Search Results

Search found 1694 results on 68 pages for 'rights'.

Page 14/68 | < Previous Page | 10 11 12 13 14 15 16 17 18 19 20 21  | Next Page >

  • SQL SERVER – Securing TRUNCATE Permissions in SQL Server

    - by pinaldave
    Download the Script of this article from here. On December 11, 2010, Vinod Kumar, a Databases & BI technology evangelist from Microsoft Corporation, graced Ahmedabad by spending some time with the Community during the Community Tech Days (CTD) event. As he was running through a few demos, Vinod asked the audience one of the most fundamental and common interview questions – “What is the difference between a DELETE and TRUNCATE?“ Ahmedabad SQL Server User Group Expert Nakul Vachhrajani has come up with excellent solutions of the same. I must congratulate Nakul for this excellent solution and as a encouragement to User Group member, I am publishing the same article over here. Nakul Vachhrajani is a Software Specialist and systems development professional with Patni Computer Systems Limited. He has functional experience spanning legacy code deprecation, system design, documentation, development, implementation, testing, maintenance and support of complex systems, providing business intelligence solutions, database administration, performance tuning, optimization, product management, release engineering, process definition and implementation. He has comprehensive grasp on Database Administration, Development and Implementation with MS SQL Server and C, C++, Visual C++/C#. He has about 6 years of total experience in information technology. Nakul is an member of the Ahmedabad and Gandhinagar SQL Server User Groups, and actively contributes to the community by actively participating in multiple forums and websites like SQLAuthority.com, BeyondRelational.com, SQLServerCentral.com and many others. Please note: The opinions expressed herein are Nakul own personal opinions and do not represent his employer’s view in anyway. All data from everywhere here on Earth go through a series of  four distinct operations, identified by the words: CREATE, READ, UPDATE and DELETE, or simply, CRUD. Putting in Microsoft SQL Server terms, is the process goes like this: INSERT, SELECT, UPDATE and DELETE/TRUNCATE. Quite a few interesting responses were received and evaluated live during the session. To summarize them, the most important similarity that came out was that both DELETE and TRUNCATE participate in transactions. The major differences (not all) that came out of the exercise were: DELETE: DELETE supports a WHERE clause DELETE removes rows from a table, row-by-row Because DELETE moves row-by-row, it acquires a row-level lock Depending upon the recovery model of the database, DELETE is a fully-logged operation. Because DELETE moves row-by-row, it can fire off triggers TRUNCATE: TRUNCATE does not support a WHERE clause TRUNCATE works by directly removing the individual data pages of a table TRUNCATE directly occupies a table-level lock. (Because a lock is acquired, and because TRUNCATE can also participate in a transaction, it has to be a logged operation) TRUNCATE is, therefore, a minimally-logged operation; again, this depends upon the recovery model of the database Triggers are not fired when TRUNCATE is used (because individual row deletions are not logged) Finally, Vinod popped the big homework question that must be critically analyzed: “We know that we can restrict a DELETE operation to a particular user, but how can we restrict the TRUNCATE operation to a particular user?” After returning home and having a nice cup of coffee, I noticed that my gray cells immediately started to work. Below was the result of my research. As what is always said, the devil is in the details. Upon looking at the Permissions section for the TRUNCATE statement in Books On Line, the following jumps right out: “The minimum permission required is ALTER on table_name. TRUNCATE TABLE permissions default to the table owner, members of the sysadmin fixed server role, and the db_owner and db_ddladmin fixed database roles, and are not transferable. However, you can incorporate the TRUNCATE TABLE statement within a module, such as a stored procedure, and grant appropriate permissions to the module using the EXECUTE AS clause.“ Now, what does this mean? Unlike DELETE, one cannot directly assign permissions to a user/set of users allowing or revoking TRUNCATE rights. However, there is a way to circumvent this. It is important to recall that in Microsoft SQL Server, database engine security surrounds the concept of a “securable”, which is any object like a table, stored procedure, trigger, etc. Rights are assigned to a principal on a securable. Refer to the image below (taken from the SQL Server Books On Line). urable”, which is any object like a table, stored procedure, trigger, etc. Rights are assigned to a principal on a securable. Refer to the image below (taken from the SQL Server Books On Line). SETTING UP THE ENVIRONMENT – (01A_Truncate Table Permissions.sql) Script Provided at the end of the article. By the end of this demo, one will be able to do all the CRUD operations, except the TRUNCATE, and the other will only be able to execute the TRUNCATE. All you will need for this test is any edition of SQL Server 2008. (With minor changes, these scripts can be made to work with SQL 2005.) We begin by creating the following: 1.       A test database 2.        Two database roles: associated logins and users 3.       Switch over to the test database and create a test table. Then, add some data into it. I am using row constructors, which is new to SQL 2008. Creating the modules that will be used to enforce permissions 1.       We have already created one of the modules that we will be assigning permissions to. That module is the table: TruncatePermissionsTest 2.       We will now create two stored procedures; one is for the DELETE operation and the other for the TRUNCATE operation. Please note that for all practical purposes, the end result is the same – all data from the table TruncatePermissionsTest is removed Assigning the permissions Now comes the most important part of the demonstration – assigning permissions. A permissions matrix can be worked out as under: To apply the security rights, we use the GRANT and DENY clauses, as under: That’s it! We are now ready for our big test! THE TEST (01B_Truncate Table Test Queries.sql) Script Provided at the end of the article. I will now need two separate SSMS connections, one with the login AllowedTruncate and the other with the login RestrictedTruncate. Running the test is simple; all that’s required is to run through the script – 01B_Truncate Table Test Queries.sql. What I will demonstrate here via screen-shots is the behavior of SQL Server when logged in as the AllowedTruncate user. There are a few other combinations than what are highlighted here. I will leave the reader the right to explore the behavior of the RestrictedTruncate user and these additional scenarios, as a form of self-study. 1.       Testing SELECT permissions 2.       Testing TRUNCATE permissions (Remember, “deny by default”?) 3.       Trying to circumvent security by trying to TRUNCATE the table using the stored procedure Hence, we have now proved that a user can indeed be assigned permissions to specifically assign TRUNCATE permissions. I also hope that the above has sparked curiosity towards putting some security around the probably “destructive” operations of DELETE and TRUNCATE. I would like to wish each and every one of the readers a very happy and secure time with Microsoft SQL Server. (Please find the scripts – 01A_Truncate Table Permissions.sql and 01B_Truncate Table Test Queries.sql that have been used in this demonstration. Please note that these scripts contain purely test-level code only. These scripts must not, at any cost, be used in the reader’s production environments). 01A_Truncate Table Permissions.sql /* ***************************************************************************************************************** Developed By          : Nakul Vachhrajani Functionality         : This demo is focused on how to allow only TRUNCATE permissions to a particular user How to Use            : 1. Run through, step-by-step through the sequence till Step 08 to create a test database 2. Switch over to the "Truncate Table Test Queries.sql" and execute it step-by-step in two different SSMS windows, one where you have logged in as 'RestrictedTruncate', and the other as 'AllowedTruncate' 3. Come back to "Truncate Table Permissions.sql" 4. Execute Step 10 to cleanup! Modifications         : December 13, 2010 - NAV - Updated to add a security matrix and improve code readability when applying security December 12, 2010 - NAV - Created ***************************************************************************************************************** */ -- Step 01: Create a new test database CREATE DATABASE TruncateTestDB GO USE TruncateTestDB GO -- Step 02: Add roles and users to demonstrate the security of the Truncate operation -- 2a. Create the new roles CREATE ROLE AllowedTruncateRole; GO CREATE ROLE RestrictedTruncateRole; GO -- 2b. Create new logins CREATE LOGIN AllowedTruncate WITH PASSWORD = 'truncate@2010', CHECK_POLICY = ON GO CREATE LOGIN RestrictedTruncate WITH PASSWORD = 'truncate@2010', CHECK_POLICY = ON GO -- 2c. Create new Users using the roles and logins created aboave CREATE USER TruncateUser FOR LOGIN AllowedTruncate WITH DEFAULT_SCHEMA = dbo GO CREATE USER NoTruncateUser FOR LOGIN RestrictedTruncate WITH DEFAULT_SCHEMA = dbo GO -- 2d. Add the newly created login to the newly created role sp_addrolemember 'AllowedTruncateRole','TruncateUser' GO sp_addrolemember 'RestrictedTruncateRole','NoTruncateUser' GO -- Step 03: Change over to the test database USE TruncateTestDB GO -- Step 04: Create a test table within the test databse CREATE TABLE TruncatePermissionsTest (Id INT IDENTITY(1,1), Name NVARCHAR(50)) GO -- Step 05: Populate the required data INSERT INTO TruncatePermissionsTest VALUES (N'Delhi'), (N'Mumbai'), (N'Ahmedabad') GO -- Step 06: Encapsulate the DELETE within another module CREATE PROCEDURE proc_DeleteMyTable WITH EXECUTE AS SELF AS DELETE FROM TruncateTestDB..TruncatePermissionsTest GO -- Step 07: Encapsulate the TRUNCATE within another module CREATE PROCEDURE proc_TruncateMyTable WITH EXECUTE AS SELF AS TRUNCATE TABLE TruncateTestDB..TruncatePermissionsTest GO -- Step 08: Apply Security /* *****************************SECURITY MATRIX*************************************** =================================================================================== Object                   | Permissions |                 Login |             | AllowedTruncate   |   RestrictedTruncate |             |User:NoTruncateUser|   User:TruncateUser =================================================================================== TruncatePermissionsTest  | SELECT,     |      GRANT        |      (Default) | INSERT,     |                   | | UPDATE,     |                   | | DELETE      |                   | -------------------------+-------------+-------------------+----------------------- TruncatePermissionsTest  | ALTER       |      DENY         |      (Default) -------------------------+-------------+----*/----------------+----------------------- proc_DeleteMyTable | EXECUTE | GRANT | DENY -------------------------+-------------+-------------------+----------------------- proc_TruncateMyTable | EXECUTE | DENY | GRANT -------------------------+-------------+-------------------+----------------------- *****************************SECURITY MATRIX*************************************** */ /* Table: TruncatePermissionsTest*/ GRANT SELECT, INSERT, UPDATE, DELETE ON TruncateTestDB..TruncatePermissionsTest TO NoTruncateUser GO DENY ALTER ON TruncateTestDB..TruncatePermissionsTest TO NoTruncateUser GO /* Procedure: proc_DeleteMyTable*/ GRANT EXECUTE ON TruncateTestDB..proc_DeleteMyTable TO NoTruncateUser GO DENY EXECUTE ON TruncateTestDB..proc_DeleteMyTable TO TruncateUser GO /* Procedure: proc_TruncateMyTable*/ DENY EXECUTE ON TruncateTestDB..proc_TruncateMyTable TO NoTruncateUser GO GRANT EXECUTE ON TruncateTestDB..proc_TruncateMyTable TO TruncateUser GO -- Step 09: Test --Switch over to the "Truncate Table Test Queries.sql" and execute it step-by-step in two different SSMS windows: --    1. one where you have logged in as 'RestrictedTruncate', and --    2. the other as 'AllowedTruncate' -- Step 10: Cleanup sp_droprolemember 'AllowedTruncateRole','TruncateUser' GO sp_droprolemember 'RestrictedTruncateRole','NoTruncateUser' GO DROP USER TruncateUser GO DROP USER NoTruncateUser GO DROP LOGIN AllowedTruncate GO DROP LOGIN RestrictedTruncate GO DROP ROLE AllowedTruncateRole GO DROP ROLE RestrictedTruncateRole GO USE MASTER GO DROP DATABASE TruncateTestDB GO 01B_Truncate Table Test Queries.sql /* ***************************************************************************************************************** Developed By          : Nakul Vachhrajani Functionality         : This demo is focused on how to allow only TRUNCATE permissions to a particular user How to Use            : 1. Switch over to this from "Truncate Table Permissions.sql", Step #09 2. Execute this step-by-step in two different SSMS windows a. One where you have logged in as 'RestrictedTruncate', and b. The other as 'AllowedTruncate' 3. Return back to "Truncate Table Permissions.sql" 4. Execute Step 10 to cleanup! Modifications         : December 12, 2010 - NAV - Created ***************************************************************************************************************** */ -- Step 09A: Switch to the test database USE TruncateTestDB GO -- Step 09B: Ensure that we have valid data SELECT * FROM TruncatePermissionsTest GO -- (Expected: Following error will occur if logged in as "AllowedTruncate") -- Msg 229, Level 14, State 5, Line 1 -- The SELECT permission was denied on the object 'TruncatePermissionsTest', database 'TruncateTestDB', schema 'dbo'. --Step 09C: Attempt to Truncate Data from the table without using the stored procedure TRUNCATE TABLE TruncatePermissionsTest GO -- (Expected: Following error will occur) --  Msg 1088, Level 16, State 7, Line 2 --  Cannot find the object "TruncatePermissionsTest" because it does not exist or you do not have permissions. -- Step 09D:Regenerate Test Data INSERT INTO TruncatePermissionsTest VALUES (N'London'), (N'Paris'), (N'Berlin') GO -- (Expected: Following error will occur if logged in as "AllowedTruncate") -- Msg 229, Level 14, State 5, Line 1 -- The INSERT permission was denied on the object 'TruncatePermissionsTest', database 'TruncateTestDB', schema 'dbo'. --Step 09E: Attempt to Truncate Data from the table using the stored procedure EXEC proc_TruncateMyTable GO -- (Expected: Will execute successfully with 'AllowedTruncate' user, will error out as under with 'RestrictedTruncate') -- Msg 229, Level 14, State 5, Procedure proc_TruncateMyTable, Line 1 -- The EXECUTE permission was denied on the object 'proc_TruncateMyTable', database 'TruncateTestDB', schema 'dbo'. -- Step 09F:Regenerate Test Data INSERT INTO TruncatePermissionsTest VALUES (N'Madrid'), (N'Rome'), (N'Athens') GO --Step 09G: Attempt to Delete Data from the table without using the stored procedure DELETE FROM TruncatePermissionsTest GO -- (Expected: Following error will occur if logged in as "AllowedTruncate") -- Msg 229, Level 14, State 5, Line 2 -- The DELETE permission was denied on the object 'TruncatePermissionsTest', database 'TruncateTestDB', schema 'dbo'. -- Step 09H:Regenerate Test Data INSERT INTO TruncatePermissionsTest VALUES (N'Spain'), (N'Italy'), (N'Greece') GO --Step 09I: Attempt to Delete Data from the table using the stored procedure EXEC proc_DeleteMyTable GO -- (Expected: Following error will occur if logged in as "AllowedTruncate") -- Msg 229, Level 14, State 5, Procedure proc_DeleteMyTable, Line 1 -- The EXECUTE permission was denied on the object 'proc_DeleteMyTable', database 'TruncateTestDB', schema 'dbo'. --Step 09J: Close this SSMS window and return back to "Truncate Table Permissions.sql" Thank you Nakul to take up the challenge and prove that Ahmedabad and Gandhinagar SQL Server User Group has talent to solve difficult problems. Reference: Pinal Dave (http://blog.SQLAuthority.com) Filed under: Best Practices, Pinal Dave, Readers Contribution, Readers Question, SQL, SQL Authority, SQL Query, SQL Scripts, SQL Security, SQL Server, SQL Tips and Tricks, T SQL, Technology

