public static UserImpersonation Impersonate(string username, string domain, string password) { var imp = new UserImpersonation(username, domain, password); imp.Impersonate(); return(imp); }
public static RemoteUpdateConfiguration GetUpdateConfiguration() { var updateConfiguration = new RemoteUpdateConfiguration(); const string updatesLastCheckedKey = @"SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect"; const string updatesLastCheckedValue = "LastSuccessTime"; const string updatesLastInstalledKey = @"SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install"; const string updatesLastInstalledValue = "LastSuccessTime"; const string updatesConfigurationKey = @"SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update"; const string updatesConfigurationAltKey = @"SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU"; const string updatesConfigurationValue = "AUOptions"; var managementScope = new ManagementScope($@"\\{RemoteUpdate.ComputerName}\root\CIMV2"); ManagementBaseObject inParams = null; ManagementBaseObject outParams = null; try { using (var wmiRegistry = new ManagementClass(managementScope, new ManagementPath("StdRegProv"), null)) { // Get date and time of last update check. inParams = wmiRegistry.GetMethodParameters("GetStringValue"); inParams["sSubKeyName"] = updatesLastCheckedKey; inParams["sValueName"] = updatesLastCheckedValue; outParams = wmiRegistry.InvokeMethod("GetStringValue", inParams, null); if (outParams["sValue"] != null) { updateConfiguration.LastUpdateCheck = DateTime.SpecifyKind(DateTime.Parse((string)outParams["sValue"]), DateTimeKind.Utc).ToLocalTime(); } // Get date and time of last installed update. inParams["sSubKeyName"] = updatesLastInstalledKey; inParams["sValueName"] = updatesLastInstalledValue; outParams = wmiRegistry.InvokeMethod("GetStringValue", inParams, null); if (outParams["sValue"] != null) { updateConfiguration.LastUpdateInstall = DateTime.SpecifyKind(DateTime.Parse((string)outParams["sValue"]), DateTimeKind.Utc).ToLocalTime(); } // Get update configuration (automatic or manual). inParams = wmiRegistry.GetMethodParameters("GetDWORDValue"); inParams["sSubKeyName"] = updatesConfigurationAltKey; inParams["sValueName"] = updatesConfigurationValue; outParams = wmiRegistry.InvokeMethod("GetDWORDValue", inParams, null); if (outParams["uValue"] != null) { updateConfiguration.AuOptionCode = (int)(UInt32)outParams["uValue"]; } if (updateConfiguration.AuOptionCode <= 0) { inParams["sSubKeyName"] = updatesConfigurationKey; inParams["sValueName"] = updatesConfigurationValue; outParams = wmiRegistry.InvokeMethod("GetDWORDValue", inParams, null); if (outParams["uValue"] != null) { updateConfiguration.AuOptionCode = (int)(UInt32)outParams["uValue"]; } } } } catch (ManagementException ex) when(ex.ErrorCode == ManagementStatus.NotFound) { // Target OS might not support WMI StdRegProv. Attempt to gather data using remote registry. updateConfiguration = new RemoteUpdateConfiguration(); const string serviceName = "RemoteRegistry"; bool isLocal = RemoteUpdate.ComputerName.ToUpper() == Environment.MachineName.ToUpper() ? true : false; bool isServiceRunning = true; // If the target computer is remote, then start the Remote Registry service. using ( GlobalVar.UseAlternateCredentials ? UserImpersonation.Impersonate(GlobalVar.AlternateUsername, GlobalVar.AlternateDomain, GlobalVar.AlternatePassword) : null) using (var sc = new ServiceController(serviceName, RemoteUpdate.ComputerName)) { try { if (!isLocal && sc.Status != ServiceControllerStatus.Running) { isServiceRunning = false; sc.Start(); } } catch (Exception) { } try { using (RegistryKey key = RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMachine, RemoteUpdate.ComputerName)) { using (RegistryKey subKey = key.OpenSubKey(updatesLastCheckedKey)) { if (subKey != null && subKey.GetValue("LastSuccessTime") != null) { updateConfiguration.LastUpdateCheck = DateTime.SpecifyKind(DateTime.Parse(subKey.GetValue("LastSuccessTime").ToString()), DateTimeKind.Utc).ToLocalTime(); } } using (RegistryKey subKey = key.OpenSubKey(updatesLastInstalledKey)) { if (subKey != null && subKey.GetValue("LastSuccessTime") != null) { updateConfiguration.LastUpdateInstall = DateTime.SpecifyKind(DateTime.Parse(subKey.GetValue("LastSuccessTime").ToString()), DateTimeKind.Utc).ToLocalTime(); } } using (RegistryKey subKey = key.OpenSubKey(updatesConfigurationAltKey)) { if (subKey != null) { updateConfiguration.AuOptionCode = (subKey.GetValue("AUOptions") != null) ? int.Parse(subKey.GetValue("AUOptions").ToString()) : 0; } } if (updateConfiguration.AuOptionCode <= 0) { using (RegistryKey subKey = key.OpenSubKey(updatesConfigurationKey)) { if (subKey != null) { updateConfiguration.AuOptionCode = (subKey.GetValue("AUOptions") != null) ? int.Parse(subKey.GetValue("AUOptions").ToString()) : 0; } } } } if (updateConfiguration.AuOptionCode < 4) { updateConfiguration.IsAutomaticUpdatesEnabled = false; } else { updateConfiguration.IsAutomaticUpdatesEnabled = true; } } catch { } // Cleanup. if (!isLocal && !isServiceRunning) { try { if (sc != null) { sc.Stop(); } } catch (Exception) { } } } } catch { // Do nothing. } finally { if (inParams != null) { inParams.Dispose(); } if (outParams != null) { outParams.Dispose(); } if (updateConfiguration.AuOptionCode < 4) { updateConfiguration.IsAutomaticUpdatesEnabled = false; } else { updateConfiguration.IsAutomaticUpdatesEnabled = true; } } return(updateConfiguration); }
public static List <RemoteApplication> GetInstalledApplications() { var apps = new List <RemoteApplication>(); var taskResult = new TaskResult(); Result = taskResult; const string uninstallKey = @"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"; const string uninstallKey32on64 = @"SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall"; var managementScope = new ManagementScope($@"\\{ComputerName}\root\CIMV2"); ManagementBaseObject inParams = null; ManagementBaseObject outParams = null; try { using (var wmiRegistry = new ManagementClass(managementScope, new ManagementPath("StdRegProv"), null)) { List <string> subKeys = null; List <string> subKeys32on64 = null; var uninstallKeys = new List <string>(); // Get uninstall subkeys. inParams = wmiRegistry.GetMethodParameters("EnumKey"); inParams["sSubKeyName"] = uninstallKey; outParams = wmiRegistry.InvokeMethod("EnumKey", inParams, null); if (outParams["sNames"] != null) { subKeys = new List <string>((string[])outParams["sNames"]).Select(x => $@"{uninstallKey}\{x}").ToList(); } // Get 32-bit on 64-bit uninstall subkeys. inParams["sSubKeyName"] = uninstallKey32on64; outParams = wmiRegistry.InvokeMethod("EnumKey", inParams, null); if (outParams["sNames"] != null) { subKeys32on64 = new List <string>((string[])outParams["sNames"]).Select(x => $@"{uninstallKey32on64}\{x}").ToList(); } // Combine lists of keys. if (subKeys != null) { uninstallKeys.AddRange(subKeys); } if (subKeys32on64 != null) { uninstallKeys.AddRange(subKeys32on64); } // Enumerate keys. foreach (string subKey in uninstallKeys) { // Get SystemComponent (DWORD) value. Skip key if this value exists and is set to '1'. inParams = wmiRegistry.GetMethodParameters("GetDWORDValue"); inParams["sSubKeyName"] = subKey; inParams["sValueName"] = "SystemComponent"; outParams = wmiRegistry.InvokeMethod("GetDWORDValue", inParams, null); if (outParams["uValue"] != null && (UInt32)outParams["uValue"] == 1) { continue; } // Get ParentKeyName (String) value. Skip key if this value exists. inParams = wmiRegistry.GetMethodParameters("GetStringValue"); inParams["sSubKeyName"] = subKey; inParams["sValueName"] = "ParentKeyName"; outParams = wmiRegistry.InvokeMethod("GetStringValue", inParams, null); if (outParams["sValue"] != null && ((string)outParams["sValue"]).Length > 0) { continue; } // Get ReleaseType (String) value. Skip key if this value contains 'Update' or 'Hotfix'. inParams["sSubKeyName"] = subKey; inParams["sValueName"] = "ReleaseType"; outParams = wmiRegistry.InvokeMethod("GetStringValue", inParams, null); if (outParams["sValue"] != null && (((string)outParams["sValue"]).Contains("Update") || ((string)outParams["sValue"]).Equals("Hotfix"))) { continue; } var app = new RemoteApplication(); // Get DisplayName (String) value. inParams["sSubKeyName"] = subKey; inParams["sValueName"] = "DisplayName"; outParams = wmiRegistry.InvokeMethod("GetStringValue", inParams, null); if (outParams["sValue"] != null) { app.DisplayName = (string)outParams["sValue"]; } else { continue; } // Get Publisher (String) value. inParams["sSubKeyName"] = subKey; inParams["sValueName"] = "Publisher"; outParams = wmiRegistry.InvokeMethod("GetStringValue", inParams, null); if (outParams["sValue"] != null) { app.Publisher = (string)outParams["sValue"]; } // Get DisplayVersion (String) value. inParams["sSubKeyName"] = subKey; inParams["sValueName"] = "DisplayVersion"; outParams = wmiRegistry.InvokeMethod("GetStringValue", inParams, null); if (outParams["sValue"] != null) { app.Version = (string)outParams["sValue"]; } // Get UninstallString (String) value. inParams["sSubKeyName"] = subKey; inParams["sValueName"] = "UninstallString"; outParams = wmiRegistry.InvokeMethod("GetStringValue", inParams, null); if (outParams["sValue"] != null) { app.UninstallPath = (string)outParams["sValue"]; } apps.Add(app); } } taskResult.DidTaskSucceed = true; } catch (ManagementException ex) when(ex.ErrorCode == ManagementStatus.NotFound) { // Target OS might not support WMI StdRegProv. Attempt to gather data using remote registry. apps = new List <RemoteApplication>(); const string serviceName = "RemoteRegistry"; bool isLocal = ComputerName.ToUpper() == Environment.MachineName.ToUpper() ? true : false; bool isServiceRunning = true; // If the target computer is remote, then start the Remote Registry service. using ( GlobalVar.UseAlternateCredentials ? UserImpersonation.Impersonate(GlobalVar.AlternateUsername, GlobalVar.AlternateDomain, GlobalVar.AlternatePassword) : null) using (var sc = new ServiceController(serviceName, ComputerName)) { try { if (!isLocal && sc.Status != ServiceControllerStatus.Running) { isServiceRunning = false; sc.Start(); } } catch (Exception) { } try { using (RegistryKey key = RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMachine, ComputerName)) { using (RegistryKey mainKey64 = key.OpenSubKey(uninstallKey)) apps.AddRange(EnumerateUninstallKeys(mainKey64)); using (RegistryKey mainKey32 = key.OpenSubKey(uninstallKey32on64)) apps.AddRange(EnumerateUninstallKeys(mainKey32)); } taskResult.DidTaskSucceed = true; } catch { taskResult.DidTaskSucceed = false; } // Cleanup. if (!isLocal && !isServiceRunning) { try { if (sc != null) { sc.Stop(); } } catch (Exception) { } } } } catch { // Do nothing. } finally { if (inParams != null) { inParams.Dispose(); } if (outParams != null) { outParams.Dispose(); } } // Get Internet Explorer version. if (taskResult.DidTaskSucceed && apps.Count > 0) { try { var internetExplorerVersion = FileVersionInfo.GetVersionInfo($@"\\{ComputerName}\C$\Program Files\Internet Explorer\iexplore.exe"); if (internetExplorerVersion != null && internetExplorerVersion.ProductVersion.Length > 0) { apps.Add(new RemoteApplication { DisplayName = "Internet Explorer", Publisher = "Microsoft Corporation", Version = internetExplorerVersion.ProductVersion }); } } catch { } } return(apps); }
