This question was migrated from Stack Overflow because it can be answered on Super User.
Migrated 18 days ago.
I am looking for a way to block and restore communication using commands as an ordinary user in windows 11. netsh command requires admin rights and cannot be used. changing firewall settings in windows defender also requires admin rights and cannot be used. I am looking for a way to do this. Is there any way to do this?
Changes to your wireless (turn on and off and block communications) require Admin Credentials. The same for Windows Defender and Firewall changes for other communication
Get the organization that has the credentials to make the changes required.
They can make batch files to disable / enable wireless and set these files so you can run them.
There is not any other way to do this.
Related
I have programmed an application that has an overlay-kind of window that can be shown and hidden via hotkey while another application has the focus. Said other application is a DirectX game that runs with admin privileges.
I have already tried 3 possible solutions to get notified when my hotkey is pressed in the other application, 2 of them kind of work, but require my application to have administrative privileges too. That is kind of acceptable, but I'd much rather have a solution that does not require those privileges. I am sure that there has to be a way, since applications like TeamSpeak do manage to receive input without being run as admin.
What I have tried already:
RegisterHotkey - not suitable because it doesn't work while in DirectX windows.
SetWindowsHookEx - works as a general keyboard hook, but only with admin privileges.
GetAsyncKeyState - works to check the specified hotkey, but not without admin privileges yet again.
So yeah, I'd be really grateful if someone could provide an idea for a different solution since there is nothing more I could think of ... I am using Delphi, but since I'm relying on Windows API anyways I don't think the solution will be language specific.
I think TeamSpeak uses DirectInput for its hotkeys (a nice fit for you if you are already using DirectX). As for interacting with elevated programs, I think the only solution, and I believe the one TeamSpeak uses, is to embed an application manifest that sets uiAccess=true. This allows you to bypass UIPI without needing to run the application as administrator.
http://msdn.microsoft.com/en-us/library/bb756929.aspx
For this to work there are a few caveats
The application must be authenticode signed
The application must reside in a protected directory (\ProgramFiles\,\system32)
You can self-sign the application (as the alternative is expensive!) but you have to distribute the certificate manually and install it on any system running the application in question.
I am creating a utility that runs as a service and starts applications. As long as I log in as an admin and start the service it will run the applications. I log out and the service (and applications) continue to run. But, if another user logs in with different credentials they cannot access the front end GUI of the applications started by the service utility.
I was wondering if there is a built in account which I could use that may solve the issue? Or if anyone has any ideas or insight in the matter?
Windows Services can only be set to "interactive" when run in the system account. Notice the placement of the "Allow service to interact with desktop" checkbox on the Log On tab when configuring the service (via the Control Panel Services application).
Beyond that, are the other users logging in via RDP? Run mstsc with the "/admin" flag to ensure that they are going to Session 0 where the service will display its windows.
And finally, beware interactive services! You are probably on Windows XP or 2003 which is why it kind-of works, but Windows Vista, 7 and 2008 behave very differently (search for "Session 0 isolation").
We are four developers in different locations (in a 100 km radius of each other) tryint o collaborate on a software development project.
We would like to install Team Foundation Server 2010 on one of our machines (we are all using Windows 7) and use that as our central source code repository and work items management.
However we cannot seem to be able to configure TFS to accept remove connections (through Visual Studio). Is it possible to use TFS in this manner?
TFS is just a bunch of web services and should be set up for remote access out of the box.
Things you'll probably need to configure.
Make sure that the windows firewall is allowing TFS to accept incoming requests on port 8080 (the TFS install may do this for you)
Configure your router to use "Port Forwarding" so that requests from the internet to port 8080 are routed to the machine with TFS installed.
Your ISP probably allocates IP addresses dynamically so you might need to sign up for a Dynamic DNS service such as NO-IP.com. (check which ones are supported by your router)
Once you've done this then you should be up and running.
I'm sure others will suggest that you ditch TFS and use a DVCS such as GIT or Mercurial, they have a point! You should consider if it's worth the effort of getting TFS to work in this way when another system might be easier to get up and running.
TFS works just fine for this type of scenario and whether you use a DVCS or not you're still going to have to configure access. You don't need to set up proxies. TFS is extremely fast even over a slow connection. The 3 things you need to remember if you're not on the same domain as the TFS are:
Have the TFS administrator set up your TFS rights using a domain account set up for you. If you don't have a domain account set one up and use it. If there's no domain then create a workgroup account or a local TFS server account.
Add your domain (or workgroup or local TFS server) account credentials manually to the Windows credential store or TFS will keep bugging you to login and that's a pain. Make sure you include the domain (or workgroup or local machine name) in the user name in this format: MyDomainOrMachineOrWorkgroup\MyUserName. No backslash at the beginning, no backslash at the end.
You need to either use the IP directly to connect or add an entry to your hosts file (C:\Windows\System32\drivers\etc\hosts). For those that haven't ever gone into this file the "etc" is actually the directory name not just me saying "and so on". The entries there tell you that when you type an address like mytfs.mydomain.com it should go to IP such and such. That's all.
#Nigel We have TFS on a remote server with local proxy at my workplace. Our internet connection is quite slow relative to the number of developers on site. TFS has extremely poor performance in this configuration compared to having the server local. Our solutions can be several hundred MB to download (of which there are a few branches). Checking version history is slow and painful. Retrieving shelvesets is slow and painful. Checking in on VS2010 or VS2008 is slow and painful. Fortunately VS2012 does this asynchronously so checking in is not so bad but you will eventually get a modal dialog when the op is complete.
All in all, I would say a poor experience compared to SVN let alone DVCS.
you can use AnyDesk (version 5.2+) which allow you to set up TCP connection between clients.
I used it for connecting my client PC to a Team Foundation Server (TFS) over the internet. The server and client are behind NAT. I set the local and remote ports to '8080' and I can connect to server from client using this address on client: 'http://localhost:8080/tfs/'
Reference: TCP-Tunneling-AnyDesk
Why the option ‘Allow service to interact with desktop’ is only available for Local System account and not for any other account while configuring a windows service from control panel? I want to configure the windows service so as to allow interaction with desktop irrespective of the account it is configured to run with. How to achieve it?
that is a good question! I have never seen an official explanation from Microsoft, but I would guess that the reason has to do with permissions and rights and not wanting to mislead users.
Not all users are created equal. Some do not have the rights to display a user interface on session 0, or interact fully with arbitrary programs (and resources) it is running alongside. Having those users able to show GUI elements from a service may lead to confusion. For example, if a user account having limited rights starts an instance of Windows Explorer as a service, that window may not be able to accept dropped files from a "regular" explorer started by the interactive user. This sort of thing may be very difficult to diagnose and explain!
Note that Windows can certainly do what you like and we code it all the time in our service applications (http://www.CoreTechnologies.com/). Windows is simply not making that option available to you for any arbitrary user.
Of course please please take a step back and beware changes in Vista. "Session 0 Isolation" is a game changer for interactive Windows Services!
I created a Windows service and installed into users machine.
That windows service is very important and I do not want to user can change its startup type to "disable".
It seems "Plug and Play" service can disable the Startup drop-down listbox.
How can I make same behavior for my windows service?
I would imagine it has to do with setting the appropriate permissions on the registry key. But a user with sufficient permissions can do anything. If this is for a business application, I would try to stick to using group policy or user permissions. If this is for a commercial application then I would expect a lot of upset users and malware detection.