What makes it possible to start services through the Windows SMB protocol? - windows

Why is it possible to manage services through the SMB protocol in Windows?
The SMB protocol is made for managing network shares (files and directories) and printers, so what mechanism in the protocol makes it possible to interact with services?

From the sysinternals article:
PsExec starts an executable on a remote system and controls the input
and output streams of the executable's process so that you can
interact with the executable from the local system. PsExec does so by
extracting from its executable image an embedded Windows service named
Psexesvc and copying it to the Admin$ share of the remote system.
PsExec then uses the Windows Service Control Manager API, which has a
remote interface, to start the Psexesvc service on the remote system.
The Psexesvc service creates a named pipe, psexecsvc, to which PsExec
connects and sends commands that tell the service on the remote system
which executable to launch and which options you've specified. If you
specify the -d (don't wait) switch, the service exits after starting
the executable; otherwise, the service waits for the executable to
terminate, then sends the exit code back to PsExec for it to print on
the local console.
It's a very creative hack. psexec uses SMB to copy its own EXE to the target machine. Then uses the Windows Service Control Manager API (different protocol) to start the exe on the remote machine. The missing deail is the exact API that launches psexec on the remote machine. I did some digging and discovered that the OpenSCManager API is what facilitates this. Once a handle to the remote machine's service control manager is obtained, APIs such as CreateService and StartService can be used to start the remote process.
So it's not the SMB protocol per se. More specifically, it's the Windows Service Control Manager that makes it possible to do things similar to psexec.

Related

Remote printer discovery via Windows API

In a Windows network where each computer runs an SCCM client, is there any way of discovering and listing the Printer objects available to one machine, via an API call from another?
Can this be done via SCCM, Powershell, or any REST library?

Why is remote SmartCard not found when using RDP

I'm using Windows Server 2008 R2 which runs a VB6.0 application that uses a smartcard locally.
I then connect to this machine remotely using Remote Desktop Connection (6.3). However now the application shows the following error (SmartCard):
0x8010001d The Smart card resource manager is not running.
Research so far:
I don't want to use redirection as the card is on the remote machine already.
Using RDP the way I am trying to use it for is wrong and tightVNC is more appropriate (This does fix the issue)
Unsure - SCardEstablishContext API is returning that error because it gets an Access Denied error when trying to open an event called "Global\Microsoft Smart Card Resource Manager Started" with OpenEvent API. The default security for that event on Vista and Windows 7 specifies that only SYSTEM, LOCAL SERVICE and INTERACTIVE users have access to it. NETWORK SERVICE or non-interactive users won’t be able to access the event.
Why is the SmartCard not being recognised?
Any Information would be appreciated.
NOTE: The smartcard works fine when the application is on Windows Server 2008 R2 - however only fails when connecting remotely.
It is not possible, you can't use the locally plugged smartcard of the server you RDP into, as your session is redirected to the client then only the clients smartcard is accessible in the rdp session.
Microsoft made it like this for security reasons.
But there is a turn around, like sharing the device (smartcard reader, Usb token, Usb devices ) using software or hardware :
softawre examples (i only found paid solutions), see link
or hardware using a Device server but it doesn't work through WAN only LAN.
Use VNC instead of RDP
TLDR: Use VNC as a Windows Service
If you insist on using RPD, then you'll have to patch your RDP DLLs. If you don't want to do this, then instead use ANY OTHER PROTOCOL other than RDP. If it's a vmware VM, then just use the vcenter console. If it's an Azure VM where you don't GET a console, then just install VNC-server-softer on the server that has the Smart Cards and then access from somewhere else via VNC-client. "TightVNC" (https://community.chocolatey.org/packages/tightvnc) worked nicely for me.
There are two ways to run TightVNC server:
TightVNC Server (Service Mode) -- Connecting with VNC-client will take you to the Windows logon screen.
TightVNC Server (Application Mode)
You will need to run TightVNC as a Windows Service. Then you will start a NEW session. Otherwise you'll just be on top of the existing RDP session and still not see remote Smart Cards.
Long Version
If you RDP into a remote server, then that remote server's Smart Cards will be hidden. That behavior is baked into RDP and it is BY DESIGN.
You can optionally take your LOCAL Smart Cards along into the RDP session. (Via mstsc.exe's "Local Resources" tab and then checking "Smart cards".) But these are the Smart Cards connected LOCALLY to your laptop. And NOT the Smart Cards connected to the remote server.
So if you use RDP, then you have option to either see no Smart Cards at all (neither local, nor remote) or just see your LOCAL Smart Cards. To see the REMOTE Smart Cards is NOT possible via RDP.
This is by design inside RDP. And if you want to change it, then you have to manually patch some .DLL files. And somebody has actually done this. See this question here:
How to Access Remote USB Smartcard during RDP
Before you create your Remote Desktop session, click on "Show options". Under the "Local Resources" tab there is a "Local devices and resources" panel. Click the "More" button.
Click on "Smart Cards". No complete the remote desktop session.

