I want to gather some information from a windows 10 machine over the internet using the thingworx platform.
Here's a scenario:
Admin logs into thingworx app
Exisiting or new computer (windows 10 ) is added (serial number computer)
Thingworx platform creates a thing based on a created template
User receives application key which will be entered on a client which is installed on the computer
Client is started based on event and sends data to thingworx platform
Communication is secured
Is there a best practice or even a client available / open source or Licence based which relieves the headache of security etc.?
Yes, alwaysOn is used mostly as web socket protocol for communication between devices & ThingWorx platform. Apart from these one case also use MQTT.
If you want to use for Demo/Academic Purpose then use Thingworx Academic Simulator. I have been using it for Testing many scenarios.
Download Link - http://apps.ptc.com/schools/software/ThingWorxAcademicSimulatorSetup.exe
i'm running a Terminal Server (Windows Server 2012 R2)
And have a big problem accessing smart cards (in my setting German "Gesundheitskarten") on our Terminal Server in RDP Sessions. These cards are not used to provide login to a program, but to transmit data like Insurance Number, Street, Postal Code etc... to our Database.
The Problem is, that the Smart Card reader (https://www.identiv.com/products/smart-card-readers/contact-smart-card-readers/utrust-2700-r-contact-smart-card-reader) which is attached to the Server (via USB) is showing in the device manager but not accessible in an RDP Session. The manufacturers test programm says that the Smart Card Ressource Manager is NOT Running (which isn't true) which indicates the the device is not accessible.
When i logon directly on the server (without RDP) the reader works fine. (Logged in as Admin or User)
I would try to connect the reader to the client device, but there a numerous reasons against it. Just to name a few: We have all sorts of clients (Mac/Android/iOs/Windows) who need access to the reader when they are near our front desk. Mobile Devices and Macs do not support SmartCard redirection. Also the Application which reads the Cards is unknown to support the redirection setup.
(Just for clarification, i don't want to give our users direct physical access to the Server - they use the app via RDP or mainly via Remote Resources)
Is there any way to map/bind the USB Smart Card Reader to a user also in an RDP Session which is connected to the Server? Is there any group policy setting i forgot?
You have to crack WinSCard.dll and SCardSvr.dll.
Refer to this page: http://lifayk.blogspot.co.uk/2012/07/windows-smart-card-subsystem-and-remote.html
I had tested the method and it works on Windows 2012 R2 Standard and Dataceneter.
I want to develop a c++ service to get notified whenever user does login or logoff the system. I went through some functions but those are asking for windows handle. Since it is a service, which windows API will be useful for this?
Here's what I want to do:
a program that listens in the network for a message, and when that message is received, if the user is not logged in (for example the computer just powered on and windows displays the classic login screen), it automatically logs in a certain user accordingly to the message. the username and password are known and stored safely inside the computer in a configuration for the program i'm talking about.
What I had in mind was a windows service that starts with the computer and also listens to those messages, and if one is received, then it does it's job
but I have no idea of where to start
(basically i'm trying to login a user without having to type the password, which I said is stored and known - need something mostly like the fingerprint software windows 7 comes with, and the ones that you had to install in vista/xp so that fingerprint login would work (fingerprint was only an example) )
There's two methods to pursue depending upon which operating system you're looking to run under.
For Windows XP, Windows 2000, and Windows Server 2003 you need to create a GINA.DLL. This is a replacement DLL which must follow specific rules which handles the authentication process. In your case your replacement DLL would be known by the service which was listening for your start signal, and it would make a call into the DLL with the username and password as appropriate.
MSDN Magazine article on customizing GINA.DLL
MSDN entry on GINA
For Windows Vista/7 and above you'll need to look into the Credential Provider API.
MSDN Magazine article on Credential Provider API in Vista.
MSDN entry on Credential Provider API
You can use windows auto logon feature to do this.
Create a service which waits for the required data on a network socket. Make sure this service is started after the network service (Tcpip). Modify winlogon service properties (manually) so that it depends on your service. By depends, I mean that winlogon service is started after your service.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon to 1
Once you receive the data on your network socket, set the following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultUserName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultPassword
Once the registry settings are in place, then the winlogon service can read those values and proceed with the login process.
For more details on setting the registry values refer: http://support.microsoft.com/kb/315231
I want clarify a little the suggestion of Vikram.exe.
Of cause the usage of AutoAdminLogon seems native for the problem, but saving of the password in registry as a clear text under HKLM\...\Winlogon\DefaultPassword is not good. Since Windows 2000 it is supported the usage of the secrets DefaultPassword which makes the same effect as the DefaultPassword registry value (see Protecting the Automatic Logon Password for the code example).
Another way to force user login or to do any other actions on the login screen is switching to the Winlogon desktop (full name WinSta0\Winlogon). You can use SwitchDesktop and SetProcessWindowStation to do this (see Window Stations and Desktops). If the service run under System account you will have all rights to do this. Depend on the configuration of your service it could be also needed to use SetTokenInformation with TokenSessionId to change the current session id. After the service process will run on the WinSta0\Winlogon desktop you can use functions like FindWindow and other GUI API to place any information in controls of the window (user name, password and so on) of other process. So you can implement more complex scenarios.
Firstly let me just say im not 100% sure how to fully complete such a application but I have a few tips.
you will need to create a Windows Service that starts during the Pre-Login, you can create a service in C#, An example of creating a C# Service is linked below:
http://msdn.microsoft.com/en-us/library/zt39148a(VS.80).aspx
Within your application you would set the property Startup Type to Automatic, This will automatically start your service on boot.
You should know that windows services run under a secure context by account so you will have to get your service to run with privs do do this.
In your Service Properties you can Click Log On and you can
To specify that the service uses the Local Service account, click This account, and then type the following NT AUTHORITY\LocalService.
To specify that the service uses the Network Service account, click This account, and then type the following NT AUTHORITY\NetworkService.
As your trying to do this remotly you will have to look at WMI (Windows Management Instrumentation) and you will be able to start/stop and send commands to your service.
Your service then would send a command to the Login Management (Not Sure of the name).
you may also wish to check this WOL class which will switch the computer on remotely as long as it supports Wake On LAN, If this is for a corporate environment then I advise you to check your network cards to make sure they are supported
http://www.codeproject.com/KB/IP/wolclass.aspx
I know of some education software that I use for schools that's called CC4 ( http://www.rm.com/shops/rmshop/story.aspx?cref=PS1026195 ) and we can do exactly what you need within this system, I'm not fully sure of how it works fully but i believe it takes the same principles described above.
Remote Desktop Protocol version 6.1 changed the way RDP sessions are handled (making session 0, which previously meant "console session", into a non-interactive session). I need to be able to figure out from within my program how to determine just what version of the RD protocol is being used on the current RDP session. Nothing I can find in the Windows Terminal Services API, however, seems to give me the protocol version.
the WTSClientBuildNumber attribute in the WTS_INFO_CLASS contains the client build number which appears to be the version of the client's RDP.
The WTS_INFO_CLASS enumeration type contains values that indicate the type of session information to retrieve in a call to the WTSQuerySessionInformation function.
here is the msdn terminal services api article.