How to boot machine in safe mode from an outbound connection

Forum / NoMachine for Windows / How to boot machine in safe mode from an outbound connection

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • March 19, 2018 at 08:57 #17915
    Zardoc
    Participant

    Hi Again,

    To add to my never ending quest of knowledge of NoMachine I was looking for (but did not find) instructions on how to boot machine in safe mode from an outbound connection.

    Is this possible? Of course, the next question, how?

    Thanks

    March 19, 2018 at 17:18 #17933
    lis
    Participant

    Keep in mind, that safe mode would maybe not load NoMachine (I don’t know how it is implemented, so try if NoMachine loads in safe mode too)

    If you have true desktop access doing a “SHIFT Key+CLICK REBOOT” will show the advanced config dialog for booting.

    This can be done in 2 seperate ways. The first one is the more safe one, becouse not as much configuration needs to be done:

    1. Open a command prompt with admin acces, enter:
    bcdedit /set {default} safeboot minimal
    The above command with start your computer in safe mode without network drivers

    bcdedit /set {default} safeboot network
    The above command will start to safe mode with network drivers.

    bcdedit /set {default} safeboot minimal
    bcdedit /set {default} safebootalternateshell yes
    The above commands will start a window manager instance with only the command prompt open (no shell).

    bcdedit /deletevalue {default} safeboot
    Execute the above command in a command prompt (in safe mode or normal mode) to start in normal mode again.

    If you successfully enabled the different restart mode, you get the response “The operation completed successfully”.

    You have to click the reboot button within your start menu, to actually start to your configured mode.

    This obviously only works, if you have desktop access to your computer.

     

    The second more powerful, but indefinitely more dangerous option is net rpc. This is the windows equivalent of ssh (without encryption etc).

    First you have to enable net rpc:

    Allow rpc traffic throught firewall
    https://support.microsoft.com/de-de/help/178517/tcp-ports-udp-ports-and-rpc-ports-that-are-used-by-message-queuing

    Enable UAC over network:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy (REG_DWORD32) value 1

    Enable the rpc service (in your system configuration -> services)
    The rpc service depends on various other services, enable DcomLaunch if present.
    Enable Remote procedure call service.
    Set booth services to start -> auto
    Reboot your machine (yes this is important or you have to manually start a whole lot of services in order).

    Try if you can open telnet <winip> 135

    Try to reboot your computer over the net with:
    net use \<yourwinip> /u:<youruser>
    (this will give you a command prompt on the remote pc then enter)
    shutdown /r

    More info here:
    https://msdn.microsoft.com/de-de/library/windows/desktop/dd578505(v=vs.85).aspx

    March 20, 2018 at 14:57 #17951
    kroy
    Contributor

    I reiterate that booting in Safe Mode will mean that connecting via NoMachine to such session will not be possible.

    March 20, 2018 at 15:29 #17954
    Britgirl
    Keymaster

    An FYI to everyone in this discussion, this topic is a spin off from Zardoc’s earlier topic:
    https://forums.nomachine.com/topic/could-not-connect-to-the-server-error-is-11001-host-not-found

    March 21, 2018 at 14:46 #17953
    lis
    Participant

    Ok, in that case you would have to allow the NoMachine services (or rpc) to be executed in safe mode.

    This means you would have to configure all dependencies for NoMachine, to be allowed to load in safe mode.

    Keep in mind that modifying safe mode configurations is dangerous, since Windows depends on the configurations for automatic restoration of drivers etc.

    Start by examining

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control

    which holds the two configurations for the different possible safe mode loading options.

    Each of the subkeys hold a copy of available drivers/services who are whitelisted for loading in safe mode:

    Writing the following into a .reg file and execute it, would allow the windows printer spooler to be whitelisted in the Safe mode with networking.

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Spooler]
    @=”Service”

    You can get a list of all avaliable drivers and services by going throught

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

    Greetings, Louis

    March 21, 2018 at 14:52 #17983
    Britgirl
    Keymaster

    This will work, but remember that before attempting to do anything like this it is strongly advised to make a back up.

    March 26, 2018 at 10:15 #17995
    Zardoc
    Participant

    Hi,

    I must say that I thought that booting into safe mode with NoMachine would be as simple as using TV. It seems that’s not the case.

    I hope that the version with user interface will be simpler to use. I am trying with home tests to see if it is valid to install into our small business.

    I think the software is still for power users and Linux experts. I am in a NoMachine crash course but I must say that I am getting to old for this.

    April 3, 2018 at 10:35 #18083
    Britgirl
    Keymaster

    This particular feature, booting into safe mode and NoMachine starting automatically, is not currently supported. We are evaluating whether it can be added to our roadmap.

    April 3, 2018 at 11:20 #18084
    Zardoc
    Participant

    It would be a welcome feature because we can execute uninstall scripts in safe mode.

  • Author
    Posts
Viewing 9 posts - 1 through 9 (of 9 total)

This topic was marked as solved, you can't post.