Search Results

Search found 14771 results on 591 pages for 'security policy'.

Page 101/591 | < Previous Page | 97 98 99 100 101 102 103 104 105 106 107 108 | Next Page >

Which GPO is making my Domain Controller my clients' DNS server?

- by Harry Muscle

I maintain a small domain (about 20 clients) and we need to make some changes to the DNS server that's being used by the clients. All the clients have been hard coded to use the domain controller as their DNS. Since these are new machines, and I never changed their DNS settings, I'm guessing there must be a GPO that's causing them to use the domain controller as their DNS. Since we don't have any GPO other than the default one yet, it's got to be the default GPO, however, I have looked through all the GPO settings and none of them refer to anything related to DNS. So I'm wondering if there's anything else that might be causing this. Any help or advice is highly appreciated. Thanks, Harry

Read the article
Auto Log-Off Windows users - Windows 2003 domain

- by thehatter

I am trying to make windows clients automatically log off after some time, I have been trying to use the winexit.scr which I have seen working else where in a similar environment. After working though these instructions (I did read the comments and notice the original ADM provided is buggy) I've had no joy what so ever! Winexit.scr refuses to read any settings in the registry, even while using a test account I can access the required reg key(s); edit, add, and remove values. Essentially winexit.scr always uses it's default values: 30 second timeout, no forced log-out. What I really want is a 30 minute timeout with a forced log-out, closing all the users apps etc. I've tried removing and re-adding the ADM template, creating the GPO from scratch several times, giving various registry permissions - including full control to "Everybody" just for fun! Oh, clients are all win XP SP3, DC is win 2003 R2 SP2. So, can anybody suggest something? Cheers!

Read the article
How can I create a windows shutdown script from powershell/command-line?

- by David Rubin

I've read the TechNet pages that describe using computer/user startup/shutdown scripts, and that's great, but I'd like to create those scripts via the command-line (and not have to click around in gpedit.msc). It looks like scripts.ini and psscripts.ini in %SYSTEMROOT%\System32\GroupPolicy\Machine\Scripts specifies the scripts to run, but those don't exist until running gpedit.msc for the first time. Is it safe to create and edit those directly? Or do I need to muck around with Set-GPO or something similar? Thanks!

Read the article
Possible to disable smart card PIN change in Windows 7?

- by bobmagoo

I'm looking for a way to disable the smart card PIN change ability provided with Windows 7's native minidriver. It doesn't allow us to enforce any PIN complexity requirements such that users could change their PIN to 000000 or blank without any issues so we'd like to disable that ability. I've been googling around and haven't found any way to do this, but perhaps someone has encountered a similar issue and found a resolution? A third party minidriver is the next step, but if we could do it without additional tools I'm all for it.

Read the article
How can I install a Windows 8 application for another user and pin it on their Start screen?

- by Simon Campbell

I am trying to create a locked down Windows 8 account using Group Policies with no tiles on the start screen except for one for the purposes of a Kiosk PC. How can I (as an administrator account) install a custom application (side-loading) for another user and pin it to their start menu? This application is still in development so will need to be updated frequently on the locked account for testing.

Read the article
need help upgrading small business wifi network

- by Henry Jackson

Our small business currently has 3 wireless access points around the building, each with their own SSID. Security is done with WEP (ick) and MAC address filtering (double ick). We are trying to reconfigure the setup, with these goals: wifi roaming between the access points user-based authentication that isn't as annoying as MAC address filtering. 1) The entire building is hardwired with ethernet, so I assume it should be easy to set up the routers to act as one big network, but I can't figure out how. Can someone point me in the right direction? The routers are consumer-grade linksys routers, is it possible to do this without getting new hardware? 2) For security, we will probably upgrade to WPA2, and I'm thinking of using the Enterprise version so that users can log in with a username, instead of having a single key (so if an employee leaves or something, their access can be removed). We have several on-site Windows servers, can one of them be set up as a RADIUS server, or is that best left to a dedicated machine (again, using existing hardware is good).

Read the article
Password Authentication Fails - NTLMv2

- by JMeterX

Environment: Windows 2000 sp4 EDIT: Domain Controller with no trust setup with the Win2008 Server Windows XP machines Windows 2008 Server Netapp NAS Problem: We have a shared folder that resides on a NAS using a Windows 2008 AD for the authentication with the proper permissions setup. When the Windows 2000 machine tries to open the share residing on the Win2008 machine, it is prompted for a username and password. Upon entering the credentials it continuously re-asks for credentials. Important Details: The Windows 2000 machine can ping both the XP machines and the Windows 2008 Server The Windows 2008 machine is mandated to only use NTLMv2 The Windows 2000 machine was originally set to NTLM but was recently switched to NTLMv2 if negotiated for the purpose of trying to connect to the share. As I am sure it will come up, we are using Windows 2000 because of contractual obligations Questions: Why is password Authentication failing in this case? After setting a GPO for the Win2000 machine for it to use NTLMv2, do we need to reboot the machine for the changes to take affect? We used SECEDIT to update the GPOs without rebooting. UPDATE We checked both of the 2008 Domain Controllers to find an error code. We received: Microsoft_Auth_Package_V1_0 0xc000006a Event ID: 4776 I know this to be an authentication error via THIS article "The value provided as the current password is not correct" We know this password to be correct, but since these two domains (Win2000 & Win2008) do not have a trust setup what authentication account needs to be used? One that resides on the Win2000 hosted domain?

Read the article
need help upgrading small business wifi network

- by Henry Jackson

Our small business currently has 3 wireless access points around the building, each with their own SSID. Security is done with WEP (ick) and MAC address filtering (double ick). We are trying to reconfigure the setup, with these goals: wifi roaming between the access points user-based authentication that isn't as annoying as MAC address filtering. 1) The entire building is hardwired with ethernet, so I assume it should be easy to set up the routers to act as one big network, but I can't figure out how. Can someone point me in the right direction? The routers are consumer-grade linksys routers, is it possible to do this without getting new hardware? 2) For security, we will probably upgrade to WPA2, and I'm thinking of using the Enterprise version so that users can log in with a username, instead of having a single key (so if an employee leaves or something, their access can be removed). We have several on-site Windows servers, can one of them be set up as a RADIUS server, or is that best left to a dedicated machine (again, using existing hardware is good).

Read the article
How secure is a bluetooth keyboard against password sniffing?

- by jhs

In a situation where an admin will enter sensitive information into a keyboard (the root password), what is the risk that a bluetooth keyboard (ship by default with Mac systems these days) would put those passwords at risk? Another way of asking would be: what security and encryption protocols are used, if any, to establish a bluetooth connection between a keyboard and host system? Edit: Final Summary All answers are excellent. I accepted that which links to the most directly applicable information however I also encourage you to read Nathan Adams's response and discussion about security trade-offs.

Read the article
cannot add a user to sysadmin role in SQL Server

- by George2

Hello everyone, I am using SQL Server 2008 Management Studio. The current logon account belongs to machine local administrator group. I am using Windows Integrated Security mode in SQL Server 2008. My issue is, after log into SQL Server Management Studio, I select my login name under Security/Logins, then select Server Roles Tab, then select the last item -- sysadmin to make myself belong to this group/role, but it says I do not have enough permission. Any ideas what is wrong? I think local administrator should be able to do anything. :-) thanks in advance, George

Read the article
Freebsd write access to group directory

- by Nikolay Sergeev

Hi. I'm confused. I have two users in system: u1 and u2, and group u1. both u1 and u2 belong to g1. I've created directory /opt/d with properties: drwxrwxr-x 2 u1 u1 512B May 26 17:55 d AFAIK, this configuration allows both users write to directory. But, from u2: touch /opt/d/x touch: /opt/d/x: Permission denied And same configuration on RHEL5 works fine. What i've missed? Thanks.

Read the article
Grant account write access to specific attributes on Active Directory User object

- by Patricker

I am trying to allow an account to update very specific attributes on all User objects. I am setting this security on the "User" object. When I add the account on the security tab, go to advanced, edit the accounts permissions, and start going through the list of attributes I am only able to find a few, like First Name, but most of the attributes I want to let them write to are missing. How can I grant the account write access to these attributes? Attributes I need to grant permission for: First Name (givenName) Last Name (sn) Initials (initials) Department (department) Company (company) Title (title) Manager (manager) Location Info (physicalDeliveryOfficeName, streetAddress, postOfficeBox) Work Phone (telephoneNumber) Pager (pager) IP Phone (ipPhone) IP Phone Other (otherIpPhone) ThumbnailLogo (thumbnailLogo) jpegPhoto (jpegPhoto) Description (displayName) Thanks

Read the article
How do large companies handle software updates for users without administrative rights?

