Month: April 2013

  • IE requests the root “/” of the website at the same time as any other page

    I have been reported that for 5 customers out of 10000, each time their Internet Explorer does GET a page (including a simple **blank** html page), it also requests next the root “/” of the website (i.e.: the “homepage”). This has been making me going nuts.

    Click to Read More

    This problem occurs when browsing any page of any site on internet as well as any page in any one of our business sites. So, it is absolutely not related the well known issues such as an image with an empty “src”, the use of the “base” tag, … Also, it occurs only when browsing with IE and not with Chrome, Firefox, …

    This is a major issue as far as our business sites are concerned as the first call to any page of our sites is consuming an authentication “ticket”. Once this ticket is consumed, it is not available anymore for subsequent calls made within the same session. And because it happens that the ticket is consumed by the call to the root instead of the call to the page actually browsed, the business applications sometimes fail.

    I already experienced such a weird behavior with Add-Ons aimed at “page rating”, “survey”, … Such Add-Ons are not always considered as “malwares” and therefore not reported by antivirus, etc..

    Unfortunately, the faulty PCs (where the problem occurs) do no have any such Add-Ons. They are also 100% “malware free”… Using TCPView from SysInternals, we have confirmed that the unwanted GET is done by IE and not by another process. Using WireShark, we have also confirmed that this GET is not done by IE due to an “http 302” (redirect) or any other similar reasons, that there is no suspicious proxy used during the communication, etc….

    Using Process Explorer, we have listed all the dlls loaded by IE both on a “faulty” PC and on a “normal” PC (where the problem does not occur). The purpose was to detect possible “third party” dll. But they all appeared to be from Microsoft. We noticed however one dll loaded on the faulty PC which was not reported on the “normal” PC: msrating.dll,  the interal “Internet Ratings and Local User Management” dll from Microsoft.

    Tilt! The purpose of this one sounds like the Add-Ons I mentioned above…

    As this dll is loaded by the IE’s “Content Advisor”, I have disabled this feature via “Tools-> Internet Options-> Content Tab” and the problem is now gone from all faulty PCs! Gotcha :p

    Also,  If I enable the “Content Advisor” on a “normal” PC, the problem occurs there too… confirming that this feature is the culprit.

    Finally, note that the access to the “Content Advisor” was protected by a user password  on one of the “faulty” PC and I had to hack it as explained here: http://www.wikihow.com/Remove-Content-Advisor-Password-in-Internet-Explorer.

    Loading

  • Laptop’s Wi-Fi off after Windows 8 Update

    My  laptop Sony Vaio VGN CR31 has just rebooted after a Windows Update. Before the reboot, I was still browsing internet via the wifi connection. But after the reboot, the WiFi was OFF(*) although the WiFi switch (on the left side of the latop) was ON.

    (*)  In the network connection panel, the Wi-Fi was showing “Wi-Fi (Off)”.

    I did run the Windows troubleshooting on the internet connection and network adapter.  All drivers were up to date and no issue were found.

    After various attempt to uninstall the latest updates, I found the solution:

    • Press :win: + C  to open Windows 8 Charms menu
    • Choose “Settings”,
    • Click “Change PC Settings” at the bottom.
    • Choose the “Wireless” section. There, you can see two (or three) toggles: Airplane Mode, Wireless Devicess (and possibly Bluetooth).

    Wi-Fi was also turned OFF! Toggling Wi-Fi back ON fixed my issue. No idea why the Windows Updates (or the reboot or ???) did change that settings ?!

    Loading

  • Create a Shared Folder and Set permissions in C#

    Here is my code to share a folder, remove that share and set permissions using the System.Management library in C#.

    Click to Read More

    [csharp] using System;
    using System.ComponentModel;
    using System.IO;
    using System.Management;
    using System.Reflection;
    using System.Security.Principal;
    namespace Fortis.Framework.Services.Config
    {
    internal static class ManagementHelper
    {

    internal enum MethodStatus : uint
    {
    [Description("Operation succeeded")] Success = 0,
    [Description("Access denied")] AccessDenied = 2,
    [Description("Unknown failure")] UnknownFailure = 8,
    [Description("Invalid name")] InvalidName = 9,
    [Description("Invalid level")] InvalidLevel = 10,
    [Description("Invalid parameter")] InvalidParameter = 21,
    [Description("Duplicate share")] DuplicateShare = 22,
    [Description("Redirected path")] RedirectedPath = 23,
    [Description("Unknown device or directory")] UnknownDevice = 24,
    [Description("Net name not found")] NetNameNotFound = 25
    }

