Search Results

Search found 20 results on 1 pages for 'comobject'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 1/1 | 1 

  • Is there a way to create a new instance for IRequestDictionary and IStringList on .NET?

    - by Ronie
    We are working on a C# DLL that stores the values of a Classic ASP Session. Everything is okay but some QueryStrings being stored in Session. Problem is: we are able to read the QueryString from the DLL using IRequestDictionary and IStringList, but we can't find a way to recreate them the next time a page ask for them. We have stored all information necessary to recreate them. So, the question is: Is it possible to instantiate and set their values back? Is there any other option?

    Read the article

  • Calling this[int index] via reflection

    - by tkutter
    I try to implement a reflection-based late-bound library to Microsoft Office. The properties and methods of the Offce COM objects are called the following way: Type type = Type.GetTypeFromProgID("Word.Application"); object comObject = Activator.CreateInstance(type); type.InvokeMember(<METHOD NAME>, <BINDING FLAGS>, null, comObject, new object[] { <PARAMS>}); InvokeMember is the only possible way because Type.GetMethod / GetProperty works improperly with the COM objects. Methods and properties can be called using InvokeMember but now I have to solve the following problem: Method in the office-interop wrapper: Excel.Workbooks wb = excel.Workbooks; Excel.Workbook firstWb = wb[0]; respectively foreach(Excel.Workbook w in excel.Workbooks) // doSmth. How can I call the this[int index] operator of Excel.Workbooks via reflection?

    Read the article

  • Mapped networkdrive on logout

    - by Robuust
    I'm using a script to keep a mapped networkconnection alive, but ofcourse the mapped connection is gone when I logout. The point is now, that I'm running this on Windows Server 2008 R2, where I use remote desktop to login on the administrator account. However, it should remain logged in and not remove the mapped connection as this script takes care of not logging out on MS office 365 sharepoint. Is there a way to keep the mapped networklocation (L:) available after logout? So the script can run to remain the connection? # Create an IE Object and navigate to my SharePoint Site $ie = New-Object -ComObject InternetExplorer.Application $ie.navigate('https://xxx.sharepoint.com/') # Don't need the object anymore, so let's close it to free up some memory $ie.Quit() # Just in case there was a problem with the web client service # I am going to stop and start it, you could potentially remove this # part if you want. I like it just because it takes out a step of # troubleshooting if I'm having problems. Stop-Service WebClient Start-Service WebClient # We are going to set the $Drive variable here, this is just # going to tell the command what drive letter to map you can # change this to whatever you want (if you change it to a # drive that is already mapped it will overwrite it, so be careful. $Drive = "L:" # You can change the drive destiniation to whatever you want, # it has to be a document library or folder of course. $DrvDest = "https://xxx.sharepoint.com/files/" # Here is where we create the object to map the network drive and # then map the network drive $net = New-Object -ComObject WScript.Network; $net.mapnetworkdrive($Drive,$DrvDest) # That is the end of the script, now schedule this with task # scheduler and every so often and you should be set.

    Read the article

  • wmi not available for some time after reboot

    - by Alex Okrushko
    I'm having the problem with the WMI availability on logon. Right after reboot I open cmd and with python interpreter: >>> import wmi >>> c = wmi.WMI() >>> c.Win32_OperatingSystem() Traceback (most recent call last): File "<stdin>", line 1, in <module> File "C:\Python27\lib\site-packages\wmi.py", line 1147, in __getattr__ return getattr (self._namespace, attribute) File "C:\Python27\lib\site-packages\win32com\client\dynamic.py", line 516, in __getattr__ raise AttributeError("%s.%s" % (self._username_, attr)) AttributeError: winmgmts:.Win32_OperatingSystem >>> 5 minutes later I open another cmd and python interpreter: Python 2.7.3 (default, Apr 10 2012, 23:31:26) [MSC v.1500 32 bit (Intel)] on win 32 Type "help", "copyright", "credits" or "license" for more information. >>> import wmi >>> c = wmi.WMI() >>> c.Win32_OperatingSystem() [<_wmi_object: \\W520-ALEX-WIN7\root\cimv2:Win32_OperatingSystem=@>] >>> NOTE: the first cmd still keeps saying AttributeError even 5 minutes later. NOTE 2: if I logout and login wmi is available, so it is somehow effected by reboot with process explorer I check the environmental variables and they are the same for both cmds What could that be? Please help. UPDATE: Apparently the problem is connecting to the wbem services: >>> import win32com.client >>> win32com.client.Dispatch('WbemScripting.SWbemLocator') <COMObject WbemScripting.SWbemLocator> >>> wmi_service= win32com.client.Dispatch('WbemScripting.SWbemLocator') >>> wbem_service = wmi_service.ConnectServer('.','root/cimv2') >>> wbem_service <COMObject <unknown>> >>> items = wbem_service.ExecQuery('Select * from Win32_OperatingSystem') Traceback (most recent call last): File "<stdin>", line 1, in <module> File "<COMObject <unknown>>", line 3, in ExecQuery File "C:\Python27\lib\site-packages\win32com\client\dynamic.py", line 282, in _ApplyTypes_ result = self._oleobj_.InvokeTypes(*(dispid, LCID, wFlags, retType, argTypes ) + args) pywintypes.com_error: (-2147352567, 'Exception occurred.', (0, u'SWbemServicesEx ', u'Generic failure ', None, 0, -2147217407), None) >>> NOTE 3: wmic os always worked. NOTE 4: re-installing pywin32 package didn't help. Neither did Re-registering/re-compiling the WMI components and resetting of the WMI database (as recommended here) NOTE 5: my 4 Other laptops don't have this problem. Also wmiprov.log has: (Mon Oct 29 11:40:07 2012.248587) : *************************************** (Mon Oct 29 11:40:07 2012.248587) : Could not get pointer to binary resource for file: (Mon Oct 29 11:40:07 2012.248587) : C:\Windows\system32\drivers\ndis.sys[MofResourceName](Mon Oct 29 11:40:07 2012.248587) : (Mon Oct 29 11:40:07 2012.248587) : *************************************** (Mon Oct 29 11:40:07 2012.248587) : *************************************** (Mon Oct 29 11:40:07 2012.248587) : Could not get pointer to binary resource for file: (Mon Oct 29 11:40:07 2012.248587) : C:\Windows\system32\drivers\en-US\ndis.sys.mui[MofResourceName](Mon Oct 29 11:40:07 2012.248587) : (Mon Oct 29 11:40:07 2012.248587) : *************************************** (Mon Oct 29 11:40:07 2012.248603) : *************************************** (Mon Oct 29 11:40:07 2012.248603) : Could not get pointer to binary resource for file: (Mon Oct 29 11:40:07 2012.248603) : C:\Windows\system32\DRIVERS\wmiacpi.sys[MofResource](Mon Oct 29 11:40:07 2012.248603) : (Mon Oct 29 11:40:07 2012.248603) : *************************************** (Mon Oct 29 11:40:07 2012.248603) : *************************************** (Mon Oct 29 11:40:07 2012.248603) : Could not get pointer to binary resource for file: (Mon Oct 29 11:40:07 2012.248603) : C:\Windows\system32\DRIVERS\monitor.sys[MonitorWMI](Mon Oct 29 11:40:07 2012.248603) : (Mon Oct 29 11:40:07 2012.248603) : *************************************** NOTE 6: the WMIDiag tool report is at my dropbox

    Read the article

  • Instantiating COM object hnetcfg.fwpolicy2 on Remote Server

    - by Pavan Keerthi
    I locked my self out by inadvertently changing RDP firewall rule to use IPSec,but without completing proper steps to setup IPSec channel from my laptop to server. Luckily all wmi remoting on Server works,So I am trying to edit the rule with Powershell When I enter below code ,the COM object is invoking on local machine.How can I invoke it on remote machine? Enter-PSSession $Session $fw = New-Object -ComObject hnetcfg.fwpolicy2

    Read the article

  • Lifetime issue of IDisposable unmanaged resources in a complex object graph?

    - by stakx
    This question is about dealing with unmanaged resources (COM interop) and making sure there won't be any resource leaks. I'd appreciate feedback on whether I seem to do things the right way. Background: Let's say I've got two classes: A class LimitedComResource which is a wrapper around a COM object (received via some API). There can only be a limited number of those COM objects, therefore my class implements the IDisposable interface which will be responsible for releasing a COM object when it's no longer needed. Objects of another type ManagedObject are temporarily created to perform some work on a LimitedComResource. They are not IDisposable. To summarize the above in a diagram, my classes might look like this: +---------------+ +--------------------+ | ManagedObject | <>------> | LimitedComResource | +---------------+ +--------------------+ | o IDisposable (I'll provide example code for these two classes in just a moment.) Question: Since my temporary ManagedObject objects are not disposable, I obviously have no control over how long they'll be around. However, in the meantime I might have Disposed the LimitedComObject that a ManagedObject is referring to. How can I make sure that a ManagedObject won't access a LimitedComResource that's no longer there? +---------------+ +--------------------+ | managedObject | <>------> | (dead object) | +---------------+ +--------------------+ I've currently implemented this with a mix of weak references and a flag in LimitedResource which signals whether an object has already been disposed. Is there any better way? Example code (what I've currently got): LimitedComResource: class LimitedComResource : IDisposable { private readonly IUnknown comObject; // <-- set in constructor ... void Dispose(bool notFromFinalizer) { if (!this.isDisposed) { Marshal.FinalReleaseComObject(comObject); } this.isDisposed = true; } internal bool isDisposed = false; } ManagedObject: class ManagedObject { private readonly WeakReference limitedComResource; // <-- set in constructor ... public void DoSomeWork() { if (!limitedComResource.IsAlive()) { throw new ObjectDisposedException(); // ^^^^^^^^^^^^^^^^^^^^^^^ // is there a more suitable exception class? } var ur = (LimitedComResource)limitedComResource.Target; if (ur.isDisposed) { throw new ObjectDisposedException(); } ... // <-- do something sensible here! } }

    Read the article

  • How to open document that contains AutoOpen macro with powershell?

    - by grom
    My current powershell script: $document = "C:\\test.doc" $word = new-object -comobject word.application $word.Visible = $false $word.DisplayAlerts = "wdAlertsNone" $word.AutomationSecurity = "msoAutomationSecurityForceDisable" $doc = $word.Documents.Open($document) $word.ActivePrinter = "\\http://ptr-server:631\pdf-printer" $background = $false $doc.PrintOut([ref]$background) $doc.close([ref]$false) $word.quit() But it results in an alert box "The macros in this project are disabled. Please refer to the online help or documentation of the host application to determine how to enable macros." How can I open the document without it running the AutoOpen macro or displaying any sort of dialog prompt?

    Read the article

  • Powershell interact with open Excel

    - by HKK
    To interact with excel in Powershell it is common to start a new excel as follows: $x = New-Object -comobject Excel.Application Instead of that I have an open Excel process already. (I get it as follows) $excelprocess = Get-Process | Where-Object {$_.name -eq "excel"} | Sort-Object -Property "Starttime" -descending | Select-Object -First 1 Is there a way to interact with this specific excel process over PS?

