Start Windows 10 sandbox in predefined state with additional software - windows-10

Windows 10 has a new sandbox which is based on a very small and fast Hyper-V VM. With every start of the sandbox you get a "fresh" Windows and on every sandbox termination, all changes are discarded.
My question is: Is it possible to define in which state the sandbox starts? E.g. is it possible to start the VM with pre-installed reversing tools or a script that is automatically run, as soon as the system is booted?
Use case: Due to it's fast start-up time and "throw away" characteristics, the Windows 10 sandbox would be a dream for automated malware analysis.

You can somehow change the behavior of the sandbox. For example run a script at start up or disable network. See here for a how to: https://medium.com/#maarten.goet/how-windows-1903-makes-malware-analysis-easier-introducing-windows-sandbox-3ec791c8367

In general, sandbox startup can be controlled by a startup configuration file:
Windows Sandbox supports simple configuration files, which provide a
minimal set of customization parameters for Sandbox. ... Windows Sandbox
configuration files are formatted as XML and are associated with
Sandbox via the .wsb file extension.
The specific ability to execute a script upon sandbox startup is documented here: https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file#logon-command
It says:
Logon command
Specifies a single command that will be invoked automatically after
the sandbox logs on. Apps in the sandbox are run under the container
user account. The container user account should be an administrator
account.
XML
<LogonCommand>
<Command>command to be invoked</Command>
</LogonCommand>
Command: A path to an executable or script inside the container that
will be executed after signing in.
Note
Although very simple commands will work (such as launching an
executable or script), more complicated scenarios involving multiple
steps should be placed into a script file. This script file may be
mapped into the container via a shared folder, and then executed via
the LogonCommand directive.

Related

How to start a service only when a user log to Desktop Environment

I trying to find a solution on starting a service or to execute a binary only when a user logs to his desktop environment. Basically, my binary is dependent on the Display environment of the user.
I tried with systemctl and PAM methods but unable to find a way. I tried with a script using cron, which would check the Display environment and start the binary. But i would like to use the service method rather than the cron method.
If your Linux environment is systemd based, you can create a systemd service unit for the user. See the ArchLinux wiki.
As your application depends on the graphical environment for the user, I think it can be safer to use the XDG way: a .desktop file under ~/.config/autostart (for a single user) or under /etc/xdg/autostart for all users. See the Desktop Application Autostart Specification.

Connect to multiple remote machines to run automation scripts

I am an automation engineer where I need to run 450 CodedUI scripts on multiple machines. I have 15 machines on which I run these scripts.
To resolve my trouble I am using Microsoft's tool Remote Desktop Connection Manager to login to these machines. But I am getting the error on failed scripts that "Either the window is locked or minimized", but when I used to directly login to these machines and run the scripts there were no such issues.
I am unable to find any resolution. I tried one more tool to connect to 15 machines , i.e. AppVision tool as well. Even with that tool I am facing the errors on all my scripts that Some control is blocking the control to be clicked in.
I need to know if I can have any other tool or way where I would be able to login to the machines in one go and run automation scripts without any errors.
Any help is appreciated.
Thanks in adavance.
Coded UI requires that the screen saver is disabled on the remote machines.
Coded UI interacts with the desktop of the machine running the tests. When the screen saver is active it controls the desktop and, effectively, prevents Coded UI from interacting with the application under test.
The question refers to "Microsoft's tool Remote Desktop Connection Manager" so perhaps you are not using test agent software to run the test. Check this Microsoft web page and this Microsoft forum question for more details on how to set up remote computers to run Coded UI.

How can I report an Azure startup failure to user

My company produces a tool that the user installs on the server prior to publishing their project. For Azure deployment we have a startup script (a simple .cmd file) that installs our tool. It has the recommended checks for repeat runs, and logs everything. The problem is that the user can't tell if there was an installation problem without RDPing to the role instance and checking the logs.
My question is: if there is a failure installing our tool is there any way to report it back to Visual Studio?
I don't believe there is. If I recall correctly, the startup tasks are fired off as part of the role's startup process (depending on the startup task type - simple, background, etc.). That script is running along with other things like the plug-in that configures Remote Desktop (which I believe the plug-in is a specially packaged type of startup script). I don't think there is anyway to report back (to whatever initiated the deployment operation) what startup tasks failed.

