Archive

Archive for the ‘Windows’ Category

Signing a Java JAR file with a Microsoft Authenticode Code Signing Certificate

March 1, 2014 Comments off

You already have a Microsoft Authenticode code signing certificate from Verisign/Symantec
and now you want to sign Java JAR files.  Can you re-use your Microsoft Authenticode certificate?  As of this writing, Yes.

If you do not already have your current Authenticate code signing certificate exported as a .pfx file, then export your certificate and private key from your Windows Certificate Manager:

  1. Start->Run: certmgr.msc
  2. Select your existing Code Signing Certificate.
  3. Right-click:  All Tasks -> Export …
  4. Welcome Screen: Next>
  5. Export Private Key: Yes, export the private key.  Next>
  6. Export File Format: Personal Information Exchange -PKCS #12(.PFX)
    • Yes: Include all certificates in the certification path if possible.
    • No: Delete the private key if the export is successful.
    • Yes: Export all extended properties.
    • Next>
  7. Password:  Specify a strong password.  Next>
  8. File to Export: Specify a file path for exporting your certificate.  Next>
  9. Completing the Certificate Export Wizard:  Finish
  10. You should now have your .pfx file.

To sign your JAR file:

  1. Retrieve the Alias Name from your .pfx file:
    "C:\Program Files\Java\jdk1.7.0_51\bin\keytool.exe" -list 
        -storetype pkcs12 -keystore mycertificate.pfx -v

    Near the top of the output, locate the line:

    Alias name: {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
  2. Sign your JAR files using the .pfx file and the correct alias name:
    "C:\Program Files\Java\jdk1.7.0_51\bin\jarsigner.exe" -storetype pkcs12
        -keystore mycertificate.pfx myjarfile.jar 
        "{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}"
        -tsa https://timestamp.geotrust.com/tsa

    Password: Specify the password that you used when exporting the *.pfx file.

  3. Verify the signature:
    "C:\Program Files\Java\jdk1.7.0_51\bin\jarsigner.exe" -verify 
        -verbose -certs myjarfile.jar

References:

Advertisements
Categories: Programming, Windows

Windows: Removing a Plug and Play driver from the driver store.

November 21, 2011 Comments off

When an OEM kernel driver is installed in Windows, driver files are typically installed to the following locations:

  • \Windows\inf\ – the .inf file is renamed to oem#.inf
  • \Windows\System32\drivers\

To remove a particular .inf file and related files, see the following article:

On Vista and later, the driver is also added to the Windows Driver Store located in:

  • \Windows\System32\DriverStore

The oem.inf filename for a particular driver can be found by enumerating all of the OEM drivers in the Driver Store.

To enumerate the plug-and-play drivers, from a Windows cmd prompt opened in administrator mode, run:

  • pnputil.exe –e

To remove a particular OEM driver from the driver store use:

  • pnputil.exe -d oem#.inf

Reference:

Categories: Programming, Windows

Windows: Importing a certificate for a service

April 30, 2011 2 comments

Windows has several different certificate stores.  Using certmgr.msc allows a certificate to be installed for the current user.

However; to make a certificate available to services and other process that run under the Local System or Local Service accounts, you must import the certificate into the the Local Computer store.

To import the certificate, set up a connection the the local computer’s certificate store:

1. Start -> Run: mmc.exe
2. Menu: File -> Add/Remove Snap-in…
3. Under Available snap-ins, select Certificates and press Add>.
4. Select Computer Account for the certificates to manage.  Press Next.
5. Select Local Computer and press Finish.
6. Press OK to return to the management console.

Then, import the certificate:
1. Select: Console Root -> Certificates (Local Computer)
2. Continue and select: Trusted Root Certification Authorities -> Certificates.
3. Right click on Certificates and select All Tasks -> Import…
4. Follow the import wizard and import your certificate normally.

References:

Categories: System Admin, Windows

Windows: Internet Explorer fails to print with preview.js errors.

October 28, 2010 1 comment

Symptoms:  Attempting to print from Internet Explorer returns the error:

An error has occurred in the script on this page.
Line: 1507  (or whatever)

URL: res://ieframe.dll/preview.js

See attached screen shot:

Other symptoms include, missing menu items, or menu items that don’t do anything when selected.

Cause:  Some other application wrote to the wrong location or un-registered .dll’s that it wasn’t supposed to during install or uninstall.  Which application? Who knows.

