safeboot | slightly improve the security of the Linux boot process
kandi X-RAY | safeboot Summary
kandi X-RAY | safeboot Summary
Scripts to slightly improve the security of the Linux boot process with UEFI Secure Boot and TPM support
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of safeboot
safeboot Key Features
safeboot Examples and Code Snippets
Community Discussions
Trending Discussions on safeboot
QUESTION
I have an issue when I tried to install an EXE file on windows server 2012 R2. When I tried to execute the EXE or MSI file I got below error, "The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance."
I tried the following methods to fix the issue but nothing worked.
Method 1:
I tried to unregister and re-register msiexec file
%windir%\system32\msiexec.exe /unregister
%windir%\system32\msiexec.exe /regserver
%windir%\syswow64\msiexec.exe /unregister
%windir%\syswow64\msiexec.exe /regserver
Method 2
net stop msiserver
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer" /VE /T REG_SZ /F /D "Service"
net stop msiserver
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer" /VE /T REG_SZ /F /D "Service"
net start msiserver
Method 3
Browsed the registry editor to locate HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msiserver. Created following key WOW64 REG_DWORD 0x00000000
I did reboot the servers after each method and even tried to export the registry key from working server to the issue server. Still, the issue is not resolved.
Is there any other solution I can try to fix the issue. I don't want to rebuild the server from the scratch. Please help
Regards, Naresh
...ANSWER
Answered 2020-Jan-15 at 14:59Disclaimer: The below is just a list of options intended to list anything and everything. Some of the options I am not sure are that useful, but they are there to remember them for the next time:
UPDATE: Please check the bottom suggestion first:
DISM.EXE. This is what worked in this case says the original poster (added after he reported it).
Quick Suggestions:
- Currupt Setup: I would try a different MSI file to install, in order to make sure the one you test with is not corrupted. Reboot too - if you can (strict on some servers) - to resolve any locks.
- Disks: Scan your disk to make sure it has no errors AND that it has space available.
- Logs: Check for clues in the event log as to what might be wrong (if anything in particular).
- Malware: Run a malware scan with whatever tool you have available to do so. Check your
setup.exeby uploading it to https://www.virustotal.com/- Sfc.exe: Run
sfc.exeto scan for system file corruption (see tool described below). You can runsfc.exedirectly, if you have no good malware scanner available or it also fails to run.- Anti-Virus: Try to disable any malware scanners if you have them running. They could block things (usually for a reason - infection for example), and prevent the installation.
- Policies: Glance over group policies to verify that nothing there is blocked. See below.
- Terminal Server: Make sure you are not on a terminal server. If you are, see below.
The Basic Checks: This will be a generic check list of sort, bear with me for including what you have already tried, and some entries that I am frankly not sure are that relevant at all:
Corrupted Installer File: Before trying anything else, try to run a different installer. You could have a corrupted installer file on your hands. This is in fact very common, and can take ages to discover.
Pending Reboot: Is there a pending reboot? Can you reboot the server? Try it. I have seen some Windows Updates blocking installation until the reboot has been done.
Service running: Verify that the Windows Installer service is not disabled in the service control applet. Launch
services.mscand check "Windows Installer". Some admins actually go to the lenght of disabling the service! (there goes the day as they say).Admin Rights / UAC: Verify that you run with an admin account (admin rights), and that the UAC is enabled? (might not be possible to disable on servers, I don't know). I don't maintain servers much, but maybe try to launch something you know needs elevation and verify that you get the UAC prompts.
Policies: Investigate whether the Windows Installer service is disabled by policy:
Terminal Server: If it is a terminal server machine, make sure you are in installation mode and not in execute mode. See this answer.
- Change.exe: https://ss64.com/nt/change.html
More Involved (Stranger Shores):
Different Admin User: I always try a different admin account when I have a weird problem (debugging - down the page). Just to rule it out. Sometimes it works - generally when the user profile is broken somehow (broken paths etc...). Try to log in and install as that user.
Malware: Run a scan for malware. With malware anything is possible in terms of problems. Use whatever tool you have. Not sure what Windows Server has - does it have Windows Defender Offline scan mode?
Sfc.exe: Along the same lines run the
sfc.exetool to verify that system files are not corrupted. This tool can be more effective than people think. It looks like it is available on Windows Server machines.sfc /verifyonly(no repair)sfc /scannow(to repair problems)
COM Registration: You have already tried this:
%windir%\system32\msiexec.exe /unregister%windir%\system32\msiexec.exe /regserver%windir%\syswow64\msiexec.exe /unregister%windir%\syswow64\msiexec.exe /regserver
Reinstall Windows Installer: This is the last resort if you ask me. Don't try it until everything else has failed. In particular make sure you run
sfc.exefirst - before considering this hack.DISM.EXE: Generic way to try to fix Windows corruption issues - also recommended recently to fix the Windows 10 issue in the Windows Explorer search box in the latest 1909 update (Jan 2020).
- "Fix Windows Update errors by using the DISM or System Update Readiness tool": https://support.microsoft.com/en-us/help/947821/fix-windows-update-errors-by-using-the-dism-or-system-update-readiness (do visit this link)
- Run in sequence:
DISM.exe /Online /Cleanup-Image /CheckHealthDISM.exe /Online /Cleanup-image /Restorehealth
- Reboot.
QUESTION
im trying to remotely reboot a computer into safemode. I go in with Enter PSSsession but when i try to run the command below it doesn't work. If I run it within Command Prompt it works. someone said this is due to parsing in powershell. So I remote in with ETSN command and try to launch Command prompt but as soon as it opens it closes and goes back to powershell, anyone have an idea of why this happens or knows another way to reboot a Windows PC into safemode?
bcdedit /set {default} safeboot minimal
ANSWER
Answered 2019-Oct-18 at 13:19Curly brackets have a special meaning in PowerShell, so you need to prevent the parser from interpreting them, e.g. by putting the argument in quotes. I would also recommend using the call operator whenever you're calling external commands, even though it's not required in this case.
QUESTION
I have executed the command bcdedit /set current safeboot network from whitin a C# application and this in the error I got in my terminal:
The element data type specified is not recognized, or does not apply to the specified entry. Run "bcdedit /?" for command line assistance. Element not found.
This is my code:
...ANSWER
Answered 2019-May-14 at 12:28The problem was that I was missing the brackets around the word "current":
QUESTION
I am using the Toradex system-on-module colibri imx6ULL with a custom board.
I am trying to disable the LCD and use it's GPIOs for my sensors. I have followed the answer in this link. I got stuck with one of the suggestion in the answer.
In addition to assigning these pings to an iomuxc pinctrl group, you'll also need to assign the pinctrl group to an enabled node for them to get initialized. You can create a new node specifically for this purpose if you'd like.
What does that line mean? Do I need to create a dummy node with
statusproperty set tookay?Can I change of the name appearing in /dev/ for uart port?
How can I enable
JTAGin my custom board?
My device tree source file is below:
...ANSWER
Answered 2018-Aug-13 at 12:381) It means you need to add the pinctrl-group e.g. the one you have created pinctrl_additionalgpio to a node.
I'll take for instance the lcdif node you have disabled in you device-tree to illustrate a pinctrl-group added to a node. In this example, pinctrl_lcdif_dat and pinctrl_lcdif_ctrl are added to the lcdif node:
QUESTION
I'm attempting to import users via a CSV folder.
I have certain parameters that need to be kept, so I'm only using certain fields.
Powershell
...ANSWER
Answered 2018-Jul-17 at 08:37I got it working,
Turns out when I was building the CSV within Excel 2016 it wasn't adding the commas to seperate values.
I ended up opening the CSV within notepad and added commas to separate the values.
Powershell reads the Values based on Comma Seperation, so if there are no commas, it doesn't know what values to push out.
QUESTION
Randomly, my script has begun erroring.
We changed JumpBox server, which I feel may be related, however i'm not sure.
The error is as followed:
...ANSWER
Answered 2018-Jun-19 at 10:57I don't know if a switch command with the -Regex parameter would catch the issue,
but it would allow to more easily create additional ranges and possibly pinpoint the problem.
