Help!!!
I am trying to create a windows ami that when launched (need multiple [20] live servers to be launched for short durations at short notice) auto logon and run an .exe application (unfortunately I can not get the app to run as a service). Also machine names must be unique.
Problem works fine pre sysprep, but when I launch instance from the ami it fails to logon as the machine name has obviously changed from the original machine image.
The only way I have managed it is to not sysprep, take an ami, then log onto the new machine when launched and manually change the machine name, and set the autologon sysinternal tool. THis is not ideal as the end user is not technical and time constraints do not allow for this action to be performed efficiently.
I am at my wits end! Your help is very much appreciated.
I am aware this is a very old question. Google, nonetheless, led me to this question when I faced a similar issue. I did the following to solve my issue.
Customize an instance to your liking. The AMI will be created using this instance.
Create a new user account with admin privileges. This is needed as Sysprep\Ec2ConfigService will reset the Administrator password. Add this user to the group Remote Desktop Users, so you can RDP using this user account.
Edit EC2's Sysprep answer file to enable auto-logon.
Append the following to component node named Microsoft-Windows-Shell-Setup in the file C:\Program Files\Amazon\Ec2ConfigService\sysprep2008.xml
.
<AutoLogon>
<Password>
<Value>NewUser'sPassword</Value>
<PlainText>true</PlainText>
</Password>
<Username>NewUser'sName</Username>
<Enabled>true</Enabled>
<LogonCount>999</LogonCount>
</AutoLogon>
The resulting file should look like the snippet below. I have removed the parts not necessary for this answer.
<?xml version="1.0" encoding="utf-8"?>
<unattend xmlns="urn:schemas-microsoft-com:unattend">
<settings pass="oobeSystem">
<!-- snip -->
<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<!-- snip -->
<AutoLogon>
<Password>
<Value>NewUser'sPassword</Value>
<PlainText>true</PlainText>
</Password>
<Username>NewUser'sName</Username>
<Enabled>true</Enabled>
<LogonCount>999</LogonCount>
</AutoLogon>
</component>
</settings>
<!-- snip -->
</unattend>
Next we edit the EC2ConfigService settings.
In the file "C:\Program Files\Amazon\Ec2ConfigService\Settings\BundleConfig.xml", ensure the value for SetPasswordAfterSysprep is Yes.
In the file, "C:\Program Files\Amazon\Ec2ConfigService\Settings\config.xml", ensure the state node has the value Enabled for the plugin Ec2SetPassword.
In the file, "C:\Program Files\Amazon\Ec2ConfigService\Settings\config.xml", ensure the value for RemoveCredentialsfromSysprepOnStartup is false.
You are already launching an exe on logon. Using the same mechanism, also launch a script that will delete the AutoLogonCount setting from the registry. This step is important, else after 999 (as per the example mentioned above) logins, the autologon will stop.
.
powershell.exe -command { Remove-ItemProperty -Path "HKLM:\Software\Microsoft\Windows NT\CurrentVersion\winlogon" -Name AutoLogonCount -Force -ErrorAction 0 }
Now we can start Sysprep. Either use the UI or the following command.
.
%ProgramFiles%\Amazon\Ec2ConfigService\ec2config.exe -sysprep
Any instance launched using an AMI created from the above instance, retains the auto-logon behaviour indefinitely.
Don't know if this software can help, look at LogonExpert and its satilite articles:
1) Deployment
2) Commmand line/vbscript control
3) Scheduling
Related
I have an exe created with an old Borland C++ compiler. It needs administrator privileges to function correctly. Since the app will run at startup, I do not want the user prompted if it's OK to run the program (testing on Win7). My question is is there ANY way to remove that annoying prompt every time the app is run?
I added a manifest file with admin privs and signed it, but it then still appears with the publisher name.
This will be distributed, so I don't want users to have to turn off UAC or do anything too complicated. Any suggestions are much appreciated.
I am hoping there's something for UAC like "Always Trust This Program" or something.
The answer would be using a scheduled task to run at logon. Scheduled tasks are launched by the task scheduler service which runs with SYSTEM privileges, and therefore it's possible to have them run with elevated privileges without prompting the user on startup. You still have to get the user's confirmation once - when you set up the scheduled task - but not every time the program runs.
Since I don't know how you are installing your program (which installer you are using, if any), I'll describe to you a way which you can probably implement in any environment: Using schtasks.exe and an XML file. (Note that this won't work with Windows XP and older, but there you don't have to worry about UAC anyway.)
You need to create an XML file like this:
<?xml version="1.0" ?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
<RegistrationInfo>
<Date>2013-11-01T00:00:00.0000000</Date>
<Author>USERDOMAIN\USERNAME</Author>
</RegistrationInfo>
<Triggers>
<LogonTrigger>
<Enabled>true</Enabled>
<UserId>USERDOMAIN\USERNAME</UserId>
</LogonTrigger>
</Triggers>
<Principals>
<Principal id="Author">
<RunLevel>HighestAvailable</RunLevel>
<UserId>USERDOMAIN\USERNAME</UserId>
<LogonType>InteractiveToken</LogonType>
</Principal>
</Principals>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>
<AllowHardTerminate>false</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<StopOnIdleEnd>false</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT0S</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context="Author">
<Exec>
<Command>c:\path\to\your\app.exe</Command>
<Arguments>/your /parameters</Arguments>
</Exec>
</Actions>
</Task>
Replace all USERDOMAIN\USERNAME here with the actual user's domain and name. You can, for example, read those out of the corresponding environment variables USERDOMAIN and USERNAME.
Replace c:\path\to\your\app.exe with your application's path and /your /parameters with the arguments you want to pass to your app, if any.
The secret magic here lies in <RunLevel>HighestAvailable</RunLevel> which will make the task scheduler run your app elevated.
The Date doesn't really matter, but for completeness you could set it to the current date and time.
After creating the XML file and saving it somewhere (e.g. temporary folder), you have to run this command which will create the actual task: schtasks.exe /Create /TN "My App" /F /XML "c:\path\to\xmlfile.xml" (replace My App with the name which should appear in the task scheduler when viewed).
You can delete the task again using schtasks.exe /Delete /TN "My App".
(For a pure C++ solution, you could also take this example and add the missing things which would be specifying the username and setting the flag for using the highest available privileges.)
I am writing this because although CherryDT's answer is a good approach, longer-run depending on context it may be a little inflexible.
Another option (depending on the context) may be to refactor into two components:
A system service which runs at startup and does everything that needs admin access
A client program that communicates with the service and does not need admin access.
This avoids the annoying prompt but it is more work. Based on your description it is not clear this is the right way to go here, but it may be down the road (and for others finding this ticket) so I figure it is worth mentioning separately.
Im trying to get the Appfabric Cache running with IIS7 using an MVC asp.net project.
Using the XML-configuration provider in a shared directory.
I can access the AppFabric Cache when using the cassini webserver (My local administrator account).
When using IIS ("ApplicationPoolIdentity") I can not get it to work, and I get the standard message that it can not connect to the host.
I have tried to grant access to different users (APPPOOL\name, NETWORKservice, Everyone and so on) to the cache but I get this null exception everytime.
PS C:> Grant-CacheAllowedClientAccount "Everyone"
Grant-CacheAllowedClientAccount : Object reference not set to an instance of an
object.
At line:1 char:32
+ Grant-CacheAllowedClientAccount <<<< Everyone
+ CategoryInfo : NotSpecified: (:) [Grant-CacheAllowedClientAccou
nt], NullReferenceException + FullyQualifiedErrorId :
System.NullReferenceException,Microsoft.Applicat
ionServer.Caching.Commands.GrantCacheAllowedClientAccountCommand
I have two almost identical developer machines using win7 x64 (domain connected) where the error is the same on both computers.
But at my home computer (which is not domain connected) it works as expected with the same installation settings, same shared directory.
What I have done so far:
Reinstalled appfabric cache twice
Reconfigured the Cache to use another directory
Set configuration directory share, full access to Everyone
Security permissions for the directory, full access to Everyone.
Is there a way to go deeper and debug this error message or a solution to fix it?
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<section name="dataCache"
type="Microsoft.ApplicationServer.Caching.DataCacheSection,
Microsoft.ApplicationServer.Caching.Core" />
</configSections>
<dataCache size="Small">
<caches>
<cache consistency="StrongConsistency" name="default" minSecondaries="0">
<policy>
<eviction type="Lru" />
<expiration defaultTTL="10" isExpirable="true" />
</policy>
</cache>
</caches>
<hosts>
<host replicationPort="22236" arbitrationPort="22235" clusterPort="22234"
hostId="1556989554" size="3003" leadHost="true" account="DOM\vitcpu7$"
cacheHostName="AppFabricCachingService" name="vitcpu7.office.domain.se"
cachePort="22233" />
</hosts>
<deploymentSettings>
<deploymentMode value="RoutingClient" />
</deploymentSettings>
</dataCache>
</configuration>
It´s because it is setup in a domain environment and the "Remote Registry"-service was not started. Since my home computer in a workgroup, did not need "Remote Registry" started its the combined which AppFabric cache needs this to make most changes in powershell.
More information at msdn social
Agree with Kiteloop, need to start "Remote Registry" and run the "Caching Admin Powershell Windows" as Run as Administrator.
For build in accounts simply use the command in this format
Grant-CacheAllowedClientAccount -Account "DOMAIN1\Server1$"
More at this MSDN link http://msdn.microsoft.com/en-us/library/ff921012.aspx
I am trying to remotely deploy a war file to a websphere application server. I understand this is possible to do using wsadmin, but I am a Websphere newb.
I know I can run wsadmin and connect using SOAP to the remote app server, but that is where I am at.
This seems like it should be a common use case, can anyone help me with?
I suppose the use case follows:
1. Update the application
2. Save all changes
3. Restart the remote application server
I am going to do the deployment using either Hudson WAS Builder or Maven, whichever works.
Thanks for your help
This question is pretty old, but id like to show how we do this remotly. In this case with Ant
<target name="postbuild">
<exec executable="C:\MyThinClient\wsadmin.bat" failonerror="true">
<arg line="-conntype SOAP -host ${deployServer} -port ${deployPort} -user ${deployUser} -password ${deployPassword} -c" />
<arg value="$AdminApp update ${projectName}EAR app {-operation update -contents {${artifactsDir}/${projectName}-${buildVersion}.ear}}" />
</exec>
</target>
Given the correct setup of the wsadmin.bat you can run this from any server (without WAS installed) At least on WAS 6.1/7.0 ND this will only restart the application with the new binaries, not the whole server
Since the WAS Builder Plugin is relatively new, I haven't tested it (The evaluation is already on the ToDo list). For running deployments from the command line we use jython-scripts and wsadmin. My understanding is that I need to be on the machine where I want to deploy. You can deploy to a different machine id your local wsadmin is on the level than your target machine (same version and same feature packs).
for more information on wsadmin see http://publib.boulder.ibm.com/infocenter/wsdoc400/v6r0/index.jsp?topic=/com.ibm.websphere.iseries.doc/info/ae/ae/rxml_commandline.html
BTW, when you deploy using the web based admin console, there is a link somewhere at the end of the deployment process that shows you the jython command. Don't use jacl, since WAS 7 only uses jython.
The link to the scripts didn't show up right in my comment, so here it is: IBM SAMPLE SCRIPTS
I am writing a windows service which takes an uploaded file, runs signtool.exe on it to do the signing and timestamping and then serves the signed file back.
The code for this works when run as a standalone server using twisted however if I try and run it as a service it fails with the error "Signing succeeded, but an error occurred while attempting to timestamp".
If I replace the signcode subprocess call with a curl.exe call which explicitly uses the proxy then this succeeds.
I have set the proxy in internet explorer and running the command manually works. Is there another way of setting an http proxy for signtool/signcode or another way of doing this (I am keen for it to be a service for ease of integration in to some other monitoring systems)?
I have the same issue but running signtool via cygwin ssh (using a password). The timestamping only works via the proxy and over ssh if I login at least once through the gui (e.g. via rdesktop). I don't even have to be logged in to the gui after that for it to work via ssh, I just have to make sure I login at least once via the gui. Whatever it's doing upon graphical login survives a reboot too. One difference however is that I'm setting the proxy settings dynamically using the same powershell that I'm launching via ssh :
$reg_key = "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
Set-ItemProperty -path $reg_key ProxyServer -value 192.168.0.3:8888
Set-ItemProperty -path $reg_key ProxyOverride -value "<local>"
Set-ItemProperty -path $reg_key ProxyEnable -value 1
I tried launching explorer.exe &, notepad &, and iexplorer.exe & from ssh but it didn't help. I'll see about hard coding the proxy settings and also if its possible to have the signing user be logged into the gui after boot. Also will check to make sure ssh is launched with cygrunsrv -i or that it's allowed to interact with the desktop is checked in services.
The system reverts its image if it's halted (vmware delta image) (that's how I'm able to duplicate the problem), but I can always change it, which it looks like I might have to do to figure out this problem.
