I am trying to run process(console executable) on remote PC from asp.net application using WMI and get "Access is denied" problem. I have checked all event viewer logs on remote PC, no information related this. Where do I start searching for problem? Does Windows has some kind of permission monitor tool?
Also I have tried to use Procmon.exe but hard to understand what to search, my process even do not listed in Procmon.
Regards,
Tomas
It's worth taking a look here: http://blogs.technet.com/askperf/archive/2007/08/14/wmi-troubleshooting-permissions.aspx
Related
first I want to state that I am a novice when it comes to code/programming. Also, I have a Mac (that runs Catalina, if that matters).
This is my first time posting to this forum, so please forgive any missteps in protocol...
Here's some background info to my question:
I have Microsoft 365 for Business and I use Teams. I'm a small business and I'm the owner and administrator. I need to be able to share externally with anyone. I have changed the settings in SharePoint admin and OneDrive admin to be able to share externally. Look here to see an example of what I have done, and the problem: https://techcommunity.microsoft.com/t5/onedrive-for-business/share-with-anyone-with-the-link-setting-is-grey-out-why/m-p/810390
Even after allowing for external sharing, the sharing options are still greyed-out. But this is not my question. I know how to fix it; as it says in the above link, I need to enable sharing in Powershell via set-sposite "siteurl" -sharingcapability ExternalUserAndGuestSharing
After some research, I found that there is a Microsoft Pwsh for Mac. I downloaded Homebrew, Microsoft PowerShell and Azure. (I also have Node.js, if that matters.) Here is a screenshot of my terminal (I hid any identifying information...):
terminal screenshot
As you can see, I get this error: Connect-SPOService -Url https://<organization name here>admin.sharepoint.com Connect-SPOService: The term 'Connect-SPOService' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
I contacted Microsoft and had a technician with me on the phone trying to troubleshoot their way into my SPOService on my Mac using Homebrew in order to fix the greyed-out "share with anyone" option. We were unsuccessful. At the moment, I do have access to a Windows computer, and I was able to enter my SPOService on that Windows computer and resolve the problem. However, for each new SharePoint site I create and want to share externally, I will need to repeat this process (at least, this is what the technician told me). I will not always have access to a Windows computer, therefore I need to be able to enter my SPOService on my Macbook.
Are there any workarounds? Is there an SPOService powershell for Mac? If I have the pswh for Microsoft, why won't it let me into sharepoint?
Thank you in advance for any assistance
First, I can still not rename the domain, but I can help you with a general SharePoint update. It does not work either in Azure or on Mac OX X.
If you like to check, repeat the following steps on your computer setup, assuming you don't use a Windows Computer.
Check the availability of SharePoint
Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ListAvailable | Select Name,Version
Install the module if missing
On a mac with the name of your user directory
Import-Module /Users/username/.local/share/powershell/Modules Microsoft.Online.SharePoint.PowerShell -Verbose
On Azure Powershell
Import-Module Microsoft.Online.SharePoint.PowerShell -Verbose
You get a PowerShell via a one-month Test-Subscription.
Prepare your Admin URL
$AdminCenterURL="https://name_you_used_during_first_setup-admin.sharepoint.com"
Make sure you add "-admin" at the end of your domain name. You received this when you signed up. It is not the domain name you can use for your subscription later; it's, unfortunately, how Microsoft decided to implement it. Therefore, changing from Mac or Azure is not possible.
Connect to your side
Connect-SPOService -Url $AdminCenterURL -Credential (Get-Credential)
And now it will fail with
Connect-SPOService: The type initializer for 'Microsoft.Win32.Registry' threw an exception.
Unfortunately, after exchanging many emails with Microsoft, I could not resolve this with the Support desk. However, the error seems to be known.
I wrote this note to allow others to save valuable time so that somebody would not waste his time if they tried to resolve it as I tried.
If like me, you are stuck with renaming the initial SharePoint subdomain, you currently have the following options.
Buy a Windows PC with a License or install a VM with a MS Windows trial license
Buy an Enterprise License, and use the Beta functionality.
Delete your subscription, but then you might lose the active licenses and the work you have put in already. But you can re-register, and this time put the name into the subscription, which you like to see as a subdomain of SharePoint. But you lose all work put in, in the first place.
I'm trying to create a site collection and I get an message when opening the SP management shell console:
"The local farm is not accessible. Cmdlets with FeatureDependencyId are not registered"
I have tried almost everything internet has to offer but no luck. It would be a great help if someone could share some ideas. I have used below site as a reference because it seems to be the same issue.
http://blogs.technet.com/b/meamcs/archive/2013/02/18/sharepoint-powershell-command-problem-featuredependencyid-are-not-registered.aspx
Please try this.
