IIS wont run bat file (UAC Virtualization problem) - windows

IIS hosts a .Net Core that simply needs to run a bat file. The file is part of the project.
On the local machine, everything works properly, but on the server, the bat file is not triggered because it is blocked by UAC virtualization.
On the server, the double-click script runs smoothly, but cannot be started automatically by .NetCore
.Net core has admin rights to execute the script, also AppPool has the
rights to execute the script. But the script simply stays blocked by
UAC.
I tried to completely disable UAC and restarted the server but again the same.
I tried to create a shortcut with admin rights that will run the script but without success.

Related

Heroku won't load within Visual Studio Code

heroku : File C:\Users\mar\AppData\Roaming\npm\heroku.ps1 cannot be loaded. The file C:\Users\mar\AppData\Roaming\npm\heroku.ps1 is not digitally
signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see
about_Execution_Policies at https:/go.microsoft.com/fwlink/?LinkID=135170.
This is the error I'm getting. I've tried running "heroku -v" within the cmd and it works there so I know it was installed correctly. However, when I run the same command in visual studio I get the above error. I'm running visual studio code in admin mode and I installed heroku from admin mode as well.
I also enabled developer mode in my computer settings.
You need to set the execution policy regardless of whether you are running in administrator mode or not for PowerShell.
You can read more about this here
You can also see that it's throwing an error with regards to execution policy. The error basically means that windows could not verify the identity of the user that created the script and is blocking you from running it because it may be harmful (based on the fact that it could not verify the identity of the file creator).
This is just a counter-measure to prevent malicious scripts from running automatically.
If you want to run the script I would suggest running
Set-ExecutionPolicy -Scope CurrentUser -ExecutionPolicy Unrestricted
and then running the Heroku commands. The above script removes restrictions on script executions on the current logged in user.

stop and start IIS server for TFS build Access denied

I need to stop and start IIS server for TFS build. When do this using .bat file iisreset /stop, similarly for start.
When I do this I get
Access denied, you must be an administrator of the remote computer to use this command. Either have your account added to the administrator local group of the remote computer or to the domain administrator global group.
Please note: This is Windows server 2019
I am already admin of this machine.
I have given read/write access to everyone in this folder.
I have unset EnableLUA to '0' in the registry as told in link for site
Above all these, I restarted machine.
I still get error in TFS build.
When you start a build in TFS the execution of that build is effectively done by a build agent. A build agent is just a service running on any particular machine. So, your batch file that shall start/stop the IIS service will be executed by whatever build agent is running your particular build.
This in terms means that your batch file is executed by the user that is used to run the build service. If that user does not have the necessary admin rights you face this particular error message.
What you need to do is make sure that all accounts that you use to run your build agents have administrative permissions on whatever machine you want to start/stop IIS.
You are trying to do IISRESET in your batch script. You need to be an Administrator as basic right to execute IISRESET command. So the account which the build is running needs to be part of the Admin group on the box.
Other approach is to stop and start w3svc using sc config commands or NET STOP WAS /Y and NET START W3SVC
Both of your answers are correct, I added the 'Network Service' of TFS to admin group of machine. Then build was success. Administrative tools>Computer Management> Local Users and Groups>Groups>
Inside Administrators and Users add 'Network Services'. If you don't find 'Network Service' then change location to your computer node and add them.

VS error when creating new WebAPI project

When I create a new WebAPI project (MVC4) I get the following error.
EntityFramework.5.0.0: Failed to initialize the Powershell host. If your powershell execution policy setting is set to AllSigned, open the package manager console to initialize the host first.
jQuery.1.7.1.1: Failed to initialize the Powershell host. If your powershell execution policy setting is set to AllSigned, open the package manager console to initialize the host first.
After Googling I have found a few answers but nothing that works yet.
Error creating new MVC project - EF and JQuery
This answer seems like it should work for me as my last project was a 7z Command Line app and I might have done something daft with 7zip. But I copy pasted the 7-Zip directory from Program Files to Program Files (86) with no luck.
http://social.msdn.microsoft.com/Forums/en-US/vssetup/thread/c934fed4-e44e-4a06-9e3b-eccb9c8aa8d6
There is an answer here that might work (I haven't tried it) but even if it does work I wouldnt want to do this every time I create a new project.
Is anyone able to help me with this one?
I got around a similar error by running PowerShell as administrator with the command Set-ExecutionPolicy Unrestricted, restarting Visual Studio, and opening the Package Manager Console before what I wanted to do.
Make sure you understand the security implications of doing this first.
http://technet.microsoft.com/en-us/library/ee176961.aspx
Restricted - No scripts can be run. Windows PowerShell can be used only in interactive mode.
AllSigned - Only scripts signed by a trusted publisher can be run.
RemoteSigned - Downloaded scripts must be signed by a trusted publisher before they can be run.
Unrestricted - No restrictions; all Windows PowerShell scripts can be run.
I encountered this issue recently, after re-install VS and install the latest VS update 2, things go well. This works for me at least.

Batch script to update hosts file on boot-up using curl

I am trying to get a .bat script to run on boot-up and purge the hosts file with a new one.
I have this working on Windows Server 2008 Standard X86 and it has been working consistently for over a year. I installed 'curl', hard linked it to System32 and schedule the following .bat script using local group policy:
curl x.x.x.x/latest/hosts > C:\Windows\System32\drivers\etc\hosts
Now I want to get the same script working on windows server 2008 R2. I have the same thing setup and it works if I double-click the .bat file. However, when the script runs on startup via GPO, it simply wipes the hosts file completely and I have to login manually and double-click the .bat script.
Any idea what's causing this?
Is it a difference between Server 2008 R2 and Server 2008 STD?
Try
curl.exe x.x.x.x/latest/hosts > C:\Windows\System32\drivers\etc\hosts.tmp
move C:\Windows\System32\drivers\etc\hosts.tmp C:\Windows\System32\drivers\etc\hosts

Windows UAC do not popup (Access Denied)

I have made an installer using izpack which is packaged as an executable jar file.
Normally when I double click the jar/installer file the windows 7 UAC box pops up and I grant temporary administrator rights when installing the application (my UAC level is second lowest).
But for some reason this box no longer pops up when I double click the jar file. As a consequence I get an error "Access Denied" when the installer tries to install a windows service (during this process some keys are set in the registration database).
Any ideas on how I get windows to recognize the jar file as an installer and pop up the UAC box as previously?
It works fine if I open cmd in administrator mode and cd to the jar file and run it from there. But it could be nice to make it work the other way (correct way).
Izpack/izpack2exe will prompt for UAC privilege elevation if you add the element <run-privileged/> to the <info> section of the config file.
Or, if you name the installation executable to include "setup.exe" or "install.exe", Vista and Win7 should automagically prompt for UAC privs. (But this isn't foolproof, as an end-user may download your app and change the name, or if you use a JAR distribution...)

Resources