private static bool GetSysRebootState() { bool isRebootPending = false; const string wuRegKey = @"SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\RebootRequired"; const string cbsRegKey = @"SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\RebootPending"; const string pfroRegKey = @"SYSTEM\CurrentControlSet\Control\Session Manager\FileRenameOperations"; var managementScope = new ManagementScope($@"\\{TargetComputer}\root\CIMV2"); ManagementBaseObject inParams = null; ManagementBaseObject outParams = null; try { using (var wmiRegistry = new ManagementClass(managementScope, new ManagementPath("StdRegProv"), null)) { inParams = wmiRegistry.GetMethodParameters("EnumValues"); inParams["sSubKeyName"] = wuRegKey; outParams = wmiRegistry.InvokeMethod("EnumValues", inParams, null); if ((UInt32)outParams["ReturnValue"] == 0) { isRebootPending = true; } inParams["sSubKeyName"] = cbsRegKey; outParams = wmiRegistry.InvokeMethod("EnumValues", inParams, null); if ((UInt32)outParams["ReturnValue"] == 0) { isRebootPending = true; } inParams["sSubKeyName"] = pfroRegKey; outParams = wmiRegistry.InvokeMethod("EnumValues", inParams, null); if ((UInt32)outParams["ReturnValue"] == 0 && (string[])outParams["sNames"] != null) { isRebootPending = true; } } } catch (ManagementException ex) when(ex.ErrorCode == ManagementStatus.NotFound) { // Target OS might not support WMI StdRegProv. Attempt to gather data using remote registry. isRebootPending = false; const string serviceName = "RemoteRegistry"; bool isLocal = TargetComputer.ToUpper() == Environment.MachineName.ToUpper() ? true : false; bool isServiceRunning = true; // If the target computer is remote, then start the Remote Registry service. using ( GlobalVar.UseAlternateCredentials ? UserImpersonation.Impersonate(GlobalVar.AlternateUsername, GlobalVar.AlternateDomain, GlobalVar.AlternatePassword) : null) using (var sc = new ServiceController(serviceName, TargetComputer)) { try { if (!isLocal && sc.Status != ServiceControllerStatus.Running) { isServiceRunning = false; sc.Start(); } } catch (Exception) { } try { using (RegistryKey key = RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMachine, TargetComputer)) { using (RegistryKey subKey = key.OpenSubKey(wuRegKey)) { if (subKey != null) { isRebootPending = true; } } using (RegistryKey subKey = key.OpenSubKey(cbsRegKey)) { if (subKey != null) { isRebootPending = true; } } using (RegistryKey subKey = key.OpenSubKey(pfroRegKey)) { if (subKey != null && subKey.GetValueNames().Length > 0) { isRebootPending = true; } } } } catch { } // Cleanup. if (!isLocal && !isServiceRunning) { try { if (sc != null) { sc.Stop(); } } catch (Exception) { } } } } catch { // Do nothing. } finally { if (inParams != null) { inParams.Dispose(); } if (outParams != null) { outParams.Dispose(); } } return(isRebootPending); }
public static List <RemoteLogonSession> GetLogonSessions() { // GetProcesses() first uses WMI to determine if the target computer is running a desktop or server OS. // If running a server OS, it uses the Remote Desktop Service API to retrieve logon sessions. // If running a desktop OS, it uses WMI to retrieve logon sessions. // It returns a List of RemoteLogonSession which will be bound to a DataGrid on this UserControl. var logonSessions = new List <RemoteLogonSession>(); var taskResult = new TaskResult(); Result = taskResult; UInt32 productType = 1; // Determine whether operating system is server or desktop edition. var options = new ConnectionOptions(); if (GlobalVar.UseAlternateCredentials) { options.Username = GlobalVar.AlternateUsername; options.Password = GlobalVar.AlternatePassword; options.Authority = $"NTLMDOMAIN:{GlobalVar.AlternateDomain}"; } var scope = new ManagementScope($@"\\{ComputerName}\root\CIMV2", options); var query = new ObjectQuery("SELECT ProductType FROM Win32_OperatingSystem"); var searcher = new ManagementObjectSearcher(scope, query); try { foreach (ManagementObject m in searcher.Get()) { productType = (m["ProductType"] != null) ? (UInt32)m["ProductType"] : 1; break; } } catch { taskResult.DidTaskSucceed = false; return(logonSessions); } IsServerEdition = productType > 1 ? true : false; // If operating system is server edition, use Remote Desktop Services API to retrieve logon sessions. if (IsServerEdition) { try { using ( GlobalVar.UseAlternateCredentials ? UserImpersonation.Impersonate(GlobalVar.AlternateUsername, GlobalVar.AlternateDomain, GlobalVar.AlternatePassword) : null) { IntPtr server = WtsApi.WTSOpenServer(ComputerName); logonSessions.AddRange(WtsApi.GetWindowsUsers(server)); foreach (RemoteLogonSession logonSession in logonSessions) { query = new ObjectQuery($"SELECT CreationDate FROM Win32_Process WHERE SessionId = {logonSession.SessionId}"); searcher = new ManagementObjectSearcher(scope, query); DateTime logonTime = DateTime.Now; foreach (ManagementObject m in searcher.Get()) { DateTime procCreationDate = ManagementDateTimeConverter.ToDateTime(m["CreationDate"].ToString()); if (procCreationDate < logonTime) { logonSession.LogonTime = procCreationDate; } } } } taskResult.DidTaskSucceed = true; } catch { taskResult.DidTaskSucceed = false; } } // If operating system is desktop edition, query Win32_Process for explorer.exe to determine logged on users. else { query = new ObjectQuery("SELECT * FROM Win32_Process WHERE Name = 'explorer.exe'"); searcher = new ManagementObjectSearcher(scope, query); try { foreach (ManagementObject m in searcher.Get()) { var logonSession = new RemoteLogonSession(); logonSession.SessionId = (UInt32)m["SessionId"]; var dmtfDateTime = m["CreationDate"].ToString(); logonSession.LogonTime = ManagementDateTimeConverter.ToDateTime(dmtfDateTime); string[] argList = new string[] { string.Empty, string.Empty }; int returnVal = Convert.ToInt32(m.InvokeMethod("GetOwner", argList)); if (returnVal == 0) { logonSession.Username = argList[0]; logonSession.Domain = argList[1]; } else { logonSession.Username = string.Empty; } int index = logonSessions.FindIndex(item => item.SessionId == logonSession.SessionId); if (index >= 0) { continue; } else { logonSessions.Add(logonSession); } } taskResult.DidTaskSucceed = true; } catch { taskResult.DidTaskSucceed = false; } } return(logonSessions); }
public static DialogResult StopService(RemoteService service) { var dialog = new DialogResult(); bool didTaskSucceed = false; bool didTimeoutOccur = false; using ( GlobalVar.UseAlternateCredentials ? UserImpersonation.Impersonate(GlobalVar.AlternateUsername, GlobalVar.AlternateDomain, GlobalVar.AlternatePassword) : null) using (var sc = new ServiceController(service.Name, ComputerName)) { try { if (sc.Status != ServiceControllerStatus.Stopped) { sc.Stop(); sc.WaitForStatus(ServiceControllerStatus.Stopped, TimeSpan.FromSeconds(30)); if (sc.Status == ServiceControllerStatus.StopPending) { didTimeoutOccur = true; } else { didTaskSucceed = true; } } else { dialog.DialogBody = $"{service.DisplayName} is already stopped."; } } catch { } } if (didTaskSucceed) { // Service started. Build DialogResult to reflect success. dialog.DialogTitle = "Success"; dialog.DialogBody = $"{service.DisplayName} is now stopped."; dialog.DialogIconPath = "/Resources/success-48.png"; dialog.ButtonIconPath = "/Resources/checkmark-24.png"; dialog.ButtonText = "OK"; dialog.IsCancelVisible = false; } else { // Service failed to start. Build DialogResult to reflect failure. dialog.DialogTitle = "Error"; if (string.IsNullOrEmpty(dialog.DialogBody)) { dialog.DialogBody = $"Failed to stop {service.DisplayName}."; } dialog.DialogIconPath = "/Resources/error-48.png"; dialog.ButtonIconPath = "/Resources/checkmark-24.png"; dialog.ButtonText = "OK"; dialog.IsCancelVisible = false; if (didTimeoutOccur) { dialog.DialogBody = $"Timed out waiting for {service.DisplayName} to stop."; } } return(dialog); }
