Search Results

Search found 16797 results on 672 pages for 'directory traversal'.

Page 101/672 | < Previous Page | 97 98 99 100 101 102 103 104 105 106 107 108  | Next Page >

  • Do best-practices say to restrict the usage of /var to sudoers?

    - by NewAlexandria
    I wrote a package, and would like to use /var to persist some data. The data I'm storing would perhaps even be thought of as an addition for /var/db. The pattern I observe is that files in /var/db, and the surrounds, are owned by root. The primary (intended) use of the package filters cron jobs - meaning you would need permissions to edit the crontab. Should I presume a sudo install of the package? Should I have the package gracefully degrade to a /usr subdir, and if so then which one? If I 'opinionate' that any non-sudo install requires a configrc (with paths), where should the package look (presuming a shared-host environment) for that config file? Incidentally, this package is a ruby gem, and you can find it here.

    Read the article

  • What filesystem comes closest to matching NTFS for support of ACLs, and highly-granular permissioning?

    - by warren
    It seems that most other filesystems handle the basic *nix permissions (ugo±rwx), with maybe an addition here or there. Or can be "made" to handle ACLs through the use of other tools on top of the system. On the wikipedia pages about filesystems (http://en.wikipedia.org/wiki/List%5Fof%5Ffile%5Fsystems & http://en.wikipedia.org/wiki/Comparison%5Fof%5Ffile%5Fsystems), it appears that while some do support extended meta-data, none support natively the level of permissioning that NTFS does. Am I wrong in this understanding?

    Read the article

  • How can I find the names of AD Group policies that a user/pc is using?

    - by Russ
    I am having trouble locating some settings in group policy so I can make changes due to the convoluted nature of our policies. What I would like to be able to do is go to a specific PC and see what group policies are being applied, so I can focus on those policies. My goal would be to clean up the GP's a bit, while allowing me to "walk the tree" to see what people have implemented and what is worthless. Thanks. EDIT: In this specific case, I am looking to find which GP maped drives are configured in. (User Configuration -- Preferences -- Windows Settings -- Drive Maps)

    Read the article

  • Disabling parallel network connections on workstation

    - by sumar
    Is it possible to disable prarallel network connections on workstation, when workstation is connected to corporate LAN? I want to avoid users bypassing Internet access policies by concurently connect to LAN and 3G/Hotspot. We have many developers and they have local administrator rights on workstations. Developers should be able to connect virutual networks (VMware/VirutalPC/Hyper-V/VirutalBox). Other users should be able to use only one network connection concurently.

    Read the article

  • Group Policy dealing with IE zone assignment not sticking!

    - by Brandon
    I have a group policy (which ONLY deals with the zone assignment) -that is continually switching on and off with reboots. I thought it was a conflicting group policy but when I run group policy modeling report it doesn't show any descrepancies that I can see. I thought it may be an issue with one domain controller wasn't replicating my policy change to the other one, but this isn't the case. I checked both domain controllers and they show the same information. The assignment is on a user basis and is in: user configuration > administrative templates > windows components > internet explorer > internet control panel > security and is site to zone assignment.

    Read the article

  • How can I set an arbitrary (non default) attribute for an AD user or AD Contact?

    - by makerofthings7
    I have AD Users, or contacts that are not Exchange Mailbox users, or contacts. I also have a SSO system (Ping Identity... technology similar to Microsoft ADFS), where it leverages the AD Schema attribute: CustomAttribute1 to store information needed for SSO. This CustomAttribute1 was created by the Exchange Schema. I would like to use CustomAttribute1 for both AD Users and AD Contacts, as well as the Exchange equivalent user and contacts. Question Since the Exchange tools will only allow me to modify "Exchange" users, what is the way to modify the AD counterpart? e.g. if the following command sets a mailbox... set-mailbox -Identity [email protected] -CustomAttribute1 [email protected] -WarningAction silentlyContinue What command will allow me to update an AD user (non-mailbox) under the same schema attribute?

