Remko Weijnen's Blog (Remko's Blog)

About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like

Archive for the ‘Programming’ Category

TSAdminEx Features Part 1

Part 2

Now that a TSAdminEx beta is ready I will be showing you some features. In this part 1 I will be comparing the Users view to TSAdmin.

Let’s start TSAdmin, this tool is present by default on Windows 2003. If you use Windows XP or Windows Vista you can get it by installing the Administration Pack. Please note that TSAdmin does not work on Vista RTM due to a bug that was corrected in Vista SP1 (TSAdminEx works fine on both RTM as well as SP1)

TSAdmin1

Now let’s open TSAdminEx and start comparing…

TSAdminEx1

(more…)

TSAdminEx Beta release

Over the last months I have been working hard on TSAdminEx and now, finally, I can now present a first beta release.

If you don’t know what TSAdminEx is let me briefly introduce it. TSAdminEx is a tool that combines functionality of several existing tools: it has the power of task manager combined with the details of Process Explorer and the Terminal Server support of TSAdmin. On top of that it fully supports remote systems out of the box without installing any agents or services. It also has some unique features that neither of the mentioned tools can do!

Several new features have been implemented since the last time I talked about TSAdminEx and I will show you the most exciting ones here:

(more…)

In part 1 I showed how to create and open objects in Terminal Server Sessions. However, these are not all of the possible places where you can place objects via documented kernel32.dll functions.

If we look into Winobj again, we notice, that every BaseNamedObjects directory has a subdirectory named Restricted. To be honest, I do not know why it’s created; it’s security allows object creation for LocalSystem and RESTRICTED special user (in windows 2000, Everyone can also create objects in it). So, we can use it as prefix for object creation, for example, Restricted\MyAppEvent: RestrictedObject

Of course, you can still use Global, Local, or Session links (more…)

As you know, many kernel32.dll functions, which are working with named objects, like OpenEvent, can be used to work with global and local objects. So what are global and local objects? Global objects are created in session 0 and are actually located in the \BaseNamedObjects directory, while local objects are created in the caller’s session (for example in the \Sessions\5\BaseNamedObjects directory (for session 0, global and local has no meaning since they point to the same object)). MSDN says that you can access only the objects in your own session(via the Local\ prefix) and in session 0 (via the Global\ prefix). But what if you need to access an object in another session? (more…)

Locking a workstation – part 2

In part 1 I showed how winlogon.exe registers its process and main window handle.

In the SasCreate function, winlogon.exe registers hotkeys like this:

Did you notice the MOD_SAS constant? (more…)

Locking a workstation – part 1

Win32 API provides only 1 function for locking workstation, named LockWorkstation. What does it do and how we can use it?

When a new session is started, smss.exe invokes winlogon.exe. It registers its process id in win32k.sys by calling RegisterLogonProcess. It has this prototype: (more…)

Converting a volume name to a device name

Windows has a couple of different formats for volume names but it is unclear how to convert a Volumename (example: \\?\Volume{GUID}\) to a DeviceName (example: \Device\HarddiskVolume1).

I found at that you can use the QueryDosDevice function but you need to remove the preceeding \\?\ and the trailing \ of the VolumeName:

One of the side effects of using sysprep to prepare an image is that drive letter assignments are reset to default. This behaviour is documented in a knowledge base article.

I previously solved this by running a diskpart script but that needed a custom script for each system (if the disk or partition order differs the script needed to be adjusted). So I needed to run a restore with sysprep determine the drive layout after sysprep, change the script, test by restoring again. So I wrote a commandline tool that can change a drive letter assignment based on the volume label.

(more…)

Part1

Let’s write our own Credential Server implementation.

At first, we need to create a named pipe with a unique name. Let’s construct the pipe name using a GUID – this should be unique, but we can do it in a cycle to be absolutely sure: (more…)

I think many of you have got experience with multiple Terminal Server Sessions in windows XP, also called Fast User Switching (FUS). Let’s get inside this cool feature.

How does FUS work? Each session has its own winlogon.exe. It draws the same interface which looks like the screenshot below:

multiple-users-logged-on

(more…)

Blogroll


Categories


Archives