    Read the article

  • Need to call COM component using reflections in C#.NET

    - by Usman
    Hello, I need to determin the COM component(unmanaged code) type and invoke the exposed interface's methods using reflection in C#.NET at runtime. 1 -- First What member of "Type" tells that type is COM component and we can take CLSID at runtime? Is Type.COMObject? 2 -- I need to call methods of exposed interfaces as they called in unmanaged code using CoCreateInstance by passing CLSID and REFID ... I am using InvokeMember but it returns null or 0 as out parameter. How to pass out parameter in this case.? Is there any need to pass out parameter? As all my COM unamanged code suppose to take las parameter as an OUT parameter and after executing it puts the result into that out param. But I've converted all my unmanged COM code to .NET managed assemblies using tlbimp.exe. Regards Usman

    Read the article

  • Need to call COM component using reflection in .NET

    - by Usman
    I need to determine the COM component(unmanaged code) type and invoke the exposed interface's methods using reflection in C# at runtime. First What member of "Type" tells that type is COM component and we can take CLSID at runtime? Is Type.COMObject? I need to call methods of exposed interfaces as they called in unmanaged code using CoCreateInstance by passing CLSID and REFID ... I am using InvokeMember but it returns null or 0 as out parameter. How to pass out parameter in this case.? Is there any need to pass out parameter? As all my COM unmanaged code suppose to take last parameter as an OUT parameter and after executing it puts the result into that out param. But I've converted all my unmanaged COM code to .NET managed assemblies using tlbimp.exe.

    Read the article

  • How can I call a method on a custom object created in JavaScript using C#?

    - by just in case
    I have a WebBrowser control. I have added some JavaScript into the head tag and I can see it is working as expected by adding an alert. Inside of this js I am creating a function and adding some members to it's prototype like so: function test() { } test.prototype.run = function() { alert('success!') } function createTest() { return new test() } Then back inside of C# I am doing: dynamic test = this.browser.InvokeScript("createTest"); test.run(); I can see that the test object is some ComObject but when I call run() nothing happens. I get no error but nothing happens. Does anyone know how to call this type of custom object? Also suppose I wanted to get rid of the createTest() method, how can I create a new instance of test from C#? Also, for bonus points, is there anything special I need to know about attaching events to this custom object (on say a 'complete' member) such that it will callback into my C# code?

    Read the article

  • How to read cell data in excel and output to command prompt

    - by Max Ollerenshaw
    Hi All, I'm a sys admin and I am trying to learn how to use powershell... I have never done any type of scripting or coding before and I have been teaching myself online by learning from the technet script centre and online forums. What I am trying to accomplish is to open an excel spreadsheet get information from it (usernames and password) and then output it into the command prompt in powershell. When ever I try to do this I get an Exception calling "InvokeMember" anyway, here is the code I have so far: function Invoke([object]$m, [string]$method, $parameters) { $m.PSBase.GetType().InvokeMember( $method, [Reflection.BindingFlags]::InvokeMethod, $null, $m, $parameters,$ciUS ) } $ciUS = [System.Globalization.CultureInfo]'en-US' $objExcel = New-Object -comobject Excel.Application $objExcel.Visible = $False $objExcel.DisplayAlerts = $False $objWorkbook = Invoke $objExcel.Workbooks.Open "C:\PS\User Data.xls" Write-Host "Numer of worksheets: " $objWorkbook.Sheets.Count $objWorksheet = $objWorkbook.Worksheets.Item(1) Write-Host "Worksheet: " $objWorksheet.Name $Forename = $objWorksheet.Cells.Item(2,1).Text $Surname = $objWorksheet.Cells.Item(2,2).Text Write-Host "Forename: " $Forename Write-Host "Surname: " $Surname $objExcel.Quit() If (ps excel) { kill -name excel} I have read many different posts on forums and articles on how to try and get around the en-US problem but I cannot seem to get around it and hope that someone here can help! Here is the Exeption problem I mentioned: Exception calling "InvokeMember" with "6" argument(s): "Method 'System.Management.Automation.PSMethod.C:\PS\User Data.x ls' not found." At C:\PS\excel.ps1:3 char:33 + $m.PSBase.GetType().InvokeMember <<<< ( + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : DotNetMethodException Numer of worksheets: You cannot call a method on a null-valued expression. At C:\PS\excel.ps1:18 char:45 + $objWorksheet = $objWorkbook.Worksheets.Item <<<< (1) + CategoryInfo : InvalidOperation: (Item:String) [], RuntimeException + FullyQualifiedErrorId : InvokeMethodOnNull Worksheet: You cannot call a method on a null-valued expression. At C:\PS\excel.ps1:21 char:37 + $Forename = $objWorksheet.Cells.Item <<<< (2,1).Text + CategoryInfo : InvalidOperation: (Item:String) [], RuntimeException + FullyQualifiedErrorId : InvokeMethodOnNull You cannot call a method on a null-valued expression. At C:\PS\excel.ps1:22 char:36 + $Surname = $objWorksheet.Cells.Item <<<< (2,2).Text + CategoryInfo : InvalidOperation: (Item:String) [], RuntimeException + FullyQualifiedErrorId : InvokeMethodOnNull Forename: Surname: This is the first question I have ever asked, try to be nice! :)) Many Thanks Max

    Read the article

  • Azure VM won't boot after sysprep; integration tools installed

    - by Mark Williams
    I have installed the Azure Integration Components and used sysprep on a Windows 2012 VM. Now the machine won't start up. I uploaded the VHD to Azure - it failed there too. When I start up the VM I get a PowerShell window that hangs out for a bit; eventually I get the following error, after which the machine restarts. New-Object: The dependency service or group failed to start. (Exception from HRESULT: 0x8007042C) At line1: char:1 New-Object -comobject WaAgent.WindowsSetupComponent | % { $_.HandleSetupError() ... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +CategoryInfo : ResourceUnavailable (:) [New-Object], COMException +FullyQualifiedErrorId: NoCOMClassIdentified,Microsoft.PowerShell.Commands.NewObjectCommand I have tried renaming unattended.xml and turning on bootlogging. Neither of those yielded much help. Is there a way I can disable the Azure components that run during OOBE? That seems to be the source of the problem. Mounting the VHD is easy. 0x8007042C looks like a firewall issue, based on my googling. Unfortunately I can't get the machine to boot so I can figure that issue out. Also, I can't get around this problem by booting into safe mode. Thanks for your help, guys.

