Category Archives: Howto Tutorials (EN)

Howto Tutorials English Contribution Howto’s and Tutorials unblog technical contribution for professionals

Launch AnyDesk from KeePass

Launch AnyDesk Remote Desktop Remote Access from KeePass

KeePass is a useful tool for administrators in their daily work in system maintenace and administrative tasks. AnyDesk is also often used, other remote maintenance software, such as Teamviewer, or VNC Viewer for remote desktop remote maintenance, also SSH terminal sessions to server and network devices are required.

This post shows how to build an AnyDesk Remote Desktop session to a computer directly from KeePass.

KeePass enables an external program to be executed out from an item with the transfer of parameters such as host name or address and the user credentials for authentication. To do this, add a new entry in KeePass with choose Add Entry to creates a new target.

Launch AnyDesk Remote Desktop Remote Access from KeePass

In the General tab, the computer name is entered in the Title field. For User name the AnyDesk alias which is usually the computer name (hostname), alternatively the AnyDesk ID can be used. The AnyDesk password is entered in the Password field.

The KeePass URL to pass the parameters to AnyDesk:

After the entry is saved, the AnyDesk Remote Desktop session is started with a double-click in the URL column, or with the key combination Ctrl + V.

Double click URL to connect AnyDesk Remote Desktop
AnyDesk Alias is the hostname

AnyDesk Alias is the hostname, or the ID that is displayed with 9 digits on the remote computer. The hostname (alias) is transferred to AnyDesk with the User name field as the USERNAME variable with the password as a parameter from KeePass.

Windows Trusted Installer with AdvancedRun

Run the SYSTEM and Trusted Installer service account with AdvancedRun

One would think that as an administrator authenticated to Windows, you have all the permissions to make changes in the registry, also under HKLM/SECURITY, to install software, or to change, overwrite or delete files and directories.

Windows service account SYSTEM and Trusted Installer are owner of system files and registry keys

Trusted Installer is a service account used by the Windows Modules Installer Service. The Trusted Installer service running under the Trusted Installer user has exclusive permissions to everything related to Windows updates and optional Windows components.

Windows uses the SYSTEM account at logon for internal tasks and processes, it manages the rights of the SYSTEM account itself. If you look in the user management, you will notice that this account does not appear there, and it can not be added to the group.

Administrators may be required to run programs in the context of the SYSTEM or Trusted Installer accounts if they own files and registry keys. Since the Windows on-board resources do not provide an adequate procedure for this task, free tools can take over this task.

Administrators could take ownership of files and folders owned by SYSTEM or Trusted Installer. However, this would potentially affect system services and processes if the owner is not undone.

It is better to run programs such as regedit.exe or Explorer under these accounts to modify files or registry entries that belong to these particular service accounts.

Run Program with AdvancedRun as SYSTEM und Trusted Installer

Nirsoft’s AdvancedRun utility makes it easy to run programs with many options as special users in Windows.

AdvancedRun has many useful features

AdvancedRun has many useful features beyond running as a SYSTEM or Trusted Installer. It is also allowed to run as NetworkService or LocalService.

AdvancedRun Features:

  • Run program with user of another running process
  • Run a program as another logged-in user without knowing and having to enter their password.
  • Run RegEdit as a SYSTEM user. In this mode you can access the key HKEY_LOCAL_MACHINE\SECURITY.
  • Run high-priority programs
  • Use other PATH environment variables without changing the actual PATH

AdvancedRun can be downloaded here.

Credential or ssl vpn configuration is wrong

FortiClient Error: Credential or ssl vpn configuration is wrong (-7200)

When trying to start an SSL VPN connection on a Windows Server 2016 or 2019 with the FortiClient, it may be that the error message “Credential or ssl vpn configuration is wrong (-7200)” appears. The reason to drop connection to the endpoint during initializing caused by the encryption, which can be found in the settings of the Internet options.

According to Fortinet support, the settings are taken from the Internet options. The Internet Options of the Control Panel can be opened via Internet Explorer (IE), or by calling inetcpl.cpl directly.

Windows Logo + R

Press the Win + R keys enter inetcpl.cpl and click OK.

Run inetcpl.cpl
Internet Options Delete personal settings

Select the Advanced tab

Disable use TLS 1.0 (no longer supported)

Click the Reset… button. If the Reset Internet Explorer settings button does not appear, go to the next step.

Click the Delete personal settings option

Click Reset

Add website to Trusted sites

Add the SSL-VPN gateway URL to the Trusted sites. Usually, the SSL VPN gateway is the FortiGate on the endpoint side.

Internet Options Trusted Sites

Go to the Security tab in Internet Options and choose Trusted sites then click the button Sites. Insert the SSL-VPN gateway URL into Add this website to the zone and click Add, here like https://sslvpn_gateway:10443 as placeholder.

Note: The default Fortinet certificate for SSL VPN was used here, but using a validated certificate won’t make a difference.

Furthermore, the SSL state must be reset, go to tab Content under Certificates. Click the Clear SSL state button.

Internet Options Clear SSL state

The SSL VPN connection should now be possible with the FortiClient version 6 or later, on a Windows Server 2016 or later, and also on Windows 10.