Search Results

Search found 29574 results on 1183 pages for 'directory services'.

Page 104/1183 | < Previous Page | 100 101 102 103 104 105 106 107 108 109 110 111 | Next Page >

Cannot bind OSX to AD

- by erotsppa

I'm trying to get an mac mini running snow leopard server to join a windows domain here. The windows domain server is running Windows server 2008. When I go to "Accounts" in my System Preferences, and lick on "Join", I get this error: "Unable to add server. Node name wasn't found. (2000)" In my console messages I find this: 10-04-06 11:42:25 AM System Preferences1452 -[ODCAddServerSheetController handleOtherActionError: gotError: Error Domain=com.apple.OpenDirectory Code=2000 UserInfo=0x2004f2f80 "Custom call 82 to Active Directory failed.", Node name wasn't found. I specified a FQDN for the domain server, so I am totally confused as to why it would list "domain = com.apple...." in that error. I've tried firing up the Directory Utility and trying to join a domain via the Active Directory option there. Again I fill in the FQDN, and the proper administrator/password acount info. Now I get a different error: "Invalid Domain An invalid Domain and Forest combination was specified. You should enter a fully qualified DNS name for the domain and forest (e.g., ads.company.com)." If anyone has any pointers or suggestions this would be appreciated.

Read the article
Configure ApacheDS 1.5 with accessControlEnabled=true for authenticated access

- by cmyers

I need to set up an apacheDS instance. I am using standalone 1.5.5 on Linux. I have removed the example partition and added two of my own, each with their own suffixes. I have imported LDIFs for the two partitions and everything looks correct data-wise. I need to configure ApacheDS to disallow anonymous access. I was able to do that by following some of the directions here: http://directory.apache.org/apacheds/1.5/145-enable-and-disable-anonymous-access.html http://directory.apache.org/apacheds/1.5/32-basic-authorization.html Now only the administrator account (uid=admin,ou=system) can log in and make queries. I need to establish an admin account, and a "regular user" account which can read and write only certain entries within each partition. I tried to read the above docs and I got nuthin'. The second page "basic authorization" is completely incomprehensible to me. When I tried to add a "prescriptiveACI" to it using Apache Directory Studio, I get: Administration point 2.5.4.11=abc,2.5.4.10=efg does not contain an administrativeRole attribute! An administrativeRole attribute in the administrative point is required to add a subordinate subentry. where my partition is "ou=abc,o=def". I have no clue what is going on and the docs are really not helping, I am at a complete loss here. How can it possibly be this hard to just restrict access? P.S. can someone with proper rep please change the tag "apache" to the new tag "ApacheDS"?

Read the article
Remote access to server via service control panel for non-admin user in Windows 2008

- by owenevans00

I'm trying to configure my Windows 2008 servers so that my developers can view their status without needing to log on to the box or be an admin. Unfortunately, the permissions set in Windows 2008 for remote non-admin users don't include the ability to enumerate or otherwise query services. This causes anything that contacts the SCM on the far end to fail (Win32_Service, sc.exe, services.msc etc). How do I set up permissions so that they can at least list the services and see if they are running?

Read the article
Multi-Role Domain Controllers for Small Offices (< 50 clients)

- by kce

Warning: I'm a Linux/*NIX admin so this is all new to me. I understand that it's not considered a good idea to have only a single domain controller, and that it is also probably a good idea for a domain controller to only do AD/DHCP/DNS (Here). We have two offices, location A with 30 users and location B with 10 users. Our two offices are separated by a WAN that is not particularly robust so I have be instructed that we need to have standalone services in each office. This means that according to "best practices" we will need to build a domain controller and a separate file server in each office. Again, I am not knowledgeable in the ways of Windows but this seems a little unnecessary for an organization of 40 users. People have commented that I could "get away with" running file services on the domain controller as long as the "load is light". That just seems to generate more questions than it answers. What constitutes light load? What are the potential consequences of mixing these roles? Ideally I would prefer to only have one physical machine at each location. The one in location A (the location with IT staff) can act as the primary domain controller and the one in the smaller office can act as the backup domain controller. If either domain controller fails we can still use the other one for authentication (albeit with some latency) and if the WAN connection fails each office still has access to their respective "local" domain controller. If the file services are ALSO run on each server (and synchronized with something like DFS), a similar arrangement in terms of redundancy can be had without having to purchase, build and install two additional separate servers. It's not that I'm adverse to that (well, any more adverse than I am to whole thing to begin with) but to my simple mind it just seems, well a bit overkill. I can definitely see the benefits of functional separation when we're talking larger organizations, but I need to consider the additional overhead too. None of this excludes having a DRP setup for the domain controller/s. I assume you can lose two domain controllers just as easily as one.

Read the article
How is the "change password at next logon" requirement supposed to work with RDP using Network Level Authentication?

- by NReilingh

We have a Windows server (2008 R2) with the "Remote Desktop Services" feature installed and no Active Directory domain. Remote desktop is set up to "Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure)". This means that before the remote screen is displayed, the connection is authenticated in a "Windows Security: Enter your credentials" window. The only two role services installed on this server is the RD Session Host and Licensing. When the "User must change password at next logon" checkbox is selected in the properties for a local user on this server, the following displays on a client computer after attempting to connect using the credentials that were last valid: On some other servers using RDP for admin access (but without the Remote Desktop Services role installed), the behavior is different -- the session begins and the user is given a change password prompt on the remote screen. What do I need to do to replicate this behavior on the Remote Desktop Services server?

Read the article
How to give a user NTFS rights to a folder, via Powershell

- by Don

I'm trying to build a script that will create a folder for a new user on our file server. Then take the inherited rights away from that folder and add specific rights back in. I have it successfully adding the folder (if i give it a static entry in the script), giving domain admin rights, removing inheritance, etc...but i'm having trouble getting it to use a variable I set as the user. I don't want there to be a static user each time, I want to be able to run this script, have it ask me for a username, it then goes out and creates the folder, then gives that same user full rights to that folder based on the username i've supplied it. I can use Smithd as a user, like this: New-Item \\fileserver\home$\Smithd –Type Directory But can't get it to reference the user like this: New-Item \\fileserver\home$\$username –Type Directory Here's what i have: Creating a new folder and setting NTFS permissions. $username = read-host -prompt "Enter User Name" New-Item \\\fileserver\home$\$username –Type Directory Get-Acl \\\fileserver\home$\$username $acl = Get-Acl \\\fileserver\home$\$username $acl.SetAccessRuleProtection($True, $False) $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Administrators","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow") $acl.AddAccessRule($rule) $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Domain\Domain Admins","FullControl", "ContainerInherit, ObjectInherit", "None", "Allow") $acl.AddAccessRule($rule) $rule = New-Object System.Security.AccessControl.FileSystemAccessRule("Domain\"+$username,"FullControl", "ContainerInherit, ObjectInherit", "None", "Allow") $acl.AddAccessRule($rule) Set-Acl \\\fileserver\home$\$username $acl I've tried several ways to get it to work, but no luck. Any ideas or suggestions would be welcome, thanks.

Read the article
Domain Environment + Certificate Authority + Server 2008 R2

- by user1110302

I have recently been delegated the task to setup a CA in our domain environment and have a question on why Microsoft does somethings the way they do lol. I have been trying to read up on what the best practices are for going about this task, and have decided that in an ideal CA environment you should have one “offline” Root CA, and then two subordinate CAs for redundancy/issuing the certs. That is all good, I understand how this works and why, but in messing with a sandbox I have setup, the way you go about adding certificate authorities to a domain environment seems extremely trivial and against all of their best practices… Dooes anyone know what the purpose is of an Enterprise Root CA that is integrated into Active Directory? From what I have read, once you setup an Enterprise Root CA that is integrated into Active Directory, it stays with Active Directory for the long haul and must not be turned off/renamed/touched under any circumstances. If this is true, that seems to go against the practice of setting up a standalone root CA, adding the subordinates, and then taking the root offline. Thanks for any feedback you may have to offer!

Read the article
Cannot access domain from windows 2003 client

- by Peuge

Hey all, First off I am a novice at AD and DNS so please bear with me. This is my current situation: I have one server which is a DC and DNS server (win2k3) - Machine 1. I have another machine which is trying to join this domain - Machine2. This machine is also a win2k3 server. This is what I have done so far: I have setup DNS on the DC and its tcp/ip dns is pointing to itself. On machine2 I have set its dns to point to the dc. The DNS has been setup with a forward lookup zone with the same name as the domain (accdirect.com). I can ping machine1 from the machine2 by its FQDN and ip. I have set up forwarders on the DC for our ISP dns and can browse the internet on both machines. In the DNS mmc on the DC I can see a host (A) has been created for machine2. The problem is I still cannot join the domain. When I try join the domain via my computer - properties then it brings up the username/password box and after I go "ok" it says cannot find domain accdirect.com If I run this from machine2 dcdiag /s:accdirect.com /u:accdirect.com\admin /p: then I get the following: Performing initial setup: ** Warning: could not confirm the identity of this server in the directory versus the names returned by DNS servers. If there are problems accessing this directory server then you may need to check that this server is correctly registered with DNS [accdirect.com] Directory Binding Error 1722: Win32 Error 1722 This may limit some of the tests that can be performed. Done gathering initial info. On the dc all dcdiag and netdiag results pass. If anyone could help me I would really appreciate this! Sorry if any of my terminology is a bit off, I have only been doing this for two days. thanks Peuge

Read the article
OS X "service" for running JavaScript bookmarklets from anywhere?

- by Spiff

I have some JavaScript bookmarklets that work on the selected text in a web page, but I'd like to be able to use them on the selected text in any Mac OS X app, not just browsers or things that provide browser-like views. Mac OS X has the "Services" (sub)menu where any app can publish services that it can provide to other apps, but I don't know how to make my bookmarklets show up as services there. Is there a way to make JavaScript bookmarklets show up as Mac OS X "Services", or otherwise execute JavaScript against the selected text in any Mac OS X app?

Read the article
Recommended service account setup for MS SQL Server 2005/2008

- by boxerbucks

We have a number of MS SQL servers in our environment running either SQL Server 2005 standard/enterprise or SQL server 2008 enterprise. Currently the SQL services are running as local service or network service and the MS recommended best practice is to run as a domain account which is what we are trying to move towards. Is the best practice with regards to domain accounts to have a separate domain account per service per server? So if we have 4 SQL services we want to run per server and we have 50 servers, we would create 50 * 4 = 200 accounts in AD? This seems excessive to me and I was wondering if anyone has any real experience with this type of setup and it's management.

Read the article
OS X "service" for running JavaScript bookmarklets in any app?

- by Spiff

I have some JavaScript bookmarklets that work on the selected text in a web page, but I'd like to be able to use them on the selected text in any Mac OS X app, not just browsers or things that provide browser-like views. Mac OS X has the "Services" (sub)menu where any app can publish services that it can provide to other apps, but I don't know how to make my bookmarklets show up as services there. Is there a way to make JavaScript bookmarklets show up as Mac OS X "Services", or otherwise execute JavaScript against the selected text in any Mac OS X app?

Read the article
Overriding HOMEDRIVE and HOMEPATH as a Windows 7 user

- by MikeC

My employer has an Active Directory group policy which sets my Windows 7 laptop HOMEDRIVE to "M:" (a mapped network drive) and my HOMEPATH to "\". Since I have read-only permissions for the root of that shared drive, I cannot create files or directories in my windows home directory. My attempts to work with the IT department have been unsuccessful. Is there a way for me to globally change these envars at boot or login time? I need for all applications to use alternate values (such as "C:" and "\Users\myname"). I have some installed utilities (like gvim and others) that store preference files in the user's home directory. IMPORTANT: Changing these envars under "System Properties Environment Variables" does not work. I have tried setting these as both User and System Variables (including a reboot). TypingSET HOMEin a DOS window clearly shows that my settings are ignored. Also, using "Start in" in a Windows shortcut will also not solve this, as I need things like Explorer context menu items (like "Edit with Vim") to operate correctly. I do have admin rights on this company laptop, but I am not a Win7 guru. Back in the day, a boot script would have solved this in a minute. Is it even possible today? Thanks.

Read the article
service monitoring manager for Ubuntu ?

- by mgpyone

My mate told me that there's a tool to manage services in Ubuntu, System Administration Services. But unfortunately, I don't found it in my Ubuntu (9.10). Is it easy to get it? What package do I need to install? If not, are there any alternative GUI programs to manage services (like mysql, apache and so forth)?