Finally figured it out with some help from the comment here :
http://blogs.msdn.com/b/askie/archive/2013/05/09/user-proxy-settings-showing-up-in-local-system-account-correct-way-to-apply-proxy-settings.aspx#10606266
Looks like the setting actually has to be set in the binary file :
HKEY_Current_User\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
This binary file doesn't get created in the registry until after graphical login even with the powershell settings I made above. Easiest way is to login (assuming you have the registry settings I made with powershell above, or set it manually through the internet options ui in the gui), export the HKEY_Current_User\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections path, and the import it with :
regedit /s path_to_proxy_settings.reg
If you want it to apply for all users you need to apply the same file under:
HKEY_LOCAL_MACHINE\\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
as mentioned in the post. There may be other ways as mentioned here https://serverfault.com/questions/34940/how-do-i-configure-proxy-settings-for-local-system , but the above was the easiest for me.
In order to run one application, a batch file has to be kicked off (which does things like start Jetty, display live logs, etc). The application will work only if this batch file is running. I am hence forced to have this batch file running and not logout from the Windows server.
Can this batch file be run as a service? I am experimenting with one of the suggestions from a similar question.
NSSM is totally free and hyper-easy, running command prompt / terminal as administrator:
nssm install "YourCoolServiceNameLabel"
then a dialog will appear so you can choose where is the file you want to run.
to uninstall
nssm remove "YourCoolServiceNameLabel"
There's a built in windows cmd to do this: sc create. Not as fancy as nssm, but you don't have to download an additional piece of software.
sc create "ServiceName" start= demand displayname= "DisplayName" binpath= [path to .bat file]
Note
start=demand means you must start the service yourself. Options include: boot, system, auto, demand, disabled, delayed-auto
whitespace is required after =
I did encounter an error on service start that the service did not respond in a timely manner, but it was clear the service had run the .bat successfully. Haven't dug into this yet but this thread experienced the same thing and solved it using nssm to install the service.
No need for extra software. Use the task scheduler -> create task -> hidden. The checkbox for hidden is in the bottom left corner. Set the task to trigger on login (or whatever condition you like) and choose the task in the actions tab. Running it hidden ensures that the task runs silently in the background like a service.
Note that you must also set the program to run "whether the user is logged in or not" or the program will still run in the foreground.
On Windows 2019 Server, you can run a Minecraft java server with these commands:
sc create minecraft-server DisplayName= "minecraft-server" binpath= "cmd.exe /C C:\Users\Administrator\Desktop\rungui1151.lnk" type= own start= auto
The .lnk file is a standard windows shortcut to a batch file.
--- .bat file begins ---
java -Xmx40960M -Xms40960M -d64 -jar minecraft_server.1.15.1.jar
--- .bat file ends ---
All this because:
service does not know how to start in a folder,
cmd.exe does not know how to start in a folder
Starting the service will produce "timely manner" error, but the log file reveals the server is running.
If you need to shut down the server, just go into task manager and find the server java in background processes and end it, or terminate the server from in the game using the /stop command, or for other programs/servers, use the methods relevant to the server.
As Doug Currie says use RunAsService.
From my past experience you must remember that the Service you generate will
have a completely different set of environment variables
have to be carefully inspected for rights/permissions issues
might cause havoc if it opens dialogs asking for any kind of input
not sure if the last one still applies ... it was one big night mare in a project I worked on some time ago.
While it is not free (but $39), FireDaemon has worked so well for me I have to recommend it. It will run your batch file but has loads of additional and very useful functionality such as scheduling, service up monitoring, GUI or XML based install of services, dependencies, environmental variables and log management.
I started out using FireDaemon to launch JBoss application servers (run.bat) but shortly after realized that the richness of the FireDaemon configuration abilities allowed me to ditch the batch file and recreate the intent of its commands in the FireDaemon service definition.
There's also a SUPER FireDaemon called Trinity which you might want to look at if you have a large number of Windows servers on which to manage this service (or technically, any service).
Since NSSM is no longer maintained, you can consider using WinSW. It has binaries that would work with or without .Net.
Basically you create an XML file and then install it. Here is a sample of a minimal XML:
<service>
<!-- ID of the service. It should be unique across the Windows system-->
<id>myapp</id>
<!-- Path to the executable, which should be started -->
<!-- CAUTION: Don't put arguments here. Use <arguments> instead. -->
<executable>%BASE%\myExecutable.exe</executable>
</service>
And then you can install and start it:
winsw install myapp.xml
winsw start myapp.xml
Install NSSM and run the .bat file as a windows service.
Works as expected
My easest way is using opensource svcbatch (https://github.com/mturk/svcbatch/) as wrapper of CMD(BAT) in sc :
sc create myservice binPath= ""%cd%\svcbatch.exe" myservice.bat"