I have a working PS script that gets the boot time of remote servers
#$ServerArray is the list of servers
$cso = New-CimSessionOption -Protocol Dcom
$cs = New-CimSession -ComputerName $ServerArray -SessionOption $cso
Get-CimInstance -CimSession $cs -ClassName win32_operatingsystem -OperationTimeoutSec 10 | select csname, Caption, lastbootuptime | sort lastbootuptime | format-table -autosize
Result:
csname Caption lastbootuptime
------ ------- --------------
server1 Microsoft Windows Server 2012 R2 Standard 10/30/2021 3:07:23 AM
server2 Microsoft Windows Server 2012 R2 Standard 10/30/2021 3:12:35 AM
server3 Microsoft Windows Server 2012 R2 Standard 10/30/2021 3:13:34 AM
Are there any other details that can be extracted using PowerShell or another API to show that the server has properly booted?
Note: This may be difficult to use PowerShell for depending on the mechanism of execution; PowerShell Remoting is not available during early stages of boot, nor is an interactive CLI. However, some agents or services (like VMware Tools as an example) can facilitate remote execution at times like these. Scheduled Tasks can also be leveraged to run code locally during some earlier boot phases. Though this answer centers around PowerShell, the general information can be used with other programming languages as well.
There are boot states of Windows you can attempt to look for ways to check these but the most reliable way I've found to know if the computer is in a state for a user to log on is to wait for Get-Process winlogon to return a process back. Once winlogon is running, the computer is near or able to facilitate logon sessions, pending completion of GPO application.
This SuperUser answer explains how to use the Windows Performance Toolkit (part of the Windows SDK) to initiate a boot trace and disseminate its report, but that isn't the focus of this question or answer. I'm including it here to show that waiting for winlogon is the right way to identify when the system is ready for interaction; execution of winlogon is actually the final Windows boot phase and that answer exemplifies this.
Note: Technically, logging in and waiting for scheduled tasks to complete on login is the final step but that portion comes after after kernel boot has completed, and can be repeated for multiple logon sessions. I don't consider this part of the "boot sequence" or system initialization.
As for the boot phases of Windows I've only been able to generate a report of a boot trace using xbootmgr. I'm not sure there is a documented API (win32 or otherwise) exposed to the userspace to check for the current boot phase outside of the boot trace. At this time I can only recommend looking at environmental details to know the current boot phase (such as checking for the winlogon process), although I'm not familiar enough with the environments of the other boot phases to make additional recommendations here.
If I learn more information about the other phases I will update this answer.
Related
Is there a powershell module that I can uses on client system where I have the agents installed ?
I pushed the patches from SCCM Console to client with deployment status as "available" and need to run the install command from the machine where I have sccm agent installed. how can i do that ?
Yes, you can automate using the ClientSDK WMI classes and powershell. There is a good writeup about it here
https://timmyit.com/2016/08/01/sccm-and-powershell-force-install-of-software-updates-thats-available-on-client-through-wmi/
https://byteben.com/bb/identifying-and-installing-sccm-client-software-updates-remotely-with-powershell-and-trigger-a-vmware-snapshot-before-remediation-part-1-of-3/
It is better to just run a "Required" deployment on collection with the specific clients to want. See the docs
You may create that collection with query "where Client0 is 1" or doing fine-grain selection with direct membership. Here's how.
This way the SCCM Agent will be controlling the installation the whole way, and allow to:
Handle temporarily offline clients
Active users on the device
Scheduling and windowing
and more...
I am having trouble when I have one Windows service try to install another Windows service.
Specifically, I have a TeamCity agent running tests for me on a Windows 2008 AWS instance. The tests are written in Java, which shell out to a .bat script to install a service (let's call it Service A), giving it a unique name each time.
The offending line is in the .bat script: sc create "%serviceName%" binPath= %binPath% DisplayName= "%serviceDisplayName:"=%" start= %serviceStartType%. I believe as long as the service name is unique that should work.
And indeed it does work if I run the tests manually on the command line, using an administrator account. Service A is installed, the test completes and Service A is uninstalled at the end.
I have tried running the TeamCity agent as LocalSystem, as Administrator, and as another user that is member of the administrators group. I have also tried disabling UAC completely.
Presumably the problem is access denied type errors, although that is not clear at this point. There are a few avenues to explore still, but it is a simple question really: are processes running as services forbidden from installing other services? Are there special things I have to do to configure the machine/ account to allow it to do this?
The point of the test it to install and use Service A, so workarounds are not relevant - Service A must be operated as a black box.
Thanks!
There are no restrictions on creating services with regards to how the creating process can execute, as long as the process has the appropriate permissions. That is to say, a process could be running as a service and create another service -- the only consideration here is the appropriate permission level.
The problem that often occurs with running batch scripts from within processes (as opposed to directly through user input on the command line) is that the environment expected isn't always the environment that is loaded. In this case, it appears that the env variables referred to in the batch script weren't properly set when running as a service, which of course then caused the service install failure. Correcting the environment loaded when the batch script is shelled out is the correct solution here.
