I'm trying to map a remote path on Windows 10 for serveral hours but i don't get it to work. At first i tried it with WNetAddConnection2 but no matter what credentials or flags i use, when I type net use the mapped drive has always the status not available.
Manually i can map drives without problems, I only have problems when i map the drive programmatically.
import win32wnet
import win32netcon
nr = win32wnet.NETRESOURCE()
nr.dwScope = win32netcon.RESOURCE_GLOBALNET
nr.dwType = win32netcon.RESOURCETYPE_DISK
nr.dwUsage = win32netcon.RESOURCEUSAGE_CONNECTABLE
nr.lpLocalName = 'Z:'
nr.lpRemoteName = '\\\\192.168.178.46\\Test'
win32wnet.WNetAddConnection2(nr, None, None, 25)
The 25 is a flag set of interactive and prompt. I don't get any errors and the drive is listed when i type net use, but the status is always not available and the drive is not visible under workstation.
After that I tried NetUseAdd:
import win32net
win32net.NetUseAdd(None, 3, {'remote': r'\\192.168.178.46\Test',
'local': 'Z:', 'username': 'Admin', 'password': '123',
'status': 0, 'flags': 1, 'asg_type': 0})
It runs successfully but net use doesn't list anything and no mapped drives are visible under workstation.
A solution without subprocess would be nice. Can someone help please?
EDIT: Now i understand why it doesn't work. The app is running in admin context and I'm current logged in as non-admin. This behaviour is expalined here: https://superuser.com/questions/495370/why-isnt-a-mapped-drive-available-under-an-elevated-cmd-prompt-but-is-under-a-r
Is it possible to run the app as admin but the WNetAddConnection2 method as current user??
EDIT 2: Following the instructions from eryksun i came up with this:
import ctypes
from win32security import TOKEN_IMPERSONATE, TOKEN_ALL_ACCESS
from win32process import GetWindowThreadProcessId
from win32api import OpenProcess
from win32security import OpenProcessToken
from win32security import ImpersonateLoggedOnUser
from win32security import RevertToSelf
user32 = ctypes.WinDLL('user32', use_last_error=True);
user32.GetShellWindow.restype = ctypes.c_void_p
handle = user32.GetShellWindow()
threadId, processId = GetWindowThreadProcessId(handle)
handle_op = OpenProcess(TOKEN_ALL_ACCESS, True, processId)
handle_opt = OpenProcessToken(handle_op, TOKEN_IMPERSONATE)
ImpersonateLoggedOnUser(handle_opt) # throws access denied error
SOLUTION:
import ctypes
from win32process import GetWindowThreadProcessId
from win32api import OpenProcess
from win32security import OpenProcessToken, ImpersonateLoggedOnUser, RevertToSelf, TOKEN_QUERY, TOKEN_DUPLICATE
from win32con import PROCESS_QUERY_INFORMATION
user32 = ctypes.WinDLL('user32', use_last_error=True);
user32.GetShellWindow.restype = ctypes.c_void_p
handle = user32.GetShellWindow()
threadId, processId = GetWindowThreadProcessId(handle)
handle_op = OpenProcess(PROCESS_QUERY_INFORMATION, False, processId)
handle_opt = OpenProcessToken(handle_op, TOKEN_QUERY | TOKEN_DUPLICATE)
ImpersonateLoggedOnUser(handle_opt)
try:
nr = win32wnet.NETRESOURCE()
nr.dwScope = win32netcon.RESOURCE_GLOBALNET
nr.dwType = DISK
nr.dwUsage = win32netcon.RESOURCEUSAGE_CONNECTABLE
nr.lpLocalName = 'Z:'
nr.lpRemoteName = '\\\\192.168.178.46\\Test'
win32wnet.WNetAddConnection3(None, nr, None, None, 25)
except:
print("Unexpected error...")
RevertToSelf()
win32wnet.WNetAddConnection2(win32netcon.RESOURCETYPE_DISK, drive,
networkPath, None, user, password)
Drive is the local drive you want to map the network drive to, e.g. X:\
For networkpath add \\ in the beginning of the path, e.g. \\\\networkpath02 if you can access the path with \\networkpath02 in explorer.