    Read the article

  • .net framework sdk version(csc.exe) using vcbuild.exe on the command line.

    - by r9r9r9
    I create a c# class library project named: testVcBuild, then use vcbuild.exe to build the project in the command line like: C:\Program Files\Microsoft Visual Studio 9.0\VC\vcpackages>vcbuild testVcBuild.csproj "Debug|Win32" the out put shows: Microsoft (R) Visual C++ Project Builder - Command Line Version 9.00.21022 Copyright (C) Microsoft Corporation. All rights reserved. Microsoft (R) Build Engine Version 2.0.50727.4927 [Microsoft .NET Framework, Version 2.0.50727.4927] Copyright (C) Microsoft Corporation 2005. All rights reserved. I found that the vcbuild.exe always call the "C:\Windows\Microsoft.NET\Framework\v2.0.50727\Csc.exe /noconfig .." the problem is how can I change the Framework version to v3.5? I found my project works fine with the v3.5 but it's broken in the v2.0.50727. I try to use msbuild.exe instead of vcbuild.exe, everything goes well, I just don't understand how can I make it with the vcbuild.exe? win7+vs2005+vs2008 installed.

    Read the article

  • Client-Side script to upload attachments to the Sharepoint 2007 list

    - by Clone of Anton Makrushin
    Hello. I have no good script-writing experience. So, I have a list created on MOSS 2007 with about 1000 elements and attachments enabled. I need to attach to each list item file (*.jpg) from a local folder. I doesn't have administrator privileges at MOSS server, only contributor rights Here is my script: $web = new-Object system.Net.WebClient $web.Credentials = [System.Net.CredentialCache]::DefaultCredentials $web.Headers.Add("user-agent", "PowerShell Script") $web.UploadFile('http://ruglbsrvsps/IT/Lists/Test1/', 'C:\temp\Attachments\14\Img1.jpg' ) Test1 - target list; Item1, Item2, Item3 - list items, without attachments, created manually When I run script, it returns byte array and does not upload file to the list item. Can you fix my script or advice better solution for my task (attach bulk of files to the MOSS list items, only contributor rights for target Sharepoint 2007 list) Thank you.

    Read the article

  • Schema compare with MS Data Tools in VS2008

    - by rdkleine
    When performing a schema compare having db_owner rights on the target database results in the following error: The user does not have permission to perform this action. Using the SQL Server Profiler I figured out this error occurs executing a query targeting the master db view: [sys].[dm_database_encryption_keys] While specifically ignoring all object types but Tables one would presume the SQL Compare doesn't need access to the db encryption keys. Also note: http://social.msdn.microsoft.com/Forums/en-US/vstsdb/thread/c11a5f8a-b9cc-454f-ba77-e1c69141d64b/ One solution would be to GRANT VIEW SERVER STATE to the db user, but in my case I'm not hosting the database services and won't get the rights to the server state. Also tried excluding DatabaseEncryptionKey element in the compare file. <PropertyElementName> <Name>Microsoft.Data.Schema.Sql.SchemaModel.SqlServer.ISql100DatabaseEncryptionKey</Name> <Value>ExcludedType</Value> </PropertyElementName> Anyone has an workaround this?

    Read the article

  • How do you deal with UAC when creating a process as a different user?

    - by sysrpl
    I am having an issue with UAC and executing a non interactive process as a different user (APIs such as CreateProcessAsUser or CreateProcessWithLogonW). My program is intended to do the following: 1) Create a new windows user account (check, works correctly) 2) Create a non interactive child process as new user account (fails when UAC is enabled) My application includes a administrator manifest, and elevates correct when UAC is enabled in order to complete step 1. But step 2 is failing to execute correctly. I suspect this is because the child process which executes as another user is not inheriting the elevated rights of my main process (which executes as the interactive user). I would like to know how to resolve this issue. When UAC is off my program works correctly. How can I deal with UAC or required elevated rights in this situation? If it helps any, the child process needs to run as another user in order to setup file encryption for the new user account.

    Read the article

  • Can't set up image upload in Django

    - by culebrón
    I can't understand what's not working here: 1) settings MEDIA_ROOT = '/var/www/satel/media' MEDIA_URL = 'http://media.satel.culebron' ADMIN_MEDIA_PREFIX = '/media/' 2) models class Photo(models.Model): id = models.AutoField(primary_key=True) name = models.CharField(max_length = 200) desc = models.TextField(max_length = 1000) img = models.ImageField(upload_to = 'upload') 3) access rights: drwxr-xrwx 3 culebron culebron 4.0K 2010-04-14 21:13 media drwxr-xrwx 2 culebron culebron 4.0K 2010-04-14 19:04 upload 4) SQL: CREATE TABLE "photos_photo" ( "id" integer NOT NULL PRIMARY KEY, "name" varchar(200) NOT NULL, "desc" text NOT NULL, "img" varchar(100) NOT NULL ); 4) run Django test server as myself. 5) result: SuspiciousOperation at /admin/photos/author/add/ Attempted access to '/var/www/satel/upload/OpenStreetMap.png' denied. Not a PIL & jpeg issue, seems not to be access rights issue. But what's wrong?

    Read the article

  • collect2: ld returned 1 exit status error in Xcode

    - by user573949
    Hello, Im getting the error Command /Developer/usr/bin/gcc-4.2 failed with exit code 1 and when the full log is opened, the error is more accurately listed as: collect2: ld returned 1 exit status from this simple Cocoa script: #import "Controller.h" @implementation Controller int skillcheck (int level, int modifer, int difficulty) { if (level + modifer >= difficulty) { return 1; } if (level + modifer <= difficulty) { return 0; } } int main () { skillcheck(10, 2, 10); } @end the .h file is this: // // Controller.h // // Created by Duo Oratar on 15/01/2011. // Copyright 2011 __MyCompanyName__. All rights reserved. // #import <Cocoa/Cocoa.h> @interface Controller : NSObject { int skillcheck; int contestcheck; } @end and no line was specified that the error came from, does anyone know what the source of this error is, and more importantly, how to fix it? EDIT: I removed the class so now I have this: // // Controller.m // // Created by Duo Oratar on 15/01/2011. // Copyright 2011 __MyCompanyName__. All rights reserved. // #import "Controller.h" int skillcheck (int level, int modifer, int difficulty) { if (level + modifer >= difficulty) { return 1; } if (level + modifer <= difficulty) { return 0; } } int main () { skillcheck(10, 2, 10); } and for the .h file: // // Controller.h // // Created by Duo Oratar on 15/01/2011. // Copyright 2011 __MyCompanyName__. All rights reserved. // #import <Cocoa/Cocoa.h> and the log says: (thanks to the guy who said how to open it) Ld build/Debug/Calculator.app/Contents/MacOS/Calculator normal x86_64 cd /Users/kids/Desktop/Calculator setenv MACOSX_DEPLOYMENT_TARGET 10.6 /Developer/usr/bin/gcc-4.2 -arch x86_64 -isysroot /Developer/SDKs/MacOSX10.6.sdk -L/Users/kids/Desktop/Calculator/build/Debug -F/Users/kids/Desktop/Calculator/build/Debug -filelist /Users/kids/Desktop/Calculator/build/Calculator.build/Debug/Calculator.build/Objects-normal/x86_64/Calculator.LinkFileList -mmacosx-version-min=10.6 -framework Cocoa -o /Users/kids/Desktop/Calculator/build/Debug/Calculator.app/Contents/MacOS/Calculator ld: duplicate symbol _main in /Users/kids/Desktop/Calculator/build/Calculator.build/Debug/Calculator.build/Objects-normal/x86_64/Controller.o and /Users/kids/Desktop/Calculator/build/Calculator.build/Debug/Calculator.build/Objects-normal/x86_64/main.o collect2: ld returned 1 exit status Command /Developer/usr/bin/gcc-4.2 failed with exit code 1 ld: duplicate symbol _main in /Users/kids/Desktop/Calculator/build/Calculator.build/Debug/Calculator.build/Objects-normal/x86_64/Controller.o and /Users/kids/Desktop/Calculator/build/Calculator.build/Debug/Calculator.build/Objects-normal/x86_64/main.o Command /Developer/usr/bin/gcc-4.2 failed with exit code 1

    Read the article

  • how to specify the Build Engine Version when using VcBuild.exe on the command line.

    - by r9r9r9
    I create a c# class library project named: testVcBuild, then use vcbuild.exe to build the project in the command line like: C:\Program Files\Microsoft Visual Studio 9.0\VC\vcpackages>vcbuild testVcBuild.csproj "Debug|Win32" the out put shows: Microsoft (R) Visual C++ Project Builder - Command Line Version 9.00.21022 Copyright (C) Microsoft Corporation. All rights reserved. Microsoft (R) Build Engine Version 2.0.50727.4927 [Microsoft .NET Framework, Version 2.0.50727.4927] Copyright (C) Microsoft Corporation 2005. All rights reserved. I found that the vcbuild.exe always call the "C:\Windows\Microsoft.NET\Framework\v2.0.50727\Csc.exe /noconfig .." the problem is how can I change the Framework version to v3.5? I found my project works fine with the v3.5 but it's broken in the v2.0.50727. I try to use msbuild.exe instead of vcbuild.exe, everything goes well, I just don't understand how can I make it with the vcbuild.exe? win7+vs2005+vs2008 installed.

    Read the article

  • UnauthorizedAccessException cannot resolve Directory.GetFiles failure

    - by Ric Coles
    Hi all, Directory.GetFiles method fails on the first encounter with a folder it has no access rights to. The method throws an UnauthorizedAccessException (which can be caught) but by the time this is done, the method has already failed/terminated. The code I am using is listed below: try { // looks in stated directory and returns the path of all files found getFiles = Directory.GetFiles(@directoryToSearch, filetype, SearchOption.AllDirectories); } catch (UnauthorizedAccessException) { } As far as I am aware, there is no way to check beforehand whether a certain folder has access rights defined. In my example, I'm searching on a disk across a network and when I come across a root access only folder, my program fails. I have searched for a few days now for any sort of resolve, but this problem doesn't seem to be very prevalent on here or Google. I look forward to any suggestions you may have, Regards

    Read the article

  • unresolved external symbol __penter referenced in function _WspiapiStrdup@4

    - by John Weldon
    I started getting this compile error after upgrading to Visual Studio 2010. Not sure if it's related, but I can't figure out what library to reference to satisfy this dependency? Is it just an API change bug or something? Microsoft (R) Program Maintenance Utility Version 10.00.30319.01 Copyright (C) Microsoft Corporation. All rights reserved. del wstest.res wstest.obj wstest.pdb wstest.ilk wstest.exe wstest.exe.manifest vc90.pdb cl -Gh -Ox -DNDEBUG -c -DCRTAPI1=_cdecl -DCRTAPI2=_cdecl -nologo -GS -D_X86_=1 -DWIN32 -D_WIN32 -W3 -D_WINNT -D_WIN32_WINNT =0x0501 -DNTDDI_VERSION=0x05010000 -D_WIN32_IE=0x0600 -DWINVER=0x0501 -D_MT -D_DLL -MDd wstest.c wstest.c link /DEBUG /DEBUGTYPE:cv -out:wstest.exe wstest.obj Ws2_32.lib Shlwapi.lib Microsoft (R) Incremental Linker Version 10.00.30319.01 Copyright (C) Microsoft Corporation. All rights reserved. wstest.obj : error LNK2019: unresolved external symbol __penter referenced in function _WspiapiStrdup@4 wstest.exe : fatal error LNK1120: 1 unresolved externals NMAKE : fatal error U1077: '"c:\program files (x86)\microsoft visual studio 10.0\vc\bin\link.EXE"' : return code '0x460' Stop.

    Read the article

  • Custom fine-grained claims based authorization system in ASP.NET MVC - wheres and hows

    - by BuzzBubba
    So, I'd like to implement my own custom authorization system in MVC2. If I'd have to create a global class, where do I instantiate it? Can HttpContext be extended with my own additions and where do I do that? Should I use Authorization filters for rights validation or ActionFilters or do it within an action? Can ActionFilter pass any data to the action itself? Previously (in WebForms) I was using a Session object where I would put a serialized object containing essential user data (account id and a list of roles and rights) and I'd extend my own Page class.

    Read the article

  • How do I specify MSBuild to execute command-line calls in ascii not unicode

    - by Ben L
    I'm attempting to target VC7.1 (visual studio 2003 sp1) from Visual Studio 2010. I'm so close to setting it to work. But when I build, I get this error. 1------ Build started: Project: AnExample, Configuration: Release Win32 ------ 1 Microsoft (R) 32-bit C/C++ Standard Compiler Version 13.10.6030 for 80x86 1 Copyright (C) Microsoft Corporation 1984-2002. All rights reserved. 1 1 cl ÿ_/ 1 1cl : Command line warning D4024: unrecognized source file type 'ÿ_/', object file assumed 1 Microsoft (R) Incremental Linker Version 7.10.6030 1 Copyright (C) Microsoft Corporation. All rights reserved. 1 1 /out:.exe 1 ¦/ 1LINK : fatal error LNK1181: cannot open input file ' ¦/.obj' I know this is unsupported but I thought I'd give it a go. Does anyone know how to force the output from msbuild to be ascii or if this is the problem? There were some errors like this years ago related to the DDK acorrding to some other forums. Thanks.

    Read the article

  • Wordpress: Create a customized role / user

    - by Mestika
    Hi, I’m farely new to Wordpress but are working on putting a page together which has a very simple purpose. I’m creating it for a customer with little or none IT experience so I want to create a user he can use to login and edit his pages – and nothing more. No settings, no comments, no posts, no links, no nothing, just create, delete and edit pages and maybe edit his own profile or at least his E-mail and password. I can see that wordpress has some predefined roles for users but none of them completely does what I want and they either has to little or to many rights. I’ve been looking at the wordpress page http://codex.wordpress.org/Roles_and_Capabilities but can’t seem to get a clear answer. Is it in any way possible for me to create my own user role (e.g. customer) where I can set the rights I want for him? Thanks Sincerely Mestika

    Read the article

  • What permissions needed to connect to SQL Server Integration Services

    - by rwmnau
    I need to allow a consultant to connect to SSIS on a SQL Server 2008 box without making him a local administrator. If I add him to the local administrators group, he can connect to SSIS just fine, but it seems that I can't grant him enough permissions through SQL Server to give him these rights without being a local admin. I've added him to every role on the server, every database role in MSDB shy of DBO, and he's still not able to connect. I don't see any SSIS-related Windows groups on the server - Is membership in the Local Administrators group really required to connect to the SSIS instance on a SQL Server? It seems like there is somewhere I should be able to grant "SSIS Admin" rights to a user (even if it's a Windows account and not a SQL account), but I can't find that place. UPDATE: I've found an MSDN article (See the section titled "Eliminating the 'Access if Denied' Error") that describes how to resolve problem, but even after following the stepsI'm still not able to connect. Just wanted to add it to the discussion

    Read the article

  • At what level should security be implemented in a social network web application ?

    - by Rajkumar Gupta
    I am developing a social web application in php/mysql, I would like to hear your advice about what would be a better way to implement security. I am planning something like this:- At the presentation level, I restricting the user to see only those items/content he is eligible to see with the rights he is eligible & at the database level, whenever my data is read/ written or updated I verify that the person has rights to such interactions with that part of data. So for each action there is 2 layers of security one at the view level & another at the database level. Would double checking be much overhead ? ofcourse this handles only with the internal security issues ..

    Read the article

  • Authorization in a more purely OOP style...

    - by noblethrasher
    I've never seen this done but I had an idea of doing authorization in a more purely OO way. For each method that requires authorization we associate a delegate. During initialization of the class we wire up the delegates so that they point to the appropriate method (based on the user's rights). For example: class User { private deleteMemberDelegate deleteMember; public StatusMessage DeleteMember(Member member) { if(deleteMember != null) { deleteMember(member); } } //other methods defined similarly... User(string name, string password) //cstor. { //wire up delegates based on user's rights. //Thus we handle authentication and authorization in the same method. } } This way the client code never has to explictly check whether or not a user is in a role, it just calls the method. Of course each method should return a status message so that we know if and why it failed. Thoughts?

    Read the article

  • PHP: deleting files – permission denied – chmod?

    - by mathiregister
    hi guys, i want to delete files from a directory via php. Somehow my php_errorlog always tells me: [06-Jun-2010 19:38:46] PHP Warning: chmod() [function.chmod]: Operation not permitted in /Users/myname/htdocs/ if ($_POST) { echo "yeah!!!"; print count($_POST['deletefiles']); chmod($path, 0777); //server rights foreach ($_POST['deletefiles'] as $value) { print $value; unlink($path .'/' . $value); } //chmod($path, 0666); //server rights } what am I doing wrong? Thank you

    Read the article

  • Can Spring access-denied-handler refer to popup?

    - by Rens Groenveld
    I am working with Spring Security 3.1.x and have implemented method annotation securities. As I want, when I perform a certain action while being logged in as a used that doesn't have the rights, I get a 403 acces is denied in my console! Perfect! Now I would like to catch this 403, and give the user a popup with a custom message. I don't want to redirect users to a page saying that they have no rights. Is there any way the access-denied-handler of Spring can take care of a popup? Or can it only redirect to another page? Maybe there are other options for me? Thanks in advance!

    Read the article

  • DataTemplate / ContentTemplate - exchange controls

    - by Scott Olson
    How can i solve the following (simplified) problem? M-V-VM context. I want to show text at the UI. In case the user has the rights to change the text, i want to use a textbox to manipulate the text. In case the user has no rights, i want to use a label to only show the text. My main problem: how to exchange textbox and label and bind Text resp. Content to the same property in viewmodel. Thanks for your answers Toni

    Read the article

  • Access is denied trying to access a sMetabasePath on a SMTP Server from a different Web Server

    - by RJ
    I have written a C# dot net application that updates the SMTP relay restriction list in IIS 6. Running the application locally works great and I can add/remove IPs/DNS from the relay restriction list without any problem. Now I need to do the same for a SMTP server that is not running on the same webserver that I have the application running. So I have the web application on webserver A and the SMTP server on webserver/smtp server B. My app pool is running under a domain user and I have given the same user rights to the SMTP server under the security tab in the SMTP Virtual Server property window. I thought I could simply change the sMetabasePath from "IIS://localhost/smtpsvc/1" to "IIS://10.171.243.134/smtpsvc/1" and everything would just work but I get an "Access is denied" error. So I must have to do something else to get this to work. I even gave the domain user full admin rights on the SMTP server to no avail. Any ideas

    Read the article

  • Is it possible to repair a Cisco 3500 XL (3548) switch with POST Error messages?

    - by Alex
    I've got an old Cisco 3500 XL, and it seems to have hardware issues. I've loaded the latest IOS and cleared all config. Does anyone have any experience fixing the switch core? I'm a reasonably competent SMD solderer, can I replace/reflow some chips? I've checked the power supply voltages and it's all within tolerance, and no visible signs of any component damage. Some chips are hot to the touch. I understand that these were EOL as of 2007, but should have a lifetime warranty for the electronics. I don't have a Cisco support contract, so I can't file a ticket. What should I do? Console output: switch: dir flash: Directory of flash:/ 2 -rwx 1811584 <date> c3500xl-c3h2s-mz.120-5.WC17.bin 1799680 bytes available (1812992 bytes used) switch: boot Loading "flash:c3500xl-c3h2s-mz.120-5.WC17.bin"...################################################################################################################################################################################### File "flash:c3500xl-c3h2s-mz.120-5.WC17.bin" uncompressed and installed, entry point: 0x3000 executing... Restricted Rights Legend Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c) of the Commercial Computer Software - Restricted Rights clause at FAR sec. 52.227-19 and subparagraph (c) (1) (ii) of the Rights in Technical Data and Computer Software clause at DFARS sec. 252.227-7013. cisco Systems, Inc. 170 West Tasman Drive San Jose, California 95134-1706 Cisco Internetwork Operating System Software IOS (tm) C3500XL Software (C3500XL-C3H2S-M), Version 12.0(5)WC17, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2007 by cisco Systems, Inc. Compiled Tue 13-Feb-07 15:04 by antonino Image text-base: 0x00003000, data-base: 0x00352924 Initializing C3500XL flash... flashfs[1]: 1 files, 1 directories flashfs[1]: 0 orphaned files, 0 orphaned directories flashfs[1]: Total bytes: 3612672 flashfs[1]: Bytes used: 1812992 flashfs[1]: Bytes available: 1799680 flashfs[1]: flashfs fsck took 3 seconds. flashfs[1]: Initialization complete. ...done Initializing C3500XL flash. C3500XL POST: System Board Test: Passed C3500XL POST: Daughter Card Test: Passed C3500XL POST: CPU Buffer Test: Passed C3500XL POST: CPU Notify RAM Test: Passed C3500XL POST: CPU Interface Test: Passed C3500XL POST: Testing Switch Core: Passed Error with Switch Core BIST test Phase 0. Returns: Test Complete Low : 0x0FFFFFFF, Test Complete High : 0xFFFFFFFE Test Phase Low : 0x00000040, Test Phase High : 0x00000000 Test Phase Third : 0x00000000, Test Complete Third : 0x000001F8 C3500XL POST FAILURE: Testing Switch Core: Failed C3500XL POST FAILURE: Testing Buffer Table: Failed C3500XL POST FAILURE: Data Buffer Test: Failed C3500XL POST FAILURE: Configuring Switch Parameters: Failed C3500XL POST FAILURE: Switch Core BIST failed. C3500XL POST FAILURE: Cannot test Modules due to failure of Switch Core POST Del Mar Failure (0th Del Mar): req system failed to init C3500XL POST FAILURE: C3500XL POST FAILURE: ATM: required system failed to init C3500XL POST: Ethernet Controller Test: Passed C3500XL POST FAILURE: MII Test: Failed C3500XL POST FAILURE: Error waiting for Ethernet Controller and SW_PARAMS C3500XL POST FAILURE: Initialization/POST failed C3500XL POST FAILURE: AT: Failing because system POST failed Exception (8192)! Debug Exception (Could be NULL pointer dereference) CPU Register Context: Vector = 0x00002000 PC = 0x000F36F4 MSR = 0x00029200 CR = 0x22000024 LR = 0x000F6964 CTR = 0x001DE46C XER = 0x00000000 R0 = 0x00000000 R1 = 0x004E2580 R2 = 0x00000000 R3 = 0x00000000 R4 = 0x00000001 R5 = 0x00000000 R6 = 0x004E2718 R7 = 0x004E2718 R8 = 0x00000008 R9 = 0x00000000 R10 = 0x0000FFFF R11 = 0x00480000 R12 = 0x42000024 R13 = 0x00000000 R14 = 0x00000000 R15 = 0x00000000 R16 = 0x00000000 R17 = 0x00000000 R18 = 0x00000000 R19 = 0x00000000 R20 = 0x00000000 R21 = 0x00000000 R22 = 0x00000000 R23 = 0x00000000 R24 = 0x00000000 R25 = 0x00000020 R26 = 0x004E2718 R27 = 0x004E2718 R28 = 0x00000020 R29 = 0x00002513 R30 = 0x00000001 R31 = 0x00000000 Stack trace: PC = 0x000F36F4, SP = 0x004E2580 Frame 00: SP = 0x004E25A0 PC = 0x40000016 Frame 01: SP = 0x004E2618 PC = 0x000F6964 Frame 02: SP = 0x004E26A8 PC = 0x000F76DC Frame 03: SP = 0x004E26C8 PC = 0x000E8114 Frame 04: SP = 0x004E26F0 PC = 0x001F5BF8 Frame 05: SP = 0x004E2710 PC = 0x001F5CF4 Frame 06: SP = 0x004E2748 PC = 0x0023F4DC Frame 07: SP = 0x004E2750 PC = 0x0023E650 Frame 08: SP = 0x004E27C8 PC = 0x0023E89C Frame 09: SP = 0x004E27E0 PC = 0x0028AF34 Frame 10: SP = 0x004E27E8 PC = 0x001E38F8 Frame 11: SP = 0x004E2808 PC = 0x001E39A8 Frame 12: SP = 0x004E2820 PC = 0x0014E220 Frame 13: SP = 0x004E28C8 PC = 0x0014E39C Frame 14: SP = 0x00000000 PC = 0x001EB510

