this post was submitted on 26 Jan 2024
51 points (96.4% liked)

techsupport

2447 readers
1 users here now

The Lemmy community will help you with your tech problems and questions about anything here. Do not be shy, we will try to help you.

If something works or if you find a solution to your problem let us know it will be greatly apreciated.

Rules: instance rules + stay on topic

Partnered communities:

You Should Know

Reddit

Software gore

Recommendations

founded 1 year ago
MODERATORS
 

Because i am local admin and i'm authorized to do whatever i want, i can use process explorer.

But i want to use taskmgr.exe

The exe is signed by microsoft

all 18 comments
sorted by: hot top controversial new old
[–] [email protected] 65 points 9 months ago* (last edited 9 months ago) (2 children)

That's not a standard Windows prompt, looks like some third-party application is intercepting the call.

Check the registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options - for a key named taskmgr.exe. If it exists, see if the taskmgr.exe key has a value called Debugger. If so, delete the Debugger value, or rename the taskmgr.exe key to e.g. taskmgr.exe.old.

Then try launching Task Manager again.

If there's nothing in the registry, you could monitor the process tree in Process Explorer and watch what happens when you execute taskmgr.exe. You could also use Process Monitor if you want to dig deeper and find out exactly what's happening - you can filter out Microsoft processes to make it easier to see all thirdparty software interactions.

[–] [email protected] 32 points 9 months ago (1 children)

Yes! Thanks It intercepted the call and launched taskmanagerlauncher.exe

[–] [email protected] 12 points 9 months ago (1 children)

Which tells me that the actual executable may have been unprotected. I'd be curious if you run the exe directly if it would give you the same prompt.

[–] [email protected] 4 points 9 months ago

No, when the reg key is present, it launched the launcher even when doubleclicking on taskmgr.exe

[–] [email protected] 14 points 9 months ago

Doing something like this on a work pc is a good way to get written up.

[–] [email protected] 30 points 9 months ago (1 children)

I’ve never really understood this approach. If my work laptop prevents me from doing work, I open a ticket, cc my boss, and move on with my life. I’ve got enough other stuff to do and why take on the risk associated with circumventing company security controls just to get that TPS report in on time? I’ve got documentation showing that I tried and couldn’t complete the work because of the security control.

[–] [email protected] 20 points 9 months ago

This is the right way to do it. Make it clear this IT process is causing reduced performance. Especially if you're a profit centre you will likely see the problem solved soon enough.

This specific thing. A password on task manager is really dumb though. I assume they have some spyware they don't want users to be able to stop. But, most of this kind of software (think antivirus) generally have other ways to prevent tasks being closed. They don't need to remove task manager. Task manager is an important and needed tool for any windows user.

[–] [email protected] 15 points 9 months ago (1 children)

Task manager can have a password?

Anyway, it looks suspicious. Resolution of that window is not quite right, it's fuzzy. Though I now see you said the .exe is signed, so I guess it's just some scaling bug.

[–] [email protected] 9 points 9 months ago* (last edited 9 months ago) (1 children)

It's a screenshot from Intel amt remote admin session so it's scaled& compressed

But indeed now that I notice, it's weird that the text "enter password" is out of focus compared to the other crispy text.

But maybe it's because everything is scaled 150% and that window doesn't support scaling

[–] [email protected] 2 points 9 months ago (1 children)

No, that's not what I meant. The window and text around looks fine. I meant the content of the window, that prompt itself.

[–] [email protected] 6 points 9 months ago

there was a 3rd party exe that intercepted the call and asked for the password

[–] [email protected] 3 points 9 months ago

Alternative: Download sysinternals tools from Microsoft, procmon is way better anyways and portable.

https://learn.microsoft.com/en-us/sysinternals/