Search Results

Search found 5084 results on 204 pages for 'policy routing'.

Page 131/204 | < Previous Page | 127 128 129 130 131 132 133 134 135 136 137 138  | Next Page >

• Full disk encryption on linux (ubuntu) w/o re-installing - possible?

  - by sa125

  Hi - I work at a company that takes security very seriously (like most). Our IT guy came in today to prepare us mentally to re-install our systems after he'll apply the new encryption policy (which will basically scrape our HD clean). For our team this means about a week of re-configuring, installing, and tweaking our desktops until we are back to work capacity - anyone who has to re-install a development machine probably knows what I'm talking about. So, I guess my question is if there's any way to perform full disk encryption on a linux (ubuntu = 9.04) system without having to re-install EVERYTHING [sigh]. IT guy said there isn't any - please prove him wrong. thanks :)

  Read the article

• Windows 7 offline files - work temporarily offline even if network connection works

  - by Robert

  Sometimes I am connected via VPN to a network containing the server where files are stored which are cached by Windows offline files feature. Sometimes the connection works good and working this way is not a problem - on other times working is quite a pain because of high latency when working with the files in the Windows explorer. Is there an interactive way how a user (with admin permissions) can temporary suspend online usage of offline files? I already activated the "Transparent caching" group policy feature (Computer Configuration Policies Administrative Templates Networks Offline Files) with a network latency of 200msec but from my experience even if I get ping times to the file server of less than 40msec online usage is quite tenacious. Setting low latency times at this point causes the offline files often to toggle which makes problems with some applications working with several files and requires them to be consistent (like SVN client).

  Read the article

• 8021x wireless clients auto connect prior to user login

  - by JohnyV

  I am using a 2008 r2 dc that also performs Radius (NPS), I also have a 2008 r2 certificate authority which is giving out certificates. The computers are getting the certificate and when a user logs into the device (that has previously logged in) gets put on the correct VLAN (according to there user access). However I cant get the computers to join the wireless network prior to logging in, so that they can log in with their domain accounts and authenticate through the wireless. The basic setup is Computer gets group policy which tells it to get a certificate the computer then has a seperate vlan to join just as a computer account however the wireless computer wont connect through that vlan. (this vlan allows login information only then once the users credentials are verified it puts them onto another VLAN). So I am trying to work out why the notebook wont auto connect to the wireless network as a computer. Thanks

  Read the article

• firehol (firewall) with bridge: how to filter

  - by Leon

  I have two interfaces: eth0 (public address) and lxcbr0 with 10.0.3.1. I have a LXC guest running with ip 10.0.3.10 This is my firehol config: version 5 trusted_ips=`/usr/local/bin/strip_comments /etc/firehol/trusted_ips` trusted_servers=`/usr/local/bin/strip_comments /etc/firehol/trusted_servers` blacklist full `/usr/local/bin/strip_comments /etc/firehol/blacklist` interface lxcbr0 virtual policy return server "dhcp dns" accept router virtual2internet inface lxcbr0 outface eth0 masquerade route all accept interface any world protection strong #Outgoing these protocols are allowed to everywhere client "smtp pop3 dns ntp mysql icmp" accept #These (incoming) services are available to everyone server "http https smtp ftp imap imaps pop3 pop3s passiveftp" accept #Outgoing, these protocols are only allowed to known servers client "http https webcache ftp ssh pyzor razor" accept dst "${trusted_servers}" On my host I can connect only to "trusted servers" on port 80. In my guest I can connect to port 80 on every host. I assumed that firehol would block that. Is there something I can add/change so that my guest(s) inherit the rules of the eth0 interface?

  Read the article

• Capslock turns on intermittenly on Windows Login Screen

  - by NoCarrier

  At first I thought it was a coworker playing a joke on me.. I have a habit of locking my workstation whenever I leave my desk. however i have noticed over the last several years that sometimes the capslock key would be on when I return. I don't notice this until i try typing in my password (which would fail because its in ALL CAPS) and then glance at the now illuminated caps lock key. This has happened on and off across half a dozen workstations on 2000, XP, Vista, and Windows 7. Possible causes I'm losing my mind "feature" in windows? some sort of institutional domain policy at my workplace someone has been messing with me for many many years ?

  Read the article

• WS-AT Issue between WPS 6.2 and WAS 7.0

  - by AK

  Hi, I have a BPEL running on WPS 6.2 trying to call a web service on developed on RAD 7.5, deployed on RAD test environment. I have setup WS Transaction policy on both client and server. I get an error on WAS 7.0 saying Must Understand check failed for headers: {http:// schemas.xmlsoap.org/ws/2004/10/wscoor}CoordinationContext I tried to generate the same webservice on ibm wid 6.2 and deployed on EAR on WAS 7, it works perfect. Any thoughts ? Is there a SOAP runtime mismatch ? Help appreciated . -AK

  Read the article

• OpenLDAP Password Expiration with pwdReset=TRUE?

