The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,351 other followers

Archive for the ‘Windows 10’ Category

authentication – Bypassing Windows 10 password with Utilman.exe trick – fixed? – Information Security Stack Exchange

Posted by jpluimers on 2021/05/03

It is debatable if these tricks are vulnerabilities or not: [WayBack] authentication – Bypassing Windows 10 password with Utilman.exe trick – fixed? – Information Security Stack Exchange.

There are arguments that leaving a system open to physical access or allow operating system manipulation, it means it is busted.

On the other hand, making systems more resilient to modification, helps alleviate these problems.

So it pays for developers to harden operating systems against modification.

From the question:

Of the sethc.exe, Utilman.exe, and osk.exe ones in Windows, Utilman.exe seems to have been fixed.

Related:

–jeroen

Posted in Power User, Windows, Windows 10, Windows 7, Windows 8, Windows 8.1 | Leave a Comment »

Windows 10: when “wmic path SoftwareLicensingService get OA3xOriginalProductKey” fails, try ProduKey from NirSoft.

Posted by jpluimers on 2021/05/03

Somehow, many Windows 10 systems, when I try on an Administrative command prompt wmic path SoftwareLicensingService get OA3xOriginalProductKey, the result is empty:

Microsoft Windows [Version 10.0.17763.475]
(c) 2018 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>wmic path SoftwareLicensingService get OA3xOriginalProductKey
OA3xOriginalProductKey



C:\WINDOWS\system32>

On those systems, NirSoft ProdyKey always works.

Having a product key at hand is a great help when re-installing Windows 10: often it does not automatically obtain a digital license on the same hardware.

Most of those systems have been upgrades from previous Windows versions, but not all of them: even some new systems have this behaviour.

Related:

–jeroen

Read the rest of this entry »

Posted in Power User, Windows, Windows 10 | Leave a Comment »

Posted by jpluimers on 2021/04/23

I had a curious error despite the build not having any failures on VirusTotal:

You have nirlauncher v1.23.42 installed. Version 1.23.43 is available based on your source(s).
nirlauncher not upgraded. An error occurred during installation:
 Operation did not complete successfully because the file contains a virus or potentially unwanted software.

nirlauncher package files upgrade completed. Performing other installation steps.
The upgrade of nirlauncher was NOT successful.
nirlauncher not upgraded. An error occurred during installation:
 Operation did not complete successfully because the file contains a virus or potentially unwanted software.
choco upgrade throwing virus error during nirsoft 1.23.43 update

choco upgrade throwing virus error during nirsoft 1.23.43 update

When upgrading, this briefly is visible in the Windows Security view “Virus & thread protection”:

So I need to figure out a few things before I can upgrade Nirsoft:

  1. Where choco upgrade downloads temporary files
  2. Where these temporary files store their intermediate and final files during installation
  3. How to temporarily exclude the locations of 1. and 2 in Microsoft Defender.

–jeroen

Posted in Chocolatey, Power User, Windows, Windows 10 | Leave a Comment »

Windows 10 Home: allow a certain user to have a non-expiring password

Posted by jpluimers on 2021/03/15

Sometimes it makes sense to have a user never expire the password.

On a non-home editions of Windows, this is easy: just run lusrmgr.msc, then in the UI change the property for the user.

On home editions of Windows, you cannot do this in a GUI: those bits are either disabled or completely unavailable.

I did this on a demo VM system on an elevated command-prompt:

C:\>wmic UserAccount where Name='developer' set PasswordExpires=False
Updating property(s) of '\\DEMO-VM\ROOT\CIMV2:Win32_UserAccount.Domain="DEMO-VM",Name="developer"'
Property(s) update successful.

To show the current state (before I changed it):

C:\>wmic UserAccount where Name='developer'
AccountType  Caption           Description  Disabled  Domain      FullName  InstallDate  LocalAccount  Lockout  Name       PasswordChangeable  PasswordExpires  PasswordRequired  SID                                            SIDType  Status 
512          DEMO-VM\developer              FALSE     DEMO-VM                            TRUE          FALSE    developer  TRUE                TRUE             TRUE              S-1-5-21-2478057260-1439466941-978077079-1002  1        OK     

Via: [WayBack] Cocosenor: 4 ways to disable or enable Windows 10 password expiration notification

–jeroen

Posted in Power User, Windows, Windows 10 | Leave a Comment »

Windows Users like “Window Manager\DWM-3” are virtual users

Posted by jpluimers on 2021/03/15

Having seen logon failures from user Window Manager\DWM-3 while on a public WiFi network, I did a quick search on [WayBack] “Window Manager\DWM-3” – Google Search.

It appeared somebody trying a dictionary attack on the RDP port of my Windows VM which was on the host Bridged Network (see [Archive.is] Help – VMware Fusion 6 Documentation Center).

This is a virtual user that is part of a series of users that the Desktop Window Manager started using from Windows 8 and up.

The first user always exist, DWM-2 and up are created for new dwm.exe processes (by winlogon.exe) when users start logging on through RDP connections to a Windows machine:

  1. Window Manager\DWM-1
  2. Window Manager\DWM-2
  3. Window Manager\DWM-3
  4. Window Manager\DWM-4

In addition to logging on as a new user, as of Windows 8, these also are created when shutting down and starting up (which Windows fools you by actually doing a kind of hibernate): [Wayback] windows 8 – What is winlogon.exe -SpecialSession? – Super User

Related:

–jeroen

Posted in Power User, Windows, Windows 10, Windows 8, Windows 8.1 | Leave a Comment »

 
%d bloggers like this: