Get-Sysinternals–Not for Windows Servers

I recently posted about Keeping SysInternals Up-To-Date. Since then I’ve had trouble getting it to work on any of our Windows Server machines.  I couldn’t find much info on this online, so maybe it’ll be helpful to raise the problem here.

There is a problem with Get-Sysinternals.ps1 that prevents it from working on Windows Server platforms.  The problem is due to its dependence on WebClient – the service that provides the ability to treat a URN on the web as a local drive.  The specific line in Get-Sysinternals is:

New-PSDrive -Name SYS -PSProvider filesystem -Root \\live.sysinternals.com\tools

When WebClient is active, this line successfully creates a local drive called SYS that points to \\live.sysinternals.com\tools.  When WebClient is not active, this line causes an error:

 

New-PSDrive : Drive “\\live.sysinternals.com\tools” does not exist or it’s not a folder.

At …\Get-Sysinternals.ps1:26  char:15

+ New-PSDrive <<<< –Name SYS -PSProvider filesystem -Root \\live.sysinternals.com\tools

     + CategoryInfo : ReadError: (SYS:PSDriveInfo) [New-PSDrive], IOException

     + FullyQualifiedErrorId : DriveRootError, Microsoft.PowerShell.Commands.NewPSDriveCommand

Is the solution to simply turn on the WebClient service?  Unfortunately not.  The official method for installing WebClient is to turn on the Desktop Experience feature. Microsoft does not offer another way (see Installing WebClient Service without Desktop Experience?Desktop Experience also includes (reference Desktop Experience Overview, TechNet): 

  • Windows Media Player
  • Desktop themes
  • Video for Windows (AVI support)
  • Windows SideShow
  • Windows Defender
  • Disk Cleanup
  • Sync Center
  • Sound Recorder
  • Character Map
  • Snipping Tool

Hmmm. We don’t want any of these running on our servers.  Not only do they violate the Least Required Principle, many of them are CPU hogs (Themes, SideShow, Aero), others may execute at unknown times (Disk Cleanup, Sync Center), etc.  Which of these involve installing drivers (Video for Windows?)

No, Desktop Experience is far from appropriate for gaining the functionality of WebClient (which we would only run temporarily anyway).

 

So, back to the drawing-board.  What are others doing to update SysInternals on Windows Servers?  Is anyone interested to collaborate on adapting the Get-SysInternals script to work for servers?

What’s New in Azure Guest OS 2.2?

This Azure Guest OS release come two months after the previous (v. 2.1).  Does this release provide minor changes, or does it include patches for substantial security issues?  Let’s dig and find out.

Microsoft announced Windows Azure Guest OS 2.2 (Release 201101-01) which contains 11 specified security patches.  More specifically, this Azure Guest OS is comprised of:

  • Windows Server 2008 R2, plus
  • All security patches through December, 2010, and
  • 2 updates to previous security patches

The 11 specified patches specified in the bulletin fall in to a few vulnerability categories.  9 of the patches were included in December’s Security Bulletin; the 3 marked with ‘*’ are patch updates.  The bulletin IDs, ‘MS10-…’ gives away that they originated in 2010.

Vulnerability Bulletins
Elevation of Privilege MS10-092, MS10-098, MS10-100
Remote Code Execution MS10-077*, MS10-091, MS10-095, MS10-096
Denial of Service MS10-101, MS10-102
IE Cumulative Updates MS10-090*
ASP.NET, Information Disclosure MS10-070*

MS10-070 & MS10-077 were originally released last year in September and October, respectively.  MS10-090 was originally released in December, 2010, but was update in early January, 2011.

Even though most of these were in December’s Security Bulletin, we should take a look at the criticality and exploitability ratings for each (relative to Windows Server 2008 R2 for x64 only; impacts to Itanium-based systems my differ slightly)

Bulletin Severity Rating Exploitability Rating
MS10-090 Critical Consistent Exploit Code Likely
MS10-091 Critical Consistent Exploit Code Likely
MS10-092 Important Consistent Exploit Code Likely
MS10-095 Important Consistent Exploit Code Likely
MS10-096 Important Consistent Exploit Code Likely
MS10-098 Important Consistent Exploit Code Likely
MS10-100 Important Consistent Exploit Code Likely
MS10-101 Important Functioning exploit code unlikely
MS10-102 Important Functioning exploit code unlikely

So, I think it’s safe to assess that this new Azure Guest OS includes some very significant security patches.  Agree? Don’t agree?  Leave a comment for us below.

Uninstalling .NET Windows Service using InstallUtil gives “marked for deletion error”

If you are working with a .NET-based Windows service and have trouble uninstalling it, the problem may be due to allowing it to interact with the desktop. I used the Services admin tool to change the service’s security context to Local System.  When I made that change, I also enabled “Allow service to interact with desktop.”  Later, after making some code changes, uninstalling the service failed.  To uninstall, I used

InstallUtil.exe /u <service>.exe

but the uninstall failed saying that the service is “marked for deletion.”  After trawling around a bit, I found this message in the event log:

“The [service name] service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.”

So, Windows Server 2008 R2’s local policy must default to disallow services to operate interactively.  I disabled “Allow service to interact…” and uninstall is working again.

BTW, allowing a service to operation interactively is not a good idea in the first place.  I was just going to use it for some output / debugging during development.