  - by jsight

  I have configured the ppolicy overlay for OpenLDAP to enable password policies. These things work: Password lockouts on too many failed attempts Password Change required once pwdReset=TRUE added to user entry Password Expirations If the account is locked out due to intrusion attempts (too many bad passwords) or time (expiration time hit), the account must be reset by an administrator. However, when the administrator sets pwdReset=TRUE in the profile, this seems to also override the expiration policy. So, the password that the administrator sent out (which should be a temporary password) ends up being valid permanently. Is there a way in OpenLDAP to have a password that must be changed, but also MUST expire?

  Read the article

• Cisco ASA 5505 and slow download speeds for Apple devices

  - by James

  For traffic routing through my ASA 5505, downloads for all Apple devices, including AppleTV iPad gen 1 IMac MacBook Pro are very slow. speedof.me show less than 1 Mbps download (where I should have 20 Mbps +), yet for any Windows-based device, the download speeds are in excess of 20 Mbps. The Windows device, including the iMac and MacBook Pro machines, are connected via ethernet cable. Why are Apple devices experiencing such pain? Is it an ASA setting, or something else? Thanks.

  Read the article

• Force local IP traffic to an external interface

  - by calandoa

  I have a machine with several interfaces that I can configure as I want, for instance: eth1: 192.168.1.1 eth2: 192.168.2.2 I would like to be able to forward all the traffic to one of these local address trhough the other interface. For instance, all requests to an iperf, ftp, http server at 192.168.1.1 are not just routed internally, but forwarded through eth2 (and the external network will take care of re-routing the packet to eth1). I tried and looked at several commands, like iptables, ip route, etc... but nothing worked. The closest behavior I could get was done with: ip route change to 192.168.1.1/24 dev eth2 which send all 192.168.1.x on eth2, except for 192.168.1.1 which is still routed internally. The goal of this setup is to do interface driver testing without using two PCs. I am using Linux, but if you know how to do that with Windows, I'll buy it!

  Read the article

• Sharepoint Server 2007 generates event log entry every 5 minutes - "The SSP Timer Job Distribution L

  - by Teevus

  I get the following error logged into the Event Log every 5 minutes: The SSP Timer Job Distribution List Import Job was not run. Reason: Logon failure: the user has not been granted the requested logon type at this computer In addition, OWSTimer.exe periodically gets into a state where its consuming almost all the CPU and only killing the process or restarting the Sharepoint services fixes it (although I'm not sure if this is a related or seperate issue). I have tried the following (based on various suggestions floating around the web), all to no avail: iisreset (no affect) Added the Sharepoint and Sharepoint Search service accounts to Log on as a batch job and Log on as a service policies in the Group Policies for the domain. I went into the Local Computer Policy on the Sharepoint server and verified that those policies had actually been applied Verified that the Sharepoint and Sharepoint Search service accounts are both in the WSS_WPG group Verified in dcomcnfg that the WSS_WPG group (and indeed the Sharepoint and Sharepoint search service accounts) has local activation rights for SPSearch. Any more suggestions would be valued. Thanks

  Read the article

• Cannot WMI Query root\MSCluster namespace as Local Admin

  - by Matt Zuberko

  I'm trying to use WMI Explorer to query the root\MSCluster namespace on various hosts to obtain cluster resource group and resource object data. I can access the namespace with no issue on Win2K3 cluster nodes but am getting an access denied error attempting to connect to Win2K8 and Win2K8R2 nodes. I can access the root\cimv2 namespace with no issue, just the MSCluster namespace even though I am a local Admin. Is there a feature setting, local security policy or server role I have to be a member of to access the namespace? Thank you!

  Read the article

• Must I have Exchange to use Blackberry Enterprise Server Express?

  - by John Spaz

  In the past I've setup BES (not express) for a company that just wanted their users on the corporate network, they didn't care for email or any other enterprise feature, they just wanted to push a policy that the phones internet should be routed through the corporate network. I want to setup BES Express now for a customer that also just wants the phones on his network but wherever I look, it says that BES Express requires Exchange. Is there a way to install BES Express without Exchange and without a AD Domain? Basically what the customer wants to accomplish is to be able to filter and log the internet access on the phones.

  Read the article

• ITIL Incident Classification - Fault vs SR vs Technical Incident

  - by ExceptionLimeCat

  I am new to ITIL and Incident classifcations and I am trying learn more about them and understand how they could integrate in our organization. I have found it difficult to find a clear definition of Fault vs. Service Request vs. Technical incidents. I am basing my definitions on this article: http://www.itsmsolutions.com/newsletters/DITYvol6iss27.htm As I understand it: Service Request - Service provided by IT as part of regular administration of a system. Fault - An unexpected error in a system. Technical Incident - An interruption or potential interruption in IT service due to an expected incident caused by some IT policy.

  Read the article

• How to stop Windows 7 from applying patches on shutdown

  - by Stabledog

  I have my Windows 7 Pro set up to "download patches, but let me choose when to install them". However, on several occasions, when I have shut down the O/S, Windows Update has proceeded with a lengthy patch application even though I issued no permission to do so. This is a bit scary to me... in particular, it seems I cannot trust the Windows Update settings. Is this official policy somewhere at Microsoft, or am I witnessing a bug? What can be done about it?

  Read the article

• MX record configuration for hosted email?

  - by Paul Sanwald

  I am helping a friend with his website, and am having a problem with his webmail configuration, which I suspect is due to a misconfigured MX record. His domain is registered and hosted by hostmonster, they have a webmail option. A record: Host Points To TTL webmail 12.345.789.101 14400 CNAME: mail webmail.d.com 14400 MX Record: 0 @ mail.d.com 14400 I've created an email account on hostmonster, [email protected]: however, when I sent an email to this account, it appears to be routing to /dev/null. I know that it's not actually, but am unsure of the steps I can take to track this down? I've tried using dig, but am unsure where to start. How can I track down where this email is being routed to?

  Read the article

• L2TP server - site-to-site vpn connection

  - by Pyro

  I am not sure this is the right place for this question but here goes. We want to connect users using an L2TP VPN connection to a users at the other end of a SonicWall site-to-site VPN. Currently we have a SonicWall firewall/router contraption in the home-office that is connected to a far-office over a VPN. Communications with machines in the home-office and far-office is fine. We also have an L2TP server running on the SonicWall that outside users can connect to. This gives them access to machines in the home-office. Communication between outside users and the home-office is fine. However outside users connected to the home-office via the L2TP server can't communicate with machines in the far-office. Will there need to be network bridging or routing needed? Or will this simply be a firewall setting to get this working? Thanks for any help or clues you provide! Rob

  Read the article

• Wall jacks to patch panel?

  - by rj454me

  OK, I'm by no means a seasoned networking pro and I had no say so in the design of our current server room which is in dire need of an extreme makeover. Basically, in our server room we have 12 wall plates with 4 RJ-45 ports on each - 48 total RJ-45 ports. From these 48 ports is a spaghetti bowl of network cables feeding our servers located in a rack - there is no patch panel currently, just straight from the wall jack to each server. What I was wondering is, is it feasible to mount a 48 port patch panel in our server rack and feed into this patch panel from the wall jacks (of course nicely routing this cable through some new cable trays)? We really don't have the funds to mount the patch panel and have it fed directly from the switches in the telcom closet which is several hundred feet away. Current: Switch (Telcom Closet) - Wall Jacks - Servers Proposed: Switch (Telcom Closet) - Wall Jacks - Patch Panel - Servers

  Read the article

• Simple, manageable DNS on EC2?

  - by dkulchenko

  I'm working on a large network of servers sitting on EC2, and need a way for the servers to know about each other's locations in the cloud. I thought the simplest way would be to use DNS, because if I replace the EC2 instance, I simply update the DNS record, and the rest of the servers will know about it (with names like users.db.mysoft.com, routing.mysoft.com, cluster1.memcached.mysoft.com). I'm considering setting up a master DNS server on a micro/small instance to accommodate this. I'd preferably need something that's as simple as a key-value store (hostname - IP) into which the platform could remotely add/remove entries. Can I do this with BIND? Or is there a better solution?

  Read the article

• Configuring NAT and static IP on Cisco 877W

  - by David M Williams

  Hi all, I'm having trouble setting up a static IP reservation on a network. What I want to do is assign IP 192.168.1.105 to MAC address 00:21:5d:2f:58:04 and then port forward 35394 to it. If it helps, output from show ver says Cisco IOS software, C870 software (C870-ADVSECURITYK9-M), version 12.4(4)T7, release software (fc1) ROM: System bootstrap, version 12.3(8r)YI4, release software I have done this - service dhcp ip routing ip dhcp excluded-address 192.168.1.1 192.168.1.99 ip dhcp excluded-address 192.168.1.200 192.168.1.255 ip dhcp pool ClientDHCP network 192.168.1.0 255.255.255.0 default-router 192.168.1.1 dns-server 192.168.1.1 lease 7 ip dhcp pool NEO host 192.168.1.105 255.255.255.0 hardware-address 0021.5D2F.5804 ip nat inside source static tcp 192.168.1.105 35394 <PUBLIC_IP> 35394 extendable However, the machine is getting assigned IP address 192.168.1.101 not .105 ... any suggestions? Thanks !

