials or biometric data or smartcard or other information). Once you've been authorized to log onto the computer, Windows allows you access.
When the workstation is locked (for whatever reason - screen saver, user typing in Win-L) the user needs to be re-authenticated.
Typically that's sufficient - the authorization is good for a period of time (determined by the administrator). If (for policy reasons) you need a finer grained control model, you could use your "LockWorkstation" idea to force the user to re-authenticate themselves. You need to be VERY careful about false positives (nothing pisses off users more than being told they're not allowed to use their computer simply because they removed their glasses or combed their hair differently) and how much drain on system resources your app causes.
When the workstation is locked the only way to unlock it is by the user logging in (pressing Alt+Ctrl+Del and entering correct password). This is a security feature that you cannot circumvent using an application API.