public static DialogResult StartService(RemoteService service) { // StartService() attempts to start the specified service. // It returns a DialogResult which will be used to display the results. var dialog = new DialogResult(); bool didTaskSucceed = false; bool didTimeoutOccur = false; using ( GlobalVar.UseAlternateCredentials ? UserImpersonation.Impersonate(GlobalVar.AlternateUsername, GlobalVar.AlternateDomain, GlobalVar.AlternatePassword) : null) using (var sc = new ServiceController(service.Name, ComputerName)) { try { if (sc.Status == ServiceControllerStatus.Stopped) { sc.Start(); sc.WaitForStatus(ServiceControllerStatus.Running, TimeSpan.FromSeconds(30)); if (sc.Status == ServiceControllerStatus.StartPending) { didTimeoutOccur = true; } else { didTaskSucceed = true; } } } catch { if (service.StartupType == "Disabled") { dialog.DialogBody = "You cannot start a service that is disabled."; } else { dialog.DialogBody = $"Failed to start {service.DisplayName}."; } } } if (didTaskSucceed) { // Service started. Build DialogResult to reflect success. dialog.DialogTitle = "Success"; dialog.DialogBody = $"{service.DisplayName} is now running."; dialog.DialogIconPath = "/Resources/success-48.png"; dialog.ButtonIconPath = "/Resources/checkmark-24.png"; dialog.ButtonText = "OK"; dialog.IsCancelVisible = false; } else { // Service failed to start. Build DialogResult to reflect failure. dialog.DialogTitle = "Error"; dialog.DialogIconPath = "/Resources/error-48.png"; dialog.ButtonIconPath = "/Resources/checkmark-24.png"; dialog.ButtonText = "OK"; dialog.IsCancelVisible = false; if (didTimeoutOccur) { dialog.DialogBody = $"Timed out waiting for {service.DisplayName} to start."; } } return(dialog); }
public static List <RemoteOdbc> GetOdbcDsn() { var odbcEntries = new List <RemoteOdbc>(); const string odbcDataSources = @"SOFTWARE\ODBC\ODBC.INI\ODBC Data Sources"; const string odbcDataSources32bitOn64bit = @"SOFTWARE\Wow6432Node\ODBC\ODBC.INI\ODBC Data Sources"; const string odbcRoot = @"SOFTWARE\ODBC\ODBC.INI"; const string odbcRoot32bitOn64bit = @"SOFTWARE\Wow6432Node\ODBC\ODBC.INI"; const string serviceName = "RemoteRegistry"; bool isLocal = RemoteSystemInfo.TargetComputer.ToUpper() == Environment.MachineName.ToUpper() ? true : false; bool isServiceRunning = true; // If the target computer is remote, then start the Remote Registry service. using ( GlobalVar.UseAlternateCredentials ? UserImpersonation.Impersonate(GlobalVar.AlternateUsername, GlobalVar.AlternateDomain, GlobalVar.AlternatePassword) : null) using (var sc = new ServiceController(serviceName, RemoteSystemInfo.TargetComputer)) { try { if (!isLocal && sc.Status != ServiceControllerStatus.Running) { isServiceRunning = false; sc.Start(); sc.WaitForStatus(ServiceControllerStatus.Running); } } catch (Exception) { } try { using (RegistryKey key = RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMachine, RemoteSystemInfo.TargetComputer)) { if (RemoteSystemInfo.WindowsArchitecture == "64-bit") { using (RegistryKey subKey = key.OpenSubKey(odbcDataSources32bitOn64bit)) { if (subKey != null) { foreach (var value in subKey.GetValueNames()) { odbcEntries.Add(new RemoteOdbc { DataSourceName = value, DataSourceDriver = subKey.GetValue(value).ToString(), ArchitectureString = "32-bit", Is32bitOn64bit = true }); } } } using (RegistryKey subKey = key.OpenSubKey(odbcDataSources)) { if (subKey != null) { foreach (var value in subKey.GetValueNames()) { odbcEntries.Add(new RemoteOdbc { DataSourceName = value, DataSourceDriver = subKey.GetValue(value).ToString(), ArchitectureString = "64-bit", Is32bitOn64bit = false }); } } } using (RegistryKey subKey = key.OpenSubKey(odbcRoot)) { if (subKey != null) { foreach (var dataSource in odbcEntries) { if (dataSource.Is32bitOn64bit) { continue; } using (RegistryKey subSubKey = subKey.OpenSubKey(dataSource.DataSourceName)) { if (subSubKey != null) { foreach (var value in subSubKey.GetValueNames()) { dataSource.Values.Add(new RemoteOdbcValue { OdbcValueName = value, OdbcValueData = subSubKey.GetValue(value).ToString() }); } } } } } } using (RegistryKey subKey = key.OpenSubKey(odbcRoot32bitOn64bit)) { if (subKey != null) { foreach (var dataSource in odbcEntries) { if (!dataSource.Is32bitOn64bit) { continue; } using (RegistryKey subSubKey = subKey.OpenSubKey(dataSource.DataSourceName)) { if (subSubKey != null) { foreach (var value in subSubKey.GetValueNames()) { dataSource.Values.Add(new RemoteOdbcValue { OdbcValueName = value, OdbcValueData = subSubKey.GetValue(value).ToString() }); } } } } } } } else { using (RegistryKey subKey = key.OpenSubKey(odbcDataSources)) { if (subKey != null) { foreach (var value in subKey.GetValueNames()) { odbcEntries.Add(new RemoteOdbc { DataSourceName = value, DataSourceDriver = subKey.GetValue(value).ToString(), ArchitectureString = "32-bit", Is32bitOn64bit = false }); } } } using (RegistryKey subKey = key.OpenSubKey(odbcRoot)) { if (subKey != null) { foreach (var dataSource in odbcEntries) { using (RegistryKey subSubKey = subKey.OpenSubKey(dataSource.DataSourceName)) { if (subSubKey != null) { foreach (var value in subSubKey.GetValueNames()) { dataSource.Values.Add(new RemoteOdbcValue { OdbcValueName = value, OdbcValueData = subSubKey.GetValue(value).ToString() }); } } } } } } } } } catch { } // Cleanup. if (!isLocal && !isServiceRunning) { try { if (sc != null) { sc.Stop(); } } catch (Exception) { } } } return(odbcEntries); }
public static List <RemoteLogonHistory> GetLogonHistory() { var logonHistory = new List <RemoteLogonHistory>(); Result = new TaskResult(); const int logonEventId = 4624; const int logoffEventIdA = 4634; const int logoffEventIdB = 4647; const int landeskRemoteControlEventId = 2; string queryString = "<QueryList><Query Id='1'>" + "<Select Path='Security'>" + "*[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and " + "(EventID=" + logonEventId + ")]] and " + "*[EventData[Data[@Name='LogonType'] and (Data='2' or Data='10')]] and " + "*[EventData[Data[@Name='LogonGuid'] != '{00000000-0000-0000-0000-000000000000}']] and " + "*[EventData[Data[@Name='LogonProcessName'] != 'seclogo']]" + "</Select>" + "<Select Path='Security'>" + "*[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and " + "(EventID=" + logonEventId + ")]] and " + "*[EventData[Data[@Name='LogonType'] and (Data='2' or Data='10')]] and " + "*[EventData[Data[@Name='TargetDomainName'] = '" + RemoteLogonSession.ComputerName.ToUpper().Trim() + "']]" + "</Select>" + "<Select Path='Security'>" + //"*[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and " + //"(EventID=" + logoffEventIdA + ")]] and " + //"*[EventData[Data[@Name='LogonType'] and (Data='2' or Data='10')]] or " + "*[System[Provider[@Name='Microsoft-Windows-Security-Auditing'] and " + "(EventID=" + logoffEventIdB + ")]]" + "</Select>" + "<Select Path='Application'>" + "*[System[Provider[@Name='LANDESK Remote Control Service'] and (EventID=" + landeskRemoteControlEventId + ")]]" + "</Select>" + "</Query></QueryList>"; try { var eventLogSession = new EventLogSession(RemoteLogonSession.ComputerName); var eventLogQuery = new EventLogQuery("Security", PathType.LogName, queryString); eventLogQuery.ReverseDirection = true; eventLogQuery.Session = eventLogSession; using ( GlobalVar.UseAlternateCredentials ? UserImpersonation.Impersonate(GlobalVar.AlternateUsername, GlobalVar.AlternateDomain, GlobalVar.AlternatePassword) : null) using (var eventLogReader = new EventLogReader(eventLogQuery)) { for (EventRecord eventLogRecord = eventLogReader.ReadEvent(); null != eventLogRecord; eventLogRecord = eventLogReader.ReadEvent()) { string regexString; switch (eventLogRecord.Id) { case (logonEventId): regexString = @"An account was successfully logged on.*Logon Type:\s+(?<logonType>.*?)\r" + @".*\tAccount Name:\s+(?<accountName>.*?)\r" + @".*\tAccount Domain:\s+(?<accountDomain>.*?)\r" + @".*Network Information:.*Source Network Address:\s+(?<sourceIpAddress>.*?)\r"; break; case (landeskRemoteControlEventId): regexString = @"^Remote control action: (?<controlAction>\w+?) Remote Control Initiated from (?<sourceHostname>.*?) by user " + @"(?<accountName>.