    Read the article

  • IIS7.5 Domain Account Application Pool Identity for SQL Server Authentication

    - by user38652
    In Windows Server 2003/IIS6 land we typically create an app pool that runs as the identity of an AD account created with minimal privileges simply for that purpose. This same domain user would also be granted access to SQL Server so that any ASP.NET application in that app pool would be able to connect to SQL Server with Integrated Security=SSPI. We are making a brave move to the world of Windows Server 2008 R2/IIS7.5 and are looking to replicate this model, but I am struggling with how to make the application pool in IIS7.5 run as the identity of an AD account? I know this sounds simple and hopefully it is, but my attempts so far have been fruitless. Should the application pool identity be a 'Custom account' for a domain account? Does the domain account need to be added to any groups?

    Read the article

  • Does Windows 8 support the "start in [folder]" property for shortcuts?

    - by FumbleFingers
    I use Foobar2000 to play music, and for years now I've run it in what they call "portable mode". What that means is that the program itself isn't actually "installed" in the traditional Windows sense. All "non-system" dll's required by the application are in the same folder as the executable; earlier versions of Windows find them there, and everything runs fine. But Windows 8 fails because it doesn't find them. I want things set up this way because I keep Foobar2000 on a portable external hard drive, so I can just move it between different computers without having to go through the Windows install process. With all previous versions of Windows, I could either directly run the application from File Explorer, or create a shortcut on the desktop with the "start in folder" property set to the actual folder containing the program. I can still use the first method, but I want a shortcut! Is there any way to do what I want?

    Read the article

  • Windows 7 Sharing issue on RAID 5 Array(s)

    - by K.A.I.N
    Greetings all, I'm having a very odd error with a windows 7 ultimate x64 system. The network system setup is as follows: 2x XP Pro 32 Bit machines 1x Vista ultimate x64 machine 2x Windows 7 x64 Ultimate machines all chained into 1x 16 port netgear prosafe gigabit switch, the windows 7 & vista machines are duplexed. Also there is a router (netgear Rangemax) chained off the switch I am basically using one of the windows 7 machines to host storage & stream media to other machines. To this end i have put 2x 3tb hardware RAID 5 arrays in it and assorted other spare disks which i have shared the roots of. The unusual problems start when i am getting Access denied, Please contact administrator for permission blah blah blah when trying to access both of the RAID 5 arrays but not the other stand alones. I have checked the permission settings, i have added everyone to the read permission for the root, i have tried moving things into sub directories then sharing them. I have tried various setting combinations in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa and always the same. I have tried flushing caches all round, disabling and re-enabling shares & sharing after restart as well as several other things & the result is always the same... No problem on individual drives but access denied on both the RAID arrays from both XP & Vista & Windows 7 machines. One interesting quirk that may lead to an answer is that there is no "offline status" information regarding the folders when you select the RAID 5s from a windows 7 machine yet there is on the normal drives which say they are online. It is as if the raid is present but turned off or spun down but as far as i was aware windows will spin an array back up on network request and on the machine itself the drives seem to be online and can be accessed. Have to admit this has me stumped. Any suggestions anyone? Thanks in advance for any fellow geek assistance. K.A.I.N

    Read the article

  • Restoring exchange 2003 from a backup

    - by user64204
    Hi all, I'm restoring an Exchange server from a backup: [1] the backup was created on 19/12/2010 [2] the server kept running until 20/12/2010 [3] we're restoring the server today 21/12/2010 with the backup from [1] My understanding is that when the server comes back: [4] whatever is in users' inbox since [1] will be deleted. [5] whatever is in users' sent box since [2] should be re-sent. [6] As a safety measure we've moved all emails sent/received between [1] and [3] to .PST files. Questions: -are [4] & [5] statements correct? -is there any way to move back emails from the PST file [6] to the current inbox/sent folders so that Exchange takes these emails into account (instead of deleting them)? -what happens to the Calendar items that were added after [1], is there any way to back those up as well if needed? Many thanks

    Read the article

  • Linux servers in a (primarily) Windows (AD) environment

    - by HannesFostie
    When I arrived at my current position, our environment existed almost exclusively of Windows servers. However, I am a big fan of using Linux for certain applications, like the webgallery I was asked to set up, a simple SFTP server, Nagios for monitoring etc. I do fine setting these up, but not being the Linux expert, I am not sure how to properly join these servers to the domain and was therefor wondering what procedures or guidelines other people follow. We often use ping -a to quickly figure out the hostname of a certain server, but this does not seem to work for the linux machines, most likely because of the whole WINS/NetBios thing I assume. I just joined one server to the domain, but probably missed something cause it's not working even after a dnsflush. Next to that, the couple procedures I've found so far are pretty extensive and most of the time don't seem worth the time. Best case scenario, I download some kind of client (smbclient?), enter the domain name and maybe the server to use, supply an administrator password and that's it. Is that possible at all? Thanks

