How to close windows activation popup?

Discussion in 'Scripting' started by timesurfer, Nov 6, 2013.

  1. timesurfer

    timesurfer MDL Developer

    Nov 22, 2009
    8,527
    4,103
    270
    Thanks for noticing, so in theory it will work after the first reboot!

    I can just put it in C:\Trial\IR7\IR7.bat but will be glad to put your slui.exe/sppsvc KF in my IR7.vbs or startup folder which ever works best but look forward to getting rid of my Hybrid3 task which currently is dealing with slui.exe

    So I'm wondering if I put my IR7.vbs which silently runs IR7.bat into the startup folder will everything run sooner than if by my Hybrid2 task?

    So my IR7.vbs will be doing three things in this order:

    1. Run IR7.bat
    2. Slui.exe
    3. sppsvc.exe

    Thanks

    :yoda:
     
  2. timesurfer

    timesurfer MDL Developer

    Nov 22, 2009
    8,527
    4,103
    270
    I might have just received some new info on the askvg popup

    I was testing MD's DISM autoIR7install for RW on a modern faster computer and that popup was present, so opened up task manager and saw both slui/sppsvc and ended slui.exe and that popup immediately closed...

    I also put the askvg popup code into my IR7.bat and it didn't write so I think just the slui/sppsvc .vbs will be fine when your finished with it

    Thanks :worthy: MJ
     
  3. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,773
    1,096
    60
    #23 Mr Jinje, Dec 2, 2013
    Last edited by a moderator: Apr 20, 2017
    Try this, re-wrote it as a one-liner so you can echo echo >> filename.vbs. It detects sppsvc or slui events and reacts accordingly.

     
  4. timesurfer

    timesurfer MDL Developer

    Nov 22, 2009
    8,527
    4,103
    270
    #24 timesurfer, Dec 2, 2013
    Last edited by a moderator: Apr 20, 2017
    (OP)
    Cool :yoda: but it will go into my IR7.vbs

    Here is what is there now:

    Code:
    CreateObject("Wscript.Shell").Run "C:\Trial\IR7\IR7.bat",0,True
    Question:

    Do I rename the part in green to IR7.bat?

    Code:
    strComputer = ".":Set objSWbemServices = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!" & "\\" & strComputer & "\root\cimv2"):Set objEventSource = objSWbemServices.ExecNotificationQuery( "SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process' AND TargetInstance.Name = 'slui.exe' OR TargetInstance ISA 'Win32_Process' AND TargetInstance.Name = 'sppsvc.exe'"):Set objEventObject = objEventSource.NextEvent():set jshell = createobject("WScript.Shell"):jshell.Run "net stop sppsvc",0,true:jshell.Run "taskkill /f /im slui.exe",0,true:jshell.Run "taskkill /f /im sppsvc.exe",0,true:jshell.Run "KungFuSlui.vbs",0,false:
    I will be putting this into the startup folder for testing with RWTE

    Here is the write I have for IR7.vbs

    Code:
    echo CreateObject("Wscript.Shell").Run "%systemdrive%\Trial\IR7\IR7.bat",0,True >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\IR7.vbs
    echo strComputer = ".":Set objSWbemServices = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!" & "\\" & strComputer & "\root\cimv2"):Set objEventSource = objSWbemServices.ExecNotificationQuery( "SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process' AND TargetInstance.Name = 'slui.exe' OR TargetInstance ISA 'Win32_Process' AND TargetInstance.Name = 'sppsvc.exe'"):Set objEventObject = objEventSource.NextEvent():set jshell = createobject("WScript.Shell"):jshell.Run "net stop sppsvc",0,true:jshell.Run "taskkill /f /im slui.exe",0,true:jshell.Run "taskkill /f /im sppsvc.exe",0,true:jshell.Run "KungFuSlui.vbs",0,false >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\IR7.vbs
    slui.exe/sppsvc.exe :sith:
     
  5. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,773
    1,096
    60
    #25 Mr Jinje, Dec 2, 2013
    Last edited by a moderator: Apr 20, 2017
    Yep, rename the part in green to "IR7.vbs"

    Looking at this, it will run the IR7.bat every single time kung-fu event is triggered. Is that what you intended or do you only want the IR7.bat to run once at startup.
     
  6. timesurfer

    timesurfer MDL Developer

    Nov 22, 2009
    8,527
    4,103
    270
    #26 timesurfer, Dec 2, 2013
    Last edited by a moderator: Apr 20, 2017
    (OP)
    I want the usual IR7.bat to be run by IR7.vbs once at start up like it normally does

    I want to be able to add the code for FungFu to my IR7.vbs as to take care of the slui/sppsvc stuff

    So my IR7.vbs has this and I want to add the KF code to it and put it in startup folder

    Code:
    CreateObject("Wscript.Shell").Run "C:\Trial\IR7\IR7.bat",0,True
    Can I put both these things in IR7.vbs like above code?

    :yoda:
     
  7. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,773
    1,096
    60
    #27 Mr Jinje, Dec 2, 2013
    Last edited by a moderator: Apr 20, 2017
    You'd need two different VBS files for that. One that starts the ir7.bat and quits the other is just the kung-fu which will repeat multiple times through-out the day.

    Here is a custom event log entry so people can determine how 'strong' my kung-fu really is.

    Code:
    jshell.Run "cmd /c start /b powershell -command ""write-eventlog System -source 'Microsoft-Windows-Kernel-General' -eventid 666 -message 'This is my Kung-Fu and it is strong!'""",0,true:
    Code:
    strComputer = ".":Set objSWbemServices = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!" & "\\" & strComputer & "\root\cimv2"):Set objEventSource = objSWbemServices.ExecNotificationQuery( "SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process' AND TargetInstance.Name = 'slui.exe' OR TargetInstance ISA 'Win32_Process' AND TargetInstance.Name = 'sppsvc.exe'"):Set objEventObject = objEventSource.NextEvent():set jshell = createobject("WScript.Shell"):jshell.Run "net stop sppsvc",0,true:jshell.Run "taskkill /f /im slui.exe",0,true:jshell.Run "taskkill /f /im sppsvc.exe",0,true:jshell.Run "cmd /c start /b powershell -command ""write-eventlog System -source 'Microsoft-Windows-Kernel-General' -eventid 666 -message 'This is my Kung-Fu and it is strong!'""",0,true:jshell.Run "KungFuSlui.vbs",0,false:
    
    Easter egg, when you go into eventvwr.msc, you'll see event ID 7034, which keeps track of how many times the Kung Fu has run.

     
  8. timesurfer

    timesurfer MDL Developer

    Nov 22, 2009
    8,527
    4,103
    270
    #28 timesurfer, Dec 3, 2013
    Last edited by a moderator: Apr 20, 2017
    (OP)
    I'll leave my IR7.vbs as it is :eek:

    I do this write but it doesn't write correctly :suicide:

    Code:
    echo strComputer = ".":Set objSWbemServices = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!" & "\\" & strComputer & "\root\cimv2"):Set objEventSource = objSWbemServices.ExecNotificationQuery( "SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process' AND TargetInstance.Name = 'slui.exe' OR TargetInstance ISA 'Win32_Process' AND TargetInstance.Name = 'sppsvc.exe'"):Set objEventObject = objEventSource.NextEvent():set jshell = createobject("WScript.Shell"):jshell.Run "net stop sppsvc",0,true:jshell.Run "taskkill /f /im slui.exe",0,true:jshell.Run "taskkill /f /im sppsvc.exe",0,true:jshell.Run "KungFuSlui.vbs",0,false: >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbs
    :suicide:
     
  9. timesurfer

    timesurfer MDL Developer

    Nov 22, 2009
    8,527
    4,103
    270
    Here is cmd when trying to write:
     

    Attached Files:

  10. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,773
    1,096
    60
    Yeah, got the same error yesterday when I tried. It is the double quotes. Not sure how to properly escape them (tried \" and ^") for cmd > vbs and failed, but when I remove them (ctrl H replace with ' single quotes) then encapsulate the whole thing in double quotes it echo's correctly into the output file. (but VBS then errors because it does not respect the single quotes).

    Might have been easier to just do it the hard way with 8-10 echo commands, just need separate the rows at the : colons and it should work.
     
