Reading windows registry values by making remote connection from CentOS - windows

I need to access windows registry values of a computer by remotely connecting to it through some windows utility or any other alternative.
Also, the remote connection should be secure.It should not make the system vulnerable post making the connection.

Related

Problems connecting over RDP using FQDN but connect using IP

since 1-2 months I have problems on some machines in my environment when I try to connect via RDP.
The environment configuration uses a Microsoft PKI (Windows Server Certificate Authority). All computers that are integrated in the domain, request and are given a certificate from:
Computer
RDP (as server)
All machines in the domain have the ROOT CA and SUBCA certificate installed.
The problem is intermittent, on the same machine it does not work, the computer is restarted and for a while it works.
The credentials with which I connect work and the user with which I connect has permissions for RDP (he is a domain administrator).
When I connect using the FQDN (pc1.mydomain.com) the window to enter credentials appears, I enter them correctly and it tells me that the credentials are invalid. I make several tests to verify that I have not made a mistake when entering the credentials. It seems to fail in the connection protection process.
When I connect using IP to the same machine as before, the certificate appears, but if checked, the certificate is valid for the FQDN indicated above, so the certificate is OK (in date, valid and has not been revoked). If I accept the certificate, it starts the connection protection and finally connects.
If I access the same machine physically or through VMWare console, it lets me login correctly.
I have gone to check the Windows event log both in system, as application, as in RDP and I do not see any error, neither in the client from which I connect, nor from the server from which I connect.
If I connect from another machine that is not Windows (Mac) using the Microsoft RDP application, if it lets me connect, even when from Windows it fails.
It happens from several clients and on several machines to which I connect via RDP.
At the Firewall level all the rules are correct, both in the Windows Firewall and in the Network Firewall.
What is the operating system of the pc/server with the issues? I have an issue with an old Windows 2008 r2 server similar to this.

How to restore access to a windows shared folder after host password change?

I have a shared folder on a windows 10 host machine. I could access it from a windows 10 client machine, where I had set "remember credentials" when first accessing the share. I changed the password on the host. Now the client cannot access the shared folder. That was expected. But I could not find a way on the client to allow the user to re-establish access to the shared folder.
I expected it would ask for credentials again. However I got a network error saying that windows cannot access the host machine.
Based on a number of entries on various forums, I tried a few things. The credentials manager on the client does not show the host. I stopped and restarted file and printer sharing on the client, without any change in the result. Network diagnosis and the windows troubleshooter gave no help.
The problem was due to some previous connections remaining in the network table, even though disconnected, as presented by the "net use" command from the command prompt.
>net use
Status Local Remote Network
--------------------------------------------------------------------------
Disconnected \\192.168.1.71\IPC$ Microsoft Windows Network
Disconnected \\HOST\IPC$ Microsoft Windows Network
After deleting them (via "net use /delete") the next attempt to access the host asked for credentials. Yay!
I began the path to the solution when I tried
net use z: \\host\shared /user:admin password
which gave system error 1219 stating multiple connections to a server are not allowed. Disconnect all previous connections and try again. Obviously, even though known to be disconnected, the entries prevented reconnection.

Why is remote SmartCard not found when using RDP

I'm using Windows Server 2008 R2 which runs a VB6.0 application that uses a smartcard locally.
I then connect to this machine remotely using Remote Desktop Connection (6.3). However now the application shows the following error (SmartCard):
0x8010001d The Smart card resource manager is not running.
Research so far:
I don't want to use redirection as the card is on the remote machine already.
Using RDP the way I am trying to use it for is wrong and tightVNC is more appropriate (This does fix the issue)
Unsure - SCardEstablishContext API is returning that error because it gets an Access Denied error when trying to open an event called "Global\Microsoft Smart Card Resource Manager Started" with OpenEvent API. The default security for that event on Vista and Windows 7 specifies that only SYSTEM, LOCAL SERVICE and INTERACTIVE users have access to it. NETWORK SERVICE or non-interactive users won’t be able to access the event.
Why is the SmartCard not being recognised?
Any Information would be appreciated.
NOTE: The smartcard works fine when the application is on Windows Server 2008 R2 - however only fails when connecting remotely.
It is not possible, you can't use the locally plugged smartcard of the server you RDP into, as your session is redirected to the client then only the clients smartcard is accessible in the rdp session.
Microsoft made it like this for security reasons.
But there is a turn around, like sharing the device (smartcard reader, Usb token, Usb devices ) using software or hardware :
softawre examples (i only found paid solutions), see link
or hardware using a Device server but it doesn't work through WAN only LAN.
Use VNC instead of RDP
TLDR: Use VNC as a Windows Service
If you insist on using RPD, then you'll have to patch your RDP DLLs. If you don't want to do this, then instead use ANY OTHER PROTOCOL other than RDP. If it's a vmware VM, then just use the vcenter console. If it's an Azure VM where you don't GET a console, then just install VNC-server-softer on the server that has the Smart Cards and then access from somewhere else via VNC-client. "TightVNC" (https://community.chocolatey.org/packages/tightvnc) worked nicely for me.
There are two ways to run TightVNC server:
TightVNC Server (Service Mode) -- Connecting with VNC-client will take you to the Windows logon screen.
TightVNC Server (Application Mode)
You will need to run TightVNC as a Windows Service. Then you will start a NEW session. Otherwise you'll just be on top of the existing RDP session and still not see remote Smart Cards.
Long Version
If you RDP into a remote server, then that remote server's Smart Cards will be hidden. That behavior is baked into RDP and it is BY DESIGN.
You can optionally take your LOCAL Smart Cards along into the RDP session. (Via mstsc.exe's "Local Resources" tab and then checking "Smart cards".) But these are the Smart Cards connected LOCALLY to your laptop. And NOT the Smart Cards connected to the remote server.
So if you use RDP, then you have option to either see no Smart Cards at all (neither local, nor remote) or just see your LOCAL Smart Cards. To see the REMOTE Smart Cards is NOT possible via RDP.
This is by design inside RDP. And if you want to change it, then you have to manually patch some .DLL files. And somebody has actually done this. See this question here:
How to Access Remote USB Smartcard during RDP
Before you create your Remote Desktop session, click on "Show options". Under the "Local Resources" tab there is a "Local devices and resources" panel. Click the "More" button.
Click on "Smart Cards". No complete the remote desktop session.

controlling a remote machine

I want to develop some kind of automation system i can control some pcs in my network.Features i am looking to develop are as follows:
1)Ability to establish a connection with some remote systems and executing some commands on those
2)Ability to transfer files from main controller pc to those pcs
3)Ability to get status of other pc
I dont want to install some explicit server on each of the client machines , and want to use some in built protocol /services running on windows a my clinets are windows.
The only this available with my controller pc is Administator user name and passwd and clinet machine ips.
IBM TPM uses some port to do such things but am not usre which protocal /service it uses?
I have done a remote software installation using ibm tpm.I dont think it uses telnet or ssh.
Which inbuilt service/protocol i should use? (not telnet or ssh)
I need to design a tool that can install software on remote client machine.
Basically i need Deploy MSI, EXE, BAT etc. on various client machines without user interaction.
There are lots of tool on net that provide these features but i need to develop such type of utility.
Please suggest
you can setup remote desktop on the machines.
For Establishing command : you can setup remote desktop
For transferring files: You can map drives of other machines programmatically using the method WNetAddConnection2().
Its unmanaged code ...
This might help :
http://vbnet.mvps.org/index.html?code/network/wnetaddconnection2.htm
http://www.pinvoke.net/default.aspx/mpr/wnetaddconnection2.html

Unable to run Firebird

I am installing Firebird (v1.5.5 - I know it's old but it works) on a new computer which is running Windows 7. I have installed the classic server version as a service. According to documentation at the Firebird site, I modified the firebird.conf file so that IPCName would be global\FirebirdIPI; I did this while the service was not running.
Despite all my efforts, I have been unable to access any of the databases which I copied to this new computer via ISQL. FWIW, the EMS SQL 2005 manager program is successful in accessing the databases, but this program apparently has a direct method which does not require fbclient.dll.
What else should I be checking?
Update from a few days later. After wasting a great deal of time with Windows 7, we decided to downgrade the computer and run XP. After installing the superserver version of FB 1.5.5, I can run my programs and access the databases which are stored on this computer. Attempts to access the databases from other computers connected on the network failed with a variety of error messages, but normally something like 'i/o error for file !firebird!\db\q400.fdb'.
In order to allow people on the network to continue to access the databases, I revived the NT server and started the Firebird service - and all the programs can access these databases successfully from remote computers!
To simplify matters, there are three computers on the network:
the NT server ('zorcomp'), which is running the Firebird service; the fdb files reside on this computer in a directory called 'db' which sits under a shared directory called 'firebird'
a computer running XP, called 'kivserver', which also has a shared directory called 'firebird' and underneath that a directory called 'programs'. Copies of all the fdb files reside in a directory called 'db'.
a computer running XP, which maps \zorcomp\firebird to disk L: and \kivserver\firebird to disk T. From this computer, I can run a program sitting in T:\programs and get it to access successfully a file sitting in L:\db. If I stop the FB service on zorcomp and start the same service on kivserver, the same program cannot access files sitting in T:\db.
I hope this is clear enough. For the life of me, I can't see any difference between all the files which are residing in \kivserver\firebird to those which are sitting in \zorcomp\firebird - but somehow there is a difference!
Obviously, I don't want this arrangement to continue - the NT server has to be retired honourably.
Further edit. I now have the firebird server running on 'kivserver' (NT). I can access the database files locally.
Computers running Win7 can now access these database files using a connection string \\kivserver\firebird\db\database.fdb.
Computers running XP cannot access these database files, although IIRC wisql did succeed with \\kivserver\firebird\db\database.db.
The NT server has been disconnected from the network.
TIA,
No'am
AFAIK EMS SQL uses fbclient.dll (or a wraper around it).
If the only thing you want is to access the databases, I suggest you to do so using TCP protocol instead of the local protocol. To do it connect like this:
c:\>isql localhost:c:\path\to\db.fdb -u sysdba -p masterkey
Unless you're avoiding TCP or the machine have no local interface enabled, it will do the work for you.
Try using this to connect to your database:
hostname:drive:\complete path\filename.fdb
or
\hostname\drive\complete path\filename.fdb
May I know the component you're using?
If your clients are Windows 7 then you might try to use \\hostname\sharename\filename.fdb instead of drive:\filename.fdb connection string.
Several months later, the NT server was somewhat abruptly retired when it displayed 'MBR error' on rebooting after someone unlugged it by accident. Thus I was left with no option but to start running the Firebird server program on 'kivserver'. The connection problems returned.
Eventually I was able to solve the problem with the following connection string
10.0.0.202:e:\firebird\db\manager.fdb
where 10.0.0.202 is the ip address of the server, and e:\firebird\db the directory in which the database sits, relative to the server itself.
I hope that someone else, some time, will find this information useful.

Resources