Saturday, October 21, 2023

Running Windows Applications as a Different User using System Internals ShellRunas

Using the runas command from a Windows console windows was demonstrated in the post,  Access SQL Server Management Studio using a different Active Directory Credential. The concept was that a user was logged in to Windows and an application (SQL Server Management Studio e.g. ssms.exe) needed to be run as a different user (hence the use of runas).

The much vaunted Windows Sysinternals was acquired by Microsoft in 2006 and among the useful utilities produced by Sysinternals is ShellRunas. As the previous documentation link shows:


Install ShellRunas Shell Extension

ShellRunas can be downloaded and zipped from Download ShellRunas. The download, ShellRunas.zip contains an executable ShellRunas.exe. To install ShellRunas as as a Windows shell extension, run the following from a Windows console terminal in the folder containing ShellRunas.exe:

.\ShellRunas.exe /reg

Invoking ShellRunas as shown above displays a dialog indicating the shell extension has been added;


Running ShellRunas from Explorer

To demonstrated on Windows 11 how to use ShellRunas navigate in Windows Explorer to the folder of the application (such as ssms.exe): 

C:\Program Files (x86)\Microsoft SQL Server Management Studio 19\Common7\IDE

From Windows Explorer right click on the application (such as ssms.exe) which displays a context menu such as the following:


The bottom option of the context menu is "Show more options." Select this menu item which displays the following context, sub menu:

From the above context menu select "Run as different user" which display the following dialog courtesy of Sysinternals ShellRunas:


The above dialog can be used run an application as a user that differs from the currently logged in Windows user.

Why Such Complicated Navigation?

ShellRunas dates back to February 26, 2008 and the era of WidnowsVista, Windows Server 2008, and President George Bush.  The example shell context menu shown at the top of this post is from Microsoft's ShellRunas documentation and is as follows:


The above context menu dialog box were displayed when right click on an executable that was run on Windows days of yore sometime a.k.a. some version before Windows 11.

ShellRunas used to be convenient. As of modern versions of Windows, ShellRunas is a handy utility with navigation that is a bit too complex.

 


Posted by at No comments :

Tuesday, October 17, 2023

Access SQL Server Management Studio using a different Active Directory Credential

There is no way to change the "User name" in SQL Server Management Studio's "Connect to Server" dialog when using Windows Authentication. This post demonstrates how to run SQL Server Management Studio (SSMS) and authenticate a connection using a different user than the current active Windows user while authenticating with Windows Authentication. For example, a user logs in with the normal account but needs to authenticate with an administrative account to access SQL Server.

An example of SSMS's "Connect to Server" dialog authenticating a connection with Windows Authentication is as follows:


The "User name" dropdown above is grayed out as it cannot be changed because Authentication is set to Windows Authentication. The Windows runas command-line utility (see Runas) can be used to run SSMS or any application as a different user than the user currently logged into a host. For this example, considering desiring to login as:

  • domain: domaidAbc
  • user: userEfg

To run SQL Server Management Studio as user domainAbc\userEfg, specify the following from a console prompt:

runas /noprofile /netonly /user:domainAbc\userEfg "C:\Program Files (x86)\Microsoft SQL Server Management Studio 19\Common7\IDE\ssms.exe"

Once the above command is run, the user will be prompted to enter a password for account domainAbc\userEfg:

Enter the password for domainAbc\userEfg:

There is no way to specify the password as a runas command-line option so the password must be manually entered.

The following is all the text displayed when running SSMS as a different user via the runas command:

C:\>runas /noprofile /netonly /user:domainAbc\userEfg "C:\Program Files (x86)\Microsoft SQL Server Management Studio 19\Common7\IDE\ssms.exe"
Enter the password for domainAbc\userEfg:
Attempting to start C:\Program Files (x86)\Microsoft SQL Server Management Studio 19\Common7\IDE\ssms.exe as user "domainAbc\userEfg" ...

At this point SSMS is running as user domainAbc\userEfg. There is a bit of a twist. Here is an example of the "Connect to Server" dialog displayed when running as user domainAbc\userEfg (note the grayed out User name is different,XPS17\jann):


When the Server name is specified and the connection to SQL Server is made, the user used to authenticate is domainAbc\userEfg and not the grayed out user.
Posted by at No comments :

Sunday, September 17, 2023

PowerShell/Azure Graph API: Improving the Online Documentation (Open Source Contribution)

Microsoft provides an excellent example of how to create a report of Azure App Registrations with expiring secrets and certificates (see: Export app registrations with expiring secrets and certificates). This script uses Microsoft's Graph PowerShell SDK module which is installed as follows:

Install-Module PowerShellGet

In Microsoft's sample the following PowerShell snippet is included in two separate locations in the code:


Obviously, that code could be more simply written as:


I logged into Github.com, edited Microsoft's example, and created a pull request. Withing 24 Hours it was approved and my change as adopted meaning the online documentation was updated to include my change:







Posted by at No comments :

Friday, August 25, 2023

Docker: Error Message "Windows Containers are not supported on your version of windows"

On a Windows host where Docker is configured to use Windows (versus Linux) contains the following error message, "Windows Containers are not supported on your version of windows", can be encountered. There are multiple reasons for this error message but one of the most common is that it is only possible to run Windows containers on Windows Pro or Windows Enterprise edition. Docker cannot run Windows containers on Windows Home or Windows Education edition.

Docker's setup instructions for Windows can be found at Install Docker Desktop on Windows. A the top of this web page, under System Requirements is the following (as of August 23, 2023):


There is nothing in the above documentation stating that Windows Home and Education only support Linux containers. There is nothing in the above documentation stating that in order to supports both Linux and Windows containers Windows Pro or Windows Enterprise is required.

Note: I have submitted a Pull Request to Docker's documentation repo (Docker docs)  requesting the text be changed to include the sentences "Home and Education editions support only Linux containers. Pro and Enterprise editions support Windows containers and Linux containers." alongside the Windows 11 and Windows 10 system requirements.

Dockers Windows install documentation (Install Docker Desktop on Windows) does include a note well below the "System requirements" tab that presents which editions of Windows are required in order to run Windows containers:




Posted by at No comments :

Monday, August 14, 2023

Windows 10: Install Windows Terminal Without Windows Store

I was handed a laptop for a project that was Windows 10. Windows Terminal was not installed. On Windows 11 22H2, Windows Terminal is the default "command line experience" (see Windows Terminal is now the Default in Windows 11). Microsoft recommends installing Window Terminal using the Windows Store (see Windows Terminal). The laptop I was given was a corporate laptop and Windows Store was unavailable.

It is possible to download and install Windows Terminal from Windows Terminal Releases. Below are assets for Windows Terminal v1.17.11461.0:


The easiest way to install is to just download and invoke the MSIX bundle.


Posted by at No comments :

Sunday, August 13, 2023

PowerShell (failure): New-TemporaryFile Cannot Create a New Filename without Creating a File

In PowerShell the standard way to create a temporary filename is to invoke the System.IO namespace's Path class's GetTempFileName method. To be clear, only a filename is retrieved and no actual file is created. An example of GetTempFileName being invoked by PowerShell is as follows:

[string] $tempFilenameFromCsharp = ` 
               [System.IO.Path]::GetTempFileName() 

The results of the code above will vary because the filename is randomly generated and the method uses a user's environment variable, $env:TEMP. An example of the value assigned to $tempFilenameFromCsharp when the code snippet above being invoked is as follows:

C:\Users\jann\AppData\Local\Temp\tmpCF88.tmp

The New-TemporaryFile PowerShell cmdlet creatse a new temporary file and returns a corresponding instance of the System.IO.FileInfo class whihc include information such as the name of the file created.

My theory that I felt had a 20% chance of working: Invoke New-TemporaryFile with the -WhatIf command-line option and instead of creating a temporary file, the comdlet will return the name of the temporary file that would have been created.

For those that need a reminder, the WhatIf command-line option is defined as follows (see: WhatIf Switch):


My attempt to use New-TemporaryFile to create filename without creating a file was as follows:

[System.IO.FileInfo] $tempFilenameFromPowerShell = `
                         New-TemporaryFile -WhatIf -ErrorAction Stop

The output from invoking the above command is follows:


The following code tests if the $tempFilenameFromPowerShell variable is assigned to $null:


Since $tempFilenameFromPowerShell is set to $null so New-TemporaryFile combined with -WhatIf does not create a new filename. 

Not every idea we try works.

Posted by at No comments :

Saturday, July 29, 2023

PowerShell: azcopy Working Around the New Version Available Information Message

One of the most optimal ways to upload and download blobs to/from Azure storage containers is the azcopy utility (see azcopy). This utility can be used from the command-line or can be included in a PowerShell script such as the following:

[string] $azCopyPath = 'C:\bin\azcopy.exe'
[string] $blobSasUrl = 'put your own storage URL plus SAS token here'

& $azCopyPath list $blobSasUrl 

The above example is one of cases where azcopy is not used to upload or download files/folders/blobs. The "azcopy list" command will list the blobs for a given storage URL (see azcopy list).

The output from the above command is as follows:

INFO: azcopy.10_19_0.exe 10.19.0: A newer version 10.20.0 is available to download

INFO: a.txt;  Content Length: 1.20 KiB
INFO: b.txt;  Content Length: 1.20 KiB
INFO: c.txt;  Content Length: 1.20 KiB
INFO: d.txt;  Content Length: 1.20 KiB

The desired output is as follows (sans the upgrade available message):



The azcopy utility creates a message on the  information data stream that an upgrade is available. The output from azcopy list is also provided on the information data stream. There is no way to suppress the "newer version is available to download" message.

The following PowerShell code uses "Select-Object -Skip" (see Select-Object) to remove the upgrade informational message and returns only the data retrieved by azcopy list:

[string] $upgradeAvialableSuffix = 'is available to download'

function Get-AzCopyList {
    param(
        [Parameter(Mandatory=$true)]
        [string] $azCopyFilePath,
        [Parameter(Mandatory=$true)]
        [string] $blobUrlWithSasToken
        )

    [string[]] $results = & $azCopyPath list $blobSasUrl 

    # always return an array
    if (($null -eq $results) -or (0 -eq $results.Length)) {
        return ,[string[]]::new(0)
    }

    [int] $index = 0

    if ($results[0].EndsWith($upgradeAvialableSuffix)) {
        [bool] $endMarkerFound = $false

        foreach ($result in $results) {
            $index++
            if (0 -eq $result.Length) {
                $endMarkerFound = $true
                break
            }
        }

        if ($false -eq $endMarkerFound) {
            throw "Upgrade message not delineated from results $($result[0])"
        }
    }

    return $results | Select-Object -Skip $index 
}

[string] $azCopyPath = 'C:\bin\azcopy.exe'
[string] $blobSasUrl = 'put your own storage URL plus SAS token here'
[string[]] $results = Get-AzCopyList $azCopyPath $blobSasUrl

$results

The output from above code is:
INFO: a.txt;  Content Length: 1.20 KiB
INFO: b.txt;  Content Length: 1.20 KiB
INFO: c.txt;  Content Length: 1.20 KiB
INFO: d.txt;  Content Length: 1.20 KiB



Posted by at No comments :
Subscribe to: Posts ( Atom )