Martin Zugec blog

SDS - welcome (focused) betatesters!!!

Hey guys!

There was quite silence around SDS for a while... However right now we are beginning with Wiki and first betatests!

Please, ignore the layout of pages - no time at all available to work on it :(

What I want to do know is following. There ARE many bugs in SDS. I know about them. I want to use “focused” betatest - that mean to debug one part before moving to another.

Right now I am trying to debug SDS “out of box” - it means basic installation and running manual test.

If you go to SDS Wiki, you can find build 0007 in downloads section. At bottom there is first Feature test.

Please try it and let me know about results...

P.S.: This is FEATURE betatest. You can try anything you want in SDS. Just dont report it now. Write notes about it and let me know when that feature will be focused ;) Please report only issues related to FBT1 (feature betatest 1).

P.P.S.: The link is http://sds.imatic.cz - it was little bit invisible when included in previous post.

Use empty password - they are more secure! (sometimes ;))

Hey guys!

Few times I encountered that people are really surprised when they noticed I am not using passwords all the time.. So for example my local administrator have empty password...

You may ask why? Answer is quite simple - when your account dont have password, you can use this password ONLY for local logon. You cant access that computer from network, you cant use it with runas etc...

LUA post no. 2 - using different user account for application

Well, sometimes you encounter application, that just WONT run under user... Many people are trying to solve this by running that particular application under different account... They use RunAs+Sanur or AutoIt RunAsSet command...

However there is also one tool available from Microsoft - it is called EPAL -

http://www.microsoft.com/downloads/details.aspx?FamilyID=cf3cc921-9b8e-4266-a905-2e2a20217ce0&DisplayLang=en

I think it can be sometimes really usefull, however I dont understand WHY there isnt anyone (even from Microsoft) that know something about this utility :(

It is based on Active Directory - first you must register your application to AD using

epal.exe /r /c:OU=<application>,OU=EPAL,OU=MyBusiness <application.exe>

After successful registration, new OU is created in AD... There is user, under which account the application will launch (I usually create ElevatedApps group, that is in local administrators) and group with users, that are allowed to run this application using EPAL.

If you want to run this application elevated, you must perform following tasks:

1.) Add user to group <application> Application Users

2.) Add <application> user account to local administrators (in my case add this account to ElevatedApps group)

3.) Create new shortcut with EPAL /c:OU=<application>,OU=EPAL,OU=MyBusiness <application.exe>

And thats it! When you click on shortcut, the application will automatically launch under elevated user account

Jim of Seattle - Duel with OS :)

This is REALLY nice :)

I recommend, it is song based (or combined with?) on sound from Windows...

http://www.songfight.org/music/welcome_to/jimofseattle_wt.mp3

LUA post no.1 - basic

Have you ever encountered following situation?

In one of companies I am responsible for users were always Administrators... There are around 1500 computers with different set of applications - many of application were written only for this company...

This is the worst scenario if you want to remove users from Administrators group... Ehm, this wasnt true - removing users from Administrators is really easy, the hard part is to achieve situation where every application is working as expected.

Today I will talk about most simple situation - application is trying to write to directory like %ProgramFiles%\Vendor\Application.

How to know where is it trying to write? I recommend FileMon from SysInternals, however there are more advanced techniques that I will describe later.

Using FileMon you will find a list of paths where application is accessing.

Now the second part - using group policy, you will apply security template, that will change permission on these directories.

I cant write you the exact step-by-step procedure, because I dont have EN Windows around :( However here is page from microsoft, where you can find every information you need:

http://support.microsoft.com/default.aspx?scid=kb;en-us;q313434&sd=tech

You can use the same procedure to setup security on registry.

Alternate Data Streams - remember my ex-blog entry? :)

Hey guys,

I am back :) Sorry for delay, but times are hard...

Well, yesterday I encountered nice feature in Vista`s dir command - it have new /r switch, that will show you data streams in files! Finally some built in tools, however I am missing ability to use filter (/a) to show ALL files with data streams... I will post this as feature request probably...

However what are data streams (ADS)? They allows you to write additional informations to files - this informations wont be visible and wont change the size of file. I use them sometimes, when I want to add comment to some files on my HDD, also some antivirus (etrust) use them.

Lets show some examples:

1.) Run CMD :)

2.) Now create file ADSHide.txt

Echo. > ADSHide.txt

3.) Check file size. As you can see, it is empty file. Now we will add calculator and notepad to ADSHide.txt:

                Type %WinDir%\System32\Calc.exe > .\ADSHide.txt:Calc.exe

                Type %WinDir%\System32\Notepad.exe > .\ADSHide.txt:Notepad.exe

4.) Ok, now check the size of ADSHide.txt again - as you can see, it didnt change :)

5.) And are the ADS for ADSHide.txt really created? Lets check it:

                 Start .\ADSHide.txt:calc.exe

                 Start .\ADSHide.txt:Notepad.exe

As you can see ADSs are really powerfull and dangerous - that is why I am really glad we finally have a way to look on them built into OS.

Great strip!

Hey guys, do you know UserFriendly, the best friend of every bored helpdesk geek? :)

If not, look here:
http://ars.userfriendly.org/cartoons/?id=19971117&mode=classic

I STRONGLY recommned :)