Friday, September 24, 2010

Configuring a Virtual Printer Using RedMon 1.7 on Windows 7

The RedMon 1.7 Redirection Port Monitor is an open source product of GhostGum Software, frequently used to configure virtual printers on Microsoft operating systems based on Microsoft Windows NT technology. Among other uses, RedMon is often used to configure a virtual PostScript printer to bypass bugs in printer drivers provided by printer manufacturers (e.g. the current PrintStik driver from PlanOn) or to provide a network print server for clients that don't have native drivers for the shared printer.

RedMon 1.7 was released in 2001, and its design did not anticipate the new security features that Microsoft would add to Windows Vista and Windows 7 (as well as Windows Server 2008 and later.) RedMon extends explorer.exe, which in Windows 7 is started, by default, without the Administrator privileges needed to configure a virtual printer port. Running explorer.exe as an Administrator is deliberately made difficult in post-XP versions of Microsoft Windows, so as to deter the severe security vulnerabilities that may result. The following instructions assume that you are a skilled system administrator with a thorough knowledge of security considerations, and of system administration technologies such as the CygWin toolkit. If you are not in this category, please do not try, and do not blame me if you try and your system becomes compromised and useless because you did.

1. Make sure that you have, and know how to use, a shell tool capable of launching a background process on the Microsoft Windows distribution of your choice. I use XTerm, which runs under XWin from CygWin.com. You will need to have XWin running on your system in advance before you launch a privileged XTerm as described below.

2. Install all the software that you will need. For example, in order to configure a virtual PostScript printer, you will have installed GhostScript, gsprint and RedMon in advance.

3. Back up the system, so that you will be able to restore it if it becomes compromised while explorer.exe is running in privileged mode.

4. Before you run explorer.exe as Administrator, cut off all potential vectors through which a privileged instance of explorer.exe can be exploited (and through it, your system.) Shut down all applications that can act as web or e-mail clients, and do not start any such applications again until you have finished configuring the virtual printer. Physically unplug the network from your computer if you can. If you can't, disable all external network interfaces. If you are administering remotely, make sure that the network you are using for remote administration is physically isolated from non-secure networks, and disable all external network interfaces other than the one you are using.

5. Start a privileged instance of your shell tool. For example, right-click XTerm in the Start->Programs menu and select "Run as Administrator." Then change directory in this shell tool to /cygdrive/c/Windows or equivalent.

6. Use the Task Manager to kill the default instance of explorer.exe.

7. Background a privileged instance of explorer.exe with your shell tool. For example, in the above privileged instance of XTerm give the command "./explorer.exe &".

8. Configure your virtual printer.

9. Use the Task Manager to kill the privileged explorer.exe and to start a new default instance.

10. Restore network connections.

Most administrator tasks that worked in Windows XP but don't work in Windows 7 can be made to work with a work-around similar to the above.

7 comments:

Unknown said...

Awesome technique; good to know. There is an easier and less scary way, however. Just open the Print Management console in Administrative Tools (%systemroot%\system32\printmanagement.msc), which runs with administrator privileges.

Adam Reed said...

Michael: Thank you. Did you actually get a RedMon-based virtual postscript printer to work, by configuring it through Print Management in Administrative Tools? (Since RedMon extends Explorer, I would not have expected it to be visible there - but I'm always ready to be pleasantly surprised...)

Unknown said...

Thanks Michael, I've just converted to 7 and been going crazy without my redmon. Your solution worked a charm, especially when i copied the cscript engine out of the windows system32 directory. Small issue that the redirect runs in a secured space, thus cannot interact with the user, but there are other ways to handle that

Marco said...

Michael...thanks a lot, like say here: "you kill the snake and show the stick!!"
Regards fron Brazil.

Marco

bowzee said...

Using Windows 7 I get "A program running on this computer is trying to display a message" every time I print. I imagine that the sOutputFile option is not being interpreted properly. Does anyone know how to solve this? (disabling the Interactive Services Detection is not a solution)

Franjo said...

you can also run a command prompt as admininstrator, as use it to launch the explorer.exe (After killing it first)

Michael said...

nice, but how do you get rid of ""A program running on this computer is trying to display a message" or did I do something wrong?