Windows Arm X64 Emulation

[Charise Farag]

Iam new to a Windows server/domain environment, how can an administrator emulate another (Active Directory) user? For example, I would want to login a Windows XP machine/server (under the domain) as another user (that is not mine, via emulation). Let's assume I have administration rights.

I understand there's a "Run As..." but it's not the same as you still need the password. I'm just looking to emulate the environment so I can reproduce user issues without the user being present. I know there are things like copying the users profile folder, but doesn't grab everything (registry etc) and is somewhat a hackish approach.

Cannot be done. Even if you could, it would be highly improbable to accurately reproduce the user's issues without them being present to show you exactly what their doing. RunAs is the closest thing, but if you want to troubleshoot user issues it's a multi-step process that I recommend:

1)Keep a workstation configured the same way a user's machine is configured, and 2)Log in with a local non-privileged account. Once that's done, 3) Try to reproduce the issue. This will help you narrow down the problem to either an issue with the user's computer, account, or the environment respectively. I know I'm telling you things you probably already know but I felt like my first paragraph wouldn't have made a complete answer by itself.

The closest you can get under Windows is to create a test user with the same group memberships. If you need to debug something with their profile, the accepted process is to do this via Remote Assistance or similar tool, which allows the user to keep an eye on what you're doing.

It's about audit trails. Windows account information is often used in creating logs and audit trails, and for this reason when using Active Directory it is entirely inappropriate for an admin to log in as a user. You want the admin's name rather than the user's attached to anything done, even while debugging an issue.

A big part of the reason for this is to protect users from administrators. When I issue an account to a user, as an administrator I can still do a lot of things, but the one thing I cannot do is sign that user's name to something. I can even take over a user's account; it's just that to do it, I must change their password first.

This is a good thing! It helps protect end users from rogue admins. If an admin takes over a user account for bad things, that user's name will still end up on any logs. But the user will know, because they won't have access to the account any more. Admins are never privy to user passwords, and so the admin will be unable to silently restore the account to the user. This gives the user a chance to log a complaint and defend against the admin's actions.

At least, that's idea. As a practical matter, if I were really that underhanded and I wanted someone else's name on something, I could probably craft a script to accomplish the deed and assign it to user as a login script or similar. Additionally, I suspect most admins could talk themselves out of a password reset case before the user knew what had happened... or even leave it up to a level 1 help desk tech. So nothing is perfect. But at least in that latter case a record of the reset would exist somewhere as well.

An example would be an instance where a user was not present when the admin/tech was available to assist. If the admin could emulate the user (log into the user account without changing the password) and fix whatever issue, there is nothing to indicate that an audit trail could not still occur, indicating that the users account had been emulated by whatever admin. Given that admins essentially have full control over all users accounts, there is no reason to exclude emulation as a solution.

Like all good tools, emulation would also get abused by attackers who believe they can utilize it in order to compromise Windows. Perhaps to combat this, emulation could be enabled or disabled via group policy for the sys admins that would opt to use it. Or perhaps this could be joined into the users account in AD in such a way that it could be toggled on and off with a check mark just as it's possible to enable or disable an account in said fashion.

(untill now my application ran with our own scheduler so we had the source code and we could compile it however we would like ... for example called the application from matlab as a mex function. each call to the application "ticked" our scheduler timer).

What version of SYS/BIOS are you using ? I believe emulation under windows was supported a long time ago in early versions of SYS/BIOS. The more recent versions of SYS/BIOS do not support this feature.

In reality, the java.exe windows stays open. At that point, if I run firebase emulator:start again, I get an error saying that the emulator's ports are being used. If I close the java.exe windows manually and run the emulator again, it all works as expected.

I'm using Windows 10, powershell and VS code. I'm not looking for a hack to clear the ports as I can simply close the java.exe windows. I want to know how to close all of it in one fell swoop within powershell. Is there such a thing? Is this an issue I should be reporting?

Maybe there is a better way but after being baffled myself for ages I'm glad I found something that works at least.After you have done it a few times it gets quick enough to do it whenever you need to.

I was having the exact curiosity as Philipp Philippov thx for the explaination. Bu I have an additional question, concern: What about the logs those are created thousands maybe millions in a month? Do you have any advice to get rid of "trusted source" logs?

Also in my case my ISP cache system is in action and destination is NOT *.download.windowsupdate.com/*. So what we should do in this case? How are we supposed to get rid of thousands of MS update files to be scanned?

But anyway if you would like to disable benign file logging (which disables logging of ALL benign verdicts) you can do this in the advanced section of the TE settings in your relevant Threat Prevention profile:

I understand your approach to my question, but in my case; I have limited internet bandwith (my country conditions) and lots of internal requests behind it. My question also contains another approach which is to exclude both global known file download scanning processes and logs. So according to your approach, yes I will be able to disable benign file logging, but not the whole job. That's why I asked how to "globally exlude" known/trusted URLs or destinations from the TE scans and also exclude the logs.

Question: how do I remove all the application that emulate a Microsoft Windows environment? Does anyone know of a site that list all the available MAC software that runs natively on MAC OS X, does not use an windows emulator? I migrated form SUSE Linux, which I used for about 2 years. It is still better then MAC OS X but hardware support is terrible. I was attacked and infected by a malicious web site claiming I had opened a illegal web page and was now being tracked by the CIA. It claimed I had pay a fine to have the infection removed. I am certain this got in through a windows script or EXE while I was using Firefox. I have removed all traces of Parallels which was running at the time of the infection. I have since recovered thanks to time machine. However I want to remove all the applications that allow a windows based program to run on the MAC OS. Warning to all MAC users; running emulation software on your PC will probably result in being infected if you surf the web.

SUSE is a valid OS, but I agree that searching for the exact correct device driver for the exact hardware (especially graphics) you have is difficult. Which is why I have to respect OSX because despite its "limited support", it is very stable in supporting the specially selected hardware in Apple systems.

When you remove Windows virtualization applications, be sure you don't do it manually (by throwing stuff in the Trash). Use the application's official uninstaller whenever possible! The reason is that virtualizers often install kernel extensions and other files in the various system support folders that you won't easily find just by looking around.

Again technically that is not completely correct. A Windows virus can certainly infect a virtual machine, but if it is written for Windows it cannot run on OS X and therefore cannot install itself into and damage OS X.

There are ways that a Windows virus can trash parts of a Mac disk when run from a Windows virtual machine. For example, if you allowed the Windows virtual machine to have write access to one or more OS X folders, when Windows is running the virus could erase or damage files in those folders. But that's not the same as infecting OS X.

I was attacked and infected by a malicious web site claiming I had opened a illegal web page and was now being tracked by the CIA. It claimed I had pay a fine to have the infection removed. I am certain this got in through a windows script or EXE

First, note that there's not a Windows script or .exe on the planet that can infect a Mac. Even if you manage to make it run in emulation, it still can't infect your Mac. It's simply not built to do so, and in most cases has limited to no access to the Mac file system anyway.

Second, that web page you encountered is not malware of any kind. It is simply a web-based scam that uses nothing more than JavaScript to prevent you from easily navigating away from the site. Once you're off that page, you're fine... there are no lingering effects, and no malware to be removed. See the following description of one variant of this scam:

There is no single way because it depends on how each individual program is set up by its developers. You may be able to uninstall some by dragging to the trash, you may be able to run an uninstaller, but because those apps all come from different developers, to know for sure you should look up the installation/uninstallation notes for every title you come across.

3a8082e126