    Read the article

  • PowerShell Control over Nikon D3000 Camera

    My wife got me a Nikon D3000 camera for Christmas last year, and Im loving it but still trying to wrap my head around some of its features.  For instance, when you plug it into a computer via USB, it doesnt show up as a drive like most cameras Ive used to, but rather it shows up as Computer\D3000.  After a bit of research, Ive learned that this is because it implements the MTP/PTP protocol, and thus doesnt actually let Windows mount the cameras storage as a drive letter.  Nikon describes the use of the MTP and PTP protocols in their cameras here. What Im really trying to do is gain access to the cameras file system via PowerShell.  Ive been using a very handy PowerShell script to pull pictures off of my cameras and organize them into folders by date.  Id love to be able to do the same thing with my Nikon D3000, but so far I havent been able to figure out how to get access to the files in PowerShell.  If you know, Id appreciate any links/tips you can provide.  All I could find is a shareware product called PTPdrive, which Im not prepared to shell out money for (yet).  (and yes you can do much the same thing with Windows 7s Import Pictures and Videos wizard, which is pretty good too) However, in my searching, I did find some really cool stuff you can do with PowerShell and one of these cameras, like actually taking pictures via PowerShell commands.  Credit for this goes to James ONeill and Mark Wilson.  Heres what I was able to do: Taking Pictures via PowerShell with D3000 First, connect your camera, turn it on, and launch PowerShell.  Execute the following commands to see what commands your device supports.  $dialog = New-Object -ComObject "WIA.CommonDialog" $device = $dialog.ShowSelectDevice() $device.Commands You should see something like this: Now, to take a picture, simply point your camera at something and then execute this command: $device.ExecuteCommand("{AF933CAC-ACAD-11D2-A093-00C04F72DC3C}") .csharpcode, .csharpcode pre { font-size: small; color: black; font-family: consolas, "Courier New", courier, monospace; background-color: #ffffff; /*white-space: pre;*/ } .csharpcode pre { margin: 0em; } .csharpcode .rem { color: #008000; } .csharpcode .kwrd { color: #0000ff; } .csharpcode .str { color: #006080; } .csharpcode .op { color: #0000c0; } .csharpcode .preproc { color: #cc6633; } .csharpcode .asp { background-color: #ffff00; } .csharpcode .html { color: #800000; } .csharpcode .attr { color: #ff0000; } .csharpcode .alt { background-color: #f4f4f4; width: 100%; margin: 0em; } .csharpcode .lnum { color: #606060; } Imagine my surprise when this actually took a picture (with auto-focus): Imagine what you could do with a camera completely under the control of your computer  Time-lapse photography would be pretty simple, for instance, with a very simple loop that takes a picture and then sleeps for a minute (or whatever time period).  Hooked up to a laptop for portability (and an A/C power supply), this would be pretty trivial to implement.  I may have to give it a shot and report back. Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • How do I use Powershell to print a list of hyperlinks that appear in a Word document?

    - by dwwilson66
    I asked this question last week, and my script cannot find any hyperlinks to change. Now I'm backing up and trying to simply open a single document and list the hyperlinks within. I've verified that the document includes hyperlinks to a number of anchors in the same document, and two hyperlinks to documents in the same directory. However, either Powershell isn't finding links in the doc or I'm outputting the list to the console improperly. Here's my bare-bones code $word = New-Object -ComObject Word.Application $doc ="R:\path\Reporting_Emergency_Or_Hazardous_Situation_-_BC_CC.doc" $hyperlinks = @($doc.Hyperlinks) $hyperlinks $word.quit() or, for line 4 Write-Host $hyperlinks or, again for line 4 $hyperlinks | % {Write-Host $_.address} No errors, just blank results. Not even an object reference to the $hyperlinks array. When I modify line 4 to % $address in $hyperlinks { Write-Host $._address } I get the following error...but it's unclear if I'm trying to read a null array? or if the value is blank. ForEach-Object : Cannot bind parameter 'Process'. Cannot convert the "in" value of type "System.String" to type "System.Management.Automation.ScriptBlock". At F:\path\HyperLinkScrub.ps1:46 char:2 + % <<<< $address in $hyperlinks { + CategoryInfo : InvalidArgument: (:) [ForEach-Object], ParameterBindingException + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.PowerShell.Commands.ForEachObjectCommand What am I missing here? I've verified that the Word doc has hyperlinks, and ultimately, I'm trying to diagnose if my script isn't looking for them properly, or if I'm not outputting them to the console properly.