  11. timesurfer

    timesurfer MDL Developer

    Nov 22, 2009
    8,527
    4,103
    270
    #31 timesurfer, Dec 4, 2013
    Last edited by a moderator: Apr 20, 2017
    (OP)
    Yes it creates the .vbs just with nothing in it...

    How bout this...

    Code:
    echo strComputer = "." >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbs
    echo Set objSWbemServices = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!" & "\\" &  >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbsecho strComputer & "\root\cimv2") >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbs
    echo Set objEventSource = objSWbemServices.ExecNotificationQuery( "SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process' AND TargetInstance.Name = 'sppsvc.exe'") >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbs
    echo Set objEventObject = objEventSource.NextEvent() >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbs
    echo set jshell = createobject("WScript.Shell") >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbs
    echo jshell.Run "net stop sppsvc",0,true >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbs
    echo jshell.Run "KungFuSlui.vbs",0,false >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbs
    echo strComputer = "." >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbs
    echo Set objSWbemServices = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!" & "\\" & >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbs echo strComputer & "\root\cimv2") >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbs
    echo Set objEventSource = objSWbemServices.ExecNotificationQuery( "SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process' AND TargetInstance.Name = 'slui.exe'") >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbs
    echo Set objEventObject = objEventSource.NextEvent() >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbs
    echo set jshell = createobject("WScript.Shell") >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbs
    echo jshell.Run "taskkill /f /im slui.exe",0,true >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbs
    echo jshell.Run "KungFuSlui.vbs",0,false >>%SystemDrive%\Windows\System32\GroupPolicy\Machine\Scripts\Startup\KungFuSlui.vbs
    It writes this:

    Code:
    strComputer = "." 
    Set objEventSource = objSWbemServices.ExecNotificationQuery( "SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process' AND TargetInstance.Name = 'sppsvc.exe'") 
    Set objEventObject = objEventSource.NextEvent() 
    set jshell = createobject("WScript.Shell") 
    jshell.Run "net stop sppsvc",0,true 
    jshell.Run "KungFuSlui.vbs",0,false 
    strComputer = "." 
    strComputer 
    Set objEventSource = objSWbemServices.ExecNotificationQuery( "SELECT * FROM __InstanceCreationEvent WITHIN 1 WHERE TargetInstance ISA 'Win32_Process' AND TargetInstance.Name = 'slui.exe'") 
    Set objEventObject = objEventSource.NextEvent() 
    set jshell = createobject("WScript.Shell") 
    jshell.Run "taskkill /f /im slui.exe",0,true
    and creates other file called in startup folder

    Code:
    KungFuSlui.vbsecho
    Also noticed that when I put my IR7.vbs that is suppose to run my IR7.bat in startup folder that is doesn't run IR7.bat
     
  12. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,773
    1,096
    60
    Easier would it not be to include files of both in zip.

     
  13. timesurfer

    timesurfer MDL Developer

    Nov 22, 2009
    8,527
    4,103
    270
    #33 timesurfer, Dec 4, 2013
    Last edited: Dec 4, 2013
    (OP)
    Not want to include rogue files do I, hmm he he, only one batch need I do :sith:

    Wish we knew how these 3 files are connected

    The random piracy permissions popup that when I close slui.exe it closes (Two birds one stone)

    And connection between sppsvc and slui.exe

    What is this...

    I really want to implement this soon so I'm willing to test when code is ready

    Since the IR7.vbs does not run IR7.bat in startup folder I'll keep in C:\Trial\IR7

    After we nail this popup/piracy stuff then I'll only have DISM to work on then after that I'm Final

    I'll keep in mind WPA delete inside windows but basically Rearm concept for W7/2013 is done :yoda:
     
  14. timesurfer

    timesurfer MDL Developer

    Nov 22, 2009
    8,527
    4,103
    270
    #34 timesurfer, Dec 4, 2013
    Last edited: Dec 5, 2013
    (OP)
    @MJ

    I think for RW using just the slui.exe will do fine as it closes both the activation/piracy messages that users experience with my rearm concept

    I don't think it's necessary to use the sppsvc.exe stuff

    Maybe I'll just stick with my Hybrid3 task since I only need it to run a startup if user gets one of those two popups?!