    Read the article

  • htaccess on remote server issues - password prompt not accepting input

    - by pying saucepan
    EDIT: I will contact the university about my problem after labor day weekend, but I thought if someone knew a quick fix that I haven't tried, or if the problem has an obvious fix then I could hope to try my luck here, thanks! TLDR: Sorry its a long post, I thought I should be... thorough. I am having a common issue (found a dead thread through google with no solution to the same problem) with the prompt to enter in a username and password via htaccess rights, but this prompt will keep popping up asking for a username and password when trying to access my home directory on my university's server which has the .htaccess and .htpasswd files. It does not matter if I enter in correct or incorrect credentials, the prompt will keep asking me for input without displaying my home directory. Ever since I have included these ht files I have never once been able to get past the username/password no matter what I have tried, save for removing them from the directory I am trying to access (my top level directory that I own). This kind of served my original goal of making the top level directory inaccessible to casual users, but if I wanted to use this method on other places, I would want it to work as intended. And I also like it when computers do what I wish they would, so any help is appreciated. Some things I have tried: Changing the file/directory access rights: they told me to try these commands if people can't access my files cd ~/public_html find ./ -type d -exec chmod 755 {} \; find ./ -type f -exec chmod 644 {} \; enter in the single character name/pw at least twenty times in a row, no cheddar. so I changed directory with cd ~ in hopes that this would be my home directory, since my home directory contains the "public_html" directory, so logic tells me that the ~ tilde symbol is the top level directory that I have ownership of. Then I did those two commands to change the rights on the files inside, I am still having no luck. How I got to this point: I have been following the instructions given to me through my university's website for setting up my little directory. A link on how they describe how to password protect the home directory is given below: "Protect Web Directories" instructions I have everything in order except for one small detail that I feel probably does not matter. I am on windows and so I am using winSCP to remote control my allocated server space. The small detail is that as the instructions indicate (on step 3) that I should use the command htpasswd -c .htpasswd {username} where {username} is my folder that holds my allocated server space. But this command requires further input through the terminal, and unfortunately winSCP does not offer this kind of functionality. So I looked up some basic instructions on using htaccess and it is formatted correctly such that the .htaccess file appears as follows: AuthType Basic AuthName "Verify" AuthUserFile /correctpath/.htpasswd require valid-user and this file is in the root directory for my server space as well as the .htpasswd file which has only this data inside: username:password I know for sure that these two files must be formatted correctly, at least according to their tutorial, because before my path was incorrectly formatted via including some curly { braces } without knowing the correct way to do this at first. And the password prompt that shows up when accessing my directory responded by loading an error page indicating to contact OSU admin or something not important. But now that I have everything like it 'should' be. I know this because when I enter in my credentials "username and password" the prompt pops up for my username and password again and again whether or not I enter in correct information. The only exception is that if I click cancel it will direct me to a page saying that I need to enter in a username and password. Note that I am very inexperienced at server-related buisness, two days ago I couldn't have told you what a website actually consists of. So, if you use some technical jargon I may or may not need to look it up and get back to you before I actually understand what you mean, but I am a quick learner and it probably wont matter.

    Read the article

  • Can't remove GPT data from MBR

    - by user2373121
    I am having difficulty getting the Ubuntu installer (and gparted) to recognize the partitions on my MBR type disk. Other operating systems and disk tools read the disk structure and the files on it fine. I have used fixparts to write a new MBR but the issue persists. I assume the issue stems from the Protective MBR data still present on the disk but I am at a loss as to how to remove it while preserving my NTFS data partition. Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. c:\Users\mike\Desktop\fixpartsfixparts 3: FixParts 0.8.8 Loading MBR data from 3: Warning: 0xEE partition doesn't start on sector 1. This can cause problems in some OSes. MBR command (? for help): Running gdisk shows Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved. c:\Users\mike\Desktop\fixparts>gdisk 3: GPT fdisk (gdisk) version 0.8.7 Partition table scan: MBR: MBR only BSD: not present APM: not present GPT: not present *************************************************************** Found invalid GPT and valid MBR; converting MBR to GPT format in memory. THIS OPERATION IS POTENTIALLY DESTRUCTIVE! Exit by typing 'q' if you don't want to convert your MBR partitions to GPT format! *************************************************************** ************************************************************************ Most versions of Windows cannot boot from a GPT disk, and most varieties prior to Vista cannot read GPT disks. Therefore, you should exit now unless you understand the implications of converting MBR to GPT or creating a new GPT disk layout! ************************************************************************ Are you SURE you want to continue? (Y/N): y Command (? for help): p Disk 3:: 2930277168 sectors, 1.4 TiB Logical sector size: 512 bytes Disk identifier (GUID): BFE92CE8-F93D-4141-82B8-816AD06FB36E Partition table holds up to 128 entries First usable sector is 34, last usable sector is 2930277134 Partitions will be aligned on 2048-sector boundaries Total free space is 163846893 sectors (78.1 GiB) Number Start (sector) End (sector) Size Code Name 1 163842048 2930272255 1.3 TiB 0700 Microsoft basic data Command (? for help): r Recovery/transformation command (? for help): o Disk size is 2930277168 sectors (1.4 TiB) MBR disk identifier: 0x00000000 MBR partitions: Number Boot Start Sector End Sector Status Code 1 1 2930277167 primary 0xEE Recovery/transformation command (? for help): q

    Read the article

  • Windows Azure: Backup Services Release, Hyper-V Recovery Manager, VM Enhancements, Enhanced Enterprise Management Support

    - by ScottGu
    This morning we released a huge set of updates to Windows Azure.  These new capabilities include: Backup Services: General Availability of Windows Azure Backup Services Hyper-V Recovery Manager: Public preview of Windows Azure Hyper-V Recovery Manager Virtual Machines: Delete Attached Disks, Availability Set Warnings, SQL AlwaysOn Configuration Active Directory: Securely manage hundreds of SaaS applications Enterprise Management: Use Active Directory to Better Manage Windows Azure Windows Azure SDK 2.2: A massive update of our SDK + Visual Studio tooling support All of these improvements are now available to use immediately.  Below are more details about them. Backup Service: General Availability Release of Windows Azure Backup Today we are releasing Windows Azure Backup Service as a general availability service.  This release is now live in production, backed by an enterprise SLA, supported by Microsoft Support, and is ready to use for production scenarios. Windows Azure Backup is a cloud based backup solution for Windows Server which allows files and folders to be backed up and recovered from the cloud, and provides off-site protection against data loss. The service provides IT administrators and developers with the option to back up and protect critical data in an easily recoverable way from any location with no upfront hardware cost. Windows Azure Backup is built on the Windows Azure platform and uses Windows Azure blob storage for storing customer data. Windows Server uses the downloadable Windows Azure Backup Agent to transfer file and folder data securely and efficiently to the Windows Azure Backup Service. Along with providing cloud backup for Windows Server, Windows Azure Backup Service also provides capability to backup data from System Center Data Protection Manager and Windows Server Essentials, to the cloud. All data is encrypted onsite before it is sent to the cloud, and customers retain and manage the encryption key (meaning the data is stored entirely secured and can’t be decrypted by anyone but yourself). Getting Started To get started with the Windows Azure Backup Service, create a new Backup Vault within the Windows Azure Management Portal.  Click New->Data Services->Recovery Services->Backup Vault to do this: Once the backup vault is created you’ll be presented with a simple tutorial that will help guide you on how to register your Windows Servers with it: Once the servers you want to backup are registered, you can use the appropriate local management interface (such as the Microsoft Management Console snap-in, System Center Data Protection Manager Console, or Windows Server Essentials Dashboard) to configure the scheduled backups and to optionally initiate recoveries. You can follow these tutorials to learn more about how to do this: Tutorial: Schedule Backups Using the Windows Azure Backup Agent This tutorial helps you with setting up a backup schedule for your registered Windows Servers. Additionally, it also explains how to use Windows PowerShell cmdlets to set up a custom backup schedule. Tutorial: Recover Files and Folders Using the Windows Azure Backup Agent This tutorial helps you with recovering data from a backup. Additionally, it also explains how to use Windows PowerShell cmdlets to do the same tasks. Below are some of the key benefits the Windows Azure Backup Service provides: Simple configuration and management. Windows Azure Backup Service integrates with the familiar Windows Server Backup utility in Windows Server, the Data Protection Manager component in System Center and Windows Server Essentials, in order to provide a seamless backup and recovery experience to a local disk, or to the cloud. Block level incremental backups. The Windows Azure Backup Agent performs incremental backups by tracking file and block level changes and only transferring the changed blocks, hence reducing the storage and bandwidth utilization. Different point-in-time versions of the backups use storage efficiently by only storing the changes blocks between these versions. Data compression, encryption and throttling. The Windows Azure Backup Agent ensures that data is compressed and encrypted on the server before being sent to the Windows Azure Backup Service over the network. As a result, the Windows Azure Backup Service only stores encrypted data in the cloud storage. The encryption key is not available to the Windows Azure Backup Service, and as a result the data is never decrypted in the service. Also, users can setup throttling and configure how the Windows Azure Backup service utilizes the network bandwidth when backing up or restoring information. Data integrity is verified in the cloud. In addition to the secure backups, the backed up data is also automatically checked for integrity once the backup is done. As a result, any corruptions which may arise due to data transfer can be easily identified and are fixed automatically. Configurable retention policies for storing data in the cloud. The Windows Azure Backup Service accepts and implements retention policies to recycle backups that exceed the desired retention range, thereby meeting business policies and managing backup costs. Hyper-V Recovery Manager: Now Available in Public Preview I’m excited to also announce the public preview of a new Windows Azure Service – the Windows Azure Hyper-V Recovery Manager (HRM). Windows Azure Hyper-V Recovery Manager helps protect your business critical services by coordinating the replication and recovery of System Center Virtual Machine Manager 2012 SP1 and System Center Virtual Machine Manager 2012 R2 private clouds at a secondary location. With automated protection, asynchronous ongoing replication, and orderly recovery, the Hyper-V Recovery Manager service can help you implement Disaster Recovery and restore important services accurately, consistently, and with minimal downtime. Application data in an Hyper-V Recovery Manager scenarios always travels on your on-premise replication channel. Only metadata (such as names of logical clouds, virtual machines, networks etc.) that is needed for orchestration is sent to Azure. All traffic sent to/from Azure is encrypted. You can begin using Windows Azure Hyper-V Recovery today by clicking New->Data Services->Recovery Services->Hyper-V Recovery Manager within the Windows Azure Management Portal.  You can read more about Windows Azure Hyper-V Recovery Manager in Brad Anderson’s 9-part series, Transform the datacenter. To learn more about setting up Hyper-V Recovery Manager follow our detailed step-by-step guide. Virtual Machines: Delete Attached Disks, Availability Set Warnings, SQL AlwaysOn Today’s Windows Azure release includes a number of nice updates to Windows Azure Virtual Machines.  These improvements include: Ability to Delete both VM Instances + Attached Disks in One Operation Prior to today’s release, when you deleted VMs within Windows Azure we would delete the VM instance – but not delete the drives attached to the VM.  You had to manually delete these yourself from the storage account.  With today’s update we’ve added a convenience option that now allows you to either retain or delete the attached disks when you delete the VM:   We’ve also added the ability to delete a cloud service, its deployments, and its role instances with a single action. This can either be a cloud service that has production and staging deployments with web and worker roles, or a cloud service that contains virtual machines.  To do this, simply select the Cloud Service within the Windows Azure Management Portal and click the “Delete” button: Warnings on Availability Sets with Only One Virtual Machine In Them One of the nice features that Windows Azure Virtual Machines supports is the concept of “Availability Sets”.  An “availability set” allows you to define a tier/role (e.g. webfrontends, databaseservers, etc) that you can map Virtual Machines into – and when you do this Windows Azure separates them across fault domains and ensures that at least one of them is always available during servicing operations.  This enables you to deploy applications in a high availability way. One issue we’ve seen some customers run into is where they define an availability set, but then forget to map more than one VM into it (which defeats the purpose of having an availability set).  With today’s release we now display a warning in the Windows Azure Management Portal if you have only one virtual machine deployed in an availability set to help highlight this: You can learn more about configuring the availability of your virtual machines here. Configuring SQL Server Always On SQL Server Always On is a great feature that you can use with Windows Azure to enable high availability and DR scenarios with SQL Server. Today’s Windows Azure release makes it even easier to configure SQL Server Always On by enabling “Direct Server Return” endpoints to be configured and managed within the Windows Azure Management Portal.  Previously, setting this up required using PowerShell to complete the endpoint configuration.  Starting today you can enable this simply by checking the “Direct Server Return” checkbox: You can learn more about how to use direct server return for SQL Server AlwaysOn availability groups here. Active Directory: Application Access Enhancements This summer we released our initial preview of our Application Access Enhancements for Windows Azure Active Directory.  This service enables you to securely implement single-sign-on (SSO) support against SaaS applications (including Office 365, SalesForce, Workday, Box, Google Apps, GitHub, etc) as well as LOB based applications (including ones built with the new Windows Azure AD support we shipped last week with ASP.NET and VS 2013). Since the initial preview we’ve enhanced our SAML federation capabilities, integrated our new password vaulting system, and shipped multi-factor authentication support. We've also turned on our outbound identity provisioning system and have it working with hundreds of additional SaaS Applications: Earlier this month we published an update on dates and pricing for when the service will be released in general availability form.  In this blog post we announced our intention to release the service in general availability form by the end of the year.  