Group policy in RDP connections - windows-server-2008-r2

So I've backed myself into a corner - I wanted an application or command to run when a user logged in over RDP to a server. As per a best-practice suggestion on a Microsoft site, I set up this program to run under group policy rules and now I have a dilemma:
I log into my server via RDP, the default program launches and then immediately logs me out without a chance for me to do anything.
How can I get into the box again to change this setting? Server is Windows 2008 r2 with terminal services installed on a remote IP.

Could you just remove\edit the GPO, wait a bit, and then reboot the server? You could still send it the "shutdown /m \computername". You could also use psexec to remotely run "gpupdate /force" before rebooting.
If you set that up as local group policy, then you can try opening mmc, choosing the Group Policy editor, and pointing it to that machine to edit the policies. In more detail:
Start --> Run --> mmc
File --> Add/Remove Snap-in
Under the Standalone tab, click Add...
Choose Group Policy Object Editor
In the following wizard, click the Browse button
Click the "Computers" tab, select the Another computer radial button, and type the name or Browse to the remote computer
Click OK, then Finish, then Close, and finally OK
Also you could maybe edit/add a logon script that runs "shutdown -a" to abort logoff/shutdowns, but that may not work due to timing.
You didn't mention if this was Domain, or local, but those options should take care of either.

Related

The WS-Management service cannot process the request .The service is configured to not accept any remote shell requests

We have Windows Server 2019 and I am trying to enable IIS feature on it but getting this error 'The WS-Management service cannot process the request. The service is configured to not accept any remote shell requests.'.
i have enabled remote shell access, but still i'm getting same error
Any help would be appreciate. Thank you.
This error occurs when AllowRemoteShellAccess is disabled for a group policy, you can try below steps to slove the issue:
Open Local Group Policy Editor (gpedit.msc).
Open Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components >Windows Remote Shell.
Double-click AllowRemoteShellAccess.
Set its value to Enabled.
Click OK.
Open a CMD window.
Run the following command: gpupdate/force.

Wrong time in the Windows on dual-boot PC (Winwows/Linux)

On my PC I use two operation systems Windows 8 and Ubuntu 14.04. I noticed that after booting Linux and then rebooting to Windows, Windows show the wrong time (Windows clock is 2 hours behind).
I checked in the Linux - time is correct.
I checked time settings - both OS have UTC+2 time zone and option to set time from the Internet.
If I correct time in Windows and do not boot Linux everything is O.K. But at list single loading Linux makes time shift.
I have tried to remove the option for setting time from the Internet.
But manual time setting option changed nothing. What should be done to see the same time in the both operating systems?
That's very popular problem.
All you need to do (and that's really the rightest way) is to say Windows that you hardware time is UTC.
To do it just add the following DWORD key to the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\RealTimeIsUniversal
and set its value to 1.
Also you can youse QWORD key instead of DWORD if you have 64bit Windows. But, as far as I know, it's not necessary.
The simplest solution is to set time zone UTC (London) in Linux.
I faced a similar problem, and my solution is quite simple without changing any configs of your operating system.
Requirements: Need to have a internet connection for time sync. Have admin privileges.
You need to enable windows time service
Go to services by typing in the search bar.
Open services
Search for windows time service (W32Time)
W32Time Service
Change the Startup Type to Automatic
Change Startup type
Creating a small bat script file
Open Notepad and create a file with the following command.
w32tm /resync
Save it anywhere with .bat extension. (Remember its location)
Schedule a task
Go to Task Scheduler by typing it in the search bar
Open Task Scheduler
Right click on the empty space > create new task
Create New Task
Give your task a name and description
Change "When running the task, use the following user account" to any admin user or admin group account.
Select "Run whether user is logged on or not"
Check the box for "Run with highest privileges"
Check the box for "Hidden" and "Configure for" = Windows 10
Go to Triggers tab, add the following triggers by clicking on "New..."
First Trigger
"Begin the task:" Select "At startup"
In Advanced settings, check the box for Enabled
Second Trigger
"Begin the task:" Select "At log on"
"Settings" Select "Any user"
In Advanced settings, check the box for Enabled
Go to Actions tab, create a new action by clicking on New...
"Action:" Select "Start a program"
In "Program/script" browse and select the file you created earlier.
And then click OK
Go to Conditions tab
Check the box "Start only if the following network connection is available"
Select your internet network or you can select "any connection" as wild card.
Go to Settings tab.
Check "Allow task to be run on demand"
Check "Run task as soon as possible ..."
Check "If the task fails, restart every" select "1 minute", "Attempts to restart up to:" 3 times
Check "Stop the task if runs longer than:" 3 Days
Check "If the running task does not end when requested, force it to stop"
"If the task is already running, then the following rule applies:"
Select "Do not start a new instance"
I had the same problem recently. My solution is:
First make sure you have the correct time zone
Set BIOS time to local time.
In Linux, edit /etc/default/rcS by replacing UTC=yes with UTC=no.
Reboot.

