RunAs.exe with /netonly and /savecred simultaneously

RunAs allows a user to run specific tools and programs with different permissions than the user’s current logon provides.
However, the paremeter /netonly and /savecred cannot be used same time.
We can use windows API ‘CreateProcessWithLogonW’ instead.

#pragma comment(lib, "Advapi32")
#include <windows.h>

BOOL RunAsNetOnly(LPCWSTR szUser, LPCWSTR szDomain, LPCWSTR szPass, LPCWSTR szApp)
{
	// VARIABLE
	STARTUPINFOW si;
	PROCESS_INFORMATION pi;

	// INIT
	ZeroMemory(&si, sizeof(si));
	ZeroMemory(&pi, sizeof(pi));
	si.cb = sizeof(si);

	return CreateProcessWithLogonW(szUser, szDomain, szPass, LOGON_NETCREDENTIALS_ONLY,
		szApp, NULL, CREATE_DEFAULT_ERROR_MODE, NULL, NULL, &si, &pi);
}

Get idle time from system services with windows API

There are several methods to get user idle time.

No 1. one of most widely used is GetLastInputInfo.
However, the API returns invalid values when called by system services, because system services are isolated to session 0 and no input triggers signaled.

No 2. second option is WTSQuerySessionInformation.
The 3rd parameter, WTSInfoClass can be set to WTSSessionInfo and WTSINFO structure could be obtained.
API itself can be used by system services, but LastInputTime would not be valid if the API’s called for local (Console) user.

No 3. third option is to build another user mode app with Inter Process Communication (IPC).
To achieve that, service process must launch a new user mode process and communicate each other.
To create user mode process, valid user token should be obtained by WTSQueryUserToken, and then call CreateProcessAsUser with acquired token.

No 4. Querying WMI
System service process can query WMI and obtain Last Input data.
ReadOperationCount would be changed if any keyboard or mouse input occurred.
Query Win32_process, csrss.exe
There were two process handle in my computer. '516' was session 0 (service process) and '12516' was Console session.
SessionId and ReadOperationCount can be found.

Turn On/Off display monitor windows API

To turn off monitor in Windows, SendMessage(HWND_BROADCAST, WM_SYSCOMMAND, SC_MONITORPOWER, (LPARAM)2) is most widely used.
Instead, we can use low-level monitor configuration functions.

BitLocker with CMD

To lock the volume,
C:\>manage-bde -lock [volume]

To unlock the volume,
C:\>manage-bde -unlock -pw [volume]

How to prevent resizing terminal when using screen

# Long time I had this in my private screenrc file. But many people
# seem to want it (jw):
# we do not want the width to change to 80 characters on startup:
# on suns, /etc/termcap has :is=\E[r\E[m\E[2J\E[H\E[?7h\E[?1;3;4;6l:
#termcap xterm ‘is=\E[r\E[m\E[2J\E[H\E[?7h\E[?1;4;6l’
#terminfo xterm ‘is=\E[r\E[m\E[2J\E[H\E[?7h\E[?1;4;6l’

in /etc/screenrc