    internal enum ShareType : uint
    {
    [Description("Disk Drive")] DiskDrive = 0x0,
    [Description("Print Queue")] PrintQueue = 0x1,
    [Description("Device")] Device = 0x2,
    [Description("IPC")] IPC = 0x3,
    [Description("Disk Drive Admin")] DiskDriveAdmin = 0x80000000,
    [Description("Print Queue Admin")] PrintQueueAdmin = 0x80000001,
    [Description("Device Admin")] DeviceAdmin = 0x80000002,
    [Description("IPC Admin")] IpcAdmin = 0x80000003
    }

    internal enum ControlFlags : uint
    {
    SE_OWNER_DEFAULTED = 0x1, //Indicates an SD with a default owner security identifier (SID). Use this bit to find all of the objects that have default owner permissions set.
    SE_GROUP_DEFAULTED = 0x2, //Indicates an SD with a default group SID. Use this bit to find all of the objects that have default group permissions set.
    SE_DACL_PRESENT = 0x4, //Indicates an SD that has a DACL. If this flag is not set, or if this flag is set and the DACL is NULL, the SD allows full access to everyone.
    SE_DACL_DEFAULTED = 0x8, //Indicates an SD with a default DACL. For example, if an object creator does not specify a DACL, the object receives the default DACL from the access token of the creator. This flag can affect how the system treats the DACL, with respect to access control entry (ACE) inheritance. The system ignores this flag if the SE_DACL_PRESENT flag is not set.
    SE_SACL_PRESENT = 0x10, //Indicates an SD that has a system access control list (SACL).
    SE_SACL_DEFAULTED = 0x20, //Indicates an SD with a default SACL. For example, if an object creator does not specify an SACL, the object receives the default SACL from the access token of the creator. This flag can affect how the system treats the SACL, with respect to ACE inheritance. The system ignores this flag if the SE_SACL_PRESENT flag is not set.
    SE_DACL_AUTO_INHERIT_REQ = 0x100, //Requests that the provider for the object protected by the SD automatically propagate the DACL to existing child objects. If the provider supports automatic inheritance, the DACL is propagated to any existing child objects, and the SE_DACL_AUTO_INHERITED bit in the SD of the parent and child objects is set.
    SE_SACL_AUTO_INHERIT_REQ = 0x200, //Requests that the provider for the object protected by the SD automatically propagate the SACL to existing child objects. If the provider supports automatic inheritance, the SACL is propagated to any existing child objects, and the SE_SACL_AUTO_INHERITED bit in the SDs of the parent object and child objects is set.
    SE_DACL_AUTO_INHERITED = 0x400, //Indicates an SD in which the DACL is set up to support automatic propagation of inheritable ACEs to existing child objects. The system sets this bit when it performs the automatic inheritance algorithm for the object and its existing child objects. This bit is not set in SDs for Windows NT versions 4.0 and earlier, which do not support automatic propagation of inheritable ACEs.
    SE_SACL_AUTO_INHERITED = 0x800, //Indicates an SD in which the SACL is set up to support automatic propagation of inheritable ACEs to existing child objects. The system sets this bit when it performs the automatic inheritance algorithm for the object and its existing child objects. This bit is not set in SDs for Windows NT versions 4.0 and earlier, which do not support automatic propagation of inheritable ACEs.
    SE_DACL_PROTECTED = 0x1000, //Prevents the DACL of an SD from being modified by inheritable ACEs.
    SE_SACL_PROTECTED = 0x2000, //Prevents the SACL of an SD from being modified by inheritable ACEs.
    SE_SELF_RELATIVE = 0x8000, //Indicates an SD in self-relative format with all the security information in a contiguous block of memory. If this flag is not set, the SD is in absolute format. For more information, see Absolute and Self-Relative Security Descriptors.
    }

    internal enum FileAccessMask : uint
    {
    FILE_READ_DATA = 0x1, //Grants the right to read data from the file.
    FILE_WRITE_DATA = 0x2, //Grants the right to write data to the file.
    FILE_APPEND_DATA = 0x4, //Grants the right to append data to the file.
    FILE_READ_EA = 0x8, //Grants the right to read extended attributes.
    FILE_WRITE_EA = 0x10, //Grants the right to write extended attributes.
    FILE_EXECUTE = 0x20, //Grants the right to execute a file.
    FILE_DELETE_CHILD = 0x40,//Grants the right to delete a directory and all the files it contains (its children), even if the files are read-only.
    FILE_READ_ATTRIBUTES = 0x80, //Grants the right to read file attributes.
    FILE_WRITE_ATTRIBUTES = 0x100, //Grants the right to change file attributes.
    DELETE = 0x10000, //Grants delete access.
    READ_CONTROL = 0x20000, //Grants read access to the security descriptor and owner.
    WRITE_DAC = 0x40000,//Grants write access to the discretionary access control list (ACL).
    WRITE_OWNER = 0x80000,//Assigns the write owner.
    SYNCHRONIZE = 0x100000,//Synchronizes access and allows a process to wait for an object to enter the signaled state.
    }