I am looking for a tool to know if a given computer on the local network is being remotely accessed by a user or not and ideally I'd like to know who that user is. In my company, we share virtual machines and we keep have to ask members in the team if they use any remote computer. I'd like to have some kind of dashboard that can tell me what computer is being used, and what computer is free.
I am happy to use any kind of commercial solution that would require the install of services on each of the machines that need to be monitored or things like that.
The below is made easier if you're querying from a Windows client joined to the same domain as the system you are querying, and may require certain rights above and beyond a standard domain user. If you run into authentication/permission issues, that would be the first thing I'd check.
There is a tool available at least as far back as Windows XP called "qwinsta". Later versions of Windows have both qwinsta and "query session".
qwinsta /server:computer01
SESSIONNAME USERNAME ID STATE TYPE DEVICE
console 0 Conn wdcon
rdp-tcp 65536 Listen rdpwd
administrator 2 Disc rdpwd
That shows user "administrator" logged in but disconnected. Since in this example computer01 is a Windows Server 2003 system with the default "administration" RDP license, there's a second session listening for someone to connect.
Running the same command again after connecting to that previously disconnected session looks like this:
SESSIONNAME USERNAME ID STATE TYPE DEVICE
[unchanged output removed]
rdp-tcp#25 administrator 2 Active rdpwd
This is enough to answer "is someone currently active via RDP", and if you're using individual usernames, it should answer the "who" as well. If you're all using "testuser" or "administrator" or something, you'll probably want to know the answer to "from what client", and that is not given above.
The above gives a quick basic answer without needing additional tools. For more detailed information, you might look at the cassia library or PSTerminalServices (built on cassia). See some of the answers in this question for more detail.
My first thought on this was to use Sysinternals tools such as PsLoggedOn or LogonSessions. I then found reference to the previously-unknown-to-me qwinsta and rwinsta tools in this blog post from 2003.
You can use a PSModule named PSRdSessions, this module provide some simple funtions
sample of use
Get-RdSession -ComputerName Server01.domain.xyz # return [Cassia.Impl.TerminalServicesSession]
for return [hashtable]
Get-RdSession -ComputerName Server01.domain.xyz | Convert-RdSession # return
for return [pscustomobject]
Get-RdSession -ComputerName Server01.domain.xyz | Convert-RdSession | %{[pscustomobject]$_}
Is it possible to start postgres process with a user account that has "administrative" privileges? I am on windows XP.
--Error shown is --- (Not really error, it is a security feature)
The server must be started under an unprivileged user ID to prevent
possible system security compromises. See the documentation for
more information on how to properly start the server.
Current work around is to create normal user and run process under that. What I am looking at is quick way to start database, do some operations and shut it down as part of build process.
(years later)
Postgres ships with a control program. See details in official documentation
Short answer:
pg_ctl start "args"
I'm using an AutoIt script to start and automate a GUI application. I need to activate the script each hour.
Will AutoIt scripts (which perform actions on a GUI) work when used as a service? The script will be run as a service (not scheduled task).
You can easily make an autoit script run as a service using service.au3 written by archer of the autoit forums. Unfortunately or fortunately since it is a security measure. A service needs to start independent of the current user session (before login). It cant access send APIs for input manipulation of the current user session from there. It does sound much more like you need a scheduled task and not a service.
As mentioned above, a scheduled task is what you're looking for. To run a script as a service read this:
Q4. How can I run my script as a service?
This is also a question with multiple answers, and none of them are the only way to do it. The first question to ask yourself is whether or not you wish to install the service on other computers besides your own.
A1. If you only wish to install the service on your own computer, The easiest way to do this is to use Pirmasoft RunAsSvc. This program makes services easy to install and easy to remove when necessary.
A2. If you wish to make the service available to anyone running your script, you can use SRVANY.EXE and ServiceControl.au3. You can then use this code to install your script as a service:
#include "ServiceControl.au3"
$servicename = "MyServiceName"
_CreateService("", $servicename, "My AutoIt Script", "C:\Path_to_srvany.exe", "LocalSystem", "", 0x110)
RegWrite("HKLM\SYSTEM\CurrentControlSet\Services\" & $servicename & "\Parameters", "Application", "REG_SZ", #ScriptFullPath)
or use the following code to delete this service:
#include "ServiceControl.au3"
$servicename = "MyServiceName"
_DeleteService("", $servicename)
There is one caveat to setting up AutoIt as a service. If the service is not installed using the above code, it must have the "allow service to interact with the desktop" setting or else automation functions such as Control* or Win* functions will not function. To assure the service does indeed have this setting, use the following code:
RegWrite("HKLM\SYSTEM\CurrentControlSet\Services[ServiceName]", "Type", "REG_DWORD", 0x110)
Taken from the FAQ topic on the AutoIt Forums. www.autoitscript.com/forum/index.php?showtopic=37289)
It sounds like you're want to use a scheduled task instead of a service. Scheduled tasks can execute every hour, while you're logged in, and should also be able to interact with your desktop. Just remember that a task run as a normal user can not interact (send input) to a elevated program if you're using Vista/Windows Server 2008 with User Account Control enabled.