RDP client in WIN10XPE?

Hi, bob.omb

>No need whatsoever to boot into system... but every once in a while there is a need for admin.  I dont understand why people still use system.. They are only limiting themselves..

I was firstly use "Switch To Admin" for testing this MiniNT trick.
I don't know how many people use Admin account or SYSTEM account. As the "Switch To Admin" is optional, so default people use SYSTEM account.
I just point out that if you do the MiniNT modify, it need "Switch To Admin" plugin's files/registy items(no need admin account),
if people didn't select it, don't apply the patch directly not only check the file exists, otherwise make the Credential Dialog(console one) break.

Admin = Admin+System both possible
System = System possible only

Why not make "Switch To Admin" as checked by default?

I don't use PE for long time, as I saw seem has those limits:
1. IE can't download file in SYSTEM account
2. new version of TeamViewer can't use in SYSTEM account
3. printer?

So to be sure or clarify here - With Default SYSTEM account -
1) NLA works with Credentials Console.
2) Access share folders or mstsc.exe work with Credentials Console

Although, We have had it reported that NLA does not work properly without "switch to Admin" option selected - Thus the requirement message in XPE

So with default SYSTEM account (with NLA reported as not working) the issue is with Credentials Console ????????????

We Could then add the Credentials GUI (Patched .dll) - to "Admin Plugin" for use if  "Switch To Admin" selected on Build Core

I think there are just 1 or 2 testers providing feedback of RDP and reports very

Slore, you have the wheel here..

Although, We have had it reported that NLA does not work properly without "switch to Admin" option selected - Thus the requirement message in XPE

as this reason the message will be require "Swith to Admin" plugin, not Administrator account(tested with Win10XPE_2018-12-15 + the new RDP.script).

So to be sure or clarify here - With Default SYSTEM account -
1) NLA works with Credentials Console.
2) Access share folders or mstsc.exe work with Credentials Console

1) NLA works with Credentials Console With Default SYSTEM account

works in
WimBuilderUI_WIN10XPE +
Reply #29 on: December 22, 2018, 09:40:21 AM » RemoteDesktop\main.bat

but fail with "The NLA error, please contect to your Administrator" Message in
Win10XPE_2018-12-15 + the new RDP.script.

the files are same, but in my main.bat there is not IF for "NLA" checkbox, maybe remove the IF(registry modifition section) in RDP.script, you can reproduce this.

2) Access share folders or mstsc.exe work with Credentials Console

This(Access share folders) works always since the console mode appear(even WIN10XPE first release), I use this way transfer files between WIN10 host and PE for long time.
mstsc.exe just tested yesterday with Win10XPE_2018-12-15 + the new RDP.script(without "Swith To Admin") or WimBuilderUI_WIN10XPE + RemoteDesktop\main.bat in the topic.

So with default SYSTEM account (with NLA reported as not working) the issue has to be with Credentials Console ????????????

Not has to.
If you enable the "Switch To Admin" plugin, the Credential GUI(no MiniNT checked) and Credential Console(has MiniNT) both work with SYSTEM account.
If there aren't "Switch To Admin" plugin's files/registy items addition to the wim, the Credential GUI wouldn't show(get error), so make sure in this satiuation use the
origin Credential Console.(DO NOT apply the pathed.dll or use cmd(rename MiniNT) to use Credential GUI forcely)

I hope you can know my English words...

>So with default SYSTEM account (with NLA reported as not working)

I just tested the v1809, maybe the report is true for early version.

OK - I Edited RDC to Not require "Switch To Admin" Option

Added Patch DLL Process - IF "Switch To Admin" selected on build core

Option To Use ChrisR's launcher.cmd - otherwise Patched.dll is used - IF "Switch To Admin" selected on build core

compared Your Files From Main.bat - ChrisR added section but did not extract the 6 additional files...

Note: Deselecting "Connection With Network Level Authentication" checkbox will break current ADMIN account connection (Patched.dll)..

Hi slore,

Thanks for good news, minint regdelete/write workaround also used with Paragon Partition Manager , I do not know if same workaround works with Teamviewer etc...

Due to the nature of Type3 projects (Win10XPE and WimBuilderUI .....) which always extracts and overwrites from source (unlike Type2 SE) patched file can be overwritten...
The safe side (which I read Chris prefered) is minint regdelete/write workaround... Still Patching makes life easier.
There are a set ways to be sure file patched (eg. like optimization plugin or like Gena preiso....)
But I feel best way (not tested) for NT6x (since %SystemDrive% %99 writable) is something like this:

(modified from bob.omb codebox)

Code: [Select]

If,%TC_Win10_v1709%,Equal,Bigger,Begin
  ExtractFile,%ScriptFile%,Folder,binmay.exe,%ProjectTemp%
  FileRename,%Target_Sys%\Windows.UI.CredDialogController.dll,%Target_Sys%\Windows.UI.CredDialogController_org.dll
  ShellExecute,Hide,%ProjectTemp%\binmay.exe,"-i #$q%Target_Sys%\Windows.UI.CredDialogController_org.dll#$q -o #$q%Target_Sys%\Windows.UI.CredDialogController.dll#$q -s #$q5C004D0069006E0069004E0054000000#$q -r #$q5C004E0069006E0069004E0054000000#$q"
  FileCopy,%Target_Sys%\Windows.UI.CredDialogController.dll,%Target_Sys%\Windows.UI.CredDialogController_PATCHED.dll
End

This way, the created project always contain a patched file.

Untested question is:
with unpatched Windows.UI.CredDialogController.dll
will this work:

mstsc_Prepatch_Starter.cmd

Code: [Select]

copy /y "%SystemRoot%\System32\Windows.UI.CredDialogController_PATCHED.dll" "%SystemRoot%\System32\Windows.UI.CredDialogController.dll"
Rem check errorlevel here....
Start "" /D "%SystemRoot%\System32" "%SystemRoot%\mstsc.exe"
exit

ps:
Sorry, I could not study my cmd homework yet, urgent things came up with my life....... and a cmd related question about binmay.exe on other topic ...

slore is correct we need to add checking to make sure SwitchtoAdmin plugin is enabled before patching the file for both XPE and SE and Lance is correct too, I think the total size with all three files is around ~300k.  Not enough to warrant removing any... (I am out right now when I get back I will for SE)

slore is correct we need to add checking to make sure SwitchtoAdmin plugin is enabled before patching the file for both XPE and SE and Lance is correct too, I think the total size with all three files is around ~300k.  Not enough to warrant removing any... (I am out right now when I get back I will for SE)

If that is the case:
-->

Code: [Select]

If,%TC_Win10_v1709%,Equal,Bigger,Begin
  FileCopy,%Target_Sys%\Windows.UI.CredDialogController.dll,%Target_Sys%\Windows.UI.CredDialogController_ORIGINAL.dll
  ExtractFile,%ScriptFile%,Folder,binmay.exe,%ProjectTemp%
  FileRename,%Target_Sys%\Windows.UI.CredDialogController.dll,%Target_Sys%\Windows.UI.CredDialogController_org.dll
  ShellExecute,Hide,%ProjectTemp%\binmay.exe,"-i #$q%Target_Sys%\Windows.UI.CredDialogController_org.dll#$q -o #$q%Target_Sys%\Windows.UI.CredDialogController.dll#$q -s #$q5C004D0069006E0069004E0054000000#$q -r #$q5C004E0069006E0069004E0054000000#$q"
  FileCopy,%Target_Sys%\Windows.UI.CredDialogController.dll,%Target_Sys%\Windows.UI.CredDialogController_PATCHED.dll
End

this way switch to admin can be sure with copy Windows.UI.CredDialogController_ORIGINAL.dll  -> Windows.UI.CredDialogController.dll
 

Sorry, no time to test and provide some solid working ways, only posting my ideas with simple codes around about things I notice.....

Time to go, See you....

Bob, I do have an check for %Admin% before patch..
But as lance stated - that patched file can be overwritten - later in build

Edited Prior Post and Attachment Above - to include OPTION to use ChrisR's Launcher.cmd or Use Patched.dll

Hi, Lancelot

Thanks for good news, minint regdelete/write workaround also used with Paragon Partition Manager , I do not know if same workaround works with Teamviewer etc...

good to new the new effect.

Due to the nature of Type3 projects (Win10XPE and WimBuilderUI .....) which always extracts and overwrites from source (unlike Type2 SE) patched file can be overwritten...

WimBuilderUI has a design for this

put the patch code to last.bat, I will do after file extracts.

batch call order:

Code: [Select]

Projects\<project>\main.bat
Projects\<project>\selected_patch1\**\main.bat
Projects\<project>\selected_patch2\**\main.bat
...
Projects\<project>\selected_patch1\**\last.bat
Projects\<project>\selected_patch2\**\last.bat
...
Projects\<project>\last.bat

Check the file exists in script is wast time for me.
also I consider about AddFiles cache for record what added, but no need for now.
should for folders like CatRoot\ (too many files extracted)

Untested question is:
with unpatched Windows.UI.CredDialogController.dll

I tested with renaming the patched file, works.(That's why I suggest to keep Windows.UI.CredDialogController_org.dll)

ps:
Sorry, I could not study my cmd homework yet, urgent things came up with my life....... and a cmd related question about binmay.exe on other topic ...

This month I'm working with noel for the MTP support(THIS is another story about MiniNT key, but be difficult as services.exe startup very early, and it is Protected Process any modifition cause BSOD),
WimBuilderUI is also pending...

But good is WimBuilder2's MTP_support patch is ready :)

Just wait noel first update his research.



Sorry for too many [off topic] things.

about the binmay.exe, I reply into the cmd topic.

Over in SE we can always add a line in Finals>PostConfig -or- a plugin just before it, that executes a batch after all the other plugins are run..  Plugins can add to it with TXTAddLine, during build and it can be run before ISO preparation.

Maybe Chris will have a solution for XPE as this could be used for drive mapping, rdc, and now mtp...

Off topic or not this is great news and I know noel is happy about this...

Looking forward to the MTP patch, great work guys! 

Please test - NLA with Credentials Console using default SYSTEM account...
Then
Please test- NLA with Credentials GUI by selecting "Switch To Admin" option..

Summary of Changes:
IF "Connection With Network Level Authentication" Enabled - Then Only "Default.rdp" Modified

IF NOT "Switch To Admin" Enabled Standard RDP Plugin Files and Registry Apply

IF "Switch To Admin" and IF "Use mstsc.cmd Launcher to Get the Credentials Window" Enabled - then Chris's Launcher.cmd Is Used (Edit Registry)

IF "Switch To Admin" Enabled and IF NOT "Use mstsc.cmd Launcher to Get the Credentials Window" - Then Patched Windows.UI.CredDialogController.dll is Used

File Not Patched - Fixed Attachment Above

Code: [Select]

If,%Admin%,Equal,True,Begin
  If,%Launcher_CheckBox%,Equal,True,Begin
    ExtractFile,%ScriptFile%,Folder,%ProgramCMD%,%GTarget_Sys%
    Set,%ProgramEXE%,%ProgramCMD%
  End
  Else,Begin
    Run,%ScriptFile%,Patch_Controller
  End
End

Hi, James

I tested your new plugin(v4).

SYSTEM accout with Console OK. but It is not about the "not extract the 6 additional files...".

