Search Results

Search found 101574 results on 4063 pages for 'single user'.

Page 158/4063 | < Previous Page | 154 155 156 157 158 159 160 161 162 163 164 165  | Next Page >

• Restrict access to SSH for one specific user

  - by j0nes

  I am looking for a way to secure my servers with the following setup: I have a server where I can log in via SSH. The main account there (named "foo") is secured by a keybased login with password. I have another user account (named "bar") that I use to log in via cronjobs running on other servers - this one also has keybased login, but without password. Now I want to limit access to this machine for the "bar" account. The account should only be accessible via known IPs. However, the "foo" account should not be affected by this, this one should basically be accessible from any IP. How can I manage this? Or is there a simpler solution to everything?

  Read the article

• In Windows XP, is it possible to disable user credential caching for particular users

  - by kdt

  I understand that when windows caches user credentials, these can sometimes be used by malicious parties to access other machines once a machine containing cached credentials is compromised, a method known as "pass the hash"[1]. For this reason I would like to get control over what's cached to reduce the risk of cached credentials being used maliciously. It is possible to prevent all caching by zeroing HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount, but this is too indiscriminate: laptops users need to be able to login when away from the network. What I would like to do is prevent the caching of credentials of certain users, such as administrators -- is there any way to do that in Windows XP? http://www.lbl.gov/cyber/systems/pass-the-hash.html

  Read the article

• Win2008 - restrict VPN user permissions

  - by Sebas

  Windows 2008 R2 SP1 Foundations file server with no AD, only workgroup sharing some folders, and now a RRAS server. Shared folders are open to everyone in the office (XPs and Sevens) without accounts/passwords, but I was thinking about partially limiting access to the new "VPNuser" account. I'm new to Windows Server and its permissions settings: I thought about denying access to vpnuser through NTFS rights in some folders. It doesn't work, but now I'm guessing that the vpnuser is not considered as a logged user (doesn't appear as such) and is considered a "guest", like the rest of people connecting in the office. I say that because of this: http://social.technet.microsoft.com/Forums/windowsserver/en-US/ff6d3726-ff41-4d3f-9d97-5361af0206dd/vpn-users-on-server-shows-as-guest?forum=winserverNIS Also, because when I create a txt file using the VPN connection, owner field shows in description as "guest". Am I right? How can I set different rights for the VPNuser from the rest of "guest" users in the office?

  Read the article

• Monitoring User Login time

  - by beakersoft

  Hi, i have recently been given the task of trying to work out why the login time (not machine boot time) for some of our users seems slow. The vast majority of clients (95%) are running on XP sp3, Windows 2003 domain controlers. Most users have the same model of machine. I would like to be able to see how long each of the polices are taking to load (if possable split user and computer) and any other info that might help (services starting etc) I changed the userenvdebuglevel reg option to generate the userenv.log file but it did'nt contain very much info Thanks Luke

  Read the article

• Tool/Program/Script/Formula for deciphering Active Directory Connection Strings for 3rd party user i

  - by I.T. Support

  We're using WSFTP, which has an Active Directory Integration module. To populate the user accounts you need to provide a connection string akin to: OU=Users,DC=domain,DC=com CN=Domain Users,OU=Users,DC=domain,DC=com Questions: Is there a Tool/Program/Script/Formula that allows me to decipher how these strings might look based on what I can see in Active Directory Users & Computers? Is there a proper/accepted name for these types of connection strings? I don't even know what to Google to get more information about how to format one properly How would I troubleshoot the connection string if I think it looks correctly formatted, but it isn't working? Thanks!

  Read the article

• Vmware server: Browser does not load user interface

  - by matnagel

  I have the latest vmware server isntalled on ubuntu 8.04 lts 64 bit. I access the user interface over this url, which matches my ip and port settings: https://10.1.1.99:11222/ui Sometimes it works in fierofox 3.6, but sometimes not. Same in Google Chrome. When it does not work, what happens is that the cert is checked, the browser is loading something, but the result is a white page. Sometimes the favicon of vmware (blue with 3 squares) appears, but only the white page. And sometimes it works. I reload many times, most of the time the whit epage appears again. On some days I succeed. But on many days not. I can give more info if someone tells me what is needed. Please help, we need this badly.

  Read the article

• Lost Root and other user passwords

  - by Webnet

  This isn't a huge deal, because there's very little on the server (literally a file or two) that we actually need off of it. But we disabled root logins as a security measure and can't remember any of our other user passwords. I'm assuming that there's nothing we can do at this point to get into the server? I'm sitting next to the box... Update Oops... actually, I need to export an SVN off of this server. So yeah, there's stuff I need.

  Read the article

• knife azure image list doesn't return User image

  - by TooLSHeD

  I'm trying to create and bootstrap a Windows VM in Azure using knife-azure. I initially tried using a Public Win 2008 r2 image, but quickly found out that winrm needs to be configured before this can work. So, I created a VM from that image, configured winrm as per these instructions and captured the VM. The problem is that the image does not show up when executing knife azure image list. When I try creating the server with the image name from the Azure portal, it complains that it does not exist. I'm running Ubuntu, so I tried the Azure cli tools and it doesn't show there either. I installed Azure PS in a Win 8 VM and then it shows up. Feeling encouraged, I installed Chef and knife-azure in the Win 8 VM, but it doesn't show up there either. How do I get my User image to show in knife azure?

  Read the article

• How to whitelist a user agent for nginx?

  - by djb

  I'm trying to figure out how to whitelist a user agent from my nginx conf. All other agents should be shown a password prompt. In my naivity, I tried to put the following in before deny all: if ($http_user_agent ~* SpecialAgent ) { allow; } but I'm told "allow" directive is not allowed here (!). How can I make it work? A chunk of my config file: server { server_name site.com; root /var/www/site; auth_basic "Restricted"; auth_basic_user_file /usr/local/nginx/conf/htpasswd; allow 123.456.789.123; deny all; satisfy any; #other stuff... } Thanks for any help.

  Read the article

• "Unknown user name or bad password" when I launch ADUC

  - by Chris

  When I open up Active Directory Users and Computers from my workstation, I receive an error: Naming information cannot be located because: Logon failure: unknown user name or bad password. Contact your system administrator to verify that your domain is properly configured and is currently online. If I log in to my workstation as somebody else, it works. If I log into a different workstation using my account, it works. All the workstations in question are running Windows Vista (32 and 64 bit) or Windows Server 2008. The domain controller in question is running Windows Small Business Server 2008. Everything else (that I tried) in the Remote Server Administration Tools runs just fine. Any thoughts? Edit: I just tried reinstalling RSAT. No such luck.

  Read the article

• Log with iptalbes which user is delivering email to port 25

  - by Maus

  Because we got blacklisted on CBL I set up the following firewall rules with iptables: #!/bin/bash iptables -A OUTPUT -d 127.0.0.1 -p tcp -m tcp --dport 25 -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner mail -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --uid-owner root -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --uid-owner Debian-exim -j ACCEPT iptables -A OUTPUT -p tcp -m limit --limit 15/minute -m tcp --dport 25 -j LOG --log-prefix "LOCAL_DROPPED_SPAM" iptables -A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp-port-unreachable I'm not able to connect to port 25 from localhost with another user than root or a mail group member - So it seems to work. Still some questions remain: How effective do you rate this rule-set to prevent spam coming from bad PHP-Scripts hosted on the server? Is there a way to block port 25 and 587 within the same statement? Is the usage of /usr/sbin/sendmail also limited or blocked by this rule-set? Is there a way to log the username of all other attempts which try to deliver stuff to port 25?

  Read the article

• Spam mail through SMTP and user spoofing

  - by Josten Moore

  I have noticed that it's possible to telnet into a mailserver that I own and send spoofed messages to other clients. This only works for the domain that the mail server is regarding; I cannot do it for other domains. For example; lets say that I own example.com. If I telnet example.com 25 I can successfully send a message to another user without authentication: HELO local MAIL FROM: [email protected] RCPT TO: [email protected] DATA SUBJECT: Whatever this is spam Spam spam spam . I consider this a big problem; how do I secure this?

  Read the article

• Verifying that a user comes from a 'partner' site?

  - by matt_tm

  We're building a Drupal module that is going to be given to trusted 'corporate partners'. When a user clicks on a link, he should be redirected to our site as if he's a logged in user. How should I verify that the user is indeed coming from that site? It does not look like 'HTTP_REFERER' is enough because it appears it can be faked. We are providing these partner sites with API Keys. If I receive the API-key as a POST value, sent over https, would that be a sufficient indicator that the user is a genuine partner-site user?

  Read the article

• 'Singleton' application - or let the user only launch one instance of a program at the time

  - by Disco

  I'm running a few linux desktops; mainly for kids (yeah, trying to teach them the right OS at early stage) (running Ubuntu 10.10, Gnome) The problem is that they found very funny to make their workstations (actually, old 512 Mb pentium 4) by launching thousands of firefox instances. I'm looking for a way to restrict them to launch 'N' instances of a particular application. Haven't figured yet how. Thought of a monitoring daemon but I think that would be too ressources hungry. Any idea of a script/trick to achieve this ? Note: i might have 1-2 level of users (the kids, and the more grown up kids) so i have also to limit per user; something like user1: 3firefox, user2: 2firefox instances.

  Read the article

• Active Directory management with low user rights

  - by DemonWareXT

  Our problem: The client, a normal user, has to be able to reset multiple passwords at once. Around 30 in one go. This would call for powershell or something along these lines, but for AD and Powershell one needs to be domain administrator. My solution would be to make a service that runs on the AD server and take connections from a program. The service would then do the AD changes. So far so good, I would just like to hear some other thoughts on this problem. Because I sure can't be the only one with it

  Read the article

• user related commands hang on open("/etc/localtime", O_RDONLY) = 4 in CentOS 5.5

  - by fuzzy lollipop

  I am logged in as root when doing a strace -etrace=open adduser git it hangs on open("/etc/localtime", O_RDONLY) = 4 for like 2 minutes then continues on. Also when I try and strace -etrace=open su git it just hangs at the same place as well, I can't login via ssh as the git user either. Some other users I created work just fine, like su tomcat and I can ssh in as tomcat as well. I deleted the file that was at /etc/localtime and replaced it with a symlink to ln -s /usr/share/zoneinfo/US/Eastern /etc/localtime and it didn't change the behavior in any way.

  Read the article

• How can I restrict the backuppc client user as much as possible? (rsync)

  - by jxn

  I have backuppc making full backups of servers, but I'd like to be sure that my set up is as paranoid as possible. BackupPC is set up to backup via rsync, and it is set up to use a specific user on each client to be backed up. Because the backuppc client user has to have access to every file on the client machine and the ability to ssh into the machine without an interactive password, I'm a little nervous about securing the clients, and I'd like to know I haven't overlooked any options. Here's what I have in place: in the client user's authorized_keys file, i've included from="IPTOSERVER",command="/usr/bin/rsync" before the user's public key, so that the user can only login coming from the BackupPC server. Next, in the sudoers file, I've added this line: backuppc ALL=NOPASSWD: /usr/bin/rsync to allow root-level permissions only for the rsync command for that user. Are there other user, policy, or ssh restrictions that I can add while still allowing the backup pc client user to rsync all files?

  Read the article

• nginx caching per user agent

  - by Tuinslak

  I'm currently using nginx as reverse proxy with caching enabled. However, the main site has two different layouts, depending on the user-agent (mobile or not). I've tried something similar to this: # mobile users if ($http_user_agent ~* '(iPhone|iPod|mobile|Android|2.0\ MMP|240x320|AvantGo|BlackBerry|Blazer|Cellphone|Danger|DoCoMo|Elaine/3.0|EudoraWeb|hiptop|IEMobile)') { set $iphone_request '1'; } if ($iphone_request = '1') { proxy_cache mobile; } if ($iphone_request = '') { proxy_cache site; } proxy_cache_key "$scheme://$host$request_uri"; proxy_pass http://real-site.tld; However, nginx gives an error, stating proxy_cache can't be used in an if-structure. Any other way to serve from a different cache depending on the browser? Thanks, Tuinslak

  Read the article

• Tool to test a user account and password (test login)

  - by TheCleaner

  Yeah, I can fire up a VM or remote into something and try the password...I know...but is there a tool or script that will simulate a login just enough to confirm or deny that the password is correct? Scenario: A server service account's password is "forgotten"...but we think we know what it is. I'd like to pass the credentials to something and have it kick back with "correct password" or "incorrect password". I even thought about a drive mapping script with that user account and password being passed to see if it mapped the drive successfully or not but got lost in the logic of making it work correctly...something like: -Script asks for username via msgbox -script asks for password via msgbox -script tries to map a drive to a common share that everyone has access to -script unmaps drive if successful -script returns popup msgbox stating "Correct Password" or else "Incorrect Password" Any help is appreciated...you'd think this would be a rare occurrence not requiring a tool to support it but...well....

  Read the article

• JMeter: how to asign a single distinct value from CSV Data Set Config to each thread in thread group?

  - by JohnnyM

  I have to make a load test for a relatively large number of users so I cant realy use User Parameters pre-processor to parametrize each thread with custom user data. I've read that I should use CSV Data Set Config instead. However I run into a problem with how JMeter interprets the input of this Config. Example: I have a thread group of 3 threads and Loop Count:10 with one HTTP request sampler with server www.example.com and path: \${user}. The csv file (bullet is a single line in file) for CSV Data Set Config to extract the user parameter: 1 2 3 4 5 Expected output is that for thread 1-x the path of the request should be: \x. So the output file should consist of 10 samples per thread namely: for thread 1-1 : 10 requests to www.example.com\1 for thread 1-2 : 10 requests to www.example.com\2 for thread 1-3 : 10 requests to www.example.com\3 but instead i get requests to each \1 - \5 and then to EOF. Does anyone know how to achieve the expected effect with CSV Data Set Config in jmeter 2.9?

  Read the article

• Installing a personal security certificate for Windows Server 2008 Terminal Services user

  - by Rick

  We use StoneEdge Order Manager, which runs under Microsoft Access, on several Windows computers as well as through Terminal Services on Windows Server 2008. Terminal Services users are unable to process credit cards using the First Data Global Gateway on the server. We have followed the necessary setup instructions provided under the user account, which involves adding a certificate in the Internet Options control panel. The Windows XP desktops require this to be done, or a generic 'unable to connect' message is shown when attempting to charge a card. On the server, this message is shown regardless of whether the certificate has been installed. Is there anything else that needs to be done that is specific to Windows Server that is not mentioned in the workstation instructions? Setup Instructions

  Read the article

• Determining the State of a User using their Hostname

  - by PhpMyCoder

  Not sure if this is the right SE site. I figured this question doesn't belong on SO, but if you think it doesn't belong here either, I apologize. I've been looking into determining the location, specifically the state, of a user accessing my website. One of the options I've known about for a while is the GeoIP City Database, however this isn't the most cost effective solution and I'm cheap so I was looking for a less expensive way. Something that occurred to me was that my state was in the public hostname assigned to me by Comcast: (Dash Separated IP).hsd1.ma.comcast.net Could it be possible that other ISPs follow this same pattern of inserting the state abbreviation into their users' hostnames? I've been looking around for a list of hostnames for other ISPs, but I haven't found anything. Can anyone verify that this holds true for other major ISPs?

  Read the article

• Tons of spam on dreamhost mail user account

  - by user122022

  I use dreamhost for my webserver/ email host. I have about 25 users on one domain. and 1 of these users is absolutely inundated with spam every day. I have tried using dreamhosts poor blacklist feature, which was semi working (still letting a lot through) but I reached the 1000 email blacklist maximum very quickly. I have the ability to switch to google apps but that would be very expensive for 25 users. What options do I have aside from changing hosts with better spam filtering? I don't think its possible to only switch 1 user to google apps, it has to be the whole domain. There are other benefits to switching but I don't think they outweigh the cost for this company.

  Read the article

• Windows IPSec computer authentication using *user* account?

  - by Tim Brigham

  For some reason every once in a while it happens that my IPSec authentication is from a user account to a computer account, not computer to computer. How can I fix it? Sometimes - notably when I try to add a new workstation through ePO but it's happened other times as well I'm getting strange behavior from my Windows Advanced Firewall IPSec. This causes the authentication to be invalid (as the group memberships, etc all assume computer accounts). I have no idea why this is happening or how to fix it but the IDs to match up between servers (the opposite server in my second example has remote ID timb).

  Read the article

• Windows Server 2003 - Give User Full Admin Privileges

  - by APShredder

  I am running Windows Server 2003. There are a couple of user accounts that I would like to promote to Administrator accounts. I've tried several ways to do so, but I am still relatively new to setting up a server. If anyone has any ideas on how to go about promoting these users, I thank you in advance. EDIT: I should probably mention that this a domain controller. I didn't realize that this changed the answer I was looking for. I apologize, like I said before I am new to the world of servers. EDIT #2: I've added the users to the Administrator group like most of the answer recommended, but the users don't seem to have admin rights yet. I think this might be because they are also in the Domain Users group, which I can't seem to be able to remove them from.

  Read the article

< Previous Page | 154 155 156 157 158 159 160 161 162 163 164 165  | Next Page >