    Read the article

  • no internet mail group / mail sending and delivery restrictions

    - by Jeff
    I run a win 2k8 a/d server and an win 2k8 exchange 07 server I have a group called 'No Internet Mail', i made it a distribution group. I tried to setup a transport rule on the exchange server that is configured as follows for outgoing: from a member of no internet mail and sent to users outside the organization redirect the message to administrator and send message refused, forwarded to administrator. Please talk to management for external email use. however , when i enable this it forwards everyones emails to me regardless if they are a member of the no internet mail group or not. not sure what im doing wrong, thanks in advanced.

    Read the article

  • User account restriction error and unable to access share

    - by user44394
    I have a windows share with full control granted to individual domain user accounts on the share and security permission. Whenever the user attempts to browse to the share they receive the error: Logon failure user account restriction. Possible reasons are blank passwords not allowed, logon hour restrictions, or a policy restriction has been enforced. If the users are added to the administrators group on this machine they are able to browse the share without issue. What do I need to change to allow them access to the share without being administrators on that machine?

    Read the article

  • How do I install Skype on computer so that anyone who logs in does NOT have to go through the initial config?

    - by Matt
    I installed Skype when logged on to the (local) admin account. Now, when I log off that, and log on as myname on the domain, I have to click through the intial setup steps (after you've already run the installer) of Skype. So, I have to click next to get through the mic setup/test, and it asks me if I want to take a pic. How do I get it so that any person who logs in can just open Skype and go straight to the login screen? Windows 7 64 bit, 2008R2

    Read the article

  • ldap samba user access issue

    - by ancillary
    I have a samba share that is on the LAN. It is auth'd via ldap. Users access file system via ad windows shares. There are shortcuts in directories that point to dir's on samba. Typically a user will click the shortcut to the smb dir, and will be met with a permission denied error. Upon closing explorer and reopening, it will work. DNS is handled by the domain controller, and that is the only server any of the machines use for DNS. Nothing in eventvwr. Only see successful auth entries in samba log. Any ideas?

    Read the article

  • Revamping an old and unstable IT-solution for a customer?

    - by cmbrnt
    I've been given the cumbersome task to totally redo the IT-infrastructure for a customer's office. They are currently running Windows XP all over, with one computer acting as a file server with no control over which users have access to which files, and so on. To top it off, this file server also functions as a workstation, which means it gets rebooted every time the user notices some sluggish behavior or experiences problems with flash games. To say the least, this isn't working for them. Now - I've got a very slim budget, but I need to set up a new server, and I wish to run Windows Server 2008 on it. I also need the ability to access the network remotely via VPN. Would it be a good idea to install VMware ESXi 4.1 onto the new server, and then run Windows Server 2008 as well as a separate Debian install for openvpn on it? I don't like the Domain Controller for the future AD to also run a VPN-server, because of stability issues when something goes to hell with either of them. There will be no redundancy though. However, I'm not sure if there is something to gain by installing a VPN solution on the Windows Server itself, when it comes to accessing file shares on the network via VPN. I don't know how to enable users logging in via the VPN to access the remote files, since they will be accessing the network from their own home computers (which is indeed a really bad idea, but this is what I've got to work with). They won't be logged in to the windows Domain, but rather their home workgroups. I need to be able to grant access to files in certain directories based on the logged in AD-user, but every computer won't necessarily be configured to log into the domain. I'm not sure how to explain this in a good way, but I'd be happy to clarify if somethings not clear. Any help would be great, because I've got a feeling that I can't do this without introducing a bunch of costly new rules when it comes to their IT-solution. I'd rather leave that untouched and go on my merry way to the next assignment.