  Read the article

• What is the harm in giving developers read access to application server application event logs?

  - by Jim Anderson

  I am a developer working on an ASP.NET application. The application writes logging messages to the Windows event log - a custom application log just for this application. However, I do not have any access to testing or staging web/application servers. I thought an admin could just give me read access to this event log to help in debugging problems (currently a service that is working in dev is not working in test environment and I have no idea why) but that is against my client's (I'm a consultant) policy. I feel silly to keep asking an admin to look at the event log for me. What is the harm in giving developers read access to application server application event logs? Is there a different method of application logging that sysadmins prefer programmers use? Surely, admins don't want to be fetching logging messages for developers all the time.

  Read the article

• How to allow IAM users to setup their own virtual MFA devices

  - by Ali

  I want to let my IAM users to setup their own MFA devices, through the console, is there a single policy that I can use to achieve this? So far I can achieve this through a number of IAM policies, letting them list all mfa devices and list users (so that they can find themselves in the IAM console and ... I am basically looking for a more straight forward way of controlling this. I should add that my IAM users are trusted users, so I don't have to (although it will be quite nice) lock them down to the minimum possible, so if they can see a list of all users that is ok.

  Read the article

• Blocking the Apple OS X App Store

  - by Jon Rhoades

  Being the evil corporate IT overlords we need to block the new OS X App Store. As you may be aware the 10.6.6 update installs the App Store App which allows users to download and install apps without admin privileges. Some Suggestions: Don't update to 10.6.6+ Use parental controls Presumably some OD policy (if you have an OD server which we don't) Block the App store by DNS or Proxy Not updating to 10.6.6+ isn't really a long term solution as it contains security fixes and new Macs will come with it anyway. Blocking the App store at a network level doesn't solve laptop users. Ideally a simple system preference or editing of a plist that can be pushed out by ARD would be the best solution. Please note the question isn't should we block the App store, it's how we can block the App store.

  Read the article

• OpenLDAP Password Expiration with pwdReset=TRUE?

  - by jsight

  I have configured the ppolicy overlay for OpenLDAP to enable password policies. These things work: Password lockouts on too many failed attempts Password Change required once pwdReset=TRUE added to user entry Password Expirations If the account is locked out due to intrusion attempts (too many bad passwords) or time (expiration time hit), the account must be reset by an administrator. However, when the administrator sets pwdReset=TRUE in the profile, this seems to also override the expiration policy. So, the password that the administrator sent out (which should be a temporary password) ends up being valid permanently. Is there a way in OpenLDAP to have a password that must be changed, but also MUST expire?

  Read the article

• How to run a command as administrator on Windows7 from a command line?

  - by Radek

  I need to run tscon.exe 0 /dest:console remotely = not manually on Windows7 as an administrator. More info here How to use tscon on Windows7? I did my research and OPTION 1 - runas for user root (no password) on computer yogurt works C:\>runas /user:yogurt\root cmd Enter the password for yogurt\root: Attempting to start cmd as user "yogurt\root" ... for user administrator (I thought the the password is blank too) on computer yogurt doesn't work. I am asked for password, hit the enter and C:\>runas /user:yogurt\administrator cmd Enter the password for yogurt\administrator: Attempting to start cmd as user "yogurt\administrator" ... RUNAS ERROR: Unable to run - cmd 1327: Logon failure: user account restriction. Possible reasons are blank passwo rds not allowed, logon hour restrictions, or a policy restriction has been enforced. OPTION 2 - setting properties of a batch file so it always runs as administrator. The 'privilege level' section is greyed out for me under Compatibility level. So I am not able to tick the check box Run this program as an administrator

  Read the article

• Configure IIS 7 Reverse Proxy to connect to TeamCity Tomcat

  - by Cynicszm

  We have an IIS 7 webserver configured and would like to create a reverse proxy for a TeamCity installation using Tomcat on the same machine. The IIS server site is https://somesite and I would like the TeamCity to appear as https://somesite/teamcity redirecting to http://localhost:portnumber I have installed the IIS URL Rewrite extension from http://www.iis.net/download/URLRewrite and the Application Request Routing from http://www.iis.net/download/ApplicationRequestRouting to try and setup a reverse proxy but can't get it working. The closest answer I found is an old StackOverflow question http://stackoverflow.com/questions/331755/how-do-i-setup-teamcity-for-public-access-over-https which unfortunately doesn't have a working example. I've searched a quite a bit but can't seem to find a relevant example. Any help appreciated (apologies for the bold but the spam prevention won't let me post more than 1 hyperlink)

  Read the article

< Previous Page | 127 128 129 130 131 132 133 134 135 136 137 138  | Next Page >