One of my problems, is that I support clients who often spend a lot of time monitoring if their servers (and services) are functioning properly, and that their network is up and running smoothly.
All of these tasks are easily re mediated through PowerShell, and I had a grand idea to unify all of the tasks and present them in a GUI, with the ability to tail the logs on remote servers at will.
I can execute PowerShell remotely to ascertain all of the facts I need about the servers involved, can poll and retrieve all the relevant points of data, aggregate them in a database, perform trend and abnormality analysis, that's all good.
But I want to aggregate it all into a sort of "management console" to alleviate all of the mundane tasks. Why not?
So I'm looking for some pointers as to where I can look for any frameworks, HTML based or application based, that can leverage the power of PowerShell into a somewhat modular UI interface. From what I've seen and experimented with, C# is abnormally complicated when executing PowerShell cmdlets.
Pardon my ignorance, I'm mainly a scripter. Please point me to the right direction!
I can imagine the exact GUI I want, and can grab and analyze all the data I need to accomplish it... Just not sure of the glue that connects the two.
Take a look on PowerGUI by Dell - it's designed for tasks like this.
Also you can try to do all with bare-hands coding using Windows Forms in PowerShell, like described on this TechNet blog post's series.
Also there is many PowerShell IDE's with visual Form designers - AdminScript is one of oldest.
This is a very general question, I beleive too general for StackOverflow. Here are my first thoughts as is :
1) Collecting datas on server is avery old story, begining with SNMP and continuing with WMI and more generaly "Windows Management Framework" on Windows. So client UI, you can adapt to your clients exists on the market. Have a look to Centreon, or Paessler.
2) As far as PowerShell is involved have a look to the Quest (now DELL) PowerGUI console (not the script editor)
3) If really you want it (not a good idea for me) you can write a PowerShell UI application, have a look to Sapien's PowerShell Studio. I give some clues about programming PowerShell UIs here.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I have written a c# program to monitor what my daughter is doing on her computer during her online lessons (due to COVID lockdown).
She has a habit of going onto Discord to chat with her friends instead of following the lesson. She also plays Minecraft during lesson time.
I don’t have the time to keep checking up on her so my wife urged me to write this software.
But the software is detected by Windows Defender as a Trojan as shown below;
Detected: Trojan:Script/Wacatac.B!ml
This program is dangerous and executes commands from an attacker
I can see that it is a Trojan of sorts but it is not being used in that vein. I am simply using TCP SOCKETS to allow myself or my wife to keep an eye on our daughter and to message her and if need be to close down the offending application remotely.
The way that MS Defender keeps quarantining each new compilation as I fine tune the exe to do what I need it to do is a real bind.
I am hoping that somebody might know a way around this.
After all I am using an API (System.Net.Sockets) that is part of the Microsoft DotNet library.
It is as if Microsoft were banning the use of an API that it provides.
My daughter is back at school on the 8th March 2021 so it will be redundant after that (hopefully) but as a developer I would still like to know how to solve this.
... close down the offending application remotely.
To some extent, this indeed makes your program "execute commands from an attacker." It seems like the issue does not lie in whatever API you use - but instead, what the program actually does.
You may try obfuscating your program with something like ConfuserEx, though it is possible that Windows Defender flags the obfuscated build as well, because this is what some real malwares do to hide themselves. The easiest solution is to place the program in a separate directory and add that directory to Windows Defender's exclude list.
We run up against this kind of problem frequently, and realistically there's not a lot you can do about it. False positives are just a part of what we have to deal with, and the only way to deal with them for low-distribution items like personal remote administration tools - or my own common case, custom AV upgrade scripts - is to add exceptions for your own programs when you install them on a computer, and every time you update the code.
It is as if Microsoft were banning the use of an API that it provides.
Unfortunately malware uses those same APIs. AV vendors are constantly upgrading their definitions to catch as many threats as possible and common techniques used by malware are also present in remote administration tools.
From a quick search it looks like Wacatac.B!ml is a particularly problematic detection that has struck all sorts of legitimate applications, including an open-source launcher for Blender recently and several other items.
From experience the !ml tag means that the definition was derived via machine learning which means it most likely is a deep heuristic rather than a code fingerprint.
Possible Solutions
The most general way to get around this type of heuristic detection is with extended validation code signing. Since this requires a relatively expensive certification process it's unlikely to be a useful solution for your in-house child monitoring tools.
In your case perhaps a path or file exclusion would allow you to continue to refine your tool without having to worry about it constantly being detected and blocked. I wouldn't recommend this for production systems, but for home use only it's simple, althout occasionally unreliable.
Finally, you could radically change the code. If you can't find a way to avoid detection using your current code base then consider using a different technique altogether. Enable powershell remoting and run a collector script on another machine on the network. Build a web-based agent that polls a web service (on the local network of course) to get commands to run. Use a popular library that will handle the actual communications for you rather than accessing the sockets yourself. Not as efficient maybe, but sometimes all it takes is one change to get the false positives to leave you the hell alone.
