• I will try to do that! 

    The answer is to always use the _NT_SYMBOL_PATH variable.

    0
  • When an error is escalated, one of the most common requests is to get a full memory dump of the computer. This can be achieved easily by blue-screening the computer; however, that is not always possible. Sometimes you also don't have a big enough pagefile or a dedicated dump file configured. Let me show you how to do this without booting the computer and without tweaking the pagefile.

    0
  • And you copied the cmd.exe on top of sethc.exe just like in the blog post? I’m just asking cause you refer to ”renaming”

    0
  • I’ve been able to do this even with a new insider build... Maybe he has another anti-malware installed? Or a policy to block this.

    0
  • Many people think the built-in Administrator account is the most powerful account in Windows, which is not true. If you wanted to find something in Windows like root is for Linux, it would be the SYSTEM user account. This account can see and do things an admin can't. This makes it essential for all troubleshooting, like when you want to access the SAM and SECURITY hives in the Registry.

    0
  • Before troubleshooting anything, we need to know what the problem is. However, we often don't really speak the same language as our end users. We need end users to send us good, descriptive messages about the problems they have.

    0
  • To start any troubleshooting case, I always ask for two things. I ask for a Process Monitor trace, which you can get remotely by following this blog post, and a network trace. In this article, I will show you how to get a network trace from a remote computer without installing Wireshark or something similar on it.

    0
  • Thanks! Fixed it!

    0
  • When I need to troubleshoot a problem in Windows, the first things I ask my customer to provide are a Process Monitor trace and a network trace. Process Monitor is the second most downloaded tool from the Sysinternals toolkit. You can download it as part of the Sysinternals Suite. Sometimes you don't have access to the computer to run the tool interactively, or you don't want the end user seeing Procmon running on the computer. In the next post, I will show how you can acquire a Process Monitor trace from a remote computer.

    0
  • A simple hack for resetting a Windows 10 password by abusing tools such as Ultiman.exe, StickyKeys, or DisplaySwitch.exe has existed for some time. Microsoft recently raised the hurdle a little by preventing these Windows modifications with Windows Defender. In this post, I show you how you can easily hack into Windows anyway.

    0
  • Which OS?

    Are you sure the Task Manager you are using is running as SYSTEM?

    Sami

    0
  • 0
  • I haven't at any point said this would work over RDP if the other user is logged on to the console. Can you point out where I say so? And I have now answered to you several times that YES you can't do that over RDP.

    What I am saying is that when everyone agreed that this can't be done you started saying this can't be done because of "authentication" or something like that. And someone even answered "thanks for clearing that out". That is not true. Windows Client only allows one interactive session (unless you have Multipoint service like school classes - where this will work from RDP session to another). On a server the licensing says that you can have multiple interactive sessions and this will work as long as the clients connect with RDP to RDS or Citrix (not if one user is logging on from the server console which apparently is something you want to point out although I believe no one does this - uses a server as a client or would logon to RDS console or Citrix console as an end user). You can do this from an RDP session to another even without RDS for 50 users as long as both are logging on to the server with RDP. 

    If the ultimate question is "Why can't I have an RDP session to Windows 10 workstation and take over another users session that is already logged on to the machine?" The answer is "Because the client license will not allow multiple sessions at the same time".

    0
  • And like I said early on in the comments, that won't work. But it is not an RDP issue but a difference in Workstation vs Server. It does work on a client that uses multipoint services, even with RDP as there the license allows this.

     

    0
  • You need to be running in an RDP session yourself. In my video both windows are RDP-sessions and not the physical KVM-connection. 
     

    please test it so that you take two sessions via mstsc.exe to that brand new server of yours with the RDS. And not from you VmWare console.

    0
  • 0
  • Try on a server 2019 that has RDS like I said. Server 2019 licensing allows only one console session at a time - just like the client.

    0
  • With no disrespect Leos but you are incorrect. And yes I have tried this via RDP. I didn't mention RDP at any point of the article and wasn't even talking about it so I don't really understand the need to point out that it wouldn't work with something I didn't even talk about... 

    The reason why it doesn't work against a Windows 10 workstation is because of licensing. Windows workstation versions only allow one interactive user at a time - Either locally or remote. This works fine via RDP against a server that has RDS and is not a limitation of RDP not allowing this - It's really just licensing.

    Why I chose not to talk about RDP in this is because currently most security aware companies don't use RDP for connecting to end user desktops. First because of the security issues with RDP but even more because Remote Desktop will lock out the user while you connect to it --> Some other mechanism like SCCM Remote Control, TeamViewer or Bomgar are needed anyway, and my tip works on those. So I did not use RDP here as an example because I never really logon to workstations with it.

     

    0
  • You can also use other tools if the SERVER-service is not running. You can use Process Hacker (malicious by most antimalware) or you can use SC.exe to build a service to do this. PSEXEC is just the easiest.

    0
  • Well then you have to reset the AD account.

    0
  • Load More