session microsoft security client oobe stopped

i use Windows Server 2008 R2. I connect the server by remote desktop connection. But nowadays the server closes my remote desktop session randomly and all my application running during the session are closed. Simply, my remote desktop connection is forcely logged off by windows.
When i reconnect, i open event viewer and see that following error:
session 'microsoft security client' oobe stopped due to the following error: 0xC000000D
What can be reason which makes the server behave like that?
OOBE problem SOLVED ?
IT'S A SECURITY COUNTER
YOU MUST, again, MUST shutdown the security counter.
This is the reason that everyone says to delete the C:\ProgramData\Microsoft\Microsoft Security Client\Support\EppOobe.etl file. This file is used and created by this counter.
DON'T DELETE THE EppOobe.etl file instead
You MUST go into into Computer Management by these steps
-> control panel -> administrative tools -> computer management and drill down into:
System Tools -> Performance -> Data Collector Sets -> Startup Event Tracing Sessions
Then, in the frame to the right on that window, select Microsoft Security Client OOBE, right click on it and select Properties.
Click on the tab Trace Session and
Then DISABLE it (uncheck the Enabled box). Then, you select OK.
Disabling the MS Security Client Counter as I listed above, will not stop the
Security Esssentials- will run fine without it.
theses steps are for windows 7

Setting Programs on Redhat5 Startup

I have a Redhat 5 OS, a dual monitor setup, and two workspace. When the machine reboots, I want to set the following:
On workspace 1,
* run the thunderbird-client on the left monitor.
* run 3 terminal clients on the right monitor.
On workspace 2,
* run firefox on the right monitor.
Can someone point me as to where I can set these settings? I am sure there is a way since when my machine boots up, couple of terminal clients pops up, my irc chat client pops up as well. I do not know how I did this before.
You could try Devil's Pie (yum install devilspie)
It's a tool for creating rules that will bind specific actions to applications as they are launched (i.e. setting workspace, position, transparency, etc...).
I found some doc here: http://www.foosel.org/linux/devilspie and here: http://live.gnome.org/DevilsPie
Of course, saving your workspace on logout can help too (System > Preferences > More Preferences > Sessions, then check "Automatically save changes to session").
Once you have setup your application rules, you could write a simple Bash script to start them all in sequence, and add that script to the Startup programs in the sessions preferences.

How to view Windows Event Log remotely with limited privileges

To debug some code, I would like to view the Windows event log of a remote machine (target is Windows2003). With mmc.exe I can add the event log for a remote machine, but only if I have sufficient permissions. For this remote machine, they do not want to give me permissions to log in remotely (or admin privileges for that matter). Is there a specific permission I can be given to view the event log and not much else?
On newer Windows versions (Windows 7, Windows Server 2008...) you can simply add the corresponding account to the built-in group Event Log Readers.
Source: Jane Lewis's Weblog on TechNet, Giving Non Administrators permission to read Event Logs Windows 2003 and Windows 2008
This source also describes an alternative if you need more fine-grained control.
(The OP asked for Windows 2003, where this method doesn't work, but as Windows Server 2003 is no longer supported, people might be interested in this method.)
For the security log, users need the privilege "Manage auditing and security log"
For the system and applciation logs you should be able to read them as just a guest unless they have set the RestrictGuestAZccess value under the following registry keys:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\System
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\Application
One Option is to get a local ID that is on the remote local admin group.
Next, from your system, map to a drive on the remote server using the new remote local ID.
Create a new MMC from the Windows Run start menu - by typing in MMC /a
Add the EventView Snap-in
When it prompts you for local or remote server - put in the Host name of the server that you mapped to.
Tip: Windows uses established secure connection - if it can. Hence the map a drive trick work VERY well.
Please Note: I use this trick with WMI query(s) - hence the query never fails do to a timeout issue.
Joshua Flanagan outlined a process to delegate rights through modifying the security descriptor of the event logs.
Please add the domain user (without admin rights) to the "Event Log Readers" group on the target server. Then, from the source server, you can use the standard user credentials to access and read the event logs on the target.
If you could enable web access to the server then you could use an eventlog viewer page that I published a while ago. This would allow the administrators to run the website with just enough permissions to see the eventlog without granting you an account to login...

Resources