The switch is wrapped in a small test script:
QUESTION
I am creating a script to create users on a domain for one of my clients (NHS in the UK), however it currently refuses to create the AD User & exchange account if the user has a First & Second Name that Already Exists within the AD.
I have already bypassed username duplication by adding a number onto the end of the usernames if they already exist. However, if the first / second name is duplicated it will not create the account.
...ANSWER
Answered 2018-Jun-08 at 09:51The parameter -Name sets not only the attribute name but also cn (common name), which must be unique just like sAMAccountName. To fix the issue change this:
QUESTION
Built android(7.1.2) for Jetson TK1, android boots to safe mode and displays the lock screen(at times only a black screen with safe mode at the left corner appears), input devices (Mouse and Keyboard) aren't working. It also keeps rebooting on its own. Have read about the strictly enforced verified boot in nougat, but have no idea how to go about debugging the cause for safe mode.
The Log information that shows SAFE MODE 01-01 00:05:40.481: I/WindowManager(592): SAFE MODE ENABLED (menu=0 s=0 dpad=-1 trackball=-1)
It comes from the WindowManager, I tried reading the sources in frameworks directory, but didn't quite understand how things work.
How should one figure out the cause for safe mode, is it due to security issues in kernel or the android part (Sepolicy etc)? There are couple of errors in the log, should I correct all the errors, does it solve the safeboot problem?
Logs SERIAL LOG: https://pastebin.com/LxgUsegh
...ANSWER
Answered 2018-May-12 at 05:38Finally solved the safe mode problem, it was enabled as android has sensed the volume down state as high, this state is one of conditions which determines if safemode is set, though there is no volume buttons in the board somehow the code reads it as high. Anyways the system hangs in lock-screen and keeps rebooting.
SOURCE CODE
WindowMangerService.java
mSafeMode = menuState > 0 || sState > 0 || dpadState > 0 || trackballState > 0 || volumeDownState > 0;
Just removed the volume down condition.
Any ideas on why android freezes in lock-screen everytime it boots ?
System Hang solution:
Solved the system hang, the issue was related to SDHCI controller, had to make some changes in the kernel. Simply followed the instructions in this link
Now have a working android Nougat in jetson-tk1. :)
QUESTION
Here is my issue. Me, being the spoon I am, decided to use MSConfig to get windows to always boot to safe mode, because I was having issues with the windows activation protocall. I had also checked the alternate shell option along with SAFEBOOT. Now, since my copy of windows isn't activated yet, if won't let me log on period. I can't get back to MSConfig now. Is there a way to revert these changes?
...ANSWER
Answered 2018-Feb-01 at 14:21The change that MSConfig applied is likely by adding the /SAFEBOOT argument into the boot.ini file on the boot drive as an argument to the kernel.
Fortunately, because it is Windows XP, this is a text file, and to change it you just need to be able to get to it.
The first option is to boot from a Windows XP Installation CD and use the Recovery Console. From the recovery console, it should be possible to navigate to where the boot.ini file lives (which is likely in the root of the first partition), and type the contents to confirm the issue. If you put a USB stick into the machine before booting, you should be able to copy the boot.ini onto the USB stick, edit the file with another computer, then copy it back over the original.
An alternative is to use one of a variety of Linux boot CDs or live CDs (or bootable USB sticks). This should allow you to boot to a Linux command prompt or desktop, at which point you can mount the NTFS boot partition from the hard drive, and use a text editor from the Linux environment to edit the file. Exactly how you go about doing each of these steps will vary slightly from Linux distribution to Linux distribution based on what tools they come with. Something such as OpenSUSE or Debian is likely to have all the tools needed.
A final option is to remove the hard drive from this machine, and attach it to another machine as a second drive (or using a USB hard drive adapter). The second machine will then be able to see the partitions on the drive, and you can use a text editor to get the boot.ini file.
Once you are able to edit the boot.ini file, you probably want to copy the entry in the [Operating Systems] section onto another line, then edit it to remove the /SAFEBOOT option.
For example, change:
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install safeboot
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
