Our Problem:
We are using FortiGate in our company with ~2200 Clients. Most of them are using Notebooks. Some people can't connect to the Internet, when they come to the office after days working in home office. Our Fortigate is configured to watch the LogonEvents (EDIT:To be more specific: the attribute "lastlogon") of the Userobject on the Domaincontroller (we have 5) and authenticate the user with the IP of the device. This fails sometimes. Our network-guys are looking at this problem, but in the meantime i have to find solutions on the client-side
One workaround I found is to trigger a User LogonEvent via powershell on the client.
New-PsSession -ComputerName $Env:ComputerName -ErrorAction ignore
But most of the times it creates the User LogonEvent on one specific Domain Controller (mostly the default Logonserver), which is maybe faulty. It's the same when you lock your device and log back in.
Does somebody know another way to create a LogonEvent via Powershell or Batch, where I can select the authenticating Domain Controller? Like, iterating through all our Domain Controllers to create such event on the client.
Edit: Unfortunately, the command has to run with User Permissions.
Edit: Maybe it helps if I tell you my overall goal:
Every client gets a scheduled task via GPO which runs in User-Context
It gets triggerd by event 10000 from source Microsoft-Windows-NetworkProfile (network change)
A powershell script checks if the internet connection is working
If not, the script would try to trigger a LogonEvent on different Domain Controllers to be sure, the Fortigate Agent gets at least one of them.
Mathias has the right idea, but just creating a DirectoryEntry object (which is what [ADSI] is a type accelerator for) doesn't make a network request until you actually use it.
This will tell it to retrieve the name attribute of the root of the domain (any attribute would do - you just need it to get something):
[ADSI]::new("LDAP://domainController.fqdn", "svc_username", "p#ssW0rd").RefreshCache("name")
Related
Is it possible for a Windows service to force a user to login from the windows user login screen? I've seen where LogMeIn can do it. This is assuming, of course, that I have both the username and password for the user.
Is LogMeIn using an actual method (non-automated), or are they simply quickly automating the task of logging in my selecting the username and password fields and typing it in?
You should create a WindowStation, and a Desktop inside that. Your service would create the WindowStation and connect that to the user you want to log in, then I suppose you would periodically take a screenshot of the created desktop to present somewhere else.
You may want to start reading the documentation at https://msdn.microsoft.com/en-us/library/windows/desktop/ms687105%28v=vs.85%29.aspx and linked pages, then ask a more specific question.
I don't know if this method can be used to log in at the Console (the window station attached to the physical video card/keyboard of the computer), but if this has to happen automatically I'd avoid using the Console, but a separate Window Station.
EDIT: as it happens to say on the very page I linked (my bad), if a session for the user exists and the service tries to connect to it, it is opened; if it does not exist then it is created anew, and a desktop (named "default") is attached to it. If your service only has to log the interactive user in you should use the auto-login feature of windows instead.
Yes, you can auto login using Windows.
You didn't specify OS but for Windows 7/8 read this, and for Server 2003/2008 (and possibly 2012, but I haven't checked)
check out this Microsoft article.
I have some .NET code in a COM+/Enterprise Services serviced component. I communicate with this component from a WPF application and also from a legacy VBA application.
This arrangement works well when only one user is logged on to a machine. The component starts in its own process when either the .NET or the legacy application instantiates one of its COM objects.
The system also works for the first user to try to run it on a terminal server installation. However, when another user logs on, he/she is unable to use the application. I had hoped that each session would run in isolation, and that one host process would run per session. Am I wrong in this expectation?
In Component Services on the Activation tab my application is configured to run as a "Server application". On the Identity tab, "Interactive user" is selected. On the Security tab, "Enforce access checks for this application" is unchecked.
There isn't session isolation as you describe, instead process ownership limits what you have access to.
Your conclusion seems correct & you will need to determine a suitable mechanism to exchange data with the service.
I used WCF to create a service with a net named pipe listener https://learn.microsoft.com/en-us/dotnet/framework/wcf/index
The idea of using proxies to make rpc calls is attractive, but I found the proxy definitions and stubs to link it all together quite clumsy to use.