Read the article
Windows Server Connected to Domain Without Being Domain Controller

- by saluce

Can a Windows Server be connected to an Active Directory domain without being a domain controller? Here's the scenario: I want to use Windows Server 2012 to run several virtual machines for testing our web application in a variety of environments. We have a corporate domain, and I'd like to use the corporate login (or at least a common login) on each of the virtual machines without necessarily having to get IT to set up each virtual machine on the corporate domain. Also, I need the server itself to be able to authenticate domain logins (the app uses domain login information for users to login). However, I absolutely do NOT want it to be a DC on the corporate network. Thus, my questions: Can a Windows Server be connected to an Active Directory domain without being a DC? Can a Windows Server authenticate users on another domain without being a part of that domain? Can a Windows Server be a domain controller in a small network (comprised of just the server and itself) and use the corporate domain's Active Directory for authenticating user logins to the server, the web app, and the virtual machines?

Read the article
What is the correct authentication mechanism when there are users inside and outside the domain?

- by Gary Barrett

We have a Windows 7 enterprise desktop data entry app for mobile (laptop) users with local SQL Express 2008 R2 Express db that syncs data with an SQL Server 2008 R2 Server db. Authentication is required before syncing the data. The existing group of users are part of the organisation's domain so normal scenario and they connect to the Sql Server directly. But there are plans for a second group of app users who belong to various partner organisations so they are outside our domain and have their own various separate domains/accounts. The aim is to deploy the desktop app to them and they will periodically sync data to our SQL Server. What I am uncertain of: Is it possible to authenticate users from another domain? Can permissions be managed via Active Directory etc? Which authentication protocol should be used in this scenario? Windows, Forms, SQL, etc? The IT people are requesting users of the system be managed via Active Directory. Is it possible to manage the external domain users access via Active Directory?

Read the article
LDAP authentication: Windows Server2k3 vs. 2k8

- by wolfgangsz

We have around 70% linux users, all of which are configured to authenticate against Active Directory through LDAP. In order for this to work, we used the "Windows Services for Unix" under Windows Server 2003, and it all works fine. We are now at a point where the server running this contraption is getting a bit tired and will be replaced with a newer machine, running Windows Server 2008 (where the relevant services such as user name mapping and password changes, etc., are integrated with the OS). And here's the rub: If a new user is configured through the Win2k3 server, then it all works fine. If the same thing is done through the Win2k8 server, then : The ADS plugin on the 2k3 server does not recognize it and behaves as if the UNIX attributes were never set. The user cannot authenticate against ADS using LDAP. Has anybody encountered this problem? If so, how did you overcome this? If you need any additional information to provide further help, just ask and I shall provide it.

Read the article
Remote access to server via service control panel for non-admin user in Windows 2008

- by user2278

I'm trying to configure my Windows 2008 servers so that my developers can view their status without needing to log on to the box or be an admin. Unfortunately, the permissions set in Windows 2008 for remote non-admin users don't include the ability to enumerate or otherwise query services. This causes anything that contacts the SCM on the far end to fail (Win32_Service, sc.exe, services.msc etc). How do I set up permissions so that they can at least list the services and see if they are running?

Read the article
service monitaring manager for Ubuntu ?

- by mgpyone

my mate told me that there's a tool to manage services in Ubuntu . System > Administration > Services. but unfortunately, I don't found it in my Ubuntu (9.10). Thus, is it easy to get it ? If not, is there any alternative GUI programs to manage services ( like mysql, apache and so forth) ?

Read the article
Automate setup of constrained kerberos delegation in AD

- by Grhm

I have a web app that uses some backend servers (UNC, HTTP and SQL). To get this working I need to configure ServicePrincipalNames for the account running the IIS AppPool and then allow kerberos delegation to the backend services. I know how to configure this through the "Delegation" tab of the AD Users and Computers tool. However, the application is going to be deployed to a number of Active Directory environments. Configuring delegation manually has proved to be error prone and debugging the issues misconfiguration causes is time consuming. I'd like to create an installation script or program that can do this for me. Does anyone know how to script or programmatically set constrained delegation within AD? Failing that how can I script reading the allowed services for a user to validate that it has been setup correctly?

Read the article
In Windows 7, is there a way to know how much memory a service is using?

- by tigrou

In windows 7, is there a way (by using common interface or a custom utility) to know how much memory a specific windows service is using ? It seems most services are hosted by svchost.exe processes ( some svchosts.exe processes seems to host tons of services). While it is possible to know which services are hosted by a specific process, I found no way to get information about how much memory a service take.

Read the article
Does "..." have meaning as a relative pathname? (EDIT: No.)

- by Pup

1. Is there a relative pathname/directory/folder meaning for the expression "..."? 2. What does "..." refer to in the context cited? I encountered the expression "..." when looking at the installation instructions for http://code.google.com/p/vim-win3264/wiki/Win64Binaries and it says the following (note bolded text): Unzip the zipfile into a directory whose name ends in vim, such as C:\Program Files\Vim, D:\vim, or C:\mytools\vim. This will create a vim72 subdirectory, containing all the files. Start a cmd.exe window, cd ...\vim\vim72, then run install.exe, the command-line installer. This will offer you a series of choices. You can probably just type d to "do it".` Bonus points for listing all relative directory pathnames!

Read the article
Is it possible to extend the ad schema in a Win2003 DC Server (NOT R2) to support DFSR?

- by JohannesH

we're in the process of installing a brand new Windows Server 2008 Web cluster and we would like to synchronize some files between the servers. The problem is that the DC in the domain is an old Windows Server 2003 Standard (NOT R2) which apparently doesn't contain some extension to the AD schema. Is it possible to upgrade the schema without upgrading the DC servers to R2? When I try to create a Replication Group on the 2008 Server I get the following message: --------------------------- Error --------------------------- srv.XXXXXX.XX: The Active Directory Domain Services schema on domain controller activedc07.srv.XXXXXX.XX cannot be read. This error might be caused by a schema that has not been extended, or was extended improperly. See Help and Support Center for information about extending the Active Directory Domain Services schema. Schema version 30 is not supported. --------------------------- OK ---------------------------

Read the article
SQL Server Compact 'Data Directory' macro in Connection String - more info needed

- by codeulike

So, as described on this msdn page, when you define a Connection String for SQL Server Compact 3.5, you can use the "Data Directory" macro, like this: quote from this msdn page: Data Directory Support SQL Server Compact 3.5 now supports the Data Directory macro. This means that if you add the string |DataDirectory| (enclosed in pipe symbols) to a file path, it will resolve to the path of the database. For example, consider the connection string: "Data Source= c:\program files\MyApp\Mydb.sdf" When using Data Directory, you can instead use the following connection string: "Data Source = |DataDirectory|\Mydb.sdf" For more information, see How to: Deploy a SQL Server Compact 3.5 Database with an Application. However, the 'for more information' link on msdn doesn't actually give any more information. So my question is: How does the |Data Directory| macro translate at run time? For WinForm apps, it seems to just give the location of the executable. Or is it more complicated than that?

Read the article
Limit size of cache directory.

- by M.A. Cape

I have some questions about the cache directory in android. Does anyone knows the limit for each app's cache directory? Also what will happen if there is not enough disk space to cache data? All I know is when the device runs low on storage, the files here (cache directory)will be the ones that get deleted first and each app has its own cache directory. Now, are the files of other app's cache directory will be cleared to accommodate my app's request to add files in the cache dir when there is not enough storage?

Read the article
.config file not loaded from working directory

- by Phil Coveney

I am new to using .config files, having worked on apps that use .INI files and the registry until very recently. I am seeing a behavior in VS2008 that I would not anticipate, and wonder if it is the expected one. When I configure the Working Directory setting in the VS2008 IDE for my Foo.exe application, I would have guessed that Foo.exe.config would get loaded from that Working Directory. It does not; it gets loaded from the ..\bin\Debug directory, even if I have a Foo.exe.config file in that Working Directory. If I examine the Environment.CurrentDirectory while the configuration is being applied by setting a breakpoint, I see that it is ..\bin\Debug. When I examine the Environment.CurrentDirectory after my main UI's Loaded event, it is set to the Working Directory I applied in the IDE. Is this correct? (Why?)

Read the article

< Previous Page | 100 101 102 103 104 105 106 107 108 109 110 111 | Next Page >