The Core Technologies Blog

Our Software // Windows Services // 24×7 Operation


OneDrive Can’t Be Run Using Full Administrator Rights

Administrator rights not allowed

OneDrive hates admin rights

A customer looking to run OneDrive as a Windows Service with AlwaysUp recently contacted our support team for help. Even though he had diligently followed our step-by-step tutorial, his files were not being synchronized as intended. OneDrive refused to refused to work as a service!

After confirming that his files were not being copied, our support team launched OneDrive “in this session” — to see the normal tray icon and check if an error was being reported. We were greeted by this puzzling error message:

OneDrive can't be run using full administrator rights

So it seems that OneDrive doesn’t like to be run with admin rights. And the customer’s account was a member of the Administrators group — which is recommended for smooth operation as a Windows Service with AlwaysUp.

UAC enables an administrator to run OneDrive normally

But why does OneDrive work at all in the customer’s admin account? Why doesn’t the software complain when he starts OneDrive normally on his desktop?

The answer lies with Microsoft’s User Account Control (UAC) security feature. By default, applications started interactively are run with lower, non-admin privileges. This happens for all accounts — even for administrators. OneDrive seems to require that lower privilege context to do its work. Indeed, in this OneDrive desktop FAQ, Microsoft confirms that UAC is what enables OneDrive to be started by an administrator. If we removed UAC from the equation (by by right-clicking on OneDrive.exe and selecting “Run as administrator”) we were able to reproduce the error straightaway.

But while UAC restricts rights for the desktop user, UAC is not in play when running in the context of a windows service. Services are always run with the highest privileges. We must find a way for our customer to start OneDrive with reduced rights to avoid the error.

How to launch OneDrive with reduced rights from AlwaysUp

Our new Run with Restricted Rights command-line utility comes to the rescue. Here are the steps we performed to get the customer up and running:

  1. Download RunWithRestrictedRights.exe (it’s free).

    Save it to a new folder on your hard drive. We suggest C:\Tools.

  2. Start AlwaysUp.

    Double-click your OneDrive service to edit it.

  3. In the Application field, enter the full path to RunWithRestrictedRights.exe.

    In the Arguments field, enter the full path to your OneDrive executable, enclosed in quotes. It should look something like this:

    “C:\Users\[USER-NAME]\AppData\Local\Microsoft\
    OneDrive\OneDrive.exe”

    where [USER-NAME] is the name of your Windows account.

  4. Save your settings.

With this new setup, AlwaysUp will start RunWithRestrictedRights.exe, which will launch OneDrive with diminished permissions. You should not see the “full administrator rights” error anymore.

Note that we plan to add the capability to run an application with diminished rights directly from AlwaysUp. That feature will probably included in AlwaysUp version 10.3, which should released to all customers in September/October.

Posted in AlwaysUp | Tagged , , , , | Leave a comment

How to Confirm that OneDrive is Synchronizing your Files

OneDrive Synchronizing with Windows

AlwaysUp is designed to run OneDrive all the time — starting it when your PC boots and keeping synchronization going 24×7 despite failures or other unexpected interruptions. You don’t even need to log on!

But to gain those benefits, AlwaysUp must launch OneDrive in the background as a Windows Service. In that situation, described in our tutorial showing how to setup OneDrive as a Windows Service, OneDrive’s usual “cloud” icon won’t appear on your taskbar. You won’t see the informative icon overlays beside the files and folders being synchronized either. And without those visual elements, how do you know that your important files and folders are being copied to and from the cloud?

Perform this easy 4-step test to prove that your files are protected:

  1. Start OneDrive in AlwaysUp

    From AlwaysUp, select “Start OneDrive” from the “Application” menu:

    Your service should transition to Running after a few seconds. Clicking on the green circle should reveal details of the running process:

    Please consult our online troubleshooter or get in touch if you can’t get this far!

  2. Wait for five minutes while OneDrive starts

    OneDrive can take a while to initialize itself — especially if it has a long list of files and folders to synchronize. This is a good opportunity for you to:

    OneDrive should be ready and waiting when you return.

  3. Create a new file in your OneDrive folder

    Open your OneDrive folder in Windows Explorer. Right-click in the files area (on the right), select New > Text Document and give the file a suitable name:

    We called our file “TestSync.txt”:

  4. Login to OneDrive online and confirm that the new file is there

    Sign in to your OneDrive account and browse to your files. The new text file should be listed, as it was for us:

    If you don’t see the new file, do a few more stretches and try again. Sometimes OneDrive can be a bit slow…

What should I do if my file didn’t show up?

If your new file wasn’t listed online, something is definitely wrong with your setup. We’re here to help! Please get in touch so that we can get you going ASAP.

Posted in AlwaysUp | Tagged , , | Leave a comment

Why Does Windows SmartScreen Flag Our Software?

Windows SmartScreen Filter Warning

Last month we released a new version of our popular run-anything-as-a-windows-service software, AlwaysUp. Everything was going smoothly — until we encountered a very alarming situation while testing the new software on Windows 10!

After downloading the new AlwaysUp installation executable with Microsoft Edge, the browser asserted that “AlwaysUp_Installer.exe is not commonly downloaded and may harm your computer”. WHAT??

Clicking the Actions button gave us the option to “Run Anyway”, and the installation completed without further incident, but the whole experience left our team worried and full of questions. Specifically:

  • Why did this suddenly start happening?
  • How will our customers react to Microsoft’s unfounded suspicions?
  • And most importantly, how do we get rid of the chilling warnings?

SmartScreen Complains because our Software is “New”

Apparently we’re not the only developers tormented by SmartScreen. Warnings are common, especially for small software companies like ours. The “Criticism” section of the Wikipedia article on SmartScreen Filter says it best:

SmartScreen Filter creates a problem for small software vendors when they distribute an updated version of installation or binary files over the internet. Whenever an updated version is released, SmartScreen responds by stating that the file is not commonly downloaded and can therefore install harmful files on your system.

Only a Few Customers are Blocked by SmartScreen Filter

To date, only one customer has asked about SmartScreen’s warning. We had expected hundreds! Fortunately there are a few reasons why many customers aren’t being tripped up by Microsoft’s overly cautious approach:

  1. Our products are digitally signed for security and authenticity. SmartScreen takes this as a positive sign and is likely to avoid prompting all customers all the time.
  2. Prior to Windows 8, SmartScreen Filter was a part of Internet Explorer. Thus customers using Chrome or Firefox on Windows 7 and Server 2008 will never encounter SmartScreen warnings.
  3. After testing downloads on Windows 8, 10 and Windows Server 2012 and 2016, we only received warnings on Windows 10 with Edge.

So it seems that SmartScreen warnings are largely limited to customers using Internet Explorer or Edge. Metrics gathered from our website (via the incredibly useful StatCounter) tell us that only about 11% of all visitors are using those browsers:

Time (and Good Behavior) will Disarm SmartScreen Filter

We hoped for a simple solution: Inform Microsoft that our software is 100% safe and they would promptly update their SmartScreen database to remove all warnings. All would be right with the world. But SmartScreen doesn’t work like that.

SmartScreen is reputation based. Each time someone downloads our software package and declares that it is safe to install, that executable gains some positive reputation. Once enough people have successfully installed and the accumulated reputation crosses some magic threshold, the warnings disappear. Only an established track record of doing no harm will halt the SmartScreen dogs.

Indeed, after a couple of weeks the warnings for AlwaysUp version 10 seems to have gone away:

Yay!

Posted in Windows | Tagged , , , , | Leave a comment

AlwaysUp Version 10 Released: Keep Your Windows App Running 24/7/365


Version 10 of AlwaysUp, which runs any application as a Windows Service, was released last month. The major changes include:

  • Improved compatibility with Microsoft’s latest OS, Windows Server 2016.
  • Several annoying Data Execution Prevention (DEP) issues on Windows 8 & 10 were resolved.
  • A new command line switch to grant the service user access to the current desktop was introduced.
  • When stopping a group of services, an alert is no longer shown when a long-lived service exceeds the 1-minute time limit.
  • If necessary, the service account is now granted full access to the window station and desktop objects when starting in the current session.