I remove the files one by one tested.(SystemPropertiesRemote.exe always be added, confused me for 10+ remove target and rebuild... )

because the Default.rdp by v3 didn't work with NLA by SYSTEM account.

delete it, NLA works, or comment

Code: [Select]

//If,%NLAsupport_CheckBox%%Admin%,Equal,TrueFalse,EchoExtended,"You Need To Enable > Switch To Admin < To Run Network Level Authentication",,,Message,3,Exit

make

Code: [Select]

TXTReplace,%GTarget%\Users\Default\Documents\Default.rdp,enablecredsspsupport:i:0,enablecredsspsupport:i:1
TXTReplace,%GTarget%\Users\Default\Documents\Default.rdp,"authentication level:i:0","authentication level:i:2"

process

Thank You...
Did You Test With "Switch To Admin" Administrator Account ??
To test Patched File Process or Registry trick ??

So the issues resolved for me, since v2, by you are
1) one missing file
2) Default SYSTEM account

Code: [Select]

//--
//If,%NLAsupport_CheckBox%%Admin%,Equal,TrueFalse,EchoExtended,"You Need To Enable > Switch To Admin < To Run Network Level Authentication",,,Message,3,Exit
//--

Code: [Select]

If,%NLAsupport_CheckBox%,Equal,True,Begin
  TXTReplace,%GTarget%\Users\Default\Documents\Default.rdp,enablecredsspsupport:i:0,enablecredsspsupport:i:1
  TXTReplace,%GTarget%\Users\Default\Documents\Default.rdp,"authentication level:i:0","authentication level:i:2"
End

Missing required File

Code: [Select]

\Windows\System32\SystemPropertiesRemote.exe

For - "Switch to Admin" Check

Code: [Select]

If,%Admin%,Equal,True,Begin
  If,%Launcher_CheckBox%,Equal,True,Begin
    ExtractFile,%ScriptFile%,Folder,%ProgramCMD%,%GTarget_Sys%
    Set,%ProgramEXE%,%ProgramCMD%
  End
  Else,Begin
    Run,%ScriptFile%,Patch_Controller
  End
End

For Patch Process I Have - thus Original and patched Versions Kept

Code: [Select]

[Patch_Controller]
If,Not,ExistFile,%GTools%\binmay.exe,ExtractFile,%ScriptFile%,Folder,binmay.exe,%GTools%
FileRename,%GTarget_Sys%\Windows.UI.CredDialogController.dll,%GTarget_Sys%\Windows.UI.CredDialogController_org.dll
ShellExecute,Hide,%GTools%\binmay.exe,"-i #$q%GTarget_Sys%\Windows.UI.CredDialogController_org.dll#$q -o #$q%GTarget_Sys%\Windows.UI.CredDialogController.dll#$q -s #$q5C004D0069006E0069004E0054000000#$q -r #$q5C004E0069006E0069004E0054000000#$q"
FileCopy,%GTarget_Sys%\Windows.UI.CredDialogController.dll,%GTarget_Sys%\Windows.UI.CredDialogController_patched.dll

I would like to VERY MUCH Thank You For your Testing Feedback....

As I Believe both the Registry Trick and Patched.dll
have pretty much been confirmed as working for "Switch To Admin" Administrator Account..

Code: [Select]

Did You Test With "Switch To Admin" Administrator Account ??
To test Patched File Process or Registry trick ??

This must work as I stated...

I tested it 1 minute ago, both SYSTEM/Administrator Account connect with Cred GUI by Patched file.

1) one missing file

I think exe file is definitely unessary, but with remove it from the RDH4.Script, it always in PE, that confused me...
I'm not good at the WinBuilder' script.

RDH4 - Added the File

Code: [Select]

\Windows\System32\SystemPropertiesRemote.exe

Prior versions of RDC and XPE - Did Not

even I deleted it in script.

also my WimBuilderUI with this line commented:

Code: [Select]

;SystemPropertiesRemote
;racpldlg.dll,remotepg.dll,srrstr.dll,SystemPropertiesRemote.exe

it shows up in PE. 

Oh,
the window explorer shell add file has it.

tested with origin winre.wim + RemoteDesktop\main.bat(ONLY), connecting with cred UI by SYSTEM account works.

and there is no SystemPropertiesRemote.exe at all.

so as stated, NLA can't work because the Default.rdp file.