Without purchasing someone elses software, how can I as a software engineer, delete index.dat? What OS Voodoo hoops do I have to jump through to accomplish the simple deletion of a single file on my own computer? I have windows Vista.
System files are normally locked by explorer.exe. Since this is Stackoverflow you'll get a solution in the form of a program:
Enter the following code into a new file purge.bat:
taskkill explorer.exe
del %1%
%system%\explorer.exe
From the command prompt (cmd.exe), execute as follows:
> purge "yourpath\Index.dat"
and presto, your file is gone.
The same thing can of course be done using the task manager (to kill and then run explorer.exe), but where's the fun in that?
You can login as admin and delete index.dat. If you are currently admin, just create a second admin account, log on and delete anything you want. Or you can delete it using a startup script which runs before the users logs-on and acquires a lock on index.dat. Or you can use Unlocker, a free software which can forcefully unlock any file in your account while you are being logged on.
Related
I have a case where my users runs a script (bat) file that I wrote on win7 as admin. Im looking for a simple way (without installing any tools) to make a different script that I wrote run on windows start up through this batch file.
I tried using startup folder but that will run my script without admin rights. I also read about a solution with runas command but it didnt work and also its problematic to know the user details in advanced. I looked online but couldnt find anything to help me to do this automatically through the command line
UPDATE
By looking at the answers im thinking maybe the situation is not clear enough.
Im writing this script on my pc. I give this script (batch file) to my clients, who lack any knowledge of how to do anything but simple stuffs, such as openning cmd as admin and running my batch file that I write in advance. To sum up, I need this batch to be able to set a process (a different batch or vbs file) to run with admin privelleges on startup of the pc (again, without requiring my clients to do any complicated actions, im hoping to get my script to do everything for them)
If you do not have the credentials for the administrator account, you will not be able to run the script with elevated privilege. If you do have those credentials, then you can set up a scheduled task (described at this SevenForums post), running it under the administrator account.
Check the script carefully, and ensure that it's not incorporating anything that may cause problems, like an unavoidable GUI presentation - this question on ServerFault discusses that pitfall.
Make a shortcut to your batch, set its properties>advanced to run as administrator and then move the shortcut to the startup directory.
I'm working on a project where the goal is to be able to update a windows computer 100%. That means a program or a script that updates windows automatically with no user interaction at all. Ideally a standalone script that can be run from another script.
The reason: I need to update a lot of computers in my line of work. They can be at any patch level and everything from Windows XP to Windows 8. My goal is to start a script, wait/do something else and then find a fully patched computer.
I've solved a lot by finding ZTIWindowsUpdate.wsf in the MDT Task Sequence.
This can be used like this from an admin cmd:
cssript.exe ZTIWindowsUpdate.wsf
My problem so far is that the computer requires a reboot between some of the updates. Probably because of dependencies. ZTIWindowsUpdate.wsf needs to be run as administrator and i can't seem to find a solution to start it as administrator at reboot. Additionally if I get the script to run on startup, how do I stop it, and how do I know when its time to stop it?
Can someone help med with a foolproof solution to this problem?
Thanks!
Don't need to FULL update a Windows OS, most of the updates are not needed, most updates are not relationated with security and we can survive without they, you need to read the description of each update to understand what changes made. FULLY updating a Windows can be negative point of performance in several scenarios.
All that you need is to download your desired updates, then store it in a folder with this batch script:
#Echo off
For %%# in (*.msu) Do (
Echo: Installing update: %%#
Wusa "%%#" /quiet /norestart
)
Echo Windows Update finished.
Pause&Exit
Also you can compress the folder (the updates + the script) into a Self executable with winrar to distribute it as a standalone file.
Info:
Wusa.exe is the Windows Update commandline application.
The files are processed one by one, not all at once.
The quiet switch makes the installation silent.
The norestart switch don't restart after installing the update even if needed.
If a update is installed in the OS then is not installed again, without getting an error window or stopping the execution of the script.
PS: See Wusa /? for more switches.
I hope this helps.
UPDATE:
Another alternative is to download and install ALL the updates with WSUS utility.
http://download.wsusoffline.net/
The updates for Win7 x64 (for example) are stored here: "...\wsusoffline\client\w61-x64\glb"
PS: The "DoUpdate.cmd" batch file in the "CMD" dir of the application is what you need if need to automate the task in "background".
The simplest solution to the problem you're describing is to get your script to configure automatic logon for the built-in Administrator account, then add itself to the Startup folder. You do need to know (or reset) the Administrator account password to use this option.
There are many other possibilities, some examples are: use a startup script and psexec; use srvany to create a service that runs your script; use task scheduler to schedule your script to run automatically, either interactively or non-interactively; disable WUA, configure automatic logon for the account you're using, and add your script to the Startup folder.
Note that you'll save time and bandwidth if you can set up a WSUS server or (even simpler, and cheaper if you don't already have a Windows server) a transparent caching proxy. However this won't avoid the need to reboot during the update sequence.
You may find my script useful as an alternative starting point to ZTIWindowsUpdate.wsf, if only because it is smaller and simpler to understand.