    Read the article

  • How to accept confirmation Automatically in PowerShell for Outlook

    - by user2919845
    How to accept confirmation Automatically in PowerShell for Outlook I have script for Export attachments from email from Outlook - see next It works correctly on one PC, but on another PC is there a problem: Outlook gives message and wants answer: Permit Denny Help If I manually click on Permit or Denny it works correctly. I want to automate it. Can you give me some suggestion how to do it in PowerShell? I have tried to set Outlook to not give this message but I didn’t success. My script: # <-- Script ---------> # script works with outlook Inbox folder # check if email have attachments with ".txt" and save those attachments to $filepath # path for exported files - attachments $filepath = "d:\Exported_files\" # create object outlook $o = New-Object -comobject outlook.application $n = $o.GetNamespace("MAPI") # $f - folder „dorucena posta“ 6 - Inbox $f = $n.GetDefaultFolder(6) # 6 - Inbox # select newest 10 emails, from it olny this one with attachments $f.Items| select -last 10| Where {$_.Attachments}| foreach { # process only unreaded mail if($_.unread -eq $True) { # processed mail set as read, not to process this mail again next day $_.unread = $False $SenderName = $_.SenderName Write-Host "Email from: ", $SenderName # process all attachments $_.attachments|foreach { $a = $_.filename If ($a.Contains(".txt")) { Write-Host $SenderName," ", $a # copy *.txt attachments to folder $filepath $_.saveasfile((Join-Path $filepath "$a")) } } } } Write-Host "Finish" # <------ End Script ---------------------------------->

    Read the article

  • C# Casting system.__comobject to class type

    - by ijrufus
    I have an Excel Add-In that I'm currently trying to set up a unit test framework for. For the unit tests I've followed this guide: http://blogs.msdn.com/b/varsha/archive/2010/08/17/writing-automated-test-cases-for-vsto-application.aspx It seems to work fine, until I want to return a class object from my interface. Specifying the class object as the return type throws a "return argument has an invalid type" exception when calling the method. Changing the return type from the class to an object allows me to call the method and get the object, but now I'm unable to cast it as the class and use it as intended, getting this exception message when I try: > Unable to cast COM object of type 'System.__ComObject' to class type > 'anaplan.Utility.XYCoordinates'. Instances of types that represent COM > components cannot be cast to types that do not represent COM > components; however they can be cast to interfaces as long as the > underlying COM component supports QueryInterface calls for the IID of > the interface. I've retrieved the Type name using VisualBasic.Information.TypeName and it's showing it as the class I expect. Is there any way to get the comobject cast back to the class? Or another way to access the properties it has? Or am I just being a bit stupid here?

