Note: this content originally from http://mygreenpaste.blogspot.com. If you are reading it from some other site, please take the time to visit My Green Paste, Inc. Thank you.

I was recently working on getting Windows Media Services configured on a system. Going through the properties, I noticed that the "WMS Anonymous User Authentication" plugin was in an error state. On inspection, I was presented with the following dialog.

---------------------------
Windows Media Services
---------------------------
The plug-in cannot be enabled because the user name or password does not match the settings for the Windows user account used for anonymous guests.
---------------------------
OK
---------------------------

Also, the event viewer was showing the following:

Event Type: Error
Event Source: WMServer
Event Category: Plugin
Event ID: 323
Date: [Date]
Time: [Time]
User: N/A
Computer: [CompName]
Description:
Plug-in 'WMS Anonymous User Authentication' on the server failed with the following information: Error code = 0x8007052e, Error text = 'Logon failure: unknown user name or bad password. '.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 8007052e

Checking "Local Users and Groups", I could see that the specified user (WMUS_COMPNAME) certainly existed. I changed the password for the user and then set the password in the properties for "WMS Anonymous User Authentication". I was rewarded with the same message. The user name and password were correct, so I focused my attention elsewhere. I first tried changing the settings to provoke the message while running Sysinternals' Filemon and Regmon, but was unable to pull anything from the captured data that seemed like it was germane to the problem.

The next thing I tried was creating a new account and specifying that account in the properties for "WMS Anonymous User Authentication". This worked; the status of "WMS Anonymous User Authentication" became "Enabled". I found this odd, as I was working with a fresh installation of Windows Media Services. In comparing the accounts (WMUS_COMPNAME and the test account I created), I noticed the WMUS_COMPNAME account was just a member of the Guests group, while the test account was just a member of the Users group. So, I added the test account to Guests and removed it from Users, and then checked / OK'd the "WMS Anonymous User Authentication" properties. I got the aforementioned message. I changed the test account back to the original group memberships, and "WMS Anonymous User Authentication" did not complain.

At this point, I knew that the problem was related to some restriction placed on the Guests group. I ran secpol.msc to check the Local Security Policy Settings, and I noticed that Guests had been added to the Security Setting for the "Deny access to this computer from the network" policy. According to TechNet, the default for this policy is "None". Removing Guests from the setting allowed the WMUS_COMPNAME account to function as the anonymous account used by Windows Media Services.

A while ago, I noticed a handle leak in Apple's "Bonjour Service" (yeah, that sounds like something I want running on my system...) - mDNSResponder.exe. I knew right away that that was the executable for the "Bonjour Service" because the name is so helpful. (Joking. Even if it was named after the service, how the heck would I even guess what the "Bonjour Service" did. But I digress...)

The service description is:

Bonjour allows applications like iTunes and Safari to advertise and discover services on the local network. Having Bonjour running enables you to connect to hardware devices like Apple TV and software services like iTunes sharing and AirTunes. If you disable Bonjour, any network service that explicitly depends on it will fail to start.

I put up with the leak for a while, from time to time stopping the service when I thought of it after booting. Most of the time I didn't think of it and the leak did not appear to be having any kind of performance impact on my system (I never saw it get above 80,000 handles). An update (or two?) later, I thought it would be fixed. So I was surprised to find mDNSResponder.exe had more than 55,000 handles when I checked recently with Sysinternals' Process Explorer.

I tried to use Process Explorer's handle pane to see the handles in mDNSResponder.exe, but with that many handles to display, and with Process Explorer running with its default High priority and refreshing every second, the system became rather sluggish. I dropped the priority of Process Explorer with Task Manager, hid the lower-pane view, and gave Handle.exe a shot with handle.exe -a -p mdnsresponder.exe.

I found that the handles being leaked are handles to registry keys - specifically, HKLM\SYSTEM\ControlSet001\Services\Tcpip\Parameters. (ControlSet001 is the current control set on my system.)

Since there's not much I can do about the handle leak, I'll disable the service, and hope the next update fixes the problem as surely the next update will set the service to Automatic start. Wonder why the installer doesn't at least set a service such as this as "Delayed Start" in Vista...

Note: this content originally from http://mygreenpaste.blogspot.com. If you are reading it from some other site, please take the time to visit My Green Paste, Inc. Thank you.

A recent topic in the Development forum at Sysinternals Forums contains some information about how to use Visual C++ 2008 to create binaries that run on Windows 9x and NT. For NT, it seems to just be a matter of changing the Subsystem Version to 4.0. One might think to use the /SUBSYSTEM linker switch for this. However, when one attempts to do so, the shipping link.exe reports:

LINK : warning LNK4010: invalid subsystem version number x.y; default subsystem version assumed

In this case, the default subsystem version is 5.0, and NT needs 4.0. One can use an older copy of EditBin.exe to change this (I found the version that shipped with Visual Studio .NET 2003 to work):

editbin /SUBSYSTEM:CONSOLE,4.0 c:\path\to\your.exe

The same requirement also exists to get the executable to run on Windows 9x, but one needs to do a bit more work.

Louis Solomon has taken the time and put forth the effort to find what is needed for this, and has documented it at C/C++ EXEs and DLLs created by Visual Studio 2008 don't run on Windows 4.0 (ie, NT4 and Win9x).

This isn’t what I want to be writing about. But a recent discovery compels me to do so. So, I’ve decided to make this an experiment, and beg your apologies that this will not have much technical merit despite the title.

