I'm attempting to configure an SMB file sharing server on a Windows CE 6 device.
My initial attempts have mostly been with the desktop version of NK.exe.
When I start, SMB0: is running as smbserver.dll
I've set (hopefully) suitable registry values, and then re-started the SMBServer process:
services refresh SMB0:
However, I never see the service advertised when I attempt to attach an SMB client (for example, by looking for file shares in desktop windows, or attempting to connect an SMB client to the IP address of the WinCE device.
I wonder if it's necessary for the SMB registry settings to be available at boot time? My devices is NOT using a hive-based registry, so the registry settings aren't available a boot time. I'd hoped that refreshing the SMB server process would be enough to get file sharing going. That way, I can just set the registry values programatically in my application program, restart the SMB service, and not have to rebuild the kiosk NK.exe (the kiosk NK.exe seems to include the smbserver.dll - it was built by a not very competent third party, and the tools to rebuild it go back to Visual Studio 2005. It would be "interesting" to rebuild NK.exe).
Do I need to rebuild the OS to use a hive-based registry?
Any ideas?
My registry settings are all under HKEY_LOCAL_MACHINE:
Ident\Name "aName"
Ident\Desc, "A string"
Ident\OrigName "Another string"
\Services\Smbserver\SMB\Shares\VirtualRoot\Type Dword:0
\Services\Smbserver\SMB\Shares\VirtualRoot\Path "a valid path"
\Services\Smbserver\SMB\Shares\VirtualRoot\UserList "*"
\Services\Smbserver\AdapterList "*"
\Services\Smbserver\Keep DWord:0
\Services\Smbserver\Prefix "SMB"
\Services\Smbserver\Index DWord: 0
\Services\Smbserver\SHARES\UseAuthentication DWord:0L
As you can see, I've temporarily turned authentication off - I'm hoping to start by getting this to work in the CE desktop environment, and then add authentication, and getting it to work in the kiosk environment.
I'd be grateful for any help!
I would say you need to set "Keep"=dword:1 as per the MSDN docs:
Keep Default set to 1. If this is set to zero (0), the DLL will be
unloaded immediately after initialization.
The SMB server does not require a hive-based registry. We've used it on multiple projects with only a RAM-based registy.
For reference, these are the registry settings we use on CE 7 to expose the root folder as \\<IP address>\Root:
[HKEY_LOCAL_MACHINE\Services\SMBServer\Shares\Root]
"Path"=""
"Type"=dword:0
[HKEY_LOCAL_MACHINE\Services\SMBServer]
"AdapterList"="*"
"Keep"=dword:1
"Prefix"="SMB"
"Index"=dword:0
"DLL"="smbserver.dll"
"Order"=dword:12
[HKEY_LOCAL_MACHINE\Services\Smbserver\Shares]
"UseAuthentication"=dword:0
"NoSecurity"=dword:1
There's another issue at play here, which is that the Windows CE 6 SMB server default to using NTLM ver 1. Windows 7 and above, by default, require NTLM version 2.
In order for your Windows 7+ system to see the SMB share, it's necessary to modify the security policy:
On Windows 7, run secpol.msc, find Security Settings -> Local Policies -> Security Options. Look for LAN Manager Authentication Level, and set it to 'Send NTLM response only’
Related
Is it possible to deploy installers (for example Chrome browser .exe file) to install on Windows client computers across all office buildings using OpenLDAP? The OpenLDAP is installed on CentOS 8. If it is not possible can Active Directory Help Me?
Why would you use a directory service to store binary files? This might be possible but it's a terrible idea.
Active Directory is a broad suite of tools. AD Domain Services is basically the OpenLDAP equivalent https://social.technet.microsoft.com/wiki/contents/articles/699.active-directory-domain-services-ad-ds-overview.aspx and doesn't do what you want
AD GP (Group Policy) allows you to push software https://learn.microsoft.com/en-us/troubleshoot/windows-server/group-policy/use-group-policy-to-install-software but if you're only using it to push a Chrome installer, it's overkill to set it all up. It does work though!
You can also use SCCM (oh I guess it's called MECM now, haven't touched it in a hot minute).
I reinstall Ubuntu 16.04 Desktop 32bit on an old laptop and setup samba as https://tutorials.ubuntu.com/tutorial/install-and-configure-samba#0 mentions. When I try to connect from a Windows 10 or Windows 7 machine I get the following:
Windows can't communicate with the device or resource(192.168.1.50)
The resource is available but is not responding to connection attempts.
any suggestion?
I had a similar problem.
The problem is that Windows did not ask me for the samba user credentials and only generated an error 0x80070035.