    internal enum FolderAccessMask : uint
    {
    FILE_LIST_DIRECTORY = 0x1, //Grants the right to list the contents of the directory.
    FILE_ADD_FILE = 0x2, //Grants the right to create a file in the directory.
    FILE_ADD_SUBDIRECTORY = 0x4, //Grants the right to create a subdirectory.
    FILE_READ_EA = 0x8, //Grants the right to read extended attributes.
    FILE_WRITE_EA = 0x10, //Grants the right to write extended attributes.
    FILE_TRAVERSE = 0x20, //Grants the right to traverse the directory.
    FILE_DELETE_CHILD = 0x40,//Grants the right to delete a directory and all the files it contains (its children), even if the files are read-only.
    FILE_READ_ATTRIBUTES = 0x80, //Grants the right to read folder attributes.
    FILE_WRITE_ATTRIBUTES = 0x100, //Grants the right to change folder attributes.
    DELETE = 0x10000, //Grants delete access.
    READ_CONTROL = 0x20000, //Grants read access to the security descriptor and owner.
    WRITE_DAC = 0x40000,//Grants write access to the discretionary access control list (ACL).
    WRITE_OWNER = 0x80000,//Assigns the write owner.
    SYNCHRONIZE = 0x100000,//Synchronizes access and allows a process to wait for an object to enter the signaled state.
    }

    internal const uint FolderAccessFullControl = (uint)
    (FolderAccessMask.FILE_LIST_DIRECTORY | FolderAccessMask.FILE_ADD_FILE |
    FolderAccessMask.FILE_TRAVERSE | FolderAccessMask.FILE_ADD_SUBDIRECTORY |
    FolderAccessMask.FILE_READ_EA | FolderAccessMask.FILE_WRITE_EA |
    FolderAccessMask.FILE_DELETE_CHILD | FolderAccessMask.FILE_READ_ATTRIBUTES |
    FolderAccessMask.FILE_WRITE_ATTRIBUTES | FolderAccessMask.DELETE |
    FolderAccessMask.WRITE_DAC | FolderAccessMask.READ_CONTROL |
    FolderAccessMask.WRITE_OWNER | FolderAccessMask.SYNCHRONIZE);

    internal enum AceFlags : uint
    {
    OBJECT_INHERIT_ACE = 0x1, //Noncontainer child objects inherit the ACE as an effective ACE. For child objects that are containers, the ACE is inherited as an inherit-only ACE unless the NO_PROPAGATE_INHERIT_ACE bit flag is also set.
    CONTAINER_INHERIT_ACE = 0x2, //Child objects that are containers, such as directories, inherit the ACE as an effective ACE. The inherited ACE is inheritable unless the NO_PROPAGATE_INHERIT_ACE bit flag is also set.
    NO_PROPAGATE_INHERIT_ACE = 0x4, //If the ACE is inherited by a child object, the system clears the OBJECT_INHERIT_ACE and CONTAINER_INHERIT_ACE flags in the inherited ACE. This prevents the ACE from being inherited by subsequent generations of objects.
    INHERIT_ONLY_ACE = 0x8, //Indicates an inherit-only ACE which does not control access to the object to which it is attached. If this flag is not set, the ACE is an effective ACE which controls access to the object to which it is attached. Both effective and inherit-only ACEs can be inherited depending on the state of the other inheritance flags.
    INHERITED_ACE = 0x10, //The system sets this bit when it propagates an inherited ACE to a child object.
    SUCCESSFUL_ACCESS_ACE_FLAG = 0x40, //Used with system-audit ACEs in an SACL to generate audit messages for successful access attempts.
    FAILED_ACCESS_ACE_FLAG = 0x80 //Used with system-audit ACEs in an SACL to generate audit messages for failed access attempts.
    }

    internal enum AceType : uint
    {
    Access_Allowed = 0,
    Access_Denied = 1,
    Audit = 2
    }

    internal static string GetDescription(this Enum value)
    {
    FieldInfo fi = value.GetType().GetField(value.ToString());

    DescriptionAttribute[] attributes =
    (DescriptionAttribute[])fi.GetCustomAttributes(
    typeof(DescriptionAttribute), false);

    if (attributes != null && attributes.Length > 0)
    return attributes[0].Description;
    else
    return value.ToString();
    }

    /// <summary>
    /// Add a Share on a folder.
    /// </summary>
    /// <param name="folderPath">Path of the folder to be shared.</param>
    /// <param name="shareName">Name to be given to the share.</param>
    /// <param name="description">Description to be set on the share.</param>
    /// <param name="securityDescriptor">Security to be set on the share, including username and access rights.</param>
    /// <remarks>The folder is created if it does not yet exist.</remarks>
    internal static void AddSharedFolder(string folderPath,
    string shareName, string description,
    ManagementObject securityDescriptor)
    {
    try
    {
    // Create the folder if required
    var folder = new DirectoryInfo(folderPath);
    if (!folder.Exists) folder.Create();