I'm just starting my Exam project at my school. Studying Systems Development with C#.
We're using GitHub as our online repository, and it just recommended to set up "Continues Integration". I looked at it, and the idea seemed nice. Our course is based around Test Driven Development, so we already have tests in place.
I first looked at Travis, unfortunatly, I cannot figure out how to get this to work with Windows, nor Unit Tests.
Question is, is there a tool we can use to acheive continues integration with C# for windows platforms, for free?
It is "continuous" integration, and yes, it is a good idea to learn about it.
Unfortunately, the question is too broad to answer directly. There are many solutions to get a working CI running, both locally and in the cloud; both for free and not-so-free.
It is, for a hobby/uni project, also perfectly possible to roll your own, with a few cron jobs or commit hooks.
CI simply means that your test/build scripts are running automatically, ideally after each commit and for each separate branch, so you get early warning for bugs creeping in. The more expensive or complex systems just add a loaf of customizability, reports, history, notifications etc. on top.
I would suggest googling a bit more. You really should be able to find something including documentation on how to use it. Wikipedia should have a handy table which you can filter down on "free" and "windows".
We are faced with the problem maintaining lots of windows services.
The idea is to reorganize windows services in to class libraries and connect libraries to one master windows service. Is there a good idea ? Any advices please)
There is a framework for hosting "services" within a single Windows Service called TopShelf. You might want to consider using that. https://github.com/Topshelf/Topshelf
I am interpreting your question to be "We have tons of little Windows applications that run as services - how can we simplify them?".
In general, lots of smaller programs are better. Single monolithic applications are difficult to maintain and test; when someone needs to make a small change it can trigger catastrophic consequences for dozens of other components of the application. It can also make it impossible to change one small application without taking down the whole service, as Chris Knight comments above.
On the other hand, lots of small programs suffer from the breadth problem. You probably want to make sure all your little programs run on a consistent framework - i.e. they all log their results to the same place, they all use a standardized configuration system, and they are all managed in the same place.
I have seen situations where people write services because they need to run a task "when a particular condition happens", so they make it a constantly running service and continuously check for that condition. Is it possible that you could take some of your services and turn them into triggered launches of individual applications?
If this isn't the correct interpretation, please let me know :)
We have an in house winform application that is used by about 20 users in my company. It's a real pain having to send the users a new msi when the application has changed in scope and I would like to have the users prompted from the application as to whether they would like to update their copy. My thoughts are that the source of the application would be on our company server and that the application would look to a database to see if updates area available. Aside from that I don't know where to go from there. Has any one done anything similar to this or does any one have any recommendations on how I should implement this.
Here's an open-source solution I wrote to address specific needs we had for WinForms and WPF apps. The general idea is to have the greatest flexibility, at the lowest overhead possible.
So, integration is super-easy, and the library does pretty much everything for you, including synchronizing operations. It is also highly flexible, and lets you determine what tasks to execute and on what conditions - you make the rules (or use some that are there already). Last by not least is the support for any updates source (web, BitTorrent, etc) and any feed format - whatever is not implemented you can just write for yourself.
Cold updates (requiring an application restart) is also supported, and done automatically unless "hot-swap" is specified for the task.
This boild down to one DLL, less than 70kb in size.
More details at http://www.code972.com/blog/2010/08/nappupdate-application-auto-update-framework-for-dotnet/
Code is at http://github.com/synhershko/NAppUpdate (Licensed under the Apache 2.0 license)
ClickOnce.
If it's a fairly simple program (not many dependencies) consider keeping the program on a network share have have users run from there.
The most popular solutions with graphical update prompts are AutoUpdater.NET and WinSparkle. For a more powerful solution, take a look at Google Omaha.
Squirrel is definitely worth a look
I've been using Wakoopa recently, and I find it quite amusing.
I had no idea ( well I had an idea but never got real data about it ) on how much time I spend in SO until this:
alt text http://img396.imageshack.us/img396/4699/wakoopaim1.png
So my programming question is:
How can I programmatically track the applications being used?
My initial though was to use something like "tasklist" command and "netstat" and pool every 15 minutes or something like that, but I don't think this is the way they're doing this.
Is there a library in .NET ( in C# I guess ) to do this? Does windows provides some kind of service like this? What about java?
I usually have at least some vague idea on how some programming task could be performed, but for this I don't have a clue.
The wakoopa app tracker works on OSX and Linux too, but it is clear to me they are three different apps, one per platform
BTW, how much do you used SO? :)
Here is a link to an article with source covering the Process Structure Routines API Detecting Windows NT/2K process execution. I thought that the SysInternals site had source to Process Monitor, but I don't see any. The article should point you in the right direction for Windows systems.
Here is a link that may be helpful for Linux systems PROCPS
Here is a link to a java swing top utility Monitor It uses JNI, so not sure if it really fits as a java solution.
And to answer the SO question, I only periodically visit the site. I find I spend too much time on it if I visit regularly.
Familiarize yourself with the Server Explorer in Visual Studio -- look under 'Process'.
Then read up on the PerformanceCounter class.