As usual, please review the version history for the full list of features, fixes and improvements included in this release.

Upgrading to AlwaysUp Version 10

As per our upgrade policy, customers who purchased AlwaysUp 9 (after September 2014) can upgrade to version 10 at no additional cost. Just download and install “over the top” to preserve your existing applications an all settings. Your registration code will continue to work.

If you bought AlwaysUp version 8 or earlier (before September 2014), you will need to upgrade to use version 10. Please purchase upgrades here — at a 50% discount.

Enjoy!

Posted in AlwaysUp | Tagged , | Leave a comment

How to Turn Off OneDrive Automatic Updates


Automatic software updates are usually very welcome. You get bug fixes, security enhancements and the latest and greatest features, all without lifting a finger!

But automatic updates have a dark side as well. What happens if an update, which usually involves shutting down the software, takes place at a “bad” time and interrupts the application when it is busy with an important task? Or worse — what if a newly updated version introduces a defect that causes the software to fail in the wee hours of the morning when no one is there to fix it? The potential for problems like these should give anyone operating a 24×7 environment serious pause when weighing the pros and cons of automatic updates!

Such is the dilemma facing our customers running OneDrive 24×7 as a Windows Service with AlwaysUp. As seen in the screenshot of the OneDrive installation procedure above, OneDrive is free to download and install updates whenever it likes. But perhaps we can do something about that…

OneDrive is Auto Updated by a Scheduled Task

A little detective work using Microsoft’s excellent autoruns utility led us to realize that OneDrive installs a scheduled task called OneDrive Standalone Update Task v2 to perform its updates. Here it is in the Task Scheduler — configured to run “OneDriveStandaloneUpdater.exe” once daily when the Administrator is logged on:

OneDrive Standalone Update Task

The task’s history confirms that the update check is indeed firing at a random time each day:

OneDrive Scheduled Task - History

This is how OneDrive updates itself!

Disable the Scheduled Task to Prevent OneDrive Auto Updates

To prevent OneDrive from automatically updating itself, simply disable the scheduled task. Right-click on the entry in the Task Scheduler and select Disable from the context menu to do the trick:

Disable OneDrive Scheduled Task

With the task disabled, the auto-update will no longer run and you will be stuck with the version of OneDrive currently installed. Great!


Now please don’t forget to update OneDrive occasionally — to get those important bug fixes, security enhancements and exciting new features. But do so in a safe, controlled environment at a time of your choosing, when you can perform the necessary testing and avoid unwelcome surprises.

Posted in Miscellaneous | Tagged , , , | 1 Comment

Automatic Update Breaks Google Drive Windows Service

Google Drive Problem


Google Drive Service Not Synchronizing Files on Windows

Last Thursday Jeremy Farber from Securis reported a problem with his Google Drive Windows Service:

Having an issue with Google Drive where the sync doesn’t seem to take place right away. Any thoughts on what would cause this? I really need the sync to happen like it would normally when a file hits the folder it syncs.

Now problems like this can be difficult to troubleshoot when the application is running invisibly in the background (in Session 0). We advised Jeremy to restart Google Drive in the current session — to show Drive’s tray icon and windows on his desktop.

But Drive still refused to sync. It threw up a curious error:


After some detective work, Jeremy found the problem. A recent automatic software update had broken the Drive desktop client!

Beta Version of Google Drive Released By Mistake

Here is what the king of search reported on its status dashboard at 2:41 PM Eastern:

We’re aware of a problem with Google Drive affecting a significant subset of users. The affected users are able to access Google Drive, but are seeing error messages and/or other unexpected behavior. We will provide an update by 3/16/17, 3:41 PM detailing when we expect to resolve the problem. Please note that this resolution time is an estimate and may change.

Some users of the Google Drive Sync client will be receiving the error message “Sorry, Backup and Sync needs to quit.”

We have identified the root cause of the issue and are implementing a potential fix now.

So it seems and a buggy version of the Drive desktop client (soon to be renamed “Backup and Sync”?) was inadvertently pushed out to thousands of computers. Ouch!

Thankfully the disruption only lasted until 7:22 PM EDT. Again, from the status page:

The problem with Google Drive should be resolved. We apologize for the inconvenience and thank you for your patience and continued support.

The Windows client will automatically update with this fixed version within the next 10 hours. Alternatively, affected users can download the updated version of the client from https://www.google.com/drive/download/. Affected Windows 10 users may be required to sign in to their Google account within the client.

A Cautionary Tale If You Need Google Drive To Stay Up 24/7!

Unfortunately this isn’t the first time that automatic updates have caused trouble for our customers using Google Drive. This article describes similar adventures that occurred in June of 2013.

But this most recent episode reminds us of the perils accompanying automatic updates. Despite the best of intentions, the same powerful system that distributes important security fixes and improvements will happily deliver corrosive bugs and destabilize your previously working software. For this reason, automatic software updates should be viewed with skepticism in professional environments where downtime is costly. Indeed, we recommend disabling updates for your mission-critical programs and scheduling manual upgrades during a safe maintenance window.

Sadly Google Drive doesn’t offer an easy way to avoid auto updates. Disabling a few scheduled tasks should stop the madness but we’ll do some digging and let you know if we come across a less intrusive method.

Stay tuned!

Posted in Miscellaneous | Tagged , | Leave a comment

How do I Find my AlwaysUp Application in Task Manager?

When you use AlwaysUp to launch your mission-critical application as a Windows Service, your program will likely run invisibly in the background (on the isolated Session 0). No windows or familiar tray icon will appear on your desktop — which can make it tricky to confirm that your application is truly running!

Fortunately the Windows Task Manager, which lists every application running on your computer, can come to the rescue. Follow these steps to find your application in Task Manager.

  1. Find your Application’s PID in AlwaysUp

    Each application that is running on your computer is backed by a “process”. And each process has a numeric identifier — a process ID, or PID for short.

    To find the PID of the application that AlwaysUp has started, simply click the green “Running” circle to summon a helpful tooltip with the PID (and several other relevant tidbits):

    Find your application's PID

    Make note of the PID. It is 4728 in the screenshot above, which shows an installation running Dropbox as a service on Windows 10.

  2. Find that PID in Task Manager

    Next, let’s locate the process in Task Manager.

    Please:

    1. Start Task Manager by right-clicking on the Windows task bar and selecting Task Manager from the context menu:

      Start Task Manager

    2. If you see More details in the lower left of the window that comes up, click that text to reveal additional tabs:

      Task Manager - Show More Details

    3. Switch to the Details tab:

      Task Manager - Switch to Details

    4. Note: We’re running on Windows 10, which lists all processes by default. If you are running on an older version — like Windows 7 or Server 2008 — you may have to click the Show processes from all users button (or checkbox) in the lower left to ensure that you see everything running on your PC:

      Task Manager - Show All Processes

    5. Click on the PID column to sort. Then simply scroll to find your identifier from step one.

      Here we’ve located our PID 4728, the instance of Dropbox started by AlwaysUp:

      Task Manager - Find PID

  3. Enjoy!

Posted in AlwaysUp | Tagged , | Leave a comment

How to Disable Automatic Updates when Running MT4 as a Windows Service

MetaTrader 4 (MT4)


MetaTrader 4 (affectionately called MT4) is a very popular Forex trading platform. Several of our customers run the MT4 client as a Windows Service with AlwaysUp, ensuring that their trading platform operates continuously during trading hours.

Automatic Updates can cause Trouble!

MetaTrader will automatically update itself on your PC whenever the folks at MetaQuotes Software produce a new and improved version. This is a great feature when you start and run MT4 normally on your desktop, but the situation is a bit more complicated when MT4 is launched unattended in the background by software like AlwaysUp.

  • What happens if there is a problem updating and MT4 becomes corrupted?

  • Or suppose the update happens at an inconvenient time and causes you to miss an important trade?

  • Or maybe you’ve heard some horror stories about the new version and you want to stick with what you already have!

For these and other reasons, uncontrolled updates should be viewed with suspicion in your 24×7 environment. As the saying goes, “if it ain’t broke, don’t fix it”.

Disable Auto-Updates when Starting MT4 from AlwaysUp

Fortunately there is an easy way to prevent MetaTrader from automatically updating itself. Simply invoke it with the “/skipupdate” command line parameter.

To achieve that in AlwaysUp:

  1. Open your MT4 application settings in AlwaysUp (by double-clicking on the entry or selecting Application > Edit from the menu).

  2. On the General tab, in the Arguments field, enter /skipupdate:

    Add the /skipupdate Parameter

  3. Save your settings.

That’s it. Next time AlwaysUp starts MT4, it will no longer attempt an update.

Now don’t forget to update MT4 manually every now and then — but at an appropriate time when the markets are closed.

Happy trading!

Posted in AlwaysUp | Tagged , , | Leave a comment

My OneDrive Windows Service Doesn’t Work – Help!

OneDrive Windows Service Doesn't Work

Starting Microsoft OneDrive as a Windows Service with AlwaysUp is a great way to ensure that your important files are always up to date! The combination works well, but if you run into trouble, here are a few troubleshooting tips to help you get going:

1. Is the Latest Version of the OneDrive Sync Client Installed?

OneDrive usually updates itself automatically but we have seen situations where that didn’t happen. The software had to be manually updated.

To find the version of OneDrive installed on your system:

  1. Stop OneDrive in AlwaysUp if it is running there.

  2. Start OneDrive normally on your desktop by running this command:

    "%UserProfile%\AppData\Local\Microsoft\
    OneDrive\OneDrive.exe"

    OneDrive’s familiar “cloud” icon should appear in the task tray.

  3. Right-click on the icon and select Settings from the menu:

    Open OneDrive Settings

  4. Switch over to the About tab to reveal the version number:

    OneDrive Version Number

With your version number in hand, please check the sync client release notes to see if you are running the most current build. If not, please download and install Microsoft’s latest version from here. (Be sure to reboot after installing to be safe!)

2. Is Windows is Up To Date?

OneDrive is deeply integrated with the operating system. Occasionally bugs in Windows can cause problems for OneDrive, resulting in some of the most spectacularly unhelpful error messages we have ever encountered:

Something went wrong with OneDrive

If you are unlucky enough to encounter one of these “gems”, please ensure that all recommended updates have been applied to Windows. Updating eliminated the errors for at least two of our customers.

3. Does OneDrive Work Properly Without AlwaysUp?

At this point, let’s take AlwaysUp out of the equation. Are the files on your PC being synchronized with your cloud drive?

We suggest performing the following test:

  1. Stop OneDrive in AlwaysUp, if necessary.

  2. Start OneDrive normally on your desktop by running this command:

    "%UserProfile%\AppData\Local\Microsoft\
    OneDrive\OneDrive.exe"

    Windows Explorer may automatically open the folder with your shared files.

  3. Copy a new file into the OneDrive folder on your PC. Here we’ve copied a picture from the thrilling 2016 World Rowing Junior Championships:

    Copy a File to the OneDrive Folder

  4. Log into your OneDrive account on the web.

  5. After a few seconds, you should see the new file listed:

    File Uploaded to OneDrive

If you don’t see your new file, then something is wrong. You will not be able to run OneDrive as a Windows Service until you resolve the problem(s). Please consult this Microsoft support article which will help you to tackle the most common file synchronization issues.

These nine tips aimed at Windows 10 installations may also be of assistance.

4. Did you Follow our OneDrive Tutorial?

Now that all the previous steps have been completed, please double check that your OneDrive Windows Service has been configured as described in our step-by-step tutorial. In particular:

  • Step 6: Make sure that you have entered the correct username on the Logon tab. This should be the account where you have installed OneDrive; where you have logged in and run it successfully before. Using a brand new service account will not work because OneDrive has not been set up there.

    OneDrive Windows Service Logon Tab

  • Step 8: Check both of the Stop copies… boxes on the Startup tab. This is necessary to empower AlwaysUp to start OneDrive as a Windows Service if another copy is running on the PC (perhaps launched by another user).

    Stop Other Copies of OneDrive

  • 4. OneDrive still Not Working with AlwaysUp?

    And if after all that, your OneDrive Windows Service is not cooperating, please get in touch.

    The wonderful world of Windows Services is filled with many obstacles! However, after a decade of experience, we have a few tricks up our sleeve to get you up and running ASAP. :)

Posted in AlwaysUp | Tagged , , | Leave a comment

When did my Windows Service Start?

Windows Service Uptime

Here are four ways to determine when your windows service last started.

Solution #1: Search the Windows Event Logs with PowerShell

The Windows Event Logs hold a wealth of information about your computer’s activities. Indeed, a new record is added to the System event log whenever a windows service starts or stops.

The easiest way to find your service’s most recent start time is to use a specially crafted PowerShell command to search the System event log. For example, the following line will return the last time the “Print Spooler” service was started:

(Get-EventLog -LogName “System” -Source “Service Control Manager” -EntryType “Information” -Message “*Print Spooler service*running*” -Newest 1).TimeGenerated

Be sure to replace “Print Spooler” with the display name of the service you are investigating!


PowerShell - Windows Service Start Time

Solution #2: Search the Windows Event Logs using the Event Viewer

Instead of running a PowerShell command, you can also search the Event Log manually.

To find the event log record showing when your service was last started:

  1. Open the Event Viewer from the Control Panel (search for it by name).

  2. In the left-hand column, navigate to Windows Logs > System:


    Event Viewer - Open System Log

  3. Click Find… on the right to bring up the Find window. Enter the name of the service and click the Find Next button to highlight the first matching record in the middle panel. We have entered Spooler, for the Windows Spooler service:


    Event Viewer - Find

  4. If necessary, keep clicking the Find Next button until a record saying that your service has “entered the running state” comes up. The Source should be Service Control Manager, and the time your service started will be displayed in the Logged value. The screenshot show that the Print Spooler service last started at 8:04:55 AM on January 7th 2017:


    Print Spooler service start time

Solution #3: Figure out when the Service’s Process was Started

Each running windows service is backed by an underlying process. 99.9% of the time, that process was launched immediately when the service started. So finding the process start time will give us the service start time.

To find out when the service’s process was started:

  1. Determine the process identifier (PID) of the service’s process using the SC command. For a service named MyService, run:

    sc queryex MyService

    (Be sure to enclose the service name in quotes if it contains spaces.)

    Here is the result for the Spooler service:


    Use SC to find the Service PID

    Make a note of the number on the PID line (1276 in the screenshot above).

  2. Next, open a PowerShell window and run:

    Get-Process | select name, id, starttime | select-string <PID>

    where <PID> is the process identifier from step 1. The start time will come back in the result. Here is what we got for the spooler’s process (#1276):


    Run PowerShell Get-Process

Solution #4: Use the System Boot/Up Time (for Automatic Windows Services)

Most Windows Services start when your computer boots and run continuously, 24×7 in the background. For those services, the system boot time is a reasonable approximate.

You can run the built-in systeminfo command to discover when the system last started. Amongst the valuable information systeminfo returns, look for the “System Boot Time” line:


System Boot Time

However, if you’re ever in a situation where you can’t remember the command to use, know that the Task Manager’s Performance tab shows how long the computer has been up (“Up time”). The system boot time is a simple calculation away.


Task Manager - Uptime


So there are four easy ways to find out when your windows service started. Use whichever one best fits your situation. Good luck with your troubleshooting/investigation!

Posted in Windows Services | Tagged , , , , | Leave a comment