How to run Application.exe before windows startup?

I have a windows application with user Interface that do some stuff...
Now my client wants that, when he pushes the power button MyApplication run before he forced to input the username and password!
comment: the system is multi user on windows XP or Seven.
Is it possible anyway?
I found the way to do this was to create a scheduled task with a trigger for "on startup". This starts the application before windows logon. This is particularly useful in a server type environment if you need to have something run that is not a service.
It is simple. The process is.
Run gpedit.msc
Go to computer Configuration -> Windows Setting -> Scripts(Startup/shutdown)
Go to Startup properties then you will get the new windows.
Now add the program that you want to run before login.
The right way to do this is to implement a Windows service.
I've used this article here as I run a Minecraft server which I need to have the console interactive so I can manage the server and running it as a service is not a good solution in such a case: https://www.tenforums.com/tutorials/138685-turn-off-automatically-restart-apps-after-sign-windows-10-a.html
What I did was edit the registry:
Go to HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Create a new DWORD value (if this DWORD doesn't exist already) and
call it RestartApps with the value of 1
This now starts apps that usually startup before you log in and starts the programs in shell:startup
You can not run an exe without first loading the operating system. You can, however, run the exe without logging in first. Just add copy and paste the shortcut for the exe into C:\Documents and Settings\Administrator[or other user name]\Start Menu\Programs\Startup. Then check msconfig to make sure your exe is checked to run on startup.

IIS executable not executing

I have been looking at an issue for a week straight and have been unable to figure it out and I am desperate for the fix.
On a client site, we have two environments: UAT and PROD. UAT works perfect (Please keep this in mind). We are now trying to deploy the solution to PROD but certain parts of the solution are not working.
We have developed an asp.net application that we provide to clients to allow them to invoke SSIS packages (there are a couple of drop downs that they first select then click a button named "invoke").
When the user clicks the Invoke button, a batch file named InvokeSSIS.bat is called that assembles a command line call to dtexec with the appropriate parameters.
I'm having a problem with a particular package that is responsible for calling an executable which generates a spreadsheet that i will be importing into my system.
The executable is on an mapped H:\ drive.
I have modified the InvokeSSIS.bat batch file to capture the command the batch file is generating. If I execute this command from the command line, it works perfectly. From the webapp Invoker, it executes the package but the tasks responsible for calling the executable doesn't execute as the entire package takes only 1 second to complete (whereas it should take about a minute.)
The executable DOES have a GUI, but it is NOT interactive. This is because when you call the GUI with specific parameters, it automatically runs in batch mode and executes a macro used to generate the desired spreadsheet.
I know this is ok because it works on the UAT server AND it works from the command line!
I have checked the permissions on the executable (bu right-clicking the executable and clicking properties.) I have granted Full Control on the executable to the same user specified as the identity tab of the application pool i am using.
Can someone please help me? As I said I am dying over here!
Please let me know if you have any ideas or what other info you need.
Environment (both UAT and PROD)
OS: Windows Server 2003
IIS 6
asp.net 2.0
SQL Server 2008
Thanks!
Steve
You can't use a mapped drive with IIS.
You must use the \\servername syntax to reach files on other systems.
I agree with user544284 that this is at least in part a mapping issue. I'll ignore for a minute the complete insanity of having a web application call a batch file to start an executable that's on a remote network drive through a drive letter mapping.
Most likely the UAT box has something set up that maps that drive letter for you which Prod is missing.
The only other possibility is a security violation is occurring. Running .exe's from a network drive is generally frowned on. Do the two environments have the exact same version of windows? Are they configured the same with regards to UAC? Any differences here are going to be important.
Which brings up an interesting thought. I wonder if someone logged in to the UAT server using the same account credentials the app pool is using and added the ip address of the machine where the exe lives to the list of "Local Intranet" sites... Or, if they installed SSIS on the UAT server itself.
Just because YOU can log in to the server and run it on the command line means nothing. You have to find out if the drive letter is mapped at all for the user that the web app is running under and whether that user has the required security bits and whether the local OS will allow it regardless.
Okay, I can't ignore it: hairbrained is the nicest adjective I can come up with for this "architecture". Do yourself a favor and go back to the drawing board on this one. It has the word "brittle" written all over it, as you have already found. Instead of building out a batch file to call dtexec, just do it directly either by something like this or this.

Resources