Fix:  As described in the references below, you’ll have to re-register the IE libraries and components.   But first:

  1. Ensure that your printer actually works.  Print a test page from Notepad, or Word or whatever.  Printer not working?  The rest of these steps won’t help you.  Fix your printer.
  2. Reset IE to ensure that other add-ons aren’t causing you grief.
    1. Start Internet Explorer
    2. Press the ALT key to bring up the menu.
    3. From the menu select:  Tools -> Internet Options  (this is reachable from the Windows control panel as well)
    4. Tab:  Advanced
    5. Press the button:  Reset…
    6. Press the button: Reset
    7. Restart IE
    8. Attempt to print from IE.  Does printing work now?  If yes, you’re done.  If not, continue.
  3. Re-register your IE libraries.  In the references below, you can do it the Microsoft way and make your own script or use the ready made script from iefaq.  I used the ready made script after reviewing it.
    1. From iefaq listed in the references section, download the script that matches your machine type.  I’m running Windows 7 32-bit so I downloaded ie8-rereg.zip.
    2. Start the Windows File Explorer.  Start -> All Programs -> Accessories -> Windows Explorer
    3. Find the file that you downloaded.  Computer -> Your disk (C:) -> Temp   (or wherever you downloaded the files to.)
    4. Right click on the .zip file you downloaded and select Extract…
    5. Extract the files somewhere reasonable.  Example: c:\temp\ie_fix\
    6. Find the extracted files.  Navigate down the directories until you find the .cmd file.  In my case the file I wanted was ie-rereg.cmd
    7. (Optional) Open the .cmd file in Notepad to see what it’s going to do.  We’re all curious right?
    8. Right click on the .cmd file and select: Run as administrator.  (No, Run as administrator?  Select Open instead… and consider updating your OS one day.)
    9. The command file will run for a moment and then report an error at the end.  Something about failing to update the registry.  Doesn’t matter, that’s a Windows XP fix that is only necessary if you’re running XP.
    10. Reboot your computer.
    11. Start IE and attempt to print.  Fixed?  Worked for me.

References:

Categories: System Admin, Windows

Windows – Loading a 64-bit crash .dmp for a 32-bit application

September 20, 2010 Comments off

If a crash dump shows WOW64 CPU emulation in all threads (e.g.  wow64cpu.dll!CpuSysCallStub() …) then a 64-bit dump has been generated for a 32-bit process.

To view the stack the wow 64-bit extensions need to be loaded first into Windbg:

In Windbg:

0:000> .load wow64exts
0:000> .effmach x86
Effective machine: x86 compatible (x86)
0:000:x86> !analyze -v

Reference:

Categories: Programming, Windows

Windows XP – Scheduled Tasks stop working

December 15, 2009 Comments off

I use Scheduled Tasks in Windows XP to kick off automated processes.  On one particular machine, everything worked fine for several years until recently the scheduled tasks would no longer start.

Checking the Scheduled Tasks’ properties, the user account was still configured correctly with the correct password.

Checking the Scheduled Tasks’ log in:

  1. Start –> All Programs –> Accessories –> System Tools –> Scheduled Tasks
  2. Menu: Advanced –> View Log.

the log contained the following info [edited] for my scheduled job:

“nightly.job” (nightly.bat) 1/1/2009 9:00:00 PM ** ERROR **
The attempt to log on to the account associated with the task failed, therefore, the task did not run.
The specific error is:
0x80070569: Logon failure: the user has not been granted the requested logon type at this computer.
Verify that the task’s Run-as name and password are valid and try again.

It turns out that the user that is assigned to a scheduled task, must also be assigned to the “Log on as a batch job” account policy. 

Normally, on a local machine, if you add a user to a scheduled task, then that user will automatically be added to the policy.  However; if your machine is connected to a domain, then the domain settings may periodically overwrite the local account policies.

In order to fix the scheduled tasks, I needed to add my user back into the “Log on as a batch job” policy.  However, since the domain controls the policy I had to add my user to the local “Backup Operators” group so that the policy would once again apply.

To view the “Log on as a batch job” Policy:

  1. Control Panel –> Administrator Tools –> Local Security Policy –> Local Policies –> User Rights Assignment –> Log on as a batch job
  2. Right-click –> Properties
  3. This lists the users and groups that have rights to run batch jobs.

To add the user to the Backup Operators group:

  1. Control Panel –> Administrator Tools –> Computer Management –> Local Users And Groups –> Groups –> Backup Operators
  2. Add…
  3. Add the user that is set for the scheduled tasks.

References:

Categories: System Admin, Windows

IP Routing in Windows

October 25, 2009 Comments off

Linux is often used for network routing because it is cheap to set up, it is efficient, and it runs on old computer hardware. However, if you are not already familiar with Linux, the set-up can be daunting. If you only have simple routing requirements then a Windows box can be used as the IP router.

By default, for security reasons, Microsoft turns off routing between the Ethernet cards. However, if you need to route, the option can be turned back on.

To set up a Windows box as an IP router do the following:

  1. Take a spare PC with Windows XP or Vista on it to use as the PC router.
  2. Ensure that there are two or more Ethernet cards installed in the PC.
  3. For each of the installed Ethernet cards, assign an IP address from a different subnet.
  4. Enable routing between the Ethernet cards:
    • regedit
    • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
      • Change IPEnableRouter from 0 to 1
    • Reboot
  5. Connect a second PC to a network that is attached to one of the Ethernet cards in the PC router. Using the second PC, attempt to ping each of the Ethernet cards in the PC router. You should be able to ping devices on other subnets through the PC router.
  6. Note: If your second PC’s default gateway is not the PC router then you may need to add additional static routes using the route add command.

Reference:

Categories: System Admin, Windows