    // Create a ManagementClass object
    ManagementClass managementClass = new ManagementClass("Win32_Share");

    // Create ManagementBaseObjects for in and out parameters
    ManagementBaseObject inParams =
    managementClass.GetMethodParameters("Create");
    ManagementBaseObject outParams;

    // Set the input parameters
    inParams["Description"] = description;
    inParams["Name"] = shareName;
    inParams["Path"] = folderPath;
    inParams["Type"] = ShareType.DiskDrive;
    //inParams["MaximumAllowed"] = 20;
    inParams["Password"] = null;
    inParams["Access"] = securityDescriptor;

    // Invoke the "create" method on the ManagementClass object
    outParams = managementClass.InvokeMethod("Create", inParams, null);

    // Check the result
    var result =
    GetMethodStatus(outParams.Properties["ReturnValue"].Value);
    Console.WriteLine("Create Share: " + result.GetDescription());
    }
    catch (Exception ex)
    {
    Console.WriteLine("Error: " + ex.Message);
    }
    }

    /// <summary>
    /// Get security settings required to grant access rights on Files of Folders to a user account.
    /// </summary>
    /// <param name="domain">Domain of the User account</param>
    /// <param name="username">Name of the User account.</param>
    /// <param name="accessMask">Requested Access Rights.</param>
    /// <returns>A security Descriptor with the requested access right for the provided user account.</returns>
    internal static ManagementObject GetSecurityDescriptor(string domain, string username, object accessMask)
    {
    var everyoneAccount = new NTAccount(domain, username);
    var sid = everyoneAccount.Translate(typeof(SecurityIdentifier)) as SecurityIdentifier;
    var sidArray = new byte[sid.BinaryLength];
    sid.GetBinaryForm(sidArray, 0);

    ManagementObject everyone = new ManagementClass("Win32_Trustee");
    everyone["Domain"] = domain;
    everyone["Name"] = username;
    everyone["SID"] = sidArray;

    ManagementObject dacl = new ManagementClass("Win32_Ace");
    dacl["AccessMask"] = accessMask;
    dacl["AceFlags"] = AceFlags.OBJECT_INHERIT_ACE | AceFlags.CONTAINER_INHERIT_ACE;
    dacl["AceType"] = AceType.Access_Allowed;
    dacl["Trustee"] = everyone;

    ManagementObject securityDescriptor = new ManagementClass("Win32_SecurityDescriptor");
    securityDescriptor["ControlFlags"] = ControlFlags.SE_DACL_PRESENT;
    securityDescriptor["DACL"] = new object[] { dacl };
    return securityDescriptor;
    }

    /// <summary>
    /// Delete a Share.
    /// </summary>
    /// <param name="shareName">The name of the share to be deleted.</param>
    internal static void RemoveSharedFolder(string shareName)
    {
    try
    {
    // Create a ManagementClass object
    ManagementClass managementClass = new ManagementClass("Win32_Share");

    // Get all existing shares and find the one to be deleted
    ManagementObjectCollection shares = managementClass.GetInstances();
    foreach (ManagementObject share in shares)
    {
    if (Convert.ToString(share["Name"]).Equals(shareName, StringComparison.InvariantCultureIgnoreCase))
    {
    // Invoke the "delete" method on the Share object
    var outParams = share.InvokeMethod("Delete", new object[] { });

    // Check the Result
    var result = GetMethodStatus(outParams);
    Console.WriteLine("Delete Share: " + result.GetDescription());

    break;
    }
    }
    }
    catch (Exception ex)
    {
    Console.WriteLine("Error: " + ex.Message);
    }
    }

    private static MethodStatus GetMethodStatus(object outParams)
    {
    MethodStatus result = MethodStatus.UnknownFailure;
    Enum.TryParse<MethodStatus>(Convert.ToString(outParams), out result);
    return result;
    }
    }
    }
    [/csharp]

    And here is a code sample I am using:

    [csharp] var path = @"C:\Users\Public\Documents\SomeFolder";

    var folder = new DirectoryInfo(path);
    if (!folder.Exists) folder.Create();

    ManagementHelper.RemoveSharedFolder("MyShare");

    // Get the security Descriptor
    ManagementObject securityDescriptor = ManagementHelper.GetSecurityDescriptor(null, "everyone", ManagementHelper.FolderAccessFullControl);

    // Create the Share
    ManagementHelper.AddSharedFolder(path, "MyShare", "My Shared Folder", securityDescriptor);
    [/csharp]

    Loading