After the last post, Set the Priority of a Process By Name Automatically, in Vista (which probably could have been named a lot better), I discovered that the post had made its way to some other sites. These sites appear to pull content from all over the web, package it up as their own, and toss ads all over it. One is lucky if the site even references the original author or links back to the original location of the post. It’s frustrating, to say the least. I’m all for distribution of knowledge and the like, but that’s taking it too far. Maybe I shouldn’t feel this way, but I (like others) put brain sweat and time into the work I do, and it would be nice if the source of the information would at least be cited if they’re going to republish it without the author’s consent.

So I visited two of these sites (which I have not yet decided if I will mention or not, for what I hope are obvious reasons) and attempted to leave comments. Of course the comments are moderated - don’t want any upset victims coming in and raising he. The comments were along the line of:

As the author of the original article referenced here, I kindly request that those interested in it please read it at MY blog, <a href=”http://mygreenpaste.blogspot.com”>My Green Paste, Inc.</a>

My site does not currently have ads, and I am NOT even considering ads at this time.

–«/\/\Øö±ò\/»®© (molotov)

Can you guess what happened? Yep - the comments were not approved, and were never published on the sites in question. I then attempted to leave another comment at each copy of my posting. This time, one site saw fit to allow the comment, and the other one did not. I suspected NO comments would have been allowed through either site, so I was a bit surprised. The comment was a bit ridiculous given the content of the posting, and rather generic; perhaps that’s why it was allowed. The comment was simply:

does this work for other os like XP or server 2003? 

Amazing. It was posted at 2008-01-31 2:37 GMT. The comment, like this post, is a part of the experiment. See, if I mention things that I mentioned in the previous post, like CpuPriorityClass, image file execution options, IoPriority, PagePriority, PerfOptions, powershell, priority, Process Monitor, setpriorityclass, Sysinternals, Vista, WorkingSetLimitInKB, Vista, Windows Vista, Windows Vista Ultimate, etc. (sorry to get carried away there), will this post make it to these sites as well? If so, wouldn’t that be somewhat funny? The comment falls in there, too - if the now published comment magically disappears from the copy of my previous post, won’t that be a bit odd?

I think I’ll have to start embedding a “this content originally from http://mygreenpaste.blogspot.com/” statement into the middle of each of my posts from now on. I’m sure I’ll forget, and I’ve probably only got one shot. That’ll make for some nice, flowing reading. We’ll see.

I do have some more thoughts about the Set the Priority of a Process By Name Automatically, in Vista topic that I expect to get out in my next post. I apologize for this distraction, and hope you’ll stay tuned…

BTW - I may also have a follow up to this fork in the saga as well.

The other day I was playing around with the Image File Execution Options and Sysinternals’ Process Monitor, in Vista. I saw an interesting query take place. Using notepad.exe as an example, I saw a query for a key called “PerfOptions” in [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe] when I ran notepad. The result was NAME NOT FOUND, so I decided to rectify that. After adding a key named “PerfOptions”, I ran notepad again. In Process Monitor, I saw queries for four values:

• IoPriority
• PagePriority
• CpuPriorityClass
• WorkingSetLimitInKB

Because of recent explorations with process priorities*, CpuPriorityClass grabbed me right away. Looking at the SetPriorityClass function, one can see the different values for the dwPriorityClass parameter. I created a REG_DWORD named CpuPriorityClass in PerfOptions, and set the value to 0×80 in the hopes that notepad would launch with “HIGH_PRIORITY_CLASS”. Instead, it launched with a priority of NORMAL_PRIORITY_CLASS (8) - the setting had not made any impact. Then, I set the value to 8 and launched notepad. Notepad launched with a priority of 8. I changed the value to 4, and that had no impact. I changed the value to 0 - no impact. I tried 10 - no impact. I couldn’t see any tie in to any other listings of process priorities that I knew about, so I decided to try trial and error, starting from 0, with the following results:

^= I’m currently running a PowerShell script to iterate through all possible values (there’s only about 2^32…) so it may be a while before the CpuPriorityClass value for REALTIME_PRIORITY_CLASS, should it exist, be uncovered. There may also be other values that can be used to specify a priority class that’s been uncovered. I’ll update or post a new topic if I uncover anything new…

The PowerShell script (don’t laugh, it’s my first substantial attempt at one):

$cpc=0set-itemproperty “hklm:softwaremicrosoftwindows ntcurrentversionimage file execution optionsnotepad.exeperfoptions” cpupriorityclass $cpcdo{    $pp = [diagnostics.process]::start(”notepad.exe”, “”)    $ppc = $pp.PriorityClass    $pp.Kill()    if( $ppc -ne “Normal” )    {        Write-Host $cpc $ppc    }    $cpc++    set-itemproperty “hklm:softwaremicrosoftwindows ntcurrentversionimage file execution optionsnotepad.exeperfoptions” cpupriorityclass $cpc}while( $cpc -lt 4294967295 )

Hopefully, I’ll find time to do some digging into the other values in PerfOptions - IoPriority, PagePriority, and WorkingSetLimitInKB. IoPriority and PagePriority sound like they may have something to do with memory prioritization and IO prioritization in Vista. WorkingSetLimitInKB sounds self-explanatory, but how it’s applied or how it’s used, and other circumstances, are quite vague.

*= SetThreadPriority, Vista, and Autostart Locations, Setting the Priority of a Service Process via Script

Every once in a while you notice that your hard drive is working extra hard for what seems like no reason. A background process has taken your hard drive hostage, forcing it to thrash loudly as it struggles to keep up with the high rate of reads and writes. Your computer responds slowly as the process overloads the physical limitations of your drive. What are you to do?

The solution is simple, although a little tricky at times: identify and stop the process that is killing your drive. There are two methods and tools that you can use to identify the process. (more…)

computer, disk operations, download process explorer, down arrow, Drivers, explorer 2, Hardware, hard drive, hostage, menubar, performance tab, processes, reliability, responds, struggles, sysinternals