The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 1,380 other followers

Archive for the ‘Windows’ Category

PowerShell – query reboot/shutdown events

Posted by jpluimers on 2018/06/19

Thanks [WayBackgbabu for the below PowerShell ide

As PowerShell command:

Get-EventLog System | Where-Object {$_.EventID -eq "1074" -or $_.EventID -eq "6008" -or $_.EventID -eq "1076"} | ft Machinename, TimeWritten, UserName, EventID, Message -AutoSize -Wrap

Based on it and my own experience, thse Event IDs can be interesting:

  • 41 – The system has rebooted without cleanly shutting down first
  • 109 – The kernel power manager has initiated a shutdown transition.
  • 1073 – The attempt by user [domain]\[username] to restart/shutdown computer [computername] failed.
  • 1074 – The process [filename].[extension] has initiated the restart of computer [computername] on behalf of user [domain]\[username\ for the
  • 1076 – ???
  • 6008 – The previous system shutdown at [time-in-local-format] on [date-in-local-format] was unexpected.

You can also run this as a batch file, but not you need to escape the pipe | into ^| like this:

PowerShell Get-EventLog System ^| Where-Object {$_.EventID -eq "1074" -or $_.EventID -eq "6008" -or $_.EventID -eq "1076"} ^| ft Machinename, TimeWritten, UserName, EventID, Message -AutoSize -Wrap

If you have PowerShell 3.0 or greater, then you can use the [Archive.is-In operator:

PowerShell Get-EventLog System ^| Where-Object {$_.EventID -in "41", "109", "1074", "6008", "1076"} ^| ft Machinename, TimeWritten, UserName, EventID, Message -AutoSize -Wrap

–jeroen

Posted in Batch-Files, CommandLine, Development, Power User, PowerShell, PowerShell, Scripting, Software Development, Windows | Leave a Comment »

stascorp/rdpwrap: RDP Wrapper Library – up to 15 RDP sessions on any Windows edition including basic/home/core

Posted by jpluimers on 2018/06/04

RDP Wrapper works as a layer between Service Control Manager and Terminal Services, so the original termsrv.dll file remains untouched. Also this method is very strong against Windows Update.

I’ve tested this on Windows 7 Home Premium and it works fine, see the log below. On Windows 10 Fall Creators Update and up, I had to get the rfxvmt.dll files (in %windir%\System32 and %windir%\SysWOW64) from a Windows Professional system, see Known Issues. You can download them from the repository as well.

  1. Download from github.com/stascorp/rdpwrap/releases
  2. Unzip
  3. Run the install.bat:
C:\Users\jeroenp\Downloads\RDPWrap-v1.6.1>install.bat
RDP Wrapper Library v1.6
Installer v2.3
Copyright (C) Stas'M Corp. 2016

[*] Notice to user:
  - By using all or any portion of this software, you are agreeing
  to be bound by all the terms and conditions of the license agreement.
  - To read the license agreement, run the installer with -l parameter.
  - If you do not agree to any terms of the license agreement,
  do not use the software.
[*] Installing...
[*] Terminal Services version: 6.1.7600.16385
[+] This version of Terminal Services is fully supported.
[+] TermService found (pid 1168).
[*] Shared services found: CryptSvc, Dnscache, LanmanWorkstation, NlaSvc
[*] Extracting files...
[+] Folder created: C:\Program Files\RDP Wrapper\
[*] Downloading latest INI file...
[+] Latest INI file -> C:\Program Files\RDP Wrapper\rdpwrap.ini
[+] Extracted rdpw64 -> C:\Program Files\RDP Wrapper\rdpwrap.dll
[+] Extracted rdpclip6164 -> C:\Windows\System32\rdpclip.exe
[*] Configuring service library...
[*] Checking dependencies...
[*] Checking CertPropSvc...
[*] Checking SessionEnv...
[*] Terminating service...
[*] Starting CryptSvc...
[*] Starting Dnscache...
[*] Starting LanmanWorkstation...
[*] Starting NlaSvc...
[-] StartService error (code 1056).
[*] Starting TermService...
[*] Configuring registry...
[*] Configuring firewall...
OK.

[+] Successfully installed.
______________________________________________________________

You can check RDP functionality with RDPCheck program.
Also you can configure advanced settings with RDPConf program.

Druk op een toets om door te gaan. . .

C:\Users\jeroenp\Downloads\RDPWrap-v1.6.1>rdpcheck

Note that this “error” is normal: [-] StartService error (code 1056). as it means the service is already started: [WayBackSystem Error Codes (1000-1299) (Windows)

ERROR_SERVICE_ALREADY_RUNNING

1056 (0x420)
An instance of the service is already running.

–jeroen

Posted in Power User, Remote Desktop Protocol/MSTSC/Terminal Services, Windows | Leave a Comment »

Windows 10 added one more account: WDAGUtilityAccount

Posted by jpluimers on 2018/05/28

As of Windows 10 fall creators update, the WDAGUtilityAccount was added, so the default accounts on such a machine are these:

  • Administrator
  • DefaultAccount
  • Guest
  • WDAGUtilityAccount

Then there is one account for the user that installed the system (which is named by that user).

Windows Defender Application Guard is the reason for WDAGUtilityAccount as explained here:

–jeroen

Posted in Power User, Windows, Windows 10 | Leave a Comment »

Microsoft is gestopt met gratis Windows 10-upgrade via toegankelijkheidspagina – Computer – Nieuws – Tweakers

Posted by jpluimers on 2018/05/21

[WayBack] Microsoft is gestopt met gratis Windows 10-upgrade via toegankelijkheidspagina – Computer – Nieuws – Tweakers

Licenses: Retail, OEM, ODM, VLK.

[WayBack] Activation in Windows 10 – Windows Help

Notes

  • Microsoft doesn’t keep a record of purchased product software keys.
  • For help finding your product key, see Find your Windows product key.
  • If you don’t have a product key, you can purchase a Windows 10 license after installation finishes. Select the Start  button > Settings  > Update & Security  > Activation . Then select Go to Store to go to the Windows Store, where you can purchase a Windows 10 license.

–jeroen

Posted in Power User, Windows, Windows 10 | Leave a Comment »

dzComputerInfo: a small tool that shows a window on top of all other windows displaying the computer name and currently logged on user.

Posted by jpluimers on 2018/05/18

Interesting as bgInfo does not support top most windows or overlay: it only does the Desktop background, and you need to go through hoops to recreate the background on each logon:

Enter dzComputerInfo. It’s a small tool that I wrote the evening after the above incident which does exactly one thing: It shows a window on top of all other windows displaying the computer name and currently logged on user. Since the window is so small and it places itself automatically just above the start button, it does not really become a nuisance.

The tool and the source code is available from sourceforge, if anybody else thinks he has a use for it.

The G+ thread also the interesting comment by Gaurav Kale:

The Classic Shell Start button supports environment variables in its tooltip. So just specify: %username% on %computername% for the Setting called “Button Tooltip”. Then to see the currently logged on user and computer name, you just have to HOVER over the Start button!

–jeroen

Posted in Power User, SysInternals, Windows | Leave a Comment »

 
%d bloggers like this: