Potential Bug: Net Use Command missing dependency

[RussR]

Hey Guys,

I am not sure who to report bugs to, but I think I might have found one in
XPE sp1 that might save some of you using network stuff some headache.

The "Net.exe Utility" component is a very useful component as it includes
the "net" command which allows several useful network operations to be
configured from the command line, like setting shares, "net share", mapping
drives, "net use", etc.

Anyway, if you include the "Net.exe Utility" command it fails to include the
"Credential Management User Interface" component. The Net.exe command needs
this component as it has the "credui.dll" file which is needed at least for
the "net use" section of the Net.exe component to work correctly.

For example, if you use Net.exe component w/o including Credential
Management UI component the following will not work correctly:

c:\> net use * \\mymachine\myshare
you will get the following errors:
"System error 126 has occurred
The specified module could not be found"

If you include credui.dll in %10%\system\32 or include the Credential
Managment UI component mentioned above, it will function correctly.

I have also noticed that "net config workstation" doesn't work while "net
config server" does, not sure, but I think there is another missing
dependency there.

Try this stuff out and let me know what you think.

RussR

 

[KM]

I agree that "Net.exe Utility" is missing the dependency on "Credential
Management User Interface" component. However, credui.dll is a dynamic
dependency of the net.exe, not static (i.e. the credui.dll delay-loaded by
the net.exe). Not sure if you can call it as a bug.

Regarding "net config workstation".. does your image include "Workstation
Service" component?

KM

R> Hey Guys,

R> I am not sure who to report bugs to, but I think I might have found
R> one in
R> XPE sp1 that might save some of you using network stuff some
R> headache.

R> The "Net.exe Utility" component is a very useful component as it
R> includes the "net" command which allows several useful network
R> operations to be configured from the command line, like setting
R> shares, "net share", mapping drives, "net use", etc.

R> Anyway, if you include the "Net.exe Utility" command it fails to
R> include the "Credential Management User Interface" component. The
R> Net.exe command needs this component as it has the "credui.dll" file
R> which is needed at least for the "net use" section of the Net.exe
R> component to work correctly.

R> For example, if you use Net.exe component w/o including Credential
R> Management UI component the following will not work correctly:

R> c:\> net use * \\mymachine\myshare you will get the following errors:
R> "System error 126 has occurred
R> The specified module could not be found"

R> If you include credui.dll in %10%\system\32 or include the Credential
R> Managment UI component mentioned above, it will function correctly.

R> I have also noticed that "net config workstation" doesn't work while
R> "net config server" does, not sure, but I think there is another
R> missing dependency there.

R> Try this stuff out and let me know what you think.

R> RussR

 

[RussR]

I think if "Net.exe" component is included then dependencies for each of its
subsets such as net use, net config should be included even if it is dyamic.

As far as net config goes, yes the Workstation Service component is
included. I have profiled "net config workstation" with Dependency Walker
as well as FileMon and I can't seem to find any dlls that is uses that are
missing in my configuration.

Any ideas? the workstation service is started on my system. i'm using
command shell and minlogon.

Thanks,
Russr

 

[RussR]

I forgot to tell you the specific error that occurs when running "net config
workstation", it says "a specific logon session does not exist" or something
along those lines. I'm wondering if it needs Winlogon.

 

[KM]

RussR,

The "net config workstation" (while works) does show some logon related info
(Workstation domain, Logon domain) which shouldn't be available from
Minlogon image (by Minlogon design).
Most likely, the feature ("config workstation" command of the net.exe)
depends on the Winlogon.
However, it is very useful to have net.exe working on Minlogon images as
well as on Winlogon images, isn't it? That is, probably, why net.exe does
not have a dependency on Winlogon/Minlogon component. That is my guess,
though.

KM


R> I forgot to tell you the specific error that occurs when running "net
R> config workstation", it says "a specific logon session does not
R> exist" or something along those lines. I'm wondering if it needs
R> Winlogon.



R>>> Hey Guys,

R>>> I am not sure who to report bugs to, but I think I might have found
R>>> one in
R>>> XPE sp1 that might save some of you using network stuff some
R>>> headache.

R>>> The "Net.exe Utility" component is a very useful component as it
R>>> includes the "net" command which allows several useful network
R>>> operations to be configured from the command line, like setting
R>>> shares, "net share", mapping drives, "net use", etc.

R>>> Anyway, if you include the "Net.exe Utility" command it fails to
R>>> include the "Credential Management User Interface" component. The
R>>> Net.exe command needs this component as it has the "credui.dll"
R>>> file which is needed at least for the "net use" section of the
R>>> Net.exe component to work correctly.

R>>> For example, if you use Net.exe component w/o including Credential
R>>> Management UI component the following will not work correctly:

R>>> c:\> net use * \\mymachine\myshare you will get the following
R>>> errors:
R>>> "System error 126 has occurred
R>>> The specified module could not be found"

R>>> If you include credui.dll in %10%\system\32 or include the
R>>> Credential
R>>> Managment UI component mentioned above, it will function correctly.

R>>> I have also noticed that "net config workstation" doesn't work
R>>> while "net config server" does, not sure, but I think there is
R>>> another missing dependency there.

R>>> Try this stuff out and let me know what you think.

R>>> RussR




With best regards, KM. E-mail: (e-mail address removed)

 

[Slobodan Brcin]

Few months ago I have suggested one approach to this problem.

Many of us does not want all of snap ins to be included.

But net.exe utility component could easily be modified to include list of
all snapins disabled by default.
And only that need to be done is that field in component "Component
instances are editable" be checked.

So what ever snap in that you require you could open net.exe component and
check it.
After that you could resolve new dependency.

Regards,
Slobodan

 

[Lucvdv]

I forgot to tell you the specific error that occurs when running "net config
workstation", it says "a specific logon session does not exist" or something
along those lines. I'm wondering if it needs Winlogon.

That's what the message appears to say, and I think you're head on there.

The way I've always seen it is that minlogon and network client (i.e. the
workstation service) are mutually exclusive. Maybe not technically, but
from a usability point of view.

In a minlogon configuration, you 'log on to', or at least everything runs
under the 'local system' account.

The local system account in an NT/2K/XP setup has full access to the local
machine (even more rights than administrator), but can't be given access to
other machines on the network.

You can use "net use" to access a share on the local machine, which is
pretty much pointless in most situations, but you won't be able to access
any resource on another machine.

 

[RussR]

Hi Lucvdv,

The local system account in an NT/2K/XP setup has full access to the local
machine (even more rights than administrator), but can't be given access to
other machines on the network.
You can use "net use" to access a share on the local machine, which is
pretty much pointless in most situations, but you won't be able to access
any resource on another machine.

The above is not true, with Minlogon and the net.exe command you can do
several things. You are NOT restricted to just accessing things on the
local machine. I'm currently using MinLogon with Command shell and I am
able to access all other machines' shares, i.e. drives, folders, etc. I am
also able to map them with the "net use" command. You need to included
credui.dll for "net use" to work, but again it does NOT require Winlogon.
I'm also able to see my XPe machine on the network and access its shares
from other machines.

With the exception of "net config workstation" you can use just about every
other "net" command including "net view" to browse other machines and see
what shares they have available, "net share" to set what folders and drives
you want to share over the network, "net time" to give local time on another
machine. Just about all of the "net" commands work so I would say that
unless you need "net config workstation" Minlogon and the "net.exe" command
are very useful combo.

 

[RussR]

Would doing this be useful for Minlogon and Command Shell? As I recall, the
snap-ins require the Explorer Shell correct? In my case they would
certainly not be useful either way because my target device is headless and
the main reason I included "net.exe" is because of the powerful changes you
can make with it all at the command line. So it can be run from telnet or
batch scripts.

 

[Slobodan Brcin]

Sorry, my mind was focused on netsh.exe.

Ignore what I have said.

Regards,
Slobodan

 

[Lucvdv]

Hi Lucvdv,


The above is not true, with Minlogon and the net.exe command you can do
several things. You are NOT restricted to just accessing things on the
local machine.

You're right: I forgot about the /USER switch and password prompts.

If you could access files on other machines' shares from the local system
account without specifying additional credentials, you'd have discovered a
security hole you can drive a train through

If you don't reseal copies after cloning disks, you probably arrive in this
situation (I never tried it) because each target's local system account is
the same as all the others (all SIDs are the same).

 

[RussR]

Lucv, what is your email address? I would like to talk to you offline about
one of these networking issues. You can post it in spam proof format.

Thanks,
RussR

 

[Lucvdv]

Lucv, what is your email address? I would like to talk to you offline about
one of these networking issues. You can post it in spam proof format.

'null.net' is a real domain, just replace 'name' by 'lucvdv' and you have
it.

 

[RussR]

Lucvdv,

I sent you an email to lucvdv at null dot net, but it came back to me as
undeliverable mail:
Unknown user: lucvdv"at"null.net

Any ideas?

 

[Lucvdv]

Lucvdv,

I sent you an email to lucvdv at null dot net, but it came back to me as
undeliverable mail:
Unknown user: lucvdv"at"null.net

Any ideas?

Strange: I received several mails at that address yesterday, and one I just
sent to myself arrived as well. It's a commercial (non-free) forwarding
domain of mail.com, I never had any problems with it.

If you post your address, I'll mail you instead.

 

[RussR]

Lucvdv,

I just sent you another one at lucvdv at null dot net. Let's see if this
one makes it. If not, my address is rrogers at sensingstrategies dot com.

Thanks,
RussR

 

[RussR]

yeah i couldn't send it again, same message, same problem. i think it's
best if you email me.

RussR