Search Results

Search found 915 results on 37 pages for 'restrictions'.

Page 15/37 | < Previous Page | 11 12 13 14 15 16 17 18 19 20 21 22 | Next Page >

IIS 7.5 default permission - is restriction needed?

- by Caroline Beltran

I am using IIS 7.5 and I do not need to explicitly specify permissions for my ISAPI application to execute. Additionally, the application can create subdirectories, create and delete files without me specifying permissions. Since I am using the default permissions, checked to see if web.config was safe from prying eyes over the web, and it can’t be read which is good. My app also creates some .log and .ini files which are also not viewable over the web. I did notice that .txt files are viewable. I really don’t know how default permissions allow my app to do so much. Is this safe or do I need to lock down? To be honest, I don’t know what accounts to restrict. App details: My ISAPI has an ‘allowed’ entry in ISAPI and CGI Restrictions Folder and subfolders containing my application has ‘default’ permissions set. Application pool is using ‘classic’ pipeline mode and no managed code. Pass-through authentication in use. Thank you for your time

Read the article
postfix specify limited relay domain while allowing sasl-auth relay

- by tylerl

I'm trying to set up postfix to allow relaying under a limited set of conditions: The destination domain is one of a pre-defined list -or- The client successfully logs in Here's the relevant bits o' config: smtpd_sasl_auth_enable=yes relay_domains=example.com smtpd_recipient_restrictions=permit_auth_destination,reject_unauth_destination smtpd_client_restrictions=permit_sasl_authenticated,reject The problem is that it requires that BOTH restrictions be satisfied, rather than either-or. Which is to say, it only allows relaying if the client is authenticated AND the recipient domain is @example.com. Instead, I need it to allow relaying if either one of the requirements is satisfied. How do I do this without resorting to running SMTP on two separate ports with different rules? Note: The context is an outbound-use-only (bound to 127.0.0.1) MTA on a shared web server which all site owners are allowed to relay mail to one of the "owned" domains (not server-local, though), and for which a limited set of "trusted" site owners are allowed to relay mail without restriction provided they have a valid SMTP login.

Read the article
Ubuntu VM Guest - Samba Service Not Accessible from VM Host via Hostname

- by phalacee

I have a Windows 7 Workstation with a Ubuntu 10.10 VM running in Virtual Box 3.2.12 r68302. I recently updated Samba and winbind, and since the update, I am unable to access the machine via it's hostname (\mystique) from the VM Host. I can access it by the "Host-only" IP (\192.168.56.101) and the DHCP Assigned IP address (\10.1.1.20) and I can connect to the webserver on the machine via it's hostname (http://mystique/). As stated, accessing this machine via it's hostname worked fine prior to the update, but has since stopped working. I have added the hostname to the smb.conf for the netbios name, to no avail. My smb.conf [global] section looks like this: workgroup = NETWORK netbios name = Mystique server string = %h server (Samba, Ubuntu) dns proxy = no log file = /var/log/samba/log.%m max log size = 1000 syslog = 0 panic action = /usr/share/samba/panic-action %d encrypt passwords = true passdb backend = tdbsam obey pam restrictions = yes unix password sync = yes passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . pam password change = yes map to guest = bad user usershare allow guests = yes

Read the article
What changes can be made to a Microsoft Account using net user on Windows 8?

- by nhinkle

In Windows 8, you can log on with a local account or with a Microsoft Account. Both types show up in the Users control panel, but there are different options that you can change for each type. An administrator can change basically any aspect of a local user - name, password, access level, etc. For a Microsoft Account, you can only change the access level (admin/standard) or remove the account. From the command line though, there don't appear to be any restrictions on what you can do a Microsoft Account. Using the net user tool or the Local Users and Groups MMC snap-in, it looks like an administrator would be able to change the password, display name, profile path, etc. of Microsoft Accounts (as well as local accounts of course). Will these commands actually work when applied to a Microsoft Account? Will using them in some way break the link to the Microsoft Account, or will nothing happen at all? I'm hesitant to test since I don't want to mess up my account permanently.

Read the article
Best practices for mass email platform

- by Niro

I am in the process of setting up mass email service. My question is: what are the best practices to achieve maximum deliver-ability. More precisely - what should I do/know to prevent spam filters from blocking the emails (the emails are not spam). for example- how can I tell if my IP address is blacklisted somewhere and how can I prevent it from becoming blacklisted. Is amazon web services a suitable platform due to dynamic IP addresses, what are the restrictions on the from address, can it be different from the mail server domain.... you get it....

Read the article
Are there any home/soho NAS devices that will backup/sync to the cloud?

- by 3rdparty

Looking for a home office (SOHO) market (priced) network hard drive (NAS) that will sync some or all of its content to a cloud-based backup service. The only option I've been able to find so far is NetGear's [ReadyNAS Vault][1] however from what I've read it's not as secure as it could be, and the service is quite expensive ($200/yr for 50GB of cloud storage) - it's 'powered' by ElephantDrive Ideally would love to see something like Wuala integrated into a Lacie Network HDD - conveniently, I suspect this is in the works as Lacie recently acquired Wuala, however nothing has come of it yet. I know there are options to use rsync with a customizable NAS (such as the very versatile and hackable D-Link DNS-323, but the easier this is to setup and maintain, the better. Thanks! ps. I had many links posted within this question, but was limited to posting with only one due to anti-spam restrictions - gotta get my 'reputation' higher!

Read the article
Limit vsftpd upload to a given set of file-names

- by Chen Levy

I need to configure an anonymous ftp with upload. Given this requirement I try to lock this server down to the bear minimum. One of the restrictions I wish to impose is to enable the upload of only a given set of file-names. I tried to disallow write permission to the upload folder, and put in it some empty files with write permission: /var/ftp/ [root.root] [drwxr-xr-x] |-- upload/ [root.root] [drwxr-xr-x] | |-- upfile1 [ftp.ftp] [--w-------] | `-- upfile2 [ftp.ftp] [--w-------] `-- download/ [root.root] [drwxr-xr-x] `-- ... But this approach didn't work because when I tried to upload upfile1, it tried to delete and create a new file in its' place, and there is no permissions for that. Is there a way to make this work, or perhaps use a different approach like abusing the deny_file option?

Read the article
Create Google Maps screenshots at regular intervals

- by Dave Jarvis

Background People are concerned that building a pipeline to the West Coast of Canada will increase the number of oil tankers, thus increasing the probability of a major oil spill, thereby creating an environmental catastrophe. The AIS Live Ships Map website captures real-time Marine Traffic updates using a Google Maps interface. While it is possible to obtain data from an AIS data feed, often the feeds are either pay-for-use, or otherwise encumbered with license restrictions. Problem The AIS Live Ships website presents a map in the browser: The map above has had its location interactively changed to focus on the area in question: the northern straight of Vancouver Island. Question How would you create a service that captures the map every 30 minutes and that could run, with neither user-intervention nor a significant memory footprint, for a few years? Idea #1 Create a virtual machine. Install and run a light-weight browser. Use Shutter to take captures at regular intervals. Idea #2 Use Python's Ghost Webkit to automate the captures. Thank you!

Read the article
Re-streaming RTMP stream

- by Yvan JANSSENS

I have a set of local RTMP stream servers in my network, but I want them to be reachable outside. The bandwidth is too narrow to serve multiple clients on the streamservers of my network, so the idea is to pull the local RTMP streams on a computer serving as a gateway, which pushes them on his turn to a hosted streaming provider. It is not possible to let the sources of the stream push their stream directly to the server outside due to network policy restrictions. Scheme of what I'm trying to accomplish: Internal network | External network ------------ ------------ ----------------------- | internal | <---- | Gateway | ------> | streamserver outside| | streams | ------------ ----------------------- ------------ | ^ | | | ----------- | | clients | | ----------- My question now is: which application which can pull a live stream from an RTMP source (Flash Media Server) and push it to another one (Flash Media Server at hosting provider).

Read the article
Why does installing NVidia 9600GT graphics card, take 1GB of RAM away from Windows?

- by Nick G

Hi, I've changed graphics cards in my PC and now Windows 7 (32bit) is reporting that I have a whole gigabyte less physical RAM in my PC. Why is this? Firstly, the machine has 4GB of physical RAM. The old card was an ATI 2600XT with 256MB and the new card is an NVidia 9600GT with 512MB. With the ATI card windows sees 3326MB. With the NVidia card, windows sees 2558MB. I realise that due to address space restrictions I will not see all 4GB with 32bit windows, but why is there such a massive loss of RAM when simply changing cards (bearing in mind BOTH cards have their own RAM and borrow no main memory like some built on chipsets do). Would using 64 bit windows solve this? Thanks Nick.

Read the article
esxi change MKS port

- by Daniel Powell

I need to connect to my home esxi box over the web however I cannot use the default port 902 for the console viewer due to firewall restrictions. Is there a way to change this port somewhere even if i can just do some nat and redirect any other port to that port? I've had a look around and when I try to connect to the esxi server in vSphere client I cant find anywhere I can specify the port. I know this is not the recommended way to do this but its a testing server and security is not an absolute must on this box. I also cannot setup a vpn to this box.

Read the article
How to run a command as administrator on Windows7 from a command line?

- by Radek

I need to run tscon.exe 0 /dest:console remotely = not manually on Windows7 as an administrator. More info here How to use tscon on Windows7? I did my research and OPTION 1 - runas for user root (no password) on computer yogurt works C:\>runas /user:yogurt\root cmd Enter the password for yogurt\root: Attempting to start cmd as user "yogurt\root" ... for user administrator (I thought the the password is blank too) on computer yogurt doesn't work. I am asked for password, hit the enter and C:\>runas /user:yogurt\administrator cmd Enter the password for yogurt\administrator: Attempting to start cmd as user "yogurt\administrator" ... RUNAS ERROR: Unable to run - cmd 1327: Logon failure: user account restriction. Possible reasons are blank passwo rds not allowed, logon hour restrictions, or a policy restriction has been enforced. OPTION 2 - setting properties of a batch file so it always runs as administrator. The 'privilege level' section is greyed out for me under Compatibility level. So I am not able to tick the check box Run this program as an administrator

Read the article
GNOME Screensaver Widgets

- by darkfalcon

Is there a way to add widgets to a Gnome screensaver? I think this can be done with KDE 4, but I've never liked KDE very much. I'm a programmer and comfortable with writing code if needed. I'd like to be able to: See the weather and forecast Control Rhythmbox Use a flash card widget for reviewing musical concepts The reason I want these on the screensaver is that I have login restrictions. I would like to be able to do a very limited subset of activities without having to log in.

Read the article
Cannot seem to disable ability to view temporary internet files via group policy

- by user162707

Windows XP Pro SP3, IE8 (8.0.6001.18702), within local gpedit.msc I did the below: User Config/Admin Temp/Windows Comp/IE enabled: disable changing temporary internet file settings User Config/Admin Temp/Windows Comp/IE/Delete Browsing History enabled all (11 items) However there is a loophole that lets me still wipe history & other files via: Tools, Internet Options, Browsing History, Settings, View Objects, delete everything, hit up arrow, go to History (hidden folders has to be on), delete everything Only way around this I can see is to disable General Internet Options Page via group policy, setup NTFS folder restrictions on that temp internet files (worried about adverse affects like not being able to store them), or further grind-down group policy somewhere else to prevent deleting files. Just odd group policy wouldn't have a settings to simply disable the Browser History Settings button (as it further shows the location which a user could just go to). So just curious if someone can confirm maybe this is simply not available in group policy & their suggested action

Read the article
Group policy applied to AD OU attributes

- by Eric Smith

I'm not well-versed in AD, so would like to resolve a question I have with regards to AD information. I understand that it is possible to apply group policy to OU's, thereby restricting access. What I'd like to know is, is it possible to do the same with OU attributes. Some context would help. There's a requirement to store address information in AD (IMO, a natural fit), but for various reasons, although obviously things like name should be globally accessible, access restrictions are desired on the address. In this case, is it possible to apply security to the address portion of the OU attributes, or does each address have to be broken into a separate OU (a solution that feels smelly given that address doesn't have identity)?

Read the article
Why am I getting permission denied installing Powershell 2.0 on Windows XP (and certain other update

- by spoulson

I'm working on a corporate desktop (still) running Windows XP SP2. I recently received a new PC and am reinstalling all my tools. Something is different about this one in that it won't let me install Powershell 2.0. When I do, I get a popup: You do not have permission to update Windows XP. Please contact your system administrator. This also occurs for other installs, like Service Pack 3 and Windows Installer 4.5. I'm aware this PC is under group policy restrictions, but I haven't narrowed down what restriction is preventing this install so that I can have the appropriate support team resolve it. What setting could be responsible for this?

Read the article
Decompressing Files on an NTFS Volume from Linux

- by amphetamachine

I recently did something stupid on my dual-boot laptop, where I compressed the entire volume to make room for a Linux partition. For some reason, Windows let me compress C:\ntldr. Now I need to get it uncompressed in order for Windows to boot. Here are some of the operating restrictions I have: I do not have access to the BIOS. I cannot boot from CD/USB/floppy. (I installed Linux through PXE) It does not have network access. Is there were some way to specify that the ntfs-3g driver shouldn't compress files even if it thinks it should (if the directory is compressed) when mounting the volume? Or, is there a way to modify the attributes of a directory using ntfstools?

Read the article
How can I enable anonymous access to a Samba share under ADS security mode?

- by hemp

I'm trying to enable anonymous access to a single service in my Samba config. Authorized user access is working perfectly, but when I attempt a no-password connection, I get this message: Anonymous login successful Domain=[...] OS=[Unix] Server=[Samba 3.3.8-0.51.el5] tree connect failed: NT_STATUS_LOGON_FAILURE The message log shows this error: ... smbd[21262]: [2010/05/24 21:26:39, 0] smbd/service.c:make_connection_snum(1004) ... smbd[21262]: Can't become connected user! The smb.conf is configured thusly: [global] security = ads obey pam restrictions = Yes winbind enum users = Yes winbind enum groups = Yes winbind use default domain = true valid users = "@domain admins", "@domain users" guest account = nobody map to guest = Bad User [evilshare] path = /evil/share guest ok = yes read only = No browseable = No Given that I have 'map to guest = Bad User' and 'guest ok' specified, I don't understand why it is trying to "become connected user". Should it not be trying to "become guest user"?

Read the article
What's the best way to mitigate NFS and sudo?

- by user225874

Quick background: We have 40 workstations running Linux. NFS is used extensively for bulk data storage and home directories. This allows users to roam freely will relatively transparent file systems. This is an educational environment where postdocs and students have successfully pulled off a coup of sorts. All have gained root on their individual workstations by grooming a technophobic PI who thinks IT people are evil. If I so much as suggest chroot or sudo restrictions, I'll find myself working out of a broom closet. With that in mind, what's the best way to mitigate something like this below? $ hostname workstation1 $ whoami john $ sudo su jane $ whoami jane $ cp -R /home/nfs/jane /mnt/thumbdrive/

Read the article
Iptables mark incoming packet - vpn routing

- by Tom

I have connected my home to my workplace for out of house backup reasons through openvpn. The connection is working nicely. At work I have 5 fixed IP addresses. Now I would like to assign one of these IP addresses to be forwarded to my home machine. I have confirmed packet arrival at my home machine with tcpdump. The problem is that my default route at home is NOT the tun0 (naturally), but eth0 to my own ISP. So I created a separate routing table to route my tun0 packets back to where they belong, but do not how to mark the incoming packet which arrive through tun0 with iptables, so I can drive them back. I do not want any port restrictions, but only what comes from tun0 should leave through tun0 thanks tom

Read the article
connect to ssh server thru 80 via HTTP proxy?

- by im_chc

Hi, Please help: I want to connect to my ssh server at home However, I'm behind a corporate (CORP) firewall, which blocks almost all ports (443, 22, 23 etc). But it seems that 80 is not blocked, coz I am able to surf the web after I login (i.e. IE sets to CORP's proxy server, and start IE - displayed CORP intranet portal - type in google.com - dialog pops up for userid + pwd - login successful, and surf without restrictions) My ssh server listens at 443. My question is: Is there a way to connect from a computer behind the CORP firewall to the ssh server thru the 80 port, with the ssh server still listening on port 443? Changing the ssh server to listen to port 80 is not an option, coz my home ISP blocks 80. Can I use a public proxy which listens at 80? After some research on google I found that there is something called "connect to SSH thru an HTTP proxy" using the Cockscrew software. Is it useful? Or is there some other way to solve the problem?

Read the article
Solaris 10 opencsw git package issue with bitbucket git hosting

- by zephyrus00jp

Has anyone tried using `git' from opencsw package in order to work with bitbucket source hosting service (under solaris10)? I tried to use git as the bitbucket documentation explains, and - under Debian GNU/Linux, it worked flawlessly as described, but - under Solaris 10, I got Authentication Failed message. I even tried to run truss to see anything is suspicious but could not find any smoking gun under solaris why it failed. ldd git-binary didnd't show anything suspicious either (except for the libcrypt library which could be a suspicious to think about export restrictions. Have they shipped incompatible version? BUT since the password is typed into https: connection, I suspect it is only a matter of web-level cryptography and should be universal these days.) I am now tempted to compile git suite under solaris 10, but I did find people who seem to be using git with bitbucket under solaris 10 and am wondering what could be wrong.

Read the article
how to upgrade the apple OS from 10.6.8 to 10.9?

- by Mohamed KALLEL

I read the following informations from the apple discussion: Mac OS X 10.9 Mavericks, breaks the tradition, and is available free (subject certain license restrictions) for anyone from 10.6.8 through 10.8.5 as long as they meet the system requirements for 10.8 I have apple laptop with OS 10.6.8 and I want to upgrade my OS to 10.9. and according to abpve information this is possible. But I do not how to do that with my apple laptop. Could you tell me how to upgrade my apple OS from 10.6.8 to 10.9?

Read the article
Why is hibernation still used?

- by Moses

I've never quite understood the original purpose of the Hibernation power state in Windows. I understand how it works, what processes take place, and what happens when you boot back up from Hibernate, but I've never truly understood why it's used. With today's technology, most notably with SSDs, RAM and CPUs becoming faster and faster, a cold boot on a clean/efficient Windows installation can be pretty fast (for some people, mere seconds from pushing the power button). Standby is even faster, sometimes instantaneous. Even SATA drives from 5-6 years ago can accomplish these fast boot times. Hibernation seems pointless to me when modern technology is considered, but perhaps there are applications that I'm not considering. What was the original purpose behind hibernation, and why do people still use it? Edit: I rescind my comment about hibernation being obsolete, as it obviously has very practical applications to laptops and mobile PCs, considering the power restrictions. I was mostly referring to hibernation being used on a desktop.

Read the article
Configuring squid as reverse proxy

- by Hassan

I am having trouble configuring squid to work as reverse proxy here is my scenario squid is installed on server with ip 10.1.1.139 I have another computer that is acting as my proxy server 10.1.85.106 which has access to 10.1.85.106/program I want 10.1.1.139/program to be redirected to 10.1.85.106 I have added cache_peer 10.1.85.106 parent 80 0 no-query originserver name=server_1 cache_peer_domain server_1 /program /program/ program when I go to 10.1.1.139/program I get "The following error was encountered while trying to retrieve the URL: /program Invalid URL" Since the error is not related to access denied I don't think it is due to access restrictions. Do I need to add anything else? Thanks for your time

Read the article

< Previous Page | 11 12 13 14 15 16 17 18 19 20 21 22 | Next Page >