- by CT

I just started working for a small-medium size company doing IT support. Maybe 150 or less users. Right now every user has administrative rights to their own machine. This allows them to install updates or whatever else they would like to. I'm tired of getting on user's machines that are bloated with crap they put on themselves. So my first thought would be to take away administrative rights to their computer. This would also have other advantages such as preventing a lot of drive-by malware on the web etc. The problem arises that users are unable to install updates. (Even though I find most ignore these anyway) How do large companies handle software updates on all client machines? EDIT: Windows environment. Most servers are Windows Server 2003 Enterprise. Clients are all Windows. Win XP, Vista, and 7.

Read the article
OpenBSD has open ports in default installation

- by celil

I have been considering replacing Ubuntu with OpenBSD to improve the security on my local server. I need to have ssh access to it, and I also need it to serve static web content - so the only ports I need open are 22 and 80. However, when I scan my server for open ports after installing OpenBSD 4.8, and enabling ssh and http at /etc/rc.conf httpd_flags="" sshd_flags="" I discovered that it had several other open ports: Port Scan has started… Port Scanning host: 192.168.56.102 Open TCP Port: 13 daytime Open TCP Port: 22 ssh Open TCP Port: 37 time Open TCP Port: 80 http Open TCP Port: 113 ident ssh (22) and http (80) should be open as I enabled httpd and sshd, but why are the other ports open, and should I worry about them creating additional security vulnerabilities? Should they be open in a default installation?

Read the article
Windows GPO order - beginner

- by Andras Sebestyen

I have some software that required e.g. .NET 4 install before them. I wonder what is the best way to make a GPO order list. I also have some software that needs certain files so I need to prepare them (via batch file). I have done a quick research however I haven't found the answer. Any help, link would be appreciated. Please feel free to down vote it if it is a real dummy one. Thanks for example: batch file cleans some folder install .NET Framework 4 install apps through MSI (commercial software) I can't pack everything in the MSI and I also need to make sure that all the steps succeed

Read the article
Exchange 2003 -- Mailbox Management not deleting ALL messages aged 30 days or older...

- by tcv

I've recently created a Mailbox Management task within Exchange 2003 that, every night, looks at the contents of the Deleted Items within a particular mailbox and deletes mail that's 30 days or older. The scheduled task ran on its own last night and I have confirmed that messages within the right mailbox and the right folder were, in fact, processed. Many mails were deleted ... but not never email older than 30 days. In fact, the choice seems kinda random. Last night 3/10/2010 was the 30 day watermark. Mails were deleted from 3/10/2010, sure enough, but not all of them. Mails older than 3/10/2010 were deleted as well, but, again, not all of them. The only criteria I have on the management -- aside from the single mailbox and single folder scopes -- is the age criteria. The size criteria is set to Any, meaning I don't care about the size. I care about the age. It's made me wonder where there is some sort of limit on how many mails can be processed? The schedule is set for 12am and 1am every night. Any hints appreciated.

Read the article
deploying AV via GPO only to workstations

- by jeremy

We have a small (100 machines) Windows domain running Server 2008R2. We use Symantec Endpoint Protection 12.1 I want to have GPO deploy the AV software to client machines automatically, but only to client workstations, not to servers, which run a different software. I've set it up before using a GPO linked to the domain mycompany.local and it works, but it deploys the AV software to ALL machines on the domain, including my servers. I can create an OU in active directory for Servers, and perhaps create one for client machines too, but I'd rather not have to go and move new domain members from the default under Computers into a different folder. How can I use GPO to deploy this AV software only to workstations on our network, and not to servers?

Read the article
Can the users can apply Windows update without local administrator rights?

- by AAA-Super

My users are running on windows XP 32bit. normally WSUS automatically download and notify them to select which update want to install in the past they were in local administrator rights,now I reduce them to user rights so now they can't see the yellow notification said updated are available. Is there a way to give users permission to see the yellow notification and they can select updates by hand without local admin rights or power users? Any advice would be appreciated Thanks