Windows server monitoring

I have RDP access to the windows server. I used to do manually check the disk space and RAM usage on all my windows server. I can't install or enable any service on the remote servers. Is there any way, to automate the task to check the disk space and RAM/CPU usage on remote windows server with RDP access only.
No, not with RDP - as its name entails, the Remote Desktop Protocol is an interactive system for users to access their desktop - hardly an automation system.
But you don't need to install anything, Windows comes with full remote management possibilities out of the box. For example, Inside a PowerShell session (on your PC) just use:
Get-WmiObject -class Win32_LogicalDisk -ComputerName SERVER1,SERVER2,SERVER3 | select DeviceID,VolumeName,Size,FreeSpace
You can add as many servers as you want to the list. If your local login account does not have permissions to access the remote servers, simply add the -Credential DOMAIN\LOGIN parameter to the command above.
Finally, if you encounter a login error even with an account that is an administrator of the remote servers, you must check that firewall rules do not prevent remote administration from working on the server side. You may want to use (inside an RDP session) the PowerShell command Enable-PSRemoting.
There is many ways to check servers. But I recommanded to install tools (open source) like nagios or zabbix.
Nagios is a good open source for monitoring with web access and email alerting. You need to install NSclient on the windows server which allows nagios the access to resources.
About the email alerting, you need to install an smtp server, that will send mail each time there's a critical situation. (postfix or sendmail)
this is a tutorial link to install nagios:
http://itgration.blogspot.com/2014/09/installation-nagios-306.html

nodejs impersonation with windows

I need to use nodejs to write file to a password protected shared folder on a remote machine running Windows server 2008 r2, how can I do impersonation things within nodejs like .net app does?
Thx in advance!!!
PS:
Sorry for the unclear description. The folder is set to shared across the internal network on the remote windows server system, the folder is set to "readonly" for the windows account explicitly created by the admin. The nodejs server is on the same internal network and need to access the remote shared folder, thus I think nodejs need to impersonate the windows account on the remote machine to read contents from the shared folder. My question is how to do the sorry for the unclear description. The folder is set to shared across the internal network on the remote windows server system, the folder is set to "readonly" for the windows account explicitly created by the admin. The nodejs server is on the same internal network and need to access the remote shared folder, thus I think nodejs need to impersonate the windows account on the remote machine to read contents from the shared folder. My question is how to do the impersonation stuff for nodejs?
Late to the party - but since there is no accepted answer...
You'll need to launch your node process using the account that has access to the network share. How this is done differs based on your setup. For example, if you're runnning node on a lLinux server trying to connect to the remote Windows server, then it's not going to be straightforward with node.
However; if you're running node on a Windows server, trying to connect to a remote share on another Windows server (which is what it sounds like your situation probably is). Again, you'll have to run your node script as a user with access to the remote share. If you need to do it from code, I'd suggest taking a look at my module node-windows. It doesn't provide remote share access specifically, but it will allow you to run command line code with a different account from within your node script.

controlling a remote machine

I want to develop some kind of automation system i can control some pcs in my network.Features i am looking to develop are as follows:
1)Ability to establish a connection with some remote systems and executing some commands on those
2)Ability to transfer files from main controller pc to those pcs
3)Ability to get status of other pc
I dont want to install some explicit server on each of the client machines , and want to use some in built protocol /services running on windows a my clinets are windows.
The only this available with my controller pc is Administator user name and passwd and clinet machine ips.
IBM TPM uses some port to do such things but am not usre which protocal /service it uses?
I have done a remote software installation using ibm tpm.I dont think it uses telnet or ssh.
Which inbuilt service/protocol i should use? (not telnet or ssh)
I need to design a tool that can install software on remote client machine.
Basically i need Deploy MSI, EXE, BAT etc. on various client machines without user interaction.
There are lots of tool on net that provide these features but i need to develop such type of utility.
Please suggest
you can setup remote desktop on the machines.
For Establishing command : you can setup remote desktop
For transferring files: You can map drives of other machines programmatically using the method WNetAddConnection2().
Its unmanaged code ...
This might help :
http://vbnet.mvps.org/index.html?code/network/wnetaddconnection2.htm
http://www.pinvoke.net/default.aspx/mpr/wnetaddconnection2.html

Resources