So I did the following:
Go to "This PC"
Click on "Map network drive"
As Folder add "\\samba server IP \ share name"
Check the "Connect using different credentials"
Finish
Now windows should ask you the samba user credentials.
I have this problem and able to fix this with Windows 10 and Ubuntu 20.04 Focal Fossa without installing SMB v1 or change the regedit. There are few things need to be changed in /etc/samba/smb.conf
passdb backend = tdbsam
security = user
Change the networking
#### Networking ####
# The specific set of interfaces / networks to bind to
# This can be either the interface name or an IP address/netmask;
# interface names are normally preferred
interfaces = 192.168.100.63 wlp1s0
bind interfaces only = yes
And change user
#map to guest = bad user
force user = username
Don't forge to add your username into smb. The detailed step with images documented over here:
https://www.yodiw.com/install-samba-ubuntu-20-04-and-windows-10-sharing/
In /etc/samba/smb.conf should add this
[global]
client min protocol = SMB3
client max protocol = SMB3
In windows 10 should edit this
enter in Local Group Policy Editor (search in windows) Computer Configuration -> Administrative Templates -> Network -> Lanman Workstation -> Enable Insecure Guest Logon - Enabled
After a long battle with accessing samba share located on Debian VM from Windows 10, these steps saved my life:
Open the Local Group Policy Editor (gpedit.msc).
In the console tree, select Computer Configuration/Administrative Templates/Network/Lanman Workstation.
For the setting, right-click Enable insecure guest logons and select Edit.
Select Enabled and select OK.
You can also take a look at the EventViewer to inspect the Microsoft-Windows-SMBClient/Security section. In my case there was an error "Rejected an insecure guest logon." before above steps was applied.
More info can be found here - https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/guest-access-in-smb2-is-disabled-by-default
Samba (SMBv1 protocol) is no longer supported on Windows 10. To temporarily re-enable the SMBv1 protocol on Windows 10 follow these steps:
Open Control Panel.
Click on Programs.
Click on Turn Windows features on or off link.
Expand the SMB 1.0/CIFS File Sharing Support option.
Check the SMB 1.0/CIFS Client option.
Click the OK button.
Click the Restart now button.
I hope that helps. You should only use these steps as a temporary solution.
Reference: https://www.windowscentral.com/how-access-files-network-devices-using-smbv1-windows-10
I have Visual Studio 2013 and a pretty basic MVC web application.
When I am connected to my work network (hard wire or VPN) I can open up VS without issue. However when not connected to my work network I get the following error:
---------------------------
Microsoft Visual Studio
---------------------------
Creation of the virtual directory http://localhost:54156/ failed with the error: Unable to access the IIS metabase. You do not have sufficient privilege to access IIS web sites on your machine.
---------------------------
OK
---------------------------
I've tried granting my user rights to IIS via the aspnet_regiis -ga mydomain\myuser and that did not help.
I am certainly running VS as an administrator. It works just fine when connected to the network. Our security and server teams do not seem to understand why this would behave this way.
Is this IIS Express? I (and those I work with) often get a similar error due to the domain login script encrypting My Documents. It's fixed by simply decrypting
Documents\IISExpress\config\applicationhost.config
Not sure if that's the issue here though;
Ultimately I believe this to be an issue between our network policies and the IIS and .NET installs.
When I was off network it could not access the cached user folders. Switching from having the home drives on network to having them local did not fix the issue (assuming some files were still referencing the network location).
I had my system refreshed and started with my user folders as local and have not had the issue since.
I know it's an old question, but at my location the user profile is stored on the network. When I checked to see if the IISExpress application was encrypted as Chad Schouggins suggested, I didn't even have a documents folder. Ultimately, the answer was really simple:
turn the machine off and back on again.
I have some problems regarding WMI scripting on Windows 8. More precisely, remote connection from Win7(not that relevant) to Windows 8. Note that the following issues do not happen when the client machine runs Windows 7.
First one is getting data regarding the current shares on that machine. Specifically, I am trying to get the Path property of the shares, that is local path.
In windows 7 it works perfectly, in windows 8 however it returns null(ran with wbemtest from remote computer).
First I thought that there is a problem with the WMI system. Then I ran the same query directly on the win8 machine. That returned the actual local path of the share. This led me to believe that there are problems with the WMI security on that machine.
Another issue I have with WMI on win8 is that it does not allow me to run things as Administrator, even though the user used to log is is the Administrator.
Regarding the security settings on the win8 machine, I gradually lowered them to try the exact position in which I can operate. I have reached the level where Everyone has every access, so it is the lowest security possible. Hope someone can help.
After a few days of just playing with security around Wmimgmt.msc and dcomcnfg I finally found a way to run wmi as administrator on a remote machine. Although this is not exactly what I did, I found that this works great: I activated the Administrator account: net user administrator /active:yes. Then I entered User accounts and set a password for the Administrator account. I then opened Wmimgmt.msc and set allow on all security for the Root node and cimv2 node. After this Wmi remotely(logged on as administrator) works as a charm
I now have my Windows Azure environment set up so that I can access my Worker Role with Remote Desktop. However, I'm not sure how to proceed at the moment. After much digging I found a web site that was offline but in Google's cache there was mention of attaching to the Worker Role running in the Azure Cloud from the Visual Studio debugger. But I only have Visual Developer (not studio) 2010 and I have searched all over and as far as I can see there is no such option to attach to a remote server. I am able to publish my project to the Azure Cloud without error and I have a "healthy" instance of my Worker Role showing as active and running.
I did connect with RDP through the Azure Management portal. The login worked fine and up came the remote desktop window. I searched through much of what I could find and was unable to find my Worker Role. I must have the wrong impression of RDP, because I had hoped to see the Worker Role's main display form when I logged in, just like I do when I debug it locally in the Cloud Emulator. But instead all I saw was a blank desktop with some base level server inspection and management routines. I even checked the Event Viewer for Application related messages and saw none.
So now I'm stuck wondering if my Worker Role is actually running or not, despite the seemingly positive status messages from the Management Portal, and I still want to attach to my Worker Role for debugging through Visual Developer, if it's possible, but I am unable to figure out how.
Anyone with experience in this area that can give me some solid tips on what to do next, please respond.
UPDATE: I believe my worker role may be running because I opened a command window and did a Netstat and saw it listening on the correct port. However, that may just be my Worker Role shell class that starts the custom EXE I have it launch as a spawned proces. I still haven't confirmed if my custom EXE is running yet.
UPDATE-2: Just ran TaskList from a command window and the custom EXE is listed.
UPDATE-3: Everything is working as I just ran a remote test of the service so that's not a problem. Still want to know how to attach to the Worker Role from Visual Developer 2010 for remote debugging, and if it's possible to see the custom EXE's display form like I do when doing local debugging in the Cloud Emulator.
-- roschler
There is a set of articles here which goes in length on how to set up for remote debugging in Azure:
http://blogs.u2u.be/peter/post/2011/06/21/Remote-debugging-an-Azure-Worker-role-using-Azure-Connect-Remote-desktop-and-the-remote-debugger.aspx
http://blogs.u2u.be/peter/post/2011/06/24/Remote-debugging-an-Azure-worker-role-using-Azure-Connect-remote-desktop-and-remote-debugger-part-2.aspx
http://blogs.u2u.be/peter/post/2011/06/26/Remote-debugging-a-Windows-Azure-Worker-Role-using-Azure-Connect-Remote-desktop-and-the-remote-debugger-part-3.aspx
The key takeaway is that you don't need to actually install Visual Studio on Azure, you only need to copy the Remote Debugger bits and then use Azure Connect to add your developer machine to the Virtual Network.
You can setup Remote Debugging with Visual Studio 2012
http://code.msdn.microsoft.com/Remote-Debugging-Windows-dedaaec9
When you say:
But instead all I saw was a blank desktop with some base level server inspection and management routines.
this is exactly what you get with an Azure VM. It's a basic OS install, plus the bare minimum of Azure stuff it needs to run and the code you've uploaded. There's no fancy monitoring or health checks available on the machine by default, you're expected to have provided those yourself to have them available without having to RDP into the machine to check on it.
RDP is very good for tracking down certain problems, like checking that a startup task will run, checking which directories items are installed in and just generally being nosey. If you need extra tools to track down a problem, you can just install them while you're connected to the server. For example I have RDPed into a server and installed the Microsoft Debugging Tools, to track down a memory issue.
I suppose you could remote into your VM, install Visual Studio there, and debug the process...
I also suppose it might be possible to enable remote debugging (not sure what's involved there, but such a thing exists, and it works over TCP) and debug from a local instance of Visual Studio.
To my knowledge, neither is commonly done.
Based on other answers, you would be better off writing a log file to a local storage. You can read the file from RDP if you reallyhace to. Keep in mind, debugging on Azure isn't really simple, and rightly so.
What I was thinking though was, maybe you could run the process using the user's credentials. I can't verify at the moment, but you have a better shot of seeing the ui when you rdp.