Read the article
No password is complex enough

- by Blue Warrior NFB

I have one user in my AD domain who seems to not be able to self-select a password. I may have another one, but they're on a different enough password-expiration schedule that I can't remember who it is right now. I can set a password via ADU&C just fine, but when he tries it via C-A-D he gets the "doesn't meet complexity" message. Figuring he was just doing something like 'pAssword32', I did some troubleshooting of my own and sure enough it doesn't want to take a password that way. He's one of our users that habitually uses a local account and then maps drives using his AD credentials so he doesn't get the your password will expire in 4 days, maybe you should change it prompts, so he's a frequent "my password expired, can you fix it" flyer. I don't want to keep having him set it via ADU&C over my shoulder every N days. I'm just fine setting temp passwords of 48 characters of keyboard-slamming and letting him change it something memorable. My environment is at the Windows 2008 R2 functional level, and I am using fine-grained password policies. In fact, I have two such policies: For normal users (minimum length, remembered passwords) For special utility accounts The password complexities I've tried match both policies for length and char-set selection. The permissions on the User object themselves look normal, SELF does indeed have the "Change Password" right. Is there some other place I should be looking for things that can affect this?

Read the article
Active Directory - Using GPO To Update Multiple Versions Of .NET

- by Joe Wilson

OK, I have searched everywhere for this one. I have all the MSI's and packages I need to deploy .Net 3.5 SP1, and 2.0 and 3.0 (which are prerequisites for 3.5). I can't figure out how to install all of them at once via GPO. Basically, the computers on the network do NOT have any version of .Net installed, and I need them to be at 3.5 SP1. I know I can deploy each version via GPO, force reboot the client, then push the next one, force reboot, and so on. Is there a way to streamline install all 3 at once via GPO? Thanks

Read the article
How can I restrict a group to reading only two particular folders with Windows Server?

- by Lord Torgamus

I have a group of users on Windows Server 2003 who need to be able to read the contents of two directories but not be able to access anything else on the server (including read-only access). One of the directories is K:\projectFour\config — and the other is similarly formatted — so it would be okay for group members to be able to list the contents of K:\ and K:\projectFour\ but not actually read anything in those directories. I've found several resources via SF/Google, including how to restrict individual folders/drives and how to allow users to only run specific executables, but that information ultimately didn't solve my issue. Sorry if this is a really simple thing to do, I'm usually a developer and don't know the first thing about servers or group policies. Finally, I should mention that this isn't a fully concrete question, as it will be implemented eventually but I don't personally have a copy of Windows Server 2003 to test with right now.

Read the article
Logon script does not run for all users

- by Herohtar

We have a standalone common-use workstation running Windows XP Pro SP3 and have created a script using Javascript (scriptname.js) that is to be run for each user. The file was added as a user logon script via gpedit.msc and tested using a newly created user account as well as an existing user account. The script ran and functioned as intended on both accounts; however, a few existing users have informed us that the script is not running on their accounts. All user accounts are members of the same groups and have identical permissions. We already have an existing script (but in this case, a batch file) that is applied in the same manner and it runs for all accounts without any problems. Furthermore, on the accounts where the new script does not run during logon, it can still be run manually and works fine. So the question is: what would cause this script to not run during logon on certain accounts? Thanks!

Read the article
Login authentication vanished from MongoDB install

- by Robert Oschler

A few months ago I enabled password protection on my MongoDB install. Today I ran the Mongo client and forgot to use my login details. Instead of rejecting nearly everything I try to do from the shell, like it should, I had complete access to all the databases and collections. Fortunately this instance is only running a few test apps, so I quickly shutdown the MongoD instance until I figure this out. Has anybody ever seen this kind of behavior before and knows what is going on? The MongoD instance is running on a Linux VM hosted by Azure. The only thing I can think of is that perhaps Azure restored an old copy of the VM, but I received no E-mails to that effect and everything else on the server seems to be proper, including new daemon processes that I added after I enabled password protection on MongoD.

Read the article
Double password in Directory Server

- by xain

Hi, anybody knows how to implement a second password in an LDAP, so it's policies are different from the userPassword attribute ? The idea is to use it as a non-login password (for instance to "sign" a transaction). Thanks

Read the article
Deploying Office 2013 via GPO

- by NickC

Looking at potential ways to deploy Office 2013 via GPO. First and most obvious way is to run a startup script which calls the Office 2013 setup.exe. Problem here is what happens after it is installed, will that startup script keep re-installing the product every time the machine boots? Another potential way is to install each Office component separately using the multitude of .msi files which are present, would that work and provide the same thing as a full install of Office? There is actually twenty three separate .msi files. What about officemui.msi is that a wrapper which contains calls to all of the other office components.

Read the article

< Previous Page | 97 98 99 100 101 102 103 104 105 106 107 108 | Next Page >