    :yoda:
     
  15. Mr Jinje

    Mr Jinje MDL Expert

    Aug 19, 2009
    1,773
    1,096
    60
    #35 Mr Jinje, Dec 27, 2013
    Last edited by a moderator: Apr 20, 2017
    Kung Fu 2.0

    Got it to work from the command line. Needed some base64 encryption to avoid using any special characters that cmd.exe could accidentally parse. (avoiding that double quotes issue we had last time)

    Works from echo >> KungFu.bat.

    Code:
    echo start /b powershell.exe -nologo -WindowStyle Hidden -sta -command "$KungFu = 'H4sIAAAAAAAEAO29B2AcSZYlJi9tynt/SvVK1+B0oQiAYBMk2JBAEOzBiM3mkuwdaUcjKasqgcplVmVdZhZAzO2dvPfee++999577733ujudTif33/8/XGZkAWz2zkrayZ4hgKrIHz9+fB8/In7j5DdOUu9Z5m3atNUqbVar5nIaftlmzdu3RVmO83d5evc8vVsstB0+uUXbcl1Iy984+d2yaZl+ln6et9vH9Nv2y6ydpx/V+UXRtPX1o0ff/r1Of5/f/6vXp69e/76vt3e372/v7Xx0+Lut8npRNE1RLendj17k7VVVv01f5/VlMc0/Gn30bF2WJ9WyrauS/sJvWbHM67PlPK+LdpR+OfnpfNrqnx+NCES1xHvHZVldEfxsOs2b5tW6zAn+i/xqW15IX183bb4Yv86na3rxenzM7abS0/iVYn3s3vYwBdSSXm3d11teR3f4+/RnaBTvQQqQ8DdOzs7Tra2Lq0WRXhXLe3u//6quADbdPi/KNq/Tj17KB2dPP/vdXp49/Yh6afISA5pWi0W2nJVEnTtj7490e1m1i6ydztOPv13MZvny4zu/cfKLab5Ovvzii+MXT0H3VXWV180819mlV8rqokq3v1ssZ9XV6/aaCCAvp9vPCvrjo/ST9KM/4CP8+N0W12fLy2qatUSa8RfXJ9L3+Gl+XiwLfGja/sbJ9y6rYvb97ynxX+XnQB2vHTdNvpiU199/9Oh5lc2+W7Tzl1ndFln5IlvkWx9/UUzrqqnO2/FPFs06K59kTTH9+M7h96JfjM+WRKyMQRPE1xjY1kdmwB+NdogC+bui/Y2TXyJkB39fzQvMY1uv8zvyyS92AvC7/cQ6r69BKiX3t9Lzulqkv//vXyybNltO85M6ZwqcXubLlmavnRfLdJeg5nVOslNf5MSl0jQtmiz9WCZY5/PjFDPxJmg2xtCpy4+NlH2cfvmq0yY9e32cfvxdD9QNoKxwf/xRKN6/GyN+BUYhPgtkhaYzu8gX9PXY/crNv6vNhTwxgAQpgDy+yor2WVW/yN8JiC0ltnl+TrSX3/KK9EG+nQM3EgJVFOl2U61rorfjRBWOZvv3yutlXm5/npNeysqPU3m3mKWffvppur2g2SWSpR+/mRcNzXy6uE5/r/XyYvvZOiUxSYsWH5JeqJYXv+vHggpz5f8DWLimhMkFAAA=';$data = [System.Convert]::FromBase64String($KungFu);$ms = New-Object System.IO.MemoryStream;$ms.Write($data, 0, $data.Length);$ms.Seek(0,0) | Out-Null;$cs = New-Object System.IO.Compression.GZipStream($ms, [System.IO.Compression.CompressionMode]::Decompress);$sr = New-Object System.IO.StreamReader($cs);$t = $sr.readtoend();Invoke-Expression $t;" > C:\KungFu.bat
    #
    How exactly does a KungFu.Bat do all this stuff on-the-fly

     
  16. timesurfer

    timesurfer MDL Developer

    Nov 22, 2009
    8,527
    4,103
    270
    #36 timesurfer, Jan 12, 2014
    Last edited by a moderator: Apr 20, 2017
    (OP)
    That is some crazy code MJ

    You said you included base64 encryption but what about 32 users?

    Thanks for the hard work

    :shisha: