Search Results

Search found 18506 results on 741 pages for 'active desktop'.

Page 18/741 | < Previous Page | 14 15 16 17 18 19 20 21 22 23 24 25  | Next Page >

  • Active Directory using Samba/Open LDAP for user accounts

    - by Jon Rhoades
    I know this is the wrong way round... but Is it possible to use AD in front of Samba for our PC clients, so that the user accounts are in Samba/Open LDAP. Managing our fleet of Windows PC's is becoming more and more difficult with just Samba v3 - until Samba v4 comes along, it would be great if we could leverage Active Directory, but have the accounts stored in Samba/Open LDAP. Windows PC's are a minority in our organisation & Samaba/Open LDAP are used for just about every service (Zimbra/RADIUS/Intranet/SAN/Printing/...) so it will have to remain the definitive account source. Anyway, it probably can't be done, but I thought I would ask for ideas anyway.

    Read the article

  • Wrong DNS query in Active directory network with NetBIOS enabled client

    - by koankoder
    The setup: Active Directory is enabled on the network (abcd.com) We have a single character host name (1.abcd.com) one of the desktop has an old XP with NetBIOS stuff enabled The Problem Whenever we query for any host name from the XP machine, the first character alone is taken for DNS query (one.abcd.com will query for o.abcd.com, two.abcd.com will query for t.abcd.com) Even if we give some IP, the application queries with numeric prefix (10.x.x.x will query for 1.abcd.com).Since we already have 1.abcd.com, all query and traffic ends up in 1.abcd.com After discussion with network guys, it seems netbios DNS queries by having some prefix etc. but none of them is actually sure on what is happening. Is there any docs which can explain this behavior ? Is this valid behavior in NetBIOS environment ?

    Read the article

  • Active Directory intergration with linux users and zimbra

    - by Juan Diego
    I have the following questions about setting an active directory, that already has users and a domain, (i.e. internaldomain.edu) and real domain (i.e mydomain.edu.), and I have seeing many examples of the integration of AD with linux and usually they have a domain like intranet.mydomain.edu. Should I change "internaldomain.edu" to intranet.mydomain.edu or to mydomain.edu, or I can leave that internaldomain.edu like it is and create another domain. I am a littlebit confused with these, I know one is the windows domain but I dont know if that affects my email users.

    Read the article

  • Plone Active Directory group filter

    - by Jason Weber
    I am currently trying to configure the Plone LDAP plugin for Active directory. Thus far all is good and I’m getting users and groups through. The usage is for Cyn.In However the problem I’m facing is thus: The users search has the ability to filter, which is great. I can use the memberOf or department filter to just grab the users I want. However all our groups simply live in one OU, which means I’m getting over 30 pages of groups of which 99% are just not necessary. Sadly I don’t have control over our AD, so can’t just shift the ones I want into their own OU. Is there any way you can think of to also filter groups based on some kind of LDAP criteria?

    Read the article

  • Active Directory Password Policy Problem

    - by Will
    To Clarify: my question is why isn't my password policy applying to people in the domain. Hey guys, having trouble with our password policy in Active Directory. Sometimes it just helps me to type out what I’m seeing It appears to not be applying properly across the board. I am new to this environment and AD in general but I think I have a general grasp of what should be going on. It’s a pretty simple AD setup without too many Group Policies being applied. It looks something like this DOMAIN Default Domain Policy (link enabled) Password Policy (link enabled and enforce) Personal OU Force Password Change (completely empty nothing in this GPO) IT OU Lockout Policy (link enabled and enforced) CS OU Lockout Policy Accouting OU Lockout Policy The password policy and default domain policy both define the same things under Computer ConfigWindows seetings sec settings Account Policies / Password Policy Enforce password History : 24 passwords remembered Maximum Password age : 180 days Min password age: 14 days Minimum Password Length: 6 characters Password must meet complexity requirements: Enabled Store Passwords using reversible encryption: Disabled Account Policies / Account Lockout Policy Account Lockout Duration 10080 Minutes Account Lockout Threshold: 5 invalid login attempts Reset Account Lockout Counter after : 30 minutes IT lockout This just sets the screen saver settings to lock computers when the user is Idle. After running Group Policy modeling it seems like the password policy and default domain policy is getting applied to everyone. Here is the results of group policy modeling on MO-BLANCKM using the mblanck account, as you can see the policies are both being applied , with nothing important being denied Group Policy Results NCLGS\mblanck on NCLGS\MO-BLANCKM Data collected on: 12/29/2010 11:29:44 AM Summary Computer Configuration Summary General Computer name NCLGS\MO-BLANCKM Domain NCLGS.local Site Default-First-Site-Name Last time Group Policy was processed 12/29/2010 10:17:58 AM Group Policy Objects Applied GPOs Name Link Location Revision Default Domain Policy NCLGS.local AD (15), Sysvol (15) WSUS-52010 NCLGS.local/WSUS/Clients AD (54), Sysvol (54) Password Policy NCLGS.local AD (58), Sysvol (58) Denied GPOs Name Link Location Reason Denied Local Group Policy Local Empty Security Group Membership when Group Policy was applied BUILTIN\Administrators Everyone S-1-5-21-507921405-1326574676-682003330-1003 BUILTIN\Users NT AUTHORITY\NETWORK NT AUTHORITY\Authenticated Users NCLGS\MO-BLANCKM$ NCLGS\Admin-ComputerAccounts-GP NCLGS\Domain Computers WMI Filters Name Value Reference GPO(s) None Component Status Component Name Status Last Process Time Group Policy Infrastructure Success 12/29/2010 10:17:59 AM EFS recovery Success (no data) 10/28/2010 9:10:34 AM Registry Success 10/28/2010 9:10:32 AM Security Success 10/28/2010 9:10:34 AM User Configuration Summary General User name NCLGS\mblanck Domain NCLGS.local Last time Group Policy was processed 12/29/2010 11:28:56 AM Group Policy Objects Applied GPOs Name Link Location Revision Default Domain Policy NCLGS.local AD (7), Sysvol (7) IT-Lockout NCLGS.local/Personal/CS AD (11), Sysvol (11) Password Policy NCLGS.local AD (5), Sysvol (5) Denied GPOs Name Link Location Reason Denied Local Group Policy Local Empty Force Password Change NCLGS.local/Personal Empty Security Group Membership when Group Policy was applied NCLGS\Domain Users Everyone BUILTIN\Administrators BUILTIN\Users NT AUTHORITY\INTERACTIVE NT AUTHORITY\Authenticated Users LOCAL NCLGS\MissingSkidEmail NCLGS\Customer_Service NCLGS\Email_Archive NCLGS\Job Ticket Users NCLGS\Office Staff NCLGS\CUSTOMER SERVI-1 NCLGS\Prestige_Jobs_Email NCLGS\Telecommuters NCLGS\Everyone - NCL WMI Filters Name Value Reference GPO(s) None Component Status Component Name Status Last Process Time Group Policy Infrastructure Success 12/29/2010 11:28:56 AM Registry Success 12/20/2010 12:05:51 PM Scripts Success 10/13/2010 10:38:40 AM Computer Configuration Windows Settings Security Settings Account Policies/Password Policy Policy Setting Winning GPO Enforce password history 24 passwords remembered Password Policy Maximum password age 180 days Password Policy Minimum password age 14 days Password Policy Minimum password length 6 characters Password Policy Password must meet complexity requirements Enabled Password Policy Store passwords using reversible encryption Disabled Password Policy Account Policies/Account Lockout Policy Policy Setting Winning GPO Account lockout duration 10080 minutes Password Policy Account lockout threshold 5 invalid logon attempts Password Policy Reset account lockout counter after 30 minutes Password Policy Local Policies/Security Options Network Security Policy Setting Winning GPO Network security: Force logoff when logon hours expire Enabled Default Domain Policy Public Key Policies/Autoenrollment Settings Policy Setting Winning GPO Enroll certificates automatically Enabled [Default setting] Renew expired certificates, update pending certificates, and remove revoked certificates Disabled Update certificates that use certificate templates Disabled Public Key Policies/Encrypting File System Properties Winning GPO [Default setting] Policy Setting Allow users to encrypt files using Encrypting File System (EFS) Enabled Certificates Issued To Issued By Expiration Date Intended Purposes Winning GPO SBurns SBurns 12/13/2007 5:24:30 PM File Recovery Default Domain Policy For additional information about individual settings, launch Group Policy Object Editor. Public Key Policies/Trusted Root Certification Authorities Properties Winning GPO [Default setting] Policy Setting Allow users to select new root certification authorities (CAs) to trust Enabled Client computers can trust the following certificate stores Third-Party Root Certification Authorities and Enterprise Root Certification Authorities To perform certificate-based authentication of users and computers, CAs must meet the following criteria Registered in Active Directory only Administrative Templates Windows Components/Windows Update Policy Setting Winning GPO Allow Automatic Updates immediate installation Enabled WSUS-52010 Allow non-administrators to receive update notifications Enabled WSUS-52010 Automatic Updates detection frequency Enabled WSUS-52010 Check for updates at the following interval (hours): 1 Policy Setting Winning GPO Configure Automatic Updates Enabled WSUS-52010 Configure automatic updating: 4 - Auto download and schedule the install The following settings are only required and applicable if 4 is selected. Scheduled install day: 0 - Every day Scheduled install time: 03:00 Policy Setting Winning GPO No auto-restart with logged on users for scheduled automatic updates installations Disabled WSUS-52010 Re-prompt for restart with scheduled installations Enabled WSUS-52010 Wait the following period before prompting again with a scheduled restart (minutes): 30 Policy Setting Winning GPO Reschedule Automatic Updates scheduled installations Enabled WSUS-52010 Wait after system startup (minutes): 1 Policy Setting Winning GPO Specify intranet Microsoft update service location Enabled WSUS-52010 Set the intranet update service for detecting updates: http://lavender Set the intranet statistics server: http://lavender (example: http://IntranetUpd01) User Configuration Administrative Templates Control Panel/Display Policy Setting Winning GPO Hide Screen Saver tab Enabled IT-Lockout Password protect the screen saver Enabled IT-Lockