That’s great…there’s a better chance of an asteroid hitting Earth in 2029 (1 in 37, currently), then there is of me winning the lottery. By then we should have a colony on Mars anyway, right?

Just finished up It’s A Wonderful Life - such a nice movie. I’ve probably watched it every year for the past four years and I still like it. Who knows how many times my Mother has seen it, but she still watches it too.

I wonder how many people still watch that ‘ol movie…

via [Wired]: It seems some fan of the old game Maniac Mansion (I played the Nintendo version) have created a remake, Maniac Mansion Deluxe - an exact remake with the exception of a new MIDI soundtrack and 256-color graphics.

/me plays Maniac Mansion Deluxe on Chritmas Eve, hehehe.

Seems like Scoble is addicted to the Internet just like I am. On this eve, here’s a post from a couple years ago…ah, the old blog…memories.

Expect a fairly lengthy blog post sometime soon…

I’m mucking around with process tokens in C++ lately (stealing tokens and whatnot…) and was having an odd problem when I would run my application in Visual Studio versus when I would run it from a command prompt.

In the case of running the program from Visual Studio, I could use the OpenProcess function fine, but OpenProcessToken would fail with access denied.

In the case of running it from a command prompt, OpenProcess would fail with access denied. I figured it must have something to do with certain privileges debug mode enables in the application.

Using Process Explorer, I fired up the application from both cases and compared the security attributes. Exactly the same. Despite that, I was still convinced that it had something to do with privilege levels.

After a few failed searches, I decided to dig into why OpenProcessToken was failing in the first place and try to figure out the Visual Studio problem at a later point. It was then that I stumbled on this gem. I had almost ignored it because I missed the reply at the top of the page that reads

Make sure you’re not impersonating while calling OpenProcessToken.

Oh man…I know I’m calling ImpersonateSelf, but could that really be what’s causing the difference in Visual Studio? After adding a RevertToSelf after properly adjusting my token privileges, the application ran the same in both Visual Studio and the command prompt. *smack*

Now I just need to figure out why I can’t use OpenProcessToken on those few applications like CSRSS and other users’ processes. It’s obviously possible as both Task Manager and Process Explorer are able to get usernames associated with processes, but I’m having the most difficult time figuring out how they do that.

I just read a blog entry by Eric Lippert about VBScript and the Terminator and man did I just get schooled in VBScript. I almost wish I could do that kind of stuff full time so I would have the chance to learn all those intricate details.

I just discovered today that there is a /random parameter that you can pass to the net user command.

C:\>net user test /add /random
Password for test is: gLsaP_QH

The command completed successfully.

Well isn’t that convenient! Now answer me this - why is there absolutely no mention of this in the “net help user” documentation? Please, Microsoft, proper documentation would make our lives so much easier.

Note that I’ve spent almost an entire day of experimenting with the previously undocumented NtQuerySystemInformation API, so I may be mildly bitter. *grin*

I should note that a search on Google for “net user * /random” nets only 122 results.

Somebody asked a question on microsoft.public.scripting.wsh recently about monitoring network shares using Windows scripting. I wasn’t sure if this was possible (i.e. using event sinks or something of the like), so I started Googling around to see what I could find. After several unsuccessful searches, I finally came across something useful - Running a Script Based on an Event [WMI].

Although it was a little complex, it got me on the right track regarding monitoring events and the Win32 class I would need to focus on, Win32_ServerConnection. Once I knew what I was looking for, it was only a matter of time before I found some sample code to monitor connections to network shares.

The end result, for those of you at home, if that link above dissappears, is as follows:

Set services = GetObject("WinMgmts:")

services.security_.privileges.addasstring "sedebugprivilege"

Set sink = WScript.CreateObject("WbemScripting.SWbemSink","SINK_")

services.ExecNotificationQueryAsync sink, _
  "select * from __InstanceCreationEvent " & _
    "WITHIN 1 where Targetinstance ISA ‘Win32_ServerConnection’"
MsgBox "Wait for an event. " & VBCRLF & "Click OK to stop watching for events!"

Sub SINK_OnObjectReady(objWbemObject, objAsyncContext)
  Wscript.Echo " Share Name: " & _
    objWbemObject.TargetInstance.ShareName
  Wscript.Echo " Computer : " & _
    objWbemObject.TargetInstance.ComputerName
  Wscript.Echo " User : " & _
    objWbemObject.TargetInstance.UserName
  Wscript.Echo
End Sub

This will print out a line with the share name, and originating IP address and username any time a connection is made to a share. I learn more about Windows Scripting Host every day.

Jeremy Zawodny, a hugely visible blogger from Yahoo!, will be in town this Thursday. It’s too bad I’ve got a corporate event on Thursday night, but I just realized he may be getting in on Wednesday night…

Who’s up for a geek dinner in Chi-town?!

Scoble blogs about Google’s new Google Suggest. That is awesome!

PHP.net did something similar to this over a year ago with their search page.

I tore their javascript apart in hopes of using it for some of my own functionality and that is some impressive coding. It took me a good few hours to even begin to understand the design behind their search page. I’ll have to check out Google’s (if possible) and see if it is similar at all.