If you have events that may be triggered at either end then keeping client/service in sync becomes problematic.
AIUI you cannot invoke a rpc method that ends up invoking an rpc back at the originating end, although that could be a named pipe limitation.
If I was doing this again I would use a socket server in the service & the websocket protocol for biderectional data transfer, even though you might need to implement some thread handling to avoid the listener thread blocking whilst servicing requests.
Hard to find anything authoritative on this. For standard COM you can set the identity to 'Launching user'. The same is not available for COM+.
According to this archived post,
A COM+ application can be configured to run under the logged in account, or
a specified account. Under the application properties, see the Identity tab.
...
Once set however, it remains under that account until the application shuts
down, so you can't have multiple users using the same COM+ application under
different IDs.
That seems to match what is said in this knowledge base article too.
My conclusion is, I should probably accept that my component must run once per machine rather than once per session. It will need to be modified to accommodate this. Since it needs to start new processes in individual sessions, it will have to run as a Windows service under the Local System account (giving due attention to the security implications).
I am running a software on several computers at my workplace and the software can run different audio and video files stored on a shared folder in a central computer. The software runs on windows 7 and every person in my company can add or remove files from the shared folder, but this privilege puts the data at risk. I was thinking of creating an email alert to my self whenever a file is deleted. I have written a windows powershell script for sending me emails from smtp server but how can I hook it up to the event of file or folder deletion in a specific shared folder?
Honestly, if you want real time monitoring (I'm guessing you do since you're wanting an email alert sent to you when you detect file deletion), then the hardest part is going to be keeping the script running...
Anyway, the first two things you're going to need to do are
1) Enable the Audit Policy "Audit Object Access" on the server hosting the share
2) Enable auditing for the user/group you're monitoring
After that, you're going to want to use the Get-Eventlog cmdlet to search for event ID 4663 (you can also use event IDs 4656 and 4658 to correlate the event - they represent the opening and closing of a given file).
Anyway, after you've enabled auditing, use something like this get started:
Get-EventLog security | Where-Object {$_.EventID -eq 4663}
Oh, and to keep it running, you'll probably want to use a scheduled job.
Or you could use an IO.FileSystemWatcher object and register an event.
Grts.
I need to write a little windows service that should detect when a user is attempting to log in and deny access according to certain criteria, like the hour.
So, I researched the way the Windows Family Safety works when a child has hour restriction, and I noticed that the message received by the user(child) is similar or identical to the one received when a restriction is set using
net user User /time:etc, etc.
so I suspect that's what the Family Safety use.
However, I would like to interact with the "net" command programatically, and besides that I would like to know if there's an event to watch for when a user is attempting to login, or the user has just logged in.
Which Windows API should I look for to get this functionality?
The "net user" commands are available programmatically through the Network Management API. As an example, you can use the NetUserSetInfo function along with the USER_INFO_1020 structure to set the times during which a user can log on.
In windows 7, is there a way to have every login go to the same user session. So when a person is met with the login screen, they login and can continue working on that same user session. I am asking this because each user has their own login, but on this machine I need a program to be running across all user sessions. Since that doesn't seem feasible, I was just going to have them all login to the same user session.
Is this possible?
The appropriate way to solve this would be to have the program run as a service, and have a client UI that loads on startup 'hook' into the service process. Loading multiple users to the same session space would effectively violate the entire windows security model.
So, you either need to use a shared user for this, or a shared process (either local as a service, or remote as a server)
So, there's one possible way you might be able to get this to work, and that's to set this up as an interactive service. Definitely not a secure way to keep your system, but if you are able to make it work, it should work for your purposes:
Interactive services (in particular, read 'using an interactive service'):
http://msdn.microsoft.com/en-us/library/windows/desktop/ms683502(v=vs.85).aspx
Making srvany.exe (to run non-services as a service) on Windows7/Windows 2008:
http://social.technet.microsoft.com/Forums/en-US/winserverMigration/thread/98a97aee-c62b-4683-94ab-3777899cf7de/