Whenever, I load the PowerShell ISE and Type the command to load the SharePoint PowerShell module, it starts throwing error
http://blogs.msdn.com/b/chjain/archive/2013/08/10/10440633.aspx
Figured it out! The problem was the user permissions. I had to use a different user with elevated permission to access the farm.
I am writing an automation the deployes several machines and installs several programs on them.
One of the steps a user would do manually is logging off and on to a windows computer as part of an installation process.
Can someone please point me to relevant links so i can understand how to simulate a logging in process into windows without a gui?
I mean i need to make the machine think someone logged in to it and i am using only powershell.
launching mstsc does not do the trick because i cant overcome the request for certificate (I need an automatic process but i did not find a way to silence the certificate warning)
I searched for a couple of days and could not find what I was looking for.
Thank you for your help!
It's just an idea. Perhaps you can first make the image of the machines with automatic logon , install the software and finally remove the automatic logon ?
This link has details about Automatic Logon
http://support.microsoft.com/kb/315231
i kind a newbie on windows service programing, my idea is that i want to create a windows service that will take a screen shoot of the desktop client,i mean i want to attach this to a aspx page, the screen shoot code is working 100% but problem is when i trigger windows service after install it, nothing happened.
I debugged it and there was not prp, after that i made a small screenCapture.exe file to do the job and try calling it from the service, all i got was a black screen, tried everything with it and no luck.
Then i read about desktops and stuff like that, but honestly i don't understand any of that, i goggled a lot but no luck so far, problem is that i saw a website that implement this function so it can be done. BUT HOW ??? please help me out cause i am stuck here, and if u do explain good, cause as i told u i am kinda new to this
A service does not have access to the desktop. You might want to create a program that runs when the user is logged in interactively.
Not sure which Windows you are using...but starting with Vista, the ability to interact with desktop from a service has been disabled.
A service will not have access to the desktop. This is done intentionally by Microsoft for better security. The other option you can try is, goto the service properties and give it option to interact with the desktop. This can be done using local user permissions.
The title says it. I'm looking for a way to determine exactly which file/registry key this executable is attempting to access. I have attempted to use Windows auditing capabilities and Process Monitor to determine where the failure is happening but, this failure does not produce audit failure events or show as access denial in Process Monitor.
Of course, If someone has experienced this and can provide a solution to resolve the error directly that would be almost as nice.
Background:
I am using moveuser.exe which is part of the Windows Server 2003 Resource Kit Tools to convert the security of local user profiles on a number Windows XP workstations.
Symptom:
Occasionally, moveuser.exe will fail to convert the security of a profile with the error "Error: 5 access denied". I have not been able to determine any commonality among the failing accounts or the computers they reside upon. A given computer may have host 6 profiles, 5 of which convert without issue and 1 which produces the error.
There are a few factors that I'm as sure as I can be about:
-The account I'm using to run moveuser.exe with has full Administrator rights to the local machine and the domain to which the profile security is being converted.
-The failure is not related to file permissions within the profile directory (the entire directory can be moved, renamed, deleted, or successfully converted via a workaround).
I've developed a reliable workaround for these cases but, it is fairly involved and I would much rather understand the root cause of this error and correct it pre-emptively.
My workaround (glad to share it, left out for brevity) seems to indicate that the failure is related to HKEY_LOCAL_MACHINE \ SOFTWARE\ Microsoft\ Windows NT \ CurrentVersion \ ProfileList registry keys but, I cannot determine exactly how/why.
Did you try to use the "regini" command line tool to grab registry permissions for the administrator account?
Use FileMon and RegMon (now Microsoft, formerly SysInternals, still free) to monitor what exactly is being accessed, how, and what rights/access are being requested.
I don't have a URL handy, but a Google search should be able to hook you up with these tools.
A couple items I would try. First, could it be that the user was logged in and the computer hasn't been rebooted. Microsoft has a product called UPHClent which helps in unloading unneeded user hives.
Next thing I wanted to know, is if you try rebooting before running the moveuser executable. This Conversation seems to indicate this would help with this kind of error.
Two days after posting this I got to the bottom of the problem. It turned out, just as Rob Haupt suggested to be related to a stuck user hive. The program I was running, moveuser, was reading the Refcount key found under HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows NT\ CurrentVersion\ ProfileList\ <SID>\ and ending immediately.
Setting Refcount to 0 solved the problem immediately
Pushing out UPHClean to all the target machines pre-emptively has all but elimated the problem and we were able to successfully convert profiles on several hundred machines over the last week.
An important note about UPHClean:
I'd tried installing it previously but, it didn't appear to help. I was too impatient, the UPHClean ReadMe revealed that the service just takes time to do its job.