Search Results

Search found 14771 results on 591 pages for 'security policy'.

Page 103/591 | < Previous Page | 99 100 101 102 103 104 105 106 107 108 109 110  | Next Page >

  • Limit display/session resolution for machines @ VDI environment on RDS 2012

    - by WarP
    I have couple of windows 7 entprise virtual machines in collection as part of VDI environment - so users connecting to them through RDS 2012 web site. Is there any way to fix resolution of remote desktops, that user receives (instead of full screen all time) ? I've tried different group policies, but none of them are worked, probably because all those policies are for RDS sessions and not virtual desktops ... And i don't know how to limit resolution locally on win7 machine itself, so connecting users will receive fixed resolution.

    Read the article

  • Managing SharePoint permissions via Active Directory?

    - by rgmatthes
    My company has thousands of employees organized thoroughly via Active Directory. I have confidence in the accuracy of the Department and Title information displayed in the user profiles. I'm helping to put up a brand new SharePoint 2007 site, and I contacted IT about managing the site's permissions through AD Groups. The goal is to have the site automatically assign read/write/contribute/whatever permissions based on the information in AD. For example, we could create an AD Group called "Managers" that would contain anyone with the "Manager" title in their AD user profile. I would have SharePoint tap into this AD Group to mass assign permissions if I knew all managers would need a certain level of access (read/write/contribute/whatever). Then if a manager joins the company or leaves it, the group is automatically updated (provided AD gets updated, of course). My IT rep called back and said it couldn't be done. This seems like a pretty straightforward business requirement, and one of the huge benefits of having Active Directory, but maybe I'm mistaken. Could anyone shed some light on this? A) Is it possible to use dynamically-updated AD Groups when assigning permissions via SharePoint? (Does anyone know of a guide I could show my doubtful IT rep?) B) Is there a "best practice" way to go about this? I've read some debate on whether SharePoint Groups or AD Groups are the way to go. My main concern is dynamic updating. C) If this isn't available out of the box, can someone recommend third-party software that will provide the functionality I'm looking for? A big thanks to anyone who can help me out!!

    Read the article

  • Disable passwd history feature with remember=0

    - by user1915177
    PAM version - pam-0.79 Is setting 0 allowed on "remember" option in /etc/pam.d/common-passwd file of pam.d module to disable passwd history feature? With "remember=0" in /etc/pam.d/common-passwd file, I am observing a memfault when running the passwd command as a USER. When browsed the source, the function in _set_ctrl in support.c file of pam_unix module handles wrong values of remember, but currently its not robust enough to handle 0, which is a wrong value. So the valid and only option to disable history feature, is to not include the "remember" option in /etc/pam.d/common-passwd file and not to set-up /etc/security/opasswd file? Could see in the following link mention of setting "remember" to 0 has no effect to remember value in "/etc/security/opasswd" file. =https://lists.fedorahosted.org/pipermail/linux-pam-commits/2011-June/000060.html

    Read the article

  • Automate new AD user's home folder creation and permission setup

    - by vn.
    I know if we setup a base folder or a profile path in the Profile tab of an AD user, we can copy it and the folder creation and permission setup will be automated. My problem is that not all my users have a roaming profile and the home folder linking is done thru GPO. When I copy from these users, the home folder isn't created automatically and I have to create it manually and change permission and ownership on that folder, located on the fileserver. What should I do? A script may be nice but it'd have to be run everytime a new user is created and I don't think we can link a script to an AD user creation? I'd like to avoid any manual steps and keep my GPO that way. Using a W2008r2 DC on w7 client boxes. Thanks.

    Read the article

  • How to filter RSOP to show only modified policies?

    - by guest
    Is it possible to view only those elements of GPO that are actually modified/specified? For example, when looking at RSOP for an OU, I have loads of options which are mostly not specified - can I automatically filter it to show only e.g. that it doesn't allow to use control panel or install software, instead of looking through all options? I am using Win2003 and I have only the default tools. Thanks in advance!

    Read the article

  • powershell vs GPO for installation, configuration, maintenance

    - by user52874
    My question is about using powershell scripts to install, configure, update and maintain Windows 7 Pro/Ent workstations in a 2008R2 domain, versus using GPO/ADMX/msi. Here's the situation: Because of a comedy of cumulative corporate bumpfuggery we suddenly found ourselves having to design, configure and deploy a full Windows Server 2008R2 and Windows 7 Pro/Enterprise on very short notice and delivery schedule. Of course, I'm not a windows expert by any means, and we're so understaffed that our buzzword bingo includes 'automate' and 'one-button' and 'it needs to Just Work'. (FWIW, I started with DEC, then on to solaris and cisco, then linux of various flavors with a smattering of BSD nowadays. I use Windows for email and to fill out forms). So we decided to bring in a contractor to do this for us. and they met the deadline. The system is up and mostly usable, and this is good. We would not have been able to do this. But it's the 'mostly' part that is proving to be the PIMA now, and I'm having to learn Microsoft stuff anyway until/if we can get a new contract with these guys for ongoing operations. Here's my question. The contractor used powershell almost exclusively for deployment, configuration and updating. My intensive reading over the last week leads me to think that the generally accepted practices for deployment, configuration and updating microsoft stuff uses elements of GPOs and ADMX templates, along with maybe some third party stuff like PolicyPak. Are there solid reasons that I've not found yet that powershell scripts would be preferred over the GPO methods? I'm going to discuss this with the contractor lead when he gets back from his vacation, and he'll be straight with me (nor do I think they set us up). But I can also see this might be a religious issue, so I would still like some background on this. Thoughts? or weblinks? Thanks!

    Read the article

  • Number of malicious attacks defended/done on the average user daily [closed]

    - by DalexL
    As a web hoster, it is very easy to notice the large amounts of exploit/abuse attempts done on my servers. Out of curiosity, how often are these attempts done on the average user? I'm assuming almost all of them are prevented just by simple security protocols in place by their browsers, local network, etc. How many attempts, on average, are committed against a single user daily through any method? (email, internet, downloads, etc.)? If known, what percentage of these things are blocked by the average users security? I tried googling but I was having a hard time getting the right search terms together.

    Read the article

  • AD password not synchronising properly

    - by Kaczmar
    I have 600+ users in AD, but only one causes me trouble. The problem is I can reset his password from AD, he can then log in to his machine. After that he would like to change his password from Windows 7, and proceeds without errors. Logs out or locks the workstation but cannot access it again using either old or new password. So I have to reset it again and he can only use the one I provide for him. All our machines are in the same physical location in the same subnet. Functional level is 2003. I'm totally out of ideas. I could create him new user account, but I'd possibly like to know what causes this. I can only suspect some sort of synchronisation problems but other accounts work fine, and I don't know how to dig deeper into this. Thanks, Piotr

    Read the article

  • How do I set a service startup type to be 'Automatic (delayed)' using GPO?

    - by growse
    A Windows service has 4 different startup types that can be configured: Automatic, Automatic (delayed), Manual and Disabled. I have a service running on a combination of Windows 7 and Server 2008 R2 Desktops that I need to set as 'Automatic (delayed)' using a GPO setting, but from what I can see in the GPO editor, the delayed option is missing: Have I missed something obvious, or is this a rather basic omission from Microsoft?

    Read the article

  • What is the secure way to isolate ftp server users on unix?

    - by djs
    I've read documentation for various ftp daemons and various long threads about the security implications of using a chroot environment for an ftp server when giving users write access. If you read the vsftpd documentation, in particular, it implies that using chroot_local_user is a security hazard, while not using it is not. There seems to be no coverage of the implications of allowing the user access to the entire filesystem (as permitted by their user and group membership), nor to the confusion this can create. So, I'd like to understand what is the correct method to use in practice. Should an ftp server with authenticated write-access users provide a non-chroot environment, a chroot environment, or some other option? Given that Windows ftp daemons don't have the option to use chroot, they need to implement isolation otherwise. Do any unix ftp daemons do something similar?

    Read the article

  • no internet mail group / mail sending and delivery restrictions

    - by Jeff
    I run a win 2k8 a/d server and an win 2k8 exchange 07 server I have a group called 'No Internet Mail', i made it a distribution group. I tried to setup a transport rule on the exchange server that is configured as follows for outgoing: from a member of no internet mail and sent to users outside the organization redirect the message to administrator and send message refused, forwarded to administrator. Please talk to management for external email use. however , when i enable this it forwards everyones emails to me regardless if they are a member of the no internet mail group or not. not sure what im doing wrong, thanks in advanced.

    Read the article

  • Why would my domain admins turn of UAC?

    - by DanO
    I'm a developer of internal software in our company, I've gotten used to UAC in Win7, I prefer to run with in enabled so that our software works correctly with it enabled. Sysadmins have recently pushed out GPO that turns it off every time we log-in. (So I turn it back on every time I log in.) I can imagine some people are annoyed by it and turn it off, but is that really a good company-wide decision? anyone annoyed by it (local admins) would already have permission to turn it of themselves.. right? On the other hand we don't have to worry creating UAC friendly software if no workstations or servers have it enabled. Is there a good reason for doing this? Other than reducing help-desk calls from recent XP users? I can't see the upside of this decision, help me understand.

    Read the article

  • Understanding IUSR_<machine> account

    - by liho1eye
    Namely how is setting read/write permission for this account different from giving read/write access in the IIS (Windows 2003, so it should be IIS6 if I am not mistaken). Here is the issue: It looks like we had a security sweep and as a part of that IUSR account lost write access everywhere. A whole bunch of legacy ASP sites didn't like that at all... My very surfacish understanding is that it is enough to deny write access in the IIS console to protect a website from someone just dropping random files into it, and IUSR access only has effect on the application scripts running server side, and thus can be safely given write access back. edit: The applications in question obviously require write access to their own web folders, otherwise this wouldn't be an issue at all. Question is how to configure IIS/application to both satisfy security and make them work. My first instinct was to change account which is used to run the app pool. However that is already set to NETWORK_SERVICE, and that guy already has full access to folders in question.

    Read the article

  • Automatically make user local administrator on their computer through GPO?

    - by Grant
    In our AD 2003 domain each user gets local admin permissions on their computer. Everyone else can login with their domain account as normal user. Right now this means going to the desktop and manually adding the user as a local administrator. Is there any way to automate this process through logon scripts or GPOs? I have found ways to use a gpo to make everyone who logs in to a computer a local admin, but really only want to give it to the primary user (or in some cases users) of the computer. I've also seen methods that required adding a group for each computer...but really dont want to clutter AD like that. I do have a list mapping each user to each computer name. If it matters the desktops are a mix of xp and win7.

    Read the article

  • Configure users and groups for Git

    - by Peter Penzov
    I want to create Git server on which every developer can commit code with his own linux account. The Git repository is initialized under the directory /opt/git_repo.git I created a group developers which owns the directory git_repo.git. Then I created three users which are part of the same group - DeA, DevB, DevC. I created a soft link into each developer home directory which points to the /opt/git_repo.git location. The problem is that when a user connects to the Git server and use the soft link to access the files he cannot do it. Can you help me what are the proper steps and commands to configure the repository?

    Read the article

  • Server service fails to start, event 7023, error 1079

    - by toffitomek
    Hello, Environment: Windows Server 2008 R2 fully patched, working as Domain Controller in Win 2003 native domain. Users started to report problems with share, it turned out that server service won't start. I've scrambled google but can't find a thing. Any ideas will be appreciated. Thanks in advance :) Service fails to start, then when starting service I get: Windows could not start the Server service on SERVERNAME. Error 1079: The account specified for this service is different from the account specified for other services running in the same process. In System Event Log: Event 7023 The Server service terminated with the following error: The account used is a server trust account. Use your global user account or local user account to access this server.

    Read the article

  • gpresult for local users on local machine?

    - by Jonas
    I would like to list the group policies for local users on a machine I'm setting up. However, when I run gpresult /v /u localmachine\user I get the error that I do have to specify a server name, and when I run gpresult /v /s 127.0.0.1 /u localmachine\user I get the message user credentials for local system are ignored, and I get the group policies for the local administrator as a result. How do I get the settings for the users?

    Read the article

  • Need to call a script at logon based on hostname. Win 2k3 Domain and XP/7 workstations.

    - by Malocchio
    I have a user logon script. I want to install printers based on hostname. Inside this folder \domain.local\SYSVOL\domain.local\Policies{DF3F608C-8D78-934F-B79F-1965F3C4409B}\User\Scripts\Logon I have cmd files for each host/workstation and the logon.cmd. Terminal Servers are honoring the environment variable %clientname% but the workstations are not. Relevant area of logon.cmd rem Delete all existing printer connections c:\windows\system32\con2prt.exe /f rem Call workstation specific script for connecting to printers %clientname%.cmd Excerpt from clientname.cmdL: rundll32 printui,PrintUIEntry /in /n\\fileserv\PhaserPS rundll32 printui,PrintUIEntry /in /n\\fileserv\CanonIR rundll32 printui,PrintUIEntry /y /n\\fileserv\CanonIR

    Read the article

  • Windows GPO default mapped drives

    - by SteB
    Is there a way, using Windows GPO, to set up a list of "default" mapped drives that can be applied to a group of users? I runs small network and would like to make sure that certain groups of users (like Sales or Support) have the same network shares mapped to the same drive letters irrespective of which PC they log onto. This would make the setup of new users easier and allow the centralised administration of the network locations shared. Any links to examples and/or step-by-step guides would be greatly appreciated.

    Read the article

  • Batch file installing executable only gives SYSTEM permissions

    - by Alex
    So, I have a couple of batch files that install some executables and they work, but when the executables setup shortcuts on the desktop only SYSTEM has access to them. Is there a way I can prevent that or make it so it adds Domain Users access or something like that. I realize that the batch files are ran under the SYSTEM context, but I'd like to find a way to clean up after them. Thanks in advance!

    Read the article

  • Access Denied of a folder on a Drive

    - by kanchan bor gohain
    I wanted to restrict access of other people in a certain drive of my computer. What I did was go to the Security Tab (under Drive Properties) and remove the All Users entry. My account is an administrator account. I left only Systems and Administrator on the list. However, when I tried to access drive D, I got an Access Denied error, and Security Tab is already missing.i resolved the problem using safe mode way but i got another problem, I'd used command prompt to hide(attrib) a folder in drive D but i can't access it, though i can access all other files. I used cmd to unhide but access denied

    Read the article

  • Why would my domain admins turn off UAC? [closed]

    - by DanO
    I'm a developer of internal software in our company, I've gotten used to UAC in Win7, I prefer to run with in enabled so that our software works correctly with it enabled. Sysadmins have recently pushed out GPO that turns it off every time we log-in. (So I turn it back on every time I log in.) I can imagine some people are annoyed by it and turn it off, but is that really a good company-wide decision? anyone annoyed by it (local admins) would already have permission to turn it of themselves.. right? On the other hand we don't have to worry creating UAC friendly software if no workstations or servers have it enabled. Is there a good reason for doing this? Other than reducing help-desk calls from users recently upgraded from XP? I can't see the upside of this decision, help me understand.

    Read the article

  • Who should own /var/www? [closed]

    - by John
    Possible Duplicate: How should I structure my users/groups/permissions for a web server? I've seen a few answers to this on the internet, but I'm looking for a definitive answer. I have a new Ubuntu 12.04 LTS server with LAMP. Apache is set to run as "www-data" and /var/www is set as having "root" as the owner and "root" as the group. The permissions for /var/www are "drwxr-xr-x" which I believe translates to 755 numerically. I know that /var/www should not be owned by "www-data" because then buggy/malicious code could have a field day. However, should I keep it as root:root (inconvenient) or should I change it to ubuntu:ubuntu, the default user that Ubuntu preconfigures for you to log in with? Should the permissions remain at 755? I've been administrating systems for a while with no big security issues, but I'm trying to get really serious about security, double-check everything, and make sure that there are no gaps in my knowledge.

    Read the article

  • Why is it possible to change the password of an admin user on linux?

    - by enum
    A few days ago, a friend of mine, wanted to show me that he can use my linux even if I don't tell him my password. He entered in GRUB, selected the recovery mode option. My first problem is that he already had access to my files (read only). He tried to do passwd but failed. Then he did some kind of remount (I guess that gave him write rights) and after that he was able to change my password. Why is this possible? I personally see it a security issue. Where I work there are several people that use linux and neither of them have a BIOS password set or some other kind of security wall.

    Read the article

< Previous Page | 99 100 101 102 103 104 105 106 107 108 109 110  | Next Page >