Override Lync Status using Lync SDK - wpf

I am developing a wpf application using Lync SDK that sits on a windows 2012R2 server which I access using a remote desktop session. I am trying to keep the lync account logged in to be always available, even when there is no user logged into the computer.
I set a timer to tick every 15 seconds that runs this code:
if (client.State == ClientState.SignedIn)
{
counter++;
Console.WriteLine("Account is green: " + counter);
Dictionary<PublishableContactInformationType, object> status = new Dictionary<PublishableContactInformationType, object>();
status.Add(PublishableContactInformationType.Availability, Microsoft.Lync.Controls.ContactAvailability.Free);
client.Self.BeginPublishContactInformation(status, PublicationCallback, time);
Console.WriteLine(client.Self.Contact.GetContactInformation(ContactInformationType.Activity));
}
While this does set the status of the user to be Available when someone is logged in (even if no one is using the computer), whenever I disconnect from the remote desktop session (and the server locks but is still running), the status goes to away.
Is there some way for me to get it to ignore if the computer is locked or not?

Having it ignore locking was solved by a different solution entirely which requires two different things:
Firstly, instead of just closing my remote desktop session, I had to use a command prompt script to leave. Type this into your command prompt in order to log off:
tscon [YOUR SESSION ID] /DEST:console
You can find your session ID by looking into your Windows Task Manager's User page (it might be hidden so you have to display it).
Secondly, you have to have your keyboard occasionally move. There are many scripts that do it but I found this that I liked because it toggles the numlock making the computer still usable when triggered.
Dim objResult
Set objShell = WScript.CreateObject("WScript.Shell")
i = 0
Do While i = 0
objResult = objShell.sendkeys("{NUMLOCK}{NUMLOCK}")
Wscript.Sleep (6000)
Loop
Save this in a .vbs file and run it before you leave your computer. This will prevent any sleep triggered by lack of use that might be set.

Related

Azure Active Directory Server 2016 Group Policy Startup Applications (Chrome) not loading on client workstations

Hi I'm trying to implement a Group Policy in our domain that forces Google Chrome to be added to client startup applications. I've added a GPO and added the key:
Computer Configuration > Administrative Templates > System > Logon > Run These Programs at User Logon
In the "Items to run at logon" I've added the path to chrome.exe (with quotes) like so:
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
I've then linked to the Object in our Domain's User and Computer OUs.
I've also pushed the update out to clients and confirmed they have updated GP.
However Chrome does not start when users boot into their laptops.
I'm hoping someone can shine a light on what I've done wrong/what I've forgotten to do - any help much appreciated!
Summarize the comment link as a reply to close this issue.
Per duenni1's comment it looks like the most successful way people are reporting is to use the startup folder instead of the logon group policy. "In my opinion the correct solution: use GPP to manage shortcuts in startup menu folder. Simply create a startup shortcuts."
Could throw it in this directory:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
This will launch the program when they login, we do this to force users into our IM client
https://community.spiceworks.com/topic/1369848-run-these-programs-at-user-logon
If you really want this method to work, I'd start troubleshooting here:
1) is there already a GPO in place that will perform Run These Programs at user logon? That may be the winning GPO
GPO Run these programs at user logon not taking effect
2) According to the official docs, no error is a path issue ( I think your usage of quotes is correct but out of curiosity I'd be curious if removing the quotes has a change).
NOTE: If the program does not run, make sure the path is correct. The program does not run (and no error message is displayed) if the path is not found.

Windows Credential provider - password expired while desktop locked

im working on a credential provider and got stuck with the following issue:
When the desktop is locked on a terminal server and the password expires, the CP cant seem to change the password.
I can dectect that the password must be changed in ReportResult(), then open a dialog asking for the new password and packing a KERB_CHANGEPASSWORD_REQUEST to hand over in GetSerialization(). This works when the user logs on initially (CPUS_LOGON).
But in CPUS_UNLOCK_WORKSTATION (when the user is already logged in) I get the same ntsStatus (which is 0xC0000224) again in ReportResult() after handing over the KERB_CHANGEPASSWORD_REQUEST
So i wonder if anybody knows what the difference is between those two scenarios - is logonUI expecting a package other than KERB_CHANGEPASSWORD_REQUEST ?
I also tried setting the GetSerializationResponse "status" from CPGSR_RETURN_CREDENTIAL_FINISHED to CPGSR_NO_CREDENTIAL_FINISHED (in the technical reference its said to be the indicator that a password change completed, but thats probably for CPUS_CHANGE_PASSWORD).
The setup im testing this is on is a Win2012 R2 terminal server with a Win2016 DC.
I'd be grateful for any help, thanks!

Fetch SMTP, Username Info from a Windows Machine & Email everytime a .bat file is run

We use batch scripts to apply changes to our desktop software for all our clients with each client having 40-50 software users atleast. Any configuration change in our software is done by us and we create a self extracting exe using a batch script which copies the changed configuration files on users machine. All they need to do is double click on this exe.
Now, we have no ways of telling whether our clients (users or their IT department) have applied the patch or not and so i would like to add few extra line of code in our existing batch file which should do the following:
Intimate us by emailing us when our patch is applied by the clients.
I have no idea how would i do this in batch but it will be great if i could do it. My understanding is that we need to fetch following info from client network/machine.
1. SMTP Server Details
2. Username (from under c:\users\ folder) may be i am not sure if it could be fetched from anywhere else? This so that we know which client of ours has run the patch.
3. Emails it to us.
Can you please advise?
Note: I only know very basic batch scripting.
Set emailObj = CreateObject("CDO.Message")
emailObj.From = "dc#gail.com"
emailObj.To = "dc#gail.com"
emailObj.Subject = "Test CDO"
emailObj.TextBody = "Test CDO"
Set emailConfig = emailObj.Configuration
msgbox emailConfig.Fields("http://schemas.microsoft.com/cdo/configuration/smtpserver")
emailConfig.Fields("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "smtp.gmail.com"
emailConfig.Fields("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 465
emailConfig.Fields("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
emailConfig.Fields("http://schemas.microsoft.com/cdo/configuration/smtpauthenticate") = 1
emailConfig.Fields("http://schemas.microsoft.com/cdo/configuration/smtpusessl") = true
emailConfig.Fields("http://schemas.microsoft.com/cdo/configuration/sendusername") = "YourUserName"
emailConfig.Fields("http://schemas.microsoft.com/cdo/configuration/sendpassword") = "Password1"
emailConfig.Fields.Update
emailObj.Send
If err.number = 0 then Msgbox "Done
If not set in code the email details are taken from Outlook Express or Windows Mail's default account, but not Mail in Windows 8 or 10 where you must know them. And that's the problem as you can't know their password, server, or username. However YOU can send the mail as you using your email server. You may need to configure your mail server and/or firewall to allow external sending of mail.

Failed to create an object instance for the specified ProgID (WIA.CommonDialog)

We are trying to allow users to scan documents using a Silverlight XAP running in-browser with elevated trust, from a remote server, and are getting the following error:
Unhandled Error in Silverlight Application Failed to create an object instance for the specified ProgID.
The failure is at the following line:
Dim CommonDialog = AutomationFactory.CreateObject("WIA.CommonDialog")
Application.Current.HasElevatedPermissions and AutomationFactory.IsAvailable both return True.
I can successfully create an instance of unsafe ActiveX controls, e.g. Scripting.FileSystemObject:
Dim fso = AutomationFactory.CreateObject("Scripting.FileSystemObject")
The code fails when running from the production environment on the remote server. When running from the ASP.NET Development server from localhost, the code succeeds, and the WIA scanning dialog is shown when calling CommonDialog.ShowAcquireImage().
How can I resolve this? (Is there perhaps something specific about WIA that prevents it from being used this way?) What steps can I take to try and debug this?
Update
When I try to open the generated Silverlight test page (via the file protocol), I get the same error.
Update 2
Process Monitor shows that the AllowLaunchOfElevatedTrustApps and AllowElevatedTrustAppsInBrowser keys are being successfully queried.
Update 3
With Protected Mode turned off, the code works.
The MSDN reference states that to enable COM Interop inside the browser, you must
Set Registry Key HKEY_LOCAL_MACHINE\Software\Microsoft\Silverlight\ (or on x64 HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Silverlight\) AllowElevatedTrustAppsInBrowser DWORD 0x0000001
Check your group policy has not disabled AllowInstallOfElevatedTrustApps and AllowLaunchOfElevatedTrustApps
Sign the .xap
Install cert to Trusted Application Store (see screenshots illustrating how)
Additionally, you must
configure as Out of Browser Application (even if you are not running Out of Browser)
before calling the ComAutomationFactory.CreateObject you should check for Application.Current.HasElevatedPermissions and AutomationFactory.IsAvailable
note that Elevated Permission testing from http://localhost and http://127.0.0.1 is not reliable test, as Silverlight runtime makes exception for these two URLs. Instead use file://.
Troubleshooting
Use ProcMon to verify that the AllowElevatedTrustAppsInBrowser registry key is being read
Attach Debugger to Silverlight (see screenshots)
MSIE Protected Mode settings can also adversely affect whether a Silverlight application can run with Elevated Permissions. Try running with different Protected Mode settings.