The moast time consuming thing of a WindowsUpadate procedere is the download of the Setupfiles for the Updates. You should look into a lokaly in the network installed WUS (Window Update Server) and make sure the PC updates from the WUS. If the PCs are all in a ActiveDirectory Domain then the needed settings are very easy to manage. But if not this setting could make a simple batch-script which uses the normal windows update routine.
Another solution would be to make batch-scripts where you install the predownloaded updateFiles with the silent-switch. Allmoast every setup.exe has such a silent switch. If a update isn't needed the update stops for this upload automatically. I'm using such a batch-script wizzardy now for quiet a time now.
PS: If the Computer were from one/your compagny you should "thank" your predecessor for many hours of work to the far future.
PPS: By the way XP and Vista should be phased out. They are now realy old and for XP the already extended supporttime is axed by Microsoft next year and should only used if it is realy realy needed for one small situation where a Windows 7 isn't a solution in any way possible.
To run
cssript.exe ZTIWindowsUpdate.wsf
as Administrator after reboots, you can create a Task in the Task Scheduler with the proper permissions and to run on boot. =]
An automated way is, WuInstall. I'm using it for 1 year now and it's perfect, it actually does what it should. It's a command line tool which automatically searches, downloads and installs the updates. There are several "switches" that let you allow to customize the process. Thanks to the rebootcycle-switch for instance, updating a newly setup PC is done with ease - in one go.
Here's another way ------
Perform instructions below at your own risk:
To automate windows update these instructions may or may not work for your system however it appears to work to an extent for Windows 7 as these instructions were tested on Windows 7.
MUST READ: 1. If the step below does not work verify then you are most likely part of a domain and your security policy may not allow you to perform steps below! 2. UAC prompts were also disabled for the duration of the windows updates so the batch files can run without interruption; be careful to restore this to default when done
Caution this step will make your computer less secure, immediately remove this after your computer is completely up to date. Set a reminder for 24 hours later if need be:
1.
First you will have to make sure your computer automatically logs into a user. You can do this by clicking start menu, type "netplwiz", press enter or open the wizard, under the users tab, select your username, and un-check "require password", type your password, close this window.
2.
Create 3 batch files to start the automated process. (Open notepad paste each code into a separate notepad and perform a save as corresponding_file_name.bat)
One. Save as: any_name.bat then copy this batch file to your startup folder for the user you made auto login. (Click start > All Programs > Startup)
start "" c:\autoupdate1.bat
exit
Two. Save as: autoupdate1.bat then copy this to C:\ drive
wuauclt /detectnow
wuauclt /updatenow
reg query "HKLM\Software\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired" > nul && shutdown -r -t 0
start "" c:\autoupdate2.bat
exit
Three. Save as: autoupdate2.bat then copy this to C:\ drive
ping 127.0.0.1 -n 61 > nul
start "" c:\autoupdate1.bat
exit
Restart or open the batch file in the startup folder and watch the magic begin!
3.
When it is completely done updating just delete the batch files from the startup folder & c:\ drive
Once again follow these instructions at your own risk as it can create an endless loop if you do not know how to stop this process by removing it from the startup folder or going into windows under safe-mode to remove the batch files
Final notes: If you run into issues running the batch files chances are you may have to look up how to disable UAC prompts for your Windows version
I have made a power shell script which loads pageant (a windows SSH authentication agent)
with my private keys. In short the script isn't much more than the following two lines:
$tool = "pageant.exe"
&$tool $files.ToArray()
$files is a list of strings which contains all my private keys which must be loaded.
I have no problem with the working of the script because it does its job perfectly when I execute this from my powershell
console.
I want to execute this script whenever I logon to my account and I do this by adding a powershell logon script
group policy with the group policy editor (gpedit.msc), the script also executes and in fact does load the pageant.exe tool.
However the tools utilising the pageant.exe tool (putty and plink) does not work. It doesn't recognizes the pageant authentication
agent.
So my first question is, what is the difference between starting the script from my own powershell console and starting the script
from a group policy (logon script)?
I also have dome some investigation and I see a couple of differences. The first is thing is that the started pageant tool has a UAC Virtualization flag in my task manager when I start the script from my own console. This property isn't flagged when it's started
from the logon script group policy.
The second thing is that when I disable the UAC the script does work from the logon script group policy. So I assume it has something to do with the UAC but I don't know how to solve this. I want the script to work when the UAC is
enabled as well.
The second question what is this UAC virtualization flag and how does it influence the working of a process? The third and last question is how can I get my script working?
It looks the thing is UAC virtualization. This flag means that all write attempts to protected system areas are redirected to VirtualStore in the user's profile: C:\Users\<username>\AppData\Local\VirtualStore. When UAC is disabled, this redirection is turned off.
When UAC is enabled, any attempts to write to Program Files, as an example, will be redirected to the corresponding directory in your VirtualStore. Later when programs read the files, they also see them from the redirected directory.
Yet your logon script runs without Virtualization enabled, and therefore its attempts to modify/read files do not go to the redirected VirtualStore but rather directly to Program Files.
So you have to make all your parties work without virtualized directories. If the executable has a manifest, preferrably declaring compatibility with Windows 7, then virtualization is turned off. But it may fail to work correctly without virtualization if it tries to write to Program Files.