    Read the article

  • Run 2008 R2 Service under 2000 Domain Account

    - by NoDisassemble
    I'm trying to get a service to run under a domain account. When I try to add the account, I get the error The account name is invalid or does not exist, or the password is invalid for the account name specified I know the account exists and the password is correct. I am also having trouble adding it manually to the "Log on as a service" setting, I get the error An extended error has occured. Failed to save Local Policy Database After a day of research I'm starting to suspect it has to do with it being a 2008 R2 server trying to use a 2000 domain account. I've tried to change the LAN Manager authentication level and the Minimum session security looks okay per my Google digging. I'm not sure what else I can do?

    Read the article

  • Sudo asks for password twice with LDAP authentication

    - by Gnudiff
    I have Ubuntu 8.04 LTS machine and Windows 2003 AD domain. I have succesfully set up that I can log in with domain username and password, using domain prefix, like "domain+username". Upon login to machine it all works first try, however, for some reason when I try to sudo my logged in user, it asks for the password twice every time when I try sudo. It accepts the password after 2nd time, but not the first time. Once or twice I might think I just keep entering wrong pass the first time, but this is what happens always, any ideas of what's wrong? pam.conf is empty pam.d/sudo only includes common-auth & common-account, and common-auth is: auth sufficient pam_unix.so nullok_secure auth sufficient pam_winbind.so auth requisite pam_deny.so auth required pam_permit.so

    Read the article

  • PowerShell - Finding all of users' group memberships and kicking it out of them

    - by NirPes
    as title says, I have to find all the groups that the user is a member of, and deleting its membership from all of them. I've tried this: get-adgroup -filter * | where {(Get-ADGroupMember $_ | foreach {$_.PrimarySmtpAdress}) -contains "[email protected]"} but it doesnt return anything (although THERE ARE some items that have to be returned) as for the deletion I found no way to do it, could someone give me an example of a code that does this? Im talking about security groups.

    Read the article

  • Access Control issue

    - by user160605
    Ok this is stumping me mainly because of the lack of experience I have with access control. I have two folders I need to keep away from users. Payroll and Banking. I went into security and took away all the users. I made a new group called access granted and added it to both folders. I then gave full control to the group. I then added a few days to this group. I tested with partial success. I can only get into some folders and subfolders/files. I made sure I clicked on the option for all subfolders. This is my layout C:(folder) -- permissions granted to admin,access (full control) when I look at the problem files/folders no one has any permissions I don't even see the group or admin. what am I doing wrong. Thanks

    Read the article

  • Distinguished name of Configuration in AD is tampered?

    - by Natan Abolafya
    A user of our product came out with a problem which was caused by the DN of Configuration object in AD. We had a rather static lookup method to find Configuration object, thus it failed. Let's say the domain name of AD is foo.bar.example.com. Therefore, the expected DN of configuration should be CN=Configuration,DC=foo,DC=bar,DC=example,DC=com, right? But somehow, this user's DN of configuration has one value missing: CN=Configuration,DC=bar,DC=example,DC=com. Do you know how can we reproduce this issue (or is it commonly implemented?)?

    Read the article

  • Windows server 2003SP2 as LDAP replica master for Mac OSX 10.6

    - by FrancoR
    Hello there, we have a single domain controller with Windows 2003 with few child. All the users are in the main DC. We have already created a connection from AD to Mac Xserve 10.6 and can read all the users, but: 1. If the DC goes down (or the net), Mac lose all the users, so no file access, no emails, no nothing. 2. the users are in read only. Mac admin cannot reset password, change attribute and so on. What we need is a stable environment where both AD admins and LDAP admins can manage the users; if one server goes offline the users of the other server should work (email, shared folders) just fine. Thanks in advance P.S. we already tried to connect the MacOSX to Windows LDAP, instead of AD, but we're unable to do it: MacOSX requires DNS IP (gotcha), user admin and password (ok) and a root LDAP password we're unable to find any reference of it in Windows 2003.

    Read the article

  • Add users in Windows machine without AD

    - by guillem
    I have several development machines where I am the administrator. We are using AD in my organization but is maintained by and offshore IT group any request takes a long time. We are currently granting access to developers on development machines manually so it's a bit annoying to maintain although at least it's fast. We have also a lot of external consultants that need to use those machines for some time. Is there any tool or method to maintain a set of users synced on those machines without the need add them to an AD group?

    Read the article

< Previous Page | 97 98 99 100 101 102 103 104 105 106 107 108  | Next Page >