*?), Security Type"; break; case (logoffEventIdA): regexString = @"An account was logged off" + @".*Subject:.*Account Name:\s+(?<accountName>.*?)\r" + @".*Account Domain:\s+(?<accountDomain>.*?)\r" + @".*Logon Type:\s+(?<logonType>.*?)\r"; break; case (logoffEventIdB): regexString = @"User initiated logoff" + @".*Subject:.*Account Name:\s+(?<accountName>.*?)\r" + @".*Account Domain:\s+(?<accountDomain>.*?)\r"; break; default: regexString = string.Empty; break; } var match = Regex.Match(eventLogRecord.FormatDescription(), regexString, RegexOptions.Singleline); if (match.Success) { switch (eventLogRecord.Id) { case (logonEventId): logonHistory.Add(new RemoteLogonHistory { LogonTime = eventLogRecord.TimeCreated.Value, LogonDomain = match.Groups["accountDomain"].Value, LogonName = match.Groups["accountName"].Value, LogonType = match.Groups["logonType"].Value, IpAddress = match.Groups["sourceIpAddress"].Value }); break; case (landeskRemoteControlEventId): logonHistory.Add(new RemoteLogonHistory { LogonTime = eventLogRecord.TimeCreated.Value, LogonName = match.Groups["accountName"].Value, LogonDomain = string.Empty, LogonType = "LANDesk", LogonAction = match.Groups["controlAction"].Value, IpAddress = match.Groups["sourceHostname"].Value }); break; case (logoffEventIdA): logonHistory.Add(new RemoteLogonHistory { LogonTime = eventLogRecord.TimeCreated.Value, LogonDomain = match.Groups["accountDomain"].Value, LogonName = match.Groups["accountName"].Value, LogonType = "Logoff" }); break; case (logoffEventIdB): logonHistory.Add(new RemoteLogonHistory { LogonTime = eventLogRecord.TimeCreated.Value, LogonDomain = match.Groups["accountDomain"].Value, LogonName = match.Groups["accountName"].Value, LogonType = "Logoff" }); break; } } } Result.DidTaskSucceed = true; } } catch (UnauthorizedAccessException) { Result.DidTaskSucceed = false; Result.MessageBody = "This feature is currently only supported on Windows Vista and Server 2008 or higher."; } catch { Result.DidTaskSucceed = false; } return(logonHistory); }
public static List <RemoteApplication> GetInstalledApplications() { var apps = new List <RemoteApplication>(); var taskResult = new TaskResult(); Result = taskResult; const string uninstallKey64 = @"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall"; const string uninstallKey32 = @"SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall"; const string serviceName = "RemoteRegistry"; bool isLocal = ComputerName.ToUpper() == Environment.MachineName.ToUpper() ? true : false; bool isServiceRunning = true; // If the target computer is remote, then start the Remote Registry service. using ( GlobalVar.UseAlternateCredentials ? UserImpersonation.Impersonate(GlobalVar.AlternateUsername, GlobalVar.AlternateDomain, GlobalVar.AlternatePassword) : null) using (var sc = new ServiceController(serviceName, ComputerName)) { try { if (!isLocal && sc.Status != ServiceControllerStatus.Running) { isServiceRunning = false; sc.Start(); } } catch (Exception) { } try { using (RegistryKey key = RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMachine, ComputerName)) { using (RegistryKey mainKey64 = key.OpenSubKey(uninstallKey64)) apps.AddRange(EnumerateUninstallKeys(mainKey64)); using (RegistryKey mainKey32 = key.OpenSubKey(uninstallKey32)) apps.AddRange(EnumerateUninstallKeys(mainKey32)); } var internetExplorerVersion = FileVersionInfo.GetVersionInfo($@"\\{ComputerName}\C$\Program Files\Internet Explorer\iexplore.exe"); if (internetExplorerVersion != null && internetExplorerVersion.ProductVersion.Length > 0) { apps.Add(new RemoteApplication { DisplayName = "Internet Explorer", Publisher = "Microsoft Corporation", Version = internetExplorerVersion.ProductVersion }); } taskResult.DidTaskSucceed = true; } catch { taskResult.DidTaskSucceed = false; } // Cleanup. if (!isLocal && !isServiceRunning) { try { if (sc != null) { sc.Stop(); } } catch (Exception) { } } } return(apps); }