Note: registry writes to HKLM are also virtualized.
There are a number of ways to turn off UAC virtualization; the simplest is to include an external manifest (in your case it would be named pageant.exe.manifest) in the same folder as the exe. This could suppress elevation, but then your writes would probably fail. The very fact that virtualization is affecting you means that pageant.exe must write to protected areas, and without virtualization or elevation, you'll get access denied.
Therefore what I would do is leave Group Policy out of it. Set up a Scheduled Task (click Start and type Task to launch task scheduler, then click Create Task on the right) that runs at logon (the Trigger tab, click new, change the top dropdown) to run your script (Actions tab, click new) and that runs elevated (General tab, check Run with highest privileges). You'll have to consent once to the UAC to set up the elevated task. Then you're done and pageant.exe will write to the protected area where the other apps can read it.
If, after you've got this set up, the other apps continue to read from the virtual store instead of the real one, just delete the files/folders in the virtual store.
For completeness I added the answers to my own questions.
What is the difference between starting the script from my own powershell console and starting the script from a group policy (logon script)?
A: The difference comes from the fact that my user is part of the Administrator group which will run the script with elevated rights. When you logon as a administrator, Windows will generate a standard user access token and a administrators access token. The last token will be used to run programs with elevated rights (this is without UAC virtualization). Now when I start the script from my own powershell console, which is started with the standard access token, the started pageant is run with UAC virtualization. If the tools which use pageant run with a different mode, then my problem occurs.
What is this UAC virtualization flag and how does it influence the working of a process?
A: Check out this link.
How can I get my script to work?
A: You can use the solution provided by Kate Gregory (do not check run with highest privilege option) or add a batch file to your startup folder which runs the powershell script. This will run the script with the standard user access token and with UAC virtualization enabled.
I have an installshield installer that works fine under normal circumstances. But when I run it while a particular software is running, the installer asks for a restart at the end.
Now on some research I have come to learn that a restart is asked only when the installer wants to modify files that are currently locked by other processes.
Is there anyway that I can find out which is the file installsheild wants to modify? (but cannot because it is locked by another process)
I would also like to know if it is only file modifications that affect the restart/no restart or is it also associated with registry key modifications.
You can use WhyReboot after the setup, it will show you pending reboot file and registry keys that could not be modified during the setup.
You tagged your question with "windows-installer", so I'm assuming you're using InstallShield to author an MSI installer.
Run the other software app, do a complete log of your install, like:
msiexec -i file.msi -l*vx test.log
In the resulting log, look for all lines containing "RESTART MANAGER". You will get more data on what is prompting for the reboot.
In my case, my installshield project had a "RebootPrompt" User Interface at the end of the Installation sequence with a condition "NOT INSTALLED". So all new installations would always show that Reboot prompt even if not needed.
This question already has answers here:
Disable Vista UAC per-application, or elevate privileges without prompt?
(3 answers)
Closed 9 years ago.
Is there a way to get my .exe file to execute with administrator rights instead of me
killing the LUA at registry or right click file and running as administrator?
When I alter the registry it prompts the user which I don't want. I am only adding the file to kill the LUA to give the user full rights to execute my .exe file.
If I can just get it to execute as administrator it would save me editing the registry. I can't find the source code for the application. It is coded in Delphi so it is a problem to add anything and the .reg file needs to be run with the .exe files on Windows Vista.
How can this issue be resolved?
You can't. If you could do it, any exe could to it and that would defeat the purpose of the UAC (assuming arguendo you believe there is a purpose for UAC). You can manifest your exe to require administrator privileges, but that will not stop the user prompt.
There are two proper ways to do this:
As already noted mark your exe as requiring elevated privilleges - the user will be prompted when starting your program, administrator privilleges and user confirmation are required.
Create a service running as LocalSystem that is allowed to do anything without prompting the user. In this case you have to implement interprocess communication mechanism for the service to communicate with user UI program, which may not be trivial. For this scenario your program has to be installed by administrator, but after that may be used by anyone - this is common for corporate scenarios.
Generally speaking Vista compatibility may not be easy to achieve and depending on your software may require a lot of work.
I'm not able to test this since I've only got XP with me at the moment...
Try creating a batch file with the runas command in it.
Note that the password will still need to be entered but it may save a couple steps.
If you just want to avoid the right-click and run as admin you can rename the exe to something like xyzSetup.exe.
There is (hopefully) no way that you can bypass the prompt, otherwise anyone can do it.
If you are just trying to avoid repeated prompts and don't mind being asked for the password or permission once, you could use runas with the /savecred option.
Generally this problem is solved by installing a Windows service which runs as SYSTEM or an administrator account. Then your application can request the privileged action from this service.
Obviously to not pose a security threat ensure that your service can't run arbitrary code or something which might leave the all users vulnerable to privilege escalation attacks.
WinPcap and most of the other sniffing applications use a similar design to give sniffing access to unprivileged users.
Install your service during the first run (or in the installer, which will require an UAC prompt).
I will have to read up on this but I don't have access to my source so this would be a problem.