I have and application that need's to recognize when user logs off the system(Windows 7 OS). So, when user logs off from system, I need to log out user from application. I tried with batch file(put it in "GroupPolicy\User\Scripts\Logoff") and to run a browser with log off url. Batch file starts(i inserted command for windows alert and alert shows up during log off) but it seems that browser does not start. When i run this batch file without logging of the sistem, all actions I want are made. So does anyone have any solution for my problem?
Thanks in advance
Related
I set up a Windows Jenkins 2.156 and everythings works fine. Some jobs need to access file servers within the local network, so I want to start the Jenkins Windows Service as a specific user with rights to access these locations.
When restarting the service after that change, I am stuck on the "Please wait while Jenkins is getting ready to work ..." screen.
File failed-boot-attempts.txt is filled with current time stamp.
Any tips on how to proceed to get this issue fixed?
Solution: FSTrigger plugin scans all configured folders during startup.
I am responsible for running centralized backups of Windows Security logs on a network of ~15 Windows boxes. To automate this task, I have been writing a Powershell script that utilizes wevtutil's /r parameter to do it all remotely. All of the boxes are connected to a Sharepoint network drive that I was hoping to copy the logs to so that I could centralize all of the logs, but I've run into some trouble.
The script runs fine when I pass it the ip of the Windows box that it's running on. The logs are copied to the Sharepoint without a hitch. The script also runs fine when I just tell it to copy the logs locally. However, when the script trys to remotely copy the computer's log to the sharepoint, I get a Failed to Archive Security log. The account is not authorized to log in from this station. error.
The format of the command is
wevtutil epl Security \\path\to\sharepoint\[hostname]-[datetime]Security.evtx /r:[hostname]
I am running the script as a domain admin. I have also ran the script with the credentials of a local admin and I got a generic access denied error.
A google search for the error message mostly includes computers not being able to access network drives (not remote wevtutil specifically) and include a lot of messing around in
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters
or
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
which have not yielded any results. I am also restricted to Powershell 1, so I cannot use Powershell itself remotely AFAIK.
I could just put the script on each machine and run it locally with task scheduler, but I was hoping for a more elegant solution. Does anyone have experience with using wevtutil in this way and can point me in the right direction, or perhaps even suggest a better technique/tool?
How much latitude do you have to implement another solution?
If you wanted to do something with the logs, or make them easily searchable, you could set up a free Splunk server and either use a Splunk forwarder to ship the logs off box, or you could also use Powershell to send the logs to Splunk's HTTP event collector.
I am creating a batch script to deal with the brute forcing through RDC on my server.
The way I plan on doing this is by making windows run my script when a failed RDC is logged in windows security log. I will add a whitelist to prevent trusted IP addresses from being blocked. It will also log how many times the IP has tried to login, and if it fails more than 5 times in a row, it will be blocked.
Problem is, I don't know how to pass the IP from the logged event to the batch script.
The Windows Server 2008 R2 event viewer has an ability to start a program when a specific event (With a event number) occurs. It has a box for arguments that can be passed onto the program that I can specify (which will be this batch script). However, It does not specify what arguments it can pass on (I want the IP to be passed onto the batch script... that is all).
Any help would be greatly appreciated.
I managed to fix it myself, using this. I adapted the one he had over to include $(IpAddress) and got it working after a bit of mucking around.
I have the following problem: i need to log in a log file somewhere the time at which an incorrect password is tried in an attempt to login in windows 7.
I seached the internet but was not able to find that.
Does anyone know how this is done?
All system login/authentication attempts are logged in the Security Audit Log within the Windows Event Viewer by default. These logs are written by the Local Security Authority Subsystem Service (LSASS.exe). It is possible to analyze these events and filter out the exact information that you want.
In my windows task scheduler, I have scheduled a task to run a c# console application executable on a daily basis. This application sends some data to the database and then sends an email.
When I run it normally it works but however when it is run through task scheduler, it sends data to the database but is unable to send the email.
Any ideas on how to fix this?
EDIT:
Yes I can send correctly through console application. It uses default network credentials..However when I look at the event logs I have the following .NET Runtime exception logged:
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.IOException
Stack:
at iTextSharp.text.pdf.PdfPages.WritePageTree()
at iTextSharp.text.pdf.PdfWriter.Close()
at iTextSharp.text.pdf.PdfDocument.Close()
at iTextSharp.text.Document.Close()
at ReadReutersRates.Program.SavePDF(System.DateTime)
at ReadReutersRates.Program.Main(System.String[])
I think it has something to do with pdf file which I am attaching to the email. But it's quite strange that this works when I manually run it.
This is a permissions error, the user you're running the task as when running through the console will have more permissions than the user running the task.
It appears the PDF app you are using is trying to write to a temp file or similar and it doesn't have permissions. (I'm assuming the email has a PDF attachment or similar that is being generated on the fly)
If you made your task run as an administrator that should work, you could then run it as a more restricted user and work out which permissions to apply to where to lock it down.