Related
All I need to do is create a program that lists all running services on my Windows machine. I have tried a number of methods including psutil to no avail. I have since tried to simplify it by just trying to execute the "net stat" command. It works, but the output is garbled. Is there anyway to save this to a text file nice and neat? Also, I'd like to append the word 'Running' next to each line. When I try to add that I get the following error:
File "./Python37/test3.py", line 3, in
print(str(result.stdout + 'running'))
TypeError: can't concat str to bytes
Here is my code so far:
import subprocess
result = subprocess.run(['net', 'start'], stdout=subprocess.PIPE)
print(str(result.stdout + 'running'))
Use EnumServicesStatus API like this :
import win32con
import win32service
def ListServices():
resume = 0
accessSCM = win32con.GENERIC_READ
accessSrv = win32service.SC_MANAGER_ALL_ACCESS
#Open Service Control Manager
hscm = win32service.OpenSCManager(None, None, accessSCM)
#Enumerate Service Control Manager DB
typeFilter = win32service.SERVICE_WIN32
stateFilter = win32service.SERVICE_STATE_ALL
statuses = win32service.EnumServicesStatus(hscm, typeFilter, stateFilter)
for (short_name, desc, status) in statuses:
print(short_name, desc, status)
ListServices();
win32service and win32con is part of pywin32 opensource project which you can download the lastest version here
.
From psutil 4.2.0 onwards you can list and query the windows services using following APIs.
psutil.win_service_iter()
Usage:
>>> import psutil
>>>
>>> list(psutil.win_service_iter())
[<WindowsService(name='AeLookupSvc', display_name='Application Experience') at 38850096>,
<WindowsService(name='ALG', display_name='Application Layer Gateway Service') at 38850128>,
<WindowsService(name='APNMCP', display_name='Ask Update Service') at 38850160>,
<WindowsService(name='AppIDSvc', display_name='Application Identity') at 38850192>,
...]
psutil.win_service_get(name) - To get a windows service by name
Usage:
>>> import psutil
>>> s = psutil.win_service_get('alg')
>>> s.as_dict()
{'binpath': 'C:\\Windows\\System32\\alg.exe',
'description': 'Provides support for 3rd party protocol plug-ins for Internet Connection Sharing',
'display_name': 'Application Layer Gateway Service',
'name': 'alg',
'pid': None,
'start_type': 'manual',
'status': 'stopped',
'username': 'NT AUTHORITY\\LocalService'}
I am learning Python security (Windows API) and particularly trying to start up notepad.exe as a restricted user using the CreateRestrictedToken API. Currently when I execute the script, notepad.exe starts up with the DISABLE_MAX_PRIVILEGE (0x1) as expected.
In addition to DISABLE_MAX_PRIVILEGE (0x1), I would like to disable some SIDs, such as Administrators (S-1-5-32-544), Authenticated Users (S-1-5-11), and Console Logon (S-1-2-1). I have attempted to disable the Administrators SID; however, it fails with the following error:
TypeError: 'PySID' object has no attribute '__getitem__'
There seems to be a structure in the SID_AND_ATTRIBUTES, but I'm not quite sure how to put it together.
My Python build is x64 version 2.7.4.
import win32process
import win32job
import time
import win32event
import win32security
import win32api
from random import randint
ph = win32process.GetCurrentProcess()
th = win32security.OpenProcessToken(ph,win32security.TOKEN_ALL_ACCESS)
admins = win32security.ConvertStringSidToSid("S-1-5-32-544")[0]
token = win32security.CreateRestrictedToken(th, 1, admins, None, None)
startup = win32process.STARTUPINFO()
(hProcess, hThread, processId, threadId) = win32process.CreateProcessAsUser(token, "C:\\Windows\\Notepad.exe", None, None, None, True, win32process.CREATE_BREAKAWAY_FROM_JOB, None, None, startup)
The SidsToDisable parameter of PyWin32's CreateRestrictedToken takes a PySID_AND_ATTRIBUTES. This is a sequence of (PySID, Attributes) tuples. The attributes are ignored in this case, so use 0. For example:
import os
import win32process
import win32security
token = win32security.OpenProcessToken(win32process.GetCurrentProcess(),
win32security.TOKEN_ALL_ACCESS)
disabled_sids = [(win32security.CreateWellKnownSid(sidt), 0)
for sidt in [win32security.WinBuiltinAdministratorsSid,
win32security.WinAuthenticatedUserSid]]
# WinConsoleLogonSid (81) requires Windows 8.
# Use the string SID instead.
disabled_sids.append(
(win32security.ConvertStringSidToSid("S-1-2-1"), 0))
token_r = win32security.CreateRestrictedToken(
token, win32security.DISABLE_MAX_PRIVILEGE,
disabled_sids, None, None)
notepad_path = os.path.join(os.environ['SystemRoot'], 'notepad.exe')
startup = win32process.STARTUPINFO()
(hProcess, hThread,
processId, threadId) = win32process.CreateProcessAsUser(
token_r, notepad_path, None, None, None,
True, win32process.CREATE_BREAKAWAY_FROM_JOB, None, None, startup)
I want to save the registry key "Run" using _winreg in Python.
This is my code:
import _winreg
key = _winreg.OpenKey(_winreg.HKEY_LOCAL_MACHINE, r'Software\Microsoft\Windows\CurrentVersion\Run')
_winreg.SaveKey(key, "C:\key.reg")
When executing, I get a Windows error message: "A required privilege is not held by the client"
Can anyone see what is wrong?
Modify your code as below. It works fine if it is Run as Administrator. I have tested it on Win7 64 bit
import os, sys
import _winreg
import win32api
import win32security
#
# You need to have SeBackupPrivilege enabled for this to work
#
priv_flags = win32security.TOKEN_ADJUST_PRIVILEGES | win32security.TOKEN_QUERY
hToken = win32security.OpenProcessToken (win32api.GetCurrentProcess (), priv_flags)
privilege_id = win32security.LookupPrivilegeValue (None, "SeBackupPrivilege")
win32security.AdjustTokenPrivileges (hToken, 0, [(privilege_id, win32security.SE_PRIVILEGE_ENABLED)])
key = _winreg.OpenKey(_winreg.HKEY_LOCAL_MACHINE, r'Software\Microsoft\Windows\CurrentVersion\Run')
filepath = r'C:\key.reg'
if os.path.exists (filepath):
os.unlink (filepath)
_winreg.SaveKey (key, filepath)
Note: if win32api & win32security are missing, install them from here
Reference: Here
I am trying to get my appengine application logs from remote.
I am using remote_api, I tried with appcfg but I discarded it because it has a limit on the download/buffer so I can't download all the logs.
Now I am using the logservice, but if I use it in my code it doesn't return anything.
Here is my code:
import time
import urllib2
from google.appengine.ext.remote_api import remote_api_stub
from google.appengine.api.logservice import logservice
import getpass
import base64
import os
from appcfg import *
import getpass
import subprocess
os.environ['HTTP_X_APPENGINE_TASKRETRYCOUNT']='1'
os.environ["SERVER_SOFTWARE"] = "Developement"
os.environ['HTTP_HOST'] = 'unitTest'
os.environ['CURRENT_MODULE_ID']='default'
os.environ['CURRENT_VERSION_ID']='1.0'
email_address = "iacopo#indiegala.com"
application_url = "store-indiegala.appspot.com"
def aut():
app_name = "store-indiegala.appspot.com"
f = lambda : ("*EMAIL*", "*PASSWORD*")
remote_api_stub.ConfigureRemoteApi(None, '/_ah/remote_api', auth_func,app_name)
print("successfully authenticated")
fetch_logs()
def fetch_logs():
end_time = time.time()
print ("starting")
for req_log in logservice.fetch(end_time = end_time, offset = None, minimum_log_level = logservice.LOG_LEVEL_INFO,
include_app_logs=True, include_incomplete=True):
print req_log.ip
def auth_func():
global email_address
return (email_address, getpass.getpass('Password:'))
aut()
It successfully connects to my app and he make the logservice.fetch(), but it returns an empty object... why?
Go to your logs in the App Engine admin and make sure you have the right module and version. They can be found in each log entry, for example:
2015-01-24 21:58:43.425 / active start=2015-01-24,13:57:36.773 AppEngine-Google; (+http://code.google.com/appengine) module=default version=baseline
Becomes:
import os
os.environ["CURRENT_MODULE_ID"] = "default"
os.environ['CURRENT_VERSION_ID']= "baseline"`
I am writing a script to email the owner of a file when a separate process has finished. I have tried:
import os
FileInfo = os.stat("test.txt")
print (FileInfo.st_uid)
The output of this is the owner ID number. What I need is the Windows user name.
Once I stopped searching for file meta data and started looking for file security I found exactly what I was looking for.
import tempfile
import win32api
import win32con
import win32security
f = tempfile.NamedTemporaryFile ()
FILENAME = f.name
try:
sd = win32security.GetFileSecurity (FILENAME,win32security.OWNER_SECURITY_INFORMATION)
owner_sid = sd.GetSecurityDescriptorOwner ()
name, domain, type = win32security.LookupAccountSid (None, owner_sid)
print "I am", win32api.GetUserNameEx (win32con.NameSamCompatible)
print "File owned by %s\\%s" % (domain, name)
finally:
f.close ()
Mercilessly ganked from http://timgolden.me.uk/python-on-windows/programming-areas/security/ownership.html
I think the only chance you have is to use the pywin32 extensions and ask windows yourself.
Basically you look on msdn how to do it in c++ and use the according pywin32 functions.
from win32security import GetSecurityInfo, LookupAccountSid
from win32security import OWNER_SECURITY_INFORMATION, SE_FILE_OBJECT
from win32file import CreateFile
from win32file import GENERIC_READ, FILE_SHARE_READ, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL
fh = CreateFile( __file__, GENERIC_READ, FILE_SHARE_READ, None, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, None )
info = GetSecurityInfo( fh, SE_FILE_OBJECT, OWNER_SECURITY_INFORMATION )
name, domain, type_id = LookupAccountSid( None, info.GetSecurityDescriptorOwner() )
print name, domain, type_id