Remotely start session on display :0

I am working remotely and had to restart. I can start a vnc session and log into that. But for some reason the program I'm trying to use gives a GLX error when I try to start it. (I'm using xfce4).
I've circumvented this problem in the past by using an x11vnc session into my display :0. To do this, I open a regular vnc session, and type in a terminal
x11vnc --display :0 --forever
Then I close the vnc session, and log into the x11vnc session.
But this isn't working now because, since I had to restart, I think I don't really have a display :0 running because I have not logged into a desktop session on site.
The question is: is there any way I effectively log into a desktop session remotely, so it would be as if I had logged into my computer on site, and can then use x11vnc as I described above.
(Caveat: I'm not an expert in all these things, so I may have used some incorrect terminology. But I think the question is clear).
Thanks!
============== added ================
Maybe a clarification would be the following. Can I trick the computer into thinking that I am sitting right in front of it? Can I start a session remotely such that when I next sit down in front of the computer it will appear that I have already logged in? I'm certain this would solve my problem. No other combination of VNCing seems to work.
============== More ======================
I just restarted (remotely), ssh'd in, and typed
x11vnc --display :0
This is what I got
** If NO ONE is logged into an X session yet, but there is a greeter login
program like "gdm", "kdm", "xdm", or "dtlogin" running, you will need
to find and use the raw display manager MIT-MAGIC-COOKIE file.
Some examples for various display managers:
gdm: -auth /var/gdm/:0.Xauth
-auth /var/lib/gdm/:0.Xauth
kdm: -auth /var/lib/kdm/A:0-crWk72
-auth /var/run/xauth/A:0-crWk72
xdm: -auth /var/lib/xdm/authdir/authfiles/A:0-XQvaJk
dtlogin: -auth /var/dt/A:0-UgaaXa
but none of those options worked. I also tried the other suggestions, such as using -auth guess.
Display :0 is always running, assuming you have an X session running and your computer has booted up. The command x11vnc --display :0 --forever opens a VNC listening port on your machine that you can connect to with a VNC client.
Your initial vnc connection where you run the x11vnc command is not really necessary if you use SSH (a remote shell). If you install SSHD, and connect via ssh username#hostname you can run the command x11vnc --display :0 --forever from there, eliminating the need for the initial VNC connection.
If you don't have sshd running, you may be out of luck unless some sort of screen sharing is running. To see if there's any way to remote into your computer, run a port scan with NMAP.
Use tightvncserver. If you have apt, you can run sudo apt-get install tightvncserver to get it.
To Run the Server: tightvncserver, it will prompt for a password to use to authenticate VNC connections.
You should see a message New 'X' desktop is HOSTNAME:1. You now you have two X displays running. You can connect to the VNC Server on port 5901, since tightvncserver defaults to incrementing from port 5900.
This second X display (:1) is separate from display :0, so to someone standing at your remote computer, they will just see the login screen. This will last until the next reboot, though there are ways to have this command execute on startup.
Keep in mind, although tightvncserver will prompt for a password, and will use that password for authentication, VNC has been known to have vulnerabilities. So, if security of your computer is an issue, it's safer to tunnel the connection via ssh and firewall port 5901 from any connections except localhost.

Resources