    Read the article

  • Auto blocking attacking IP address

    - by dong
    This is to share my PowerShell code online. I original asked this question on MSDN forum (or TechNet?) here: http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/f950686e-e3f8-4cf2-b8ec-2685c1ed7a77 In short, this is trying to find attacking IP address then add it into Firewall block rule. So I suppose: 1, You are running a Windows Server 2008 facing the Internet. 2, You need to have some port open for service, e.g. TCP 21 for FTP; TCP 3389 for Remote Desktop. You can see in my code I’m only dealing with these two since that’s what I opened. You can add further port number if you like, but the way to process might be different with these two. 3, I strongly suggest you use STRONG password and follow all security best practices, this ps1 code is NOT for adding security to your server, but reduce the nuisance from brute force attack, and make sys admin’s life easier: i.e. your FTP log won’t hold megabytes of nonsense, your Windows system log will not roll back and only can tell you what happened last month. 4, You are comfortable with setting up Windows Firewall rules, in my code, my rule has a name of “MY BLACKLIST”, you need to setup a similar one, and set it to BLOCK everything. 5, My rule is dangerous because it has the risk to block myself out as well. I do have a backup plan i.e. the DELL DRAC5 so that if that happens, I still can remote console to my server and reset the firewall. 6, By no means the code is perfect, the coding style, the use of PowerShell skills, the hard coded part, all can be improved, it’s just that it’s good enough for me already. It has been running on my server for more than 7 MONTHS. 7, Current code still has problem, I didn’t solve it yet, further on this point after the code. :)    #Dong Xie, March 2012  #my simple code to monitor attack and deal with it  #Windows Server 2008 Logon Type  #8: NetworkCleartext, i.e. FTP  #10: RemoteInteractive, i.e. RDP    $tick = 0;  "Start to run at: " + (get-date);    $regex1 = [regex] "192\.168\.100\.(?:101|102):3389\s+(\d+\.\d+\.\d+\.\d+)";  $regex2 = [regex] "Source Network Address:\t(\d+\.\d+\.\d+\.\d+)";    while($True) {   $blacklist = @();     "Running... (tick:" + $tick + ")"; $tick+=1;    #Port 3389  $a = @()  netstat -no | Select-String ":3389" | ? { $m = $regex1.Match($_); `    $ip = $m.Groups[1].Value; if ($m.Success -and $ip -ne "10.0.0.1") {$a = $a + $ip;} }  if ($a.count -gt 0) {    $ips = get-eventlog Security -Newest 1000 | Where-Object {$_.EventID -eq 4625 -and $_.Message -match "Logon Type:\s+10"} | foreach { `      $m = $regex2.Match($_.Message); $ip = $m.Groups[1].Value; $ip; } | Sort-Object | Tee-Object -Variable list | Get-Unique    foreach ($ip in $a) { if ($ips -contains $ip) {      if (-not ($blacklist -contains $ip)) {        $attack_count = ($list | Select-String $ip -SimpleMatch | Measure-Object).count;        "Found attacking IP on 3389: " + $ip + ", with count: " + $attack_count;        if ($attack_count -ge 20) {$blacklist = $blacklist + $ip;}      }      }    }  }      #FTP  $now = (Get-Date).AddMinutes(-5); #check only last 5 mins.     #Get-EventLog has built-in switch for EventID, Message, Time, etc. but using any of these it will be VERY slow.  $count = (Get-EventLog Security -Newest 1000 | Where-Object {$_.EventID -eq 4625 -and $_.Message -match "Logon Type:\s+8" -and `              $_.TimeGenerated.CompareTo($now) -gt 0} | Measure-Object).count;  if ($count -gt 50) #threshold  {     $ips = @();     $ips1 = dir "C:\inetpub\logs\LogFiles\FPTSVC2" | Sort-Object -Property LastWriteTime -Descending `       | select -First 1 | gc | select -Last 200 | where {$_ -match "An\+error\+occured\+during\+the\+authentication\+process."} `        | Select-String -Pattern "(\d+\.\d+\.\d+\.\d+)" | select -ExpandProperty Matches | select -ExpandProperty value | Group-Object `        | where {$_.Count -ge 10} | select -ExpandProperty Name;       $ips2 = dir "C:\inetpub\logs\LogFiles\FTPSVC3" | Sort-Object -Property LastWriteTime -Descending `       | select -First 1 | gc | select -Last 200 | where {$_ -match "An\+error\+occured\+during\+the\+authentication\+process."} `        | Select-String -Pattern "(\d+\.\d+\.\d+\.\d+)" | select -ExpandProperty Matches | select -ExpandProperty value | Group-Object `        | where {$_.Count -ge 10} | select -ExpandProperty Name;     $ips += $ips1; $ips += $ips2; $ips = $ips | where {$_ -ne "10.0.0.1"} | Sort-Object | Get-Unique;         foreach ($ip in $ips) {       if (-not ($blacklist -contains $ip)) {        "Found attacking IP on FTP: " + $ip;        $blacklist = $blacklist + $ip;       }     }  }        #Firewall change <# $current = (netsh advfirewall firewall show rule name="MY BLACKLIST" | where {$_ -match "RemoteIP"}).replace("RemoteIP:", "").replace(" ","").replace("/255.255.255.255",""); #inside $current there is no \r or \n need remove. foreach ($ip in $blacklist) { if (-not ($current -match $ip) -and -not ($ip -like "10.0.0.*")) {"Adding this IP into firewall blocklist: " + $ip; $c= 'netsh advfirewall firewall set rule name="MY BLACKLIST" new RemoteIP="{0},{1}"' -f $ip, $current; Invoke-Expression $c; } } #>    foreach ($ip in $blacklist) {    $fw=New-object –comObject HNetCfg.FwPolicy2; # http://blogs.technet.com/b/jamesone/archive/2009/02/18/how-to-manage-the-windows-firewall-settings-with-powershell.aspx    $myrule = $fw.Rules | where {$_.Name -eq "MY BLACKLIST"} | select -First 1; # Potential bug here?    if (-not ($myrule.RemoteAddresses -match $ip) -and -not ($ip -like "10.0.0.*"))      {"Adding this IP into firewall blocklist: " + $ip;         $myrule.RemoteAddresses+=(","+$ip);      }  }    Wait-Event -Timeout 30 #pause 30 secs    } # end of top while loop.   Further points: 1, I suppose the server is listening on port 3389 on server IP: 192.168.100.101 and 192.168.100.102, you need to replace that with your real IP. 2, I suppose you are Remote Desktop to this server from a workstation with IP: 10.0.0.1. Please replace as well. 3, The threshold for 3389 attack is 20, you don’t want to block yourself just because you typed your password wrong 3 times, you can change this threshold by your own reasoning. 4, FTP is checking the log for attack only to the last 5 mins, you can change that as well. 5, I suppose the server is serving FTP on both IP address and their LOG path are C:\inetpub\logs\LogFiles\FPTSVC2 and C:\inetpub\logs\LogFiles\FPTSVC3. Change accordingly. 6, FTP checking code is only asking for the last 200 lines of log, and the threshold is 10, change as you wish. 7, the code runs in a loop, you can set the loop time at the last line. To run this code, copy and paste to your editor, finish all the editing, get it to your server, and open an CMD window, then type powershell.exe –file your_powershell_file_name.ps1, it will start running, you can Ctrl-C to break it. This is what you see when it’s running: This is when it detected attack and adding the firewall rule: Regarding the design of the code: 1, There are many ways you can detect the attack, but to add an IP into a block rule is no small thing, you need to think hard before doing it, reason for that may include: You don’t want block yourself; and not blocking your customer/user, i.e. the good guy. 2, Thus for each service/port, I double check. For 3389, first it needs to show in netstat.exe, then the Event log; for FTP, first check the Event log, then the FTP log files. 3, At three places I need to make sure I’m not adding myself into the block rule. –ne with single IP, –like with subnet.   Now the final bit: 1, The code will stop working after a while (depends on how busy you are attacked, could be weeks, months, or days?!) It will throw Red error message in CMD, don’t Panic, it does no harm, but it also no longer blocking new attack. THE REASON is not confirmed with MS people: the COM object to manage firewall, you can only give it a list of IP addresses to the length of around 32KB I think, once it reaches the limit, you get the error message. 2, This is in fact my second solution to use the COM object, the first solution is still in the comment block for your reference, which is using netsh, that fails because being run from CMD, you can only throw it a list of IP to 8KB. 3, I haven’t worked the workaround yet, some ideas include: wrap that RemoteAddresses setting line with error checking and once it reaches the limit, use the newly detected IP to be the list, not appending to it. This basically reset your block rule to ground zero and lose the previous bad IPs. This does no harm as it sounds, because given a certain period has passed, any these bad IPs still not repent and continue the attack to you, it only got 30 seconds or 20 guesses of your password before you block it again. And there is the benefit that the bad IP may turn back to the good hands again, and you are not blocking a potential customer or your CEO’s home pc because once upon a time, it’s a zombie. Thus the ZEN of blocking: never block any IP for too long. 4, But if you insist to block the ugly forever, my other ideas include: You call MS support, ask them how can we set an arbitrary length of IP addresses in a rule; at least from my experiences at the Forum, they don’t know and they don’t care, because they think the dynamic blocking should be done by some expensive hardware. Or, from programming perspective, you can create a new rule once the old is full, then you’ll have MY BLACKLIST1, MY  BLACKLIST2, MY BLACKLIST3, … etc. Once in a while you can compile them together and start a business to sell your blacklist on the market! Enjoy the code! p.s. (PowerShell is REALLY REALLY GREAT!)

    Read the article

  • CodePlex Daily Summary for Monday, December 10, 2012

    CodePlex Daily Summary for Monday, December 10, 2012Popular ReleasesMOBZcript: MOBZcript 0.9.1: First fix - typo in mobzystems.com-url!Media Companion: MediaCompanion3.511b release: Two more bug fixes: - General Preferences were not getting restored - Fanart and poster image files were being locked, preventing changes to themVodigi Open Source Interactive Digital Signage: Vodigi Release 5.5: The following enhancements and fixes are included in Vodigi 5.5. Vodigi Administrator - Manage Music Files - Add Music Files to Image Slide Shows - Manage System Messages - Display System Messages to Users During Login - Ported to Visual Studio 2012 and MVC 4 - Added New Vodigi Administrator User Guide Vodigi Player - Improved Login/Schedule Startup Procedure - Startup Using Last Known Schedule when Disconnected on Startup - Improved Check for Schedule Changes - Now Every 15 Minutes - Pla...Secretary Tool: Secretary Tool v1.1.0: I'm still considering this version a beta version because, while it seems to work well for me, I haven't received any feedback and I certainly don't want anyone relying solely on this tool for calculations and such until its correct functioning is verified by someone. This version includes several bug fixes, including a rather major one with Emergency Contact Information not saving. Also, reporting is completed. There may be some tweaking to the reporting engine, but it is good enough to rel...VidCoder: 1.4.10 Beta: Added progress percent to the title bar/task bar icon. Added MPLS information to Blu-ray titles. Fixed the following display issues in Windows 8: Uncentered text in textbox controls Disabled controls not having gray text making them hard to identify as disabled Drop-down menus having hard-to distinguish white on light-blue text Added more logging to proxy disconnect issues and increased timeout on initial call to help prevent timeouts. Fixed encoding window showing the built-in pre...WPF Application Framework (WAF): WPF Application Framework (WAF) 2.5.0.400: Version 2.5.0.400 (Release): This release contains the source code of the WPF Application Framework (WAF) and the sample applications. Requirements .NET Framework 4.0 (The package contains a solution file for Visual Studio 2010) The unit test projects require Visual Studio 2010 Professional Changelog Legend: [B] Breaking change; [O] Marked member as obsolete Update the documentation. InfoMan: Write the documentation. Other Downloads Downloads OverviewHome Access Plus+: v8.5: v8.5.1208.1500 This is a point release, for the other parts of HAP+ see the v8.3 release. Fixed: #me#me issue with the Edit Profile Link Updated: 8.5.1208 release Updated: Documentation with hidden booking system feature Added: Room Drop Down to the Booking System (no control panel interface), can be Resource Specific Fixed: Recursive AD Group Membership Lookup Fixed: User.IsInRole with recursive lookup Added: Group Searches to hidefrom and showto for the booking system Added: DFS Targeting ...Ynote Classic: Ynote Classic version 1.0: Ynote Classic is a text editor made by SS Corporation. It can help you write code by providing you with different codes for creation of html or batch files. You can also create C/C++ /Java files with SS Ynote Classic. Author of Ynote Classic is Samarjeet Singh. Ynote Classic is available with different themes and skins. It can also compile *.bat files into an executable file. It also has a calculator built within it. 1st version released of 6-12-12 by Samarjeet Singh. Please contact on http:...Http Explorer: httpExplorer-1.1: httpExplorer now has the ability to connect to http server via web proxies. The proxy may be explicitly specified by hostname or IP address. Or it may be specified via the Internet Options settings of Windows. You may also specify credentials to pass to the proxy if the proxy requires them. These credentials may be NTLM or basic authentication (clear text username and password).Bee OPOA Platform: Bee OPOA Demo V1.0.001: Initial version.Microsoft Ajax Minifier: Microsoft Ajax Minifier 4.78: Fix for issue #18924 - using -pretty option left in ///#DEBUG blocks. Fix for issue #18980 - bad += optimization caused bug in resulting code. Optimization has been removed pending further review.XNA GPU Particles Tool: Multi-Effect Release 20525: This version allows creating multiple effects with multiple emitters. Load, change and save particle effects. Display them in various ways to help design the effect. There are also some help pages to explain what the main settings do. This includes some preset emitter settings and a camera position for a First Person view. Source code only for XNA 4 and Visual Studio express 2010.Implementing Google Protocol Buffers using C#: Console Application: Compiled Version of the Application. The application is developed using MS.NET 4.0 run time.MB Tools: WDSMulticastMonitor V2.0: Updated version of WDSMulticast Monitor: Uses WdsTransportManger Comobject instead of WdsManager, this means that it works on servers that only have the transport role installed. Old version required the full WDS role to be installed to work. Some minor bugfixes and extra errorchecks added Added Transfererate to output, although this seems to work only sporadic. Its not a limitation of this script though, when not outputing anything in script niether is the normal wds tools.Yahoo! UI Library: YUI Compressor for .Net: Version 2.2.0.0 - Epee: New : Web Optimization package! Cleaned up the nuget packages BugFix: minifying lots of files will now be faster because of a recent regression in some code. (We were instantiating something far too many times).DtPad - .NET Framework text editor: DtPad 2.9.0.40: http://dtpad.diariotraduttore.com/files/images/flag-eng.png English + A new built-in editor for the management of CSV files, including the edit of cells, deleting and adding new rows, replacement of delimiter character and much more (issue #1137) + The limit of rows allowed before the decommissioning of their side panel has been raised (new default: 1.000) (issue #1155, only partially solved) + Pressing CTRL+TAB now DtPad opens a screen that shows the list of opened tabs (issue #1143) + Note...AvalonDock: AvalonDock 2.0.1746: Welcome to the new release of AvalonDock 2.0 This release contains a lot (lot) of bug fixes and some great improvements: Views Caching: Content of Documents and Anchorables is no more recreated everytime user move it. Autohide pane opens really fast now. Two new themes Expression (Dark and Light) and Metro (both of them still in experimental stage). If you already use AD 2.0 or plan to integrate it in your future projects, I'm interested in your ideas for new features: http://avalondock...AcDown?????: AcDown????? v4.3.2: ??●AcDown??????????、??、??、???????。????,????,?????????????????????????。???????????Acfun、????(Bilibili)、??、??、YouTube、??、???、??????、SF????、????????????。 ●??????AcPlay?????,??????、????????????????。 ● AcDown??????????????????,????????????????????????????。 ● AcDown???????C#??,????.NET Framework 2.0??。?????"Acfun?????"。 ?? v4.3.2?? ?????????????????? ??Acfun??????? ??Bilibili?????? ??Bilibili???????????? ??Bilibili????????? ??????????????? ???? ??Bilibili??????? ????32??64? Windows XP/...ExtJS based ASP.NET 2.0 Controls: FineUI v3.2.2: ??FineUI ?? ExtJS ??? ASP.NET 2.0 ???。 FineUI??? ?? No JavaScript,No CSS,No UpdatePanel,No ViewState,No WebServices ???????。 ?????? IE 7.0、Firefox 3.6、Chrome 3.0、Opera 10.5、Safari 3.0+ ???? Apache License 2.0 (Apache) ???? ??:http://fineui.com/bbs/ ??:http://fineui.com/demo/ ??:http://fineui.com/doc/ ??:http://fineui.codeplex.com/ ???? +2012-12-03 v3.2.2 -?????????????,?????button/button_menu.aspx(????)。 +?Window????Plain??;?ToolbarPosition??Footer??;?????FooterBarAlign??。 -????win...Player Framework by Microsoft: Player Framework for Windows Phone 8: This is a brand new version of the Player Framework for Windows Phone, available exclusively for Windows Phone 8, and now based upon the Player Framework for Windows 8. While this new version is not backward compatible with Windows Phone 7 (get that http://smf.codeplex.com/releases/view/88970), it does offer the same great feature set plus dozens of new features such as advertising, localization support, and improved skinning. Click here for more information about what's new in the Windows P...New ProjectsConfigMgrUI: UI for System Center Configuration Manager 2007 & 2012, System Center Orchestrator 2012 and MDT. cvn demo poject: just a test projectDelicious Notify Plugin: Lets you push a blog post straight to Delicious from Live WriterInsert Acronym Tags: Lets you insert <acronym> and <abbr> tags into your blog entry more easily.Insert File(s): Allows you to include up to three files for publishing in a post using Windows Live Writer.Insert Quick Link: Allows you to paste a link into the Writer window and have the a window similar to the one in Writer where you can change what text is to appear, open in new window, etc.ISD training tasks: ISD training examples and tasksjack1209132501: tesingjack12091327: tesingKata: Just a couple of solutions to katas found over around the web.KJFramework????(Mono Version): KJFramework????(Mono Version)Liber: The Dynamic library manager Managing Ebook and derivatives under different Tags & Properties Share Libers under PUBLIC TAGS in the LIBER Community... Libro Visual Basic 2012 spiegato a mia nonna: Tutti gli esempi del libro "Visual Basic 2012 spiegato a mia nonna". Work in progress...log4net SharePoint 2013 Appender: log4net SharePoint 2013 AppenderMethodSerializer: .NET Method Serializer DeserializerMGR.VSSolutionManager: MGR.VSSolutionManager is a tool to help to manage (update, compare, merge) Visual Studio's solution files.MIAGE IHM: BlablaPCV_Tutorial: PCV_TutorialRoll Manager: Roll Manager is a client/server application that makes it easy to create scripts with many actions that run against groups of servers. No more DOS batch scripts. It's developed in C# .NET 3.5.RootFinder: Comprehensive implementation of a 1D RootFinder framework solution - implements the full suite of bracketing and open methods, and their primitives/compoundSGF Editor: SGF Editor reads/writes .sgf files, edits Go game trees, etc. It has several useful commands for reviewing games. For searching purposes: goban, baduk, weiqi.SharePoint 365 Utilities: SharePoint 365 aims helping SharePoint developers improve the delivery time of SharePoint solutions by offering a set of utilities for DEV/Deploy/Maintenance.SNMP: ????windwos api ? WinSNMP API ??????Stock Analitator: Stock Analyzer using Relative Strength IndexTPV: TPVTrending Topic Component: This component is a final assignment of Component Based Programming in Duta Wacana Christian Univerity, Yogyakarta, IndonesiaVisual .NET RogueLike: A basic roguelike hacked out in Visual .NET. I'm unsure where I want to go with the project, so I'm just putting it out there for now.YooYoo: Personal DevelopingYou are here (for Windows Mobile): This sample shows you how to play a *.wav file on your device with Compact Framework 2.0. There is better support for playing music on Compact Framework 3.5. The idea of this sample is from this video: http://www.youtube.com/watch?v=xMcSNfrT-4MZoom.PE: PE read/write libraryZX AAA Workshop: ????????? ZX AAA Workshop ????????????? ??? ????????? ???????? ? ???? ?????????? ?????????? ZX Spectrum. ?????????????? ?????????: Specaculator, Unreal, Fuse. ??????????? ?????????? ????????? ?????? ?????????? ?????????????. ?????????? ?????? ? ??????? png, gif, bmp, tiff, jpeg.???????? ??????? ?????????? ? Visual Studio: ???????? ??????? ?????????? ? Visual Studio

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

1