We also announced that the below features would be available in a free tier with it: SSO to every SaaS app we integrate with – Users can Single Sign On to any app we are integrated with at no charge. This includes all the top SAAS Apps and every app in our application gallery whether they use federation or password vaulting. Application access assignment and removal – IT Admins can assign access privileges to web applications to the users in their active directory assuring that every employee has access to the SAAS Apps they need. And when a user leaves the company or changes jobs, the admin can just as easily remove their access privileges assuring data security and minimizing IP loss User provisioning (and de-provisioning) – IT admins will be able to automatically provision users in 3rd party SaaS applications like Box, Salesforce.com, GoToMeeting, DropBox and others. We are working with key partners in the ecosystem to establish these connections, meaning you no longer have to continually update user records in multiple systems. Security and auditing reports – Security is a key priority for us. With the free version of these enhancements you'll get access to our standard set of access reports giving you visibility into which users are using which applications, when they were using them and where they are using them from. In addition, we'll alert you to un-usual usage patterns for instance when a user logs in from multiple locations at the same time. Our Application Access Panel – Users are logging in from every type of devices including Windows, iOS, & Android. Not all of these devices handle authentication in the same manner but the user doesn't care. They need to access their apps from the devices they love. Our Application Access Panel will support the ability for users to access access and launch their apps from any device and anywhere. You can learn more about our plans for application management with Windows Azure Active Directory here.  Try out the preview and start using it today. Enterprise Management: Use Active Directory to Better Manage Windows Azure Windows Azure Active Directory provides the ability to manage your organization in a directory which is hosted entirely in the cloud, or alternatively kept in sync with an on-premises Windows Server Active Directory solution (allowing you to seamlessly integrate with the directory you already have).  With today’s Windows Azure release we are integrating Windows Azure Active Directory even more within the core Windows Azure management experience, and enabling an even richer enterprise security offering.  Specifically: 1) All Windows Azure accounts now have a default Windows Azure Active Directory created for them.  You can create and map any users you want into this directory, and grant administrative rights to manage resources in Windows Azure to these users. 2) You can keep this directory entirely hosted in the cloud – or optionally sync it with your on-premises Windows Server Active Directory.  Both options are free.  The later approach is ideal for companies that wish to use their corporate user identities to sign-in and manage Windows Azure resources.  It also ensures that if an employee leaves an organization, his or her access control rights to the company’s Windows Azure resources are immediately revoked. 3) The Windows Azure Service Management APIs have been updated to support using Windows Azure Active Directory credentials to sign-in and perform management operations.  Prior to today’s release customers had to download and use management certificates (which were not scoped to individual users) to perform management operations.  We still support this management certificate approach (don’t worry – nothing will stop working).  But we think the new Windows Azure Active Directory authentication support enables an even easier and more secure way for customers to manage resources going forward.  4) The Windows Azure SDK 2.2 release (which is also shipping today) includes built-in support for the new Service Management APIs that authenticate with Windows Azure Active Directory, and now allow you to create and manage Windows Azure applications and resources directly within Visual Studio using your Active Directory credentials.  This, combined with updated PowerShell scripts that also support Active Directory, enables an end-to-end enterprise authentication story with Windows Azure. Below are some details on how all of this works: Subscriptions within a Directory As part of today’s update, we have associated all existing Window Azure accounts with a Windows Azure Active Directory (and created one for you if you don’t already have one). When you login to the Windows Azure Management Portal you’ll now see the directory name in the URI of the browser.  For example, in the screen-shot below you can see that I have a “scottgu” directory that my subscriptions are hosted within: Note that you can continue to use Microsoft Accounts (formerly known as Microsoft Live IDs) to sign-into Windows Azure.  These map just fine to a Windows Azure Active Directory – so there is no need to create new usernames that are specific to a directory if you don’t want to.  In the scenario above I’m actually logged in using my @hotmail.com based Microsoft ID which is now mapped to a “scottgu” active directory that was created for me.  By default everything will continue to work just like you used to before. Manage your Directory You can manage an Active Directory (including the one we now create for you by default) by clicking the “Active Directory” tab in the left-hand side of the portal.  This will list all of the directories in your account.  Clicking one the first time will display a getting started page that provides documentation and links to perform common tasks with it: You can use the built-in directory management support within the Windows Azure Management Portal to add/remove/manage users within the directory, enable multi-factor authentication, associate a custom domain (e.g. mycompanyname.com) with the directory, and/or rename the directory to whatever friendly name you want (just click the configure tab to do this).  You can also setup the directory to automatically sync with an on-premises Active Directory using the “Directory Integration” tab. Note that users within a directory by default do not have admin rights to login or manage Windows Azure based resources.  You still need to explicitly grant them co-admin permissions on a subscription for them to login or manage resources in Windows Azure.  You can do this by clicking the Settings tab on the left-hand side of the portal and then by clicking the administrators tab within it. Sign-In Integration within Visual Studio If you install the new Windows Azure SDK 2.2 release, you can now connect to Windows Azure from directly inside Visual Studio without having to download any management certificates.  You can now just right-click on the “Windows Azure” icon within the Server Explorer and choose the “Connect to Windows Azure” context menu option to do so: Doing this will prompt you to enter the email address of the username you wish to sign-in with (make sure this account is a user in your directory with co-admin rights on a subscription): You can use either a Microsoft Account (e.g. Windows Live ID) or an Active Directory based Organizational account as the email.  The dialog will update with an appropriate login prompt depending on which type of email address you enter: Once you sign-in you’ll see the Windows Azure resources that you have permissions to manage show up automatically within the Visual Studio server explorer and be available to start using: No downloading of management certificates required.  All of the authentication was handled using your Windows Azure Active Directory! Manage Subscriptions across Multiple Directories If you have already have multiple directories and multiple subscriptions within your Windows Azure account, we have done our best to create a good default mapping of your subscriptions->directories as part of today’s update.  If you don’t like the default subscription-to-directory mapping we have done you can click the Settings tab in the left-hand navigation of the Windows Azure Management Portal and browse to the Subscriptions tab within it: If you want to map a subscription under a different directory in your account, simply select the subscription from the list, and then click the “Edit Directory” button to choose which directory to map it to.  Mapping a subscription to a different directory takes only seconds and will not cause any of the resources within the subscription to recycle or stop working.  We’ve made the directory->subscription mapping process self-service so that you always have complete control and can map things however you want. Filtering By Directory and Subscription Within the Windows Azure Management Portal you can filter resources in the portal by subscription (allowing you to show/hide different subscriptions).  If you have subscriptions mapped to multiple directory tenants, we also now have a filter drop-down that allows you to filter the subscription list by directory tenant.  This filter is only available if you have multiple subscriptions mapped to multiple directories within your Windows Azure Account:   Windows Azure SDK 2.2 Today we are also releasing a major update of our Windows Azure SDK.  The Windows Azure SDK 2.2 release adds some great new features including: Visual Studio 2013 Support Integrated Windows Azure Sign-In support within Visual Studio Remote Debugging Cloud Services with Visual Studio Firewall Management support within Visual Studio for SQL Databases Visual Studio 2013 RTM VM Images for MSDN Subscribers Windows Azure Management Libraries for .NET Updated Windows Azure PowerShell Cmdlets and ScriptCenter I’ll post a follow-up blog shortly with more details about all of the above. Additional Updates In addition to the above enhancements, today’s release also includes a number of additional improvements: AutoScale: Richer time and date based scheduling support (set different rules on different dates) AutoScale: Ability to Scale to Zero Virtual Machines (very useful for Dev/Test scenarios) AutoScale: Support for time-based scheduling of Mobile Service AutoScale rules Operation Logs: Auditing support for Service Bus management operations Today we also shipped a major update to the Windows Azure SDK – Windows Azure SDK 2.2.  It has so much goodness in it that I have a whole second blog post coming shortly on it! :-) Summary Today’s Windows Azure release enables a bunch of great new scenarios, and enables a much richer enterprise authentication offering. If you don’t already have a Windows Azure account, you can sign-up for a free trial and start using all of the above features today.  Then visit the Windows Azure Developer Center to learn more about how to build apps with it. Hope this helps, Scott P.S. In addition to blogging, I am also now using Twitter for quick updates and to share links. Follow me at: twitter.com/scottgu

    Read the article

  • To File Share or to not File Share, that is the Question.

    To file share or to not file share, that is the question. The concept of the internet was developed in the 1960’s as a revolutionary idea to share information and data amongst a group of computers. The original concept was to allow universities and the United States Military share data for research and field operations. This network of computers was designed to provide redundant data storage and communications in case one or more locations were destroyed. Since the inception of the internet, people have attempted to use it for sharing data. As the Internet has evolved so did the users and the information they wanted to share. In today’s modern internet people can share information through various avenues, for example: websites, social networks, email, documents, executable files, data files and much more.  Unfortunately, as the internet and its users have grown, some industries have not paid attention. Currently, there are several industries that have really fallen behind in keeping up with current trends, and are severely paying the price for their lack of action. A current example of this is with the Recording Industry Association of America (RIAA) and file sharing. RIAA contends that customers who purchase music can only listen to the music and cannot share it with others. This can be seen when the RIAA sued Napster for distributing copyrighted music through a technology called file sharing. File sharing as defined by the Media Awareness Network is downloadable software that permits users to share music, video, image or book files directly with peers. Users of file sharing networks simply had to extract the music from a CD into a music compatible format. Typically most music files at that time where saved as MPEG file format. Once the users got music in this format it was very easy share their music with others. The big question now is who actually owns the music, does the music industry still retain the rights of the music regarding who has access to listen to it, or is it up to the owner of the music CD.  According to the First – Sale Doctrine, it is the right of the purchaser of the CD to decide who can access the information on the CD. In addition, the original owner looses all rights to the music once it has been sold.  The importance of defining who actually owns the music has a great impact on the future of the industry. If the industry is determined to be the actual owner of the music then anyone who has shared at least 1 fine with another is guilty of violating the copyright. However, if the owners of the CD are determined to be the owners of the music then the music industry will have to figure out some other way to protect their music so that it is more lucrative for them or they will go out of business. References: http://www.walthowe.com/navnet/history.html http://www.media-awareness.ca/english/resources/special_initiatives/wa_resources/wa_shared/backgrounders/internet_glossary.cfm#F

    Read the article

< Previous Page | 10 11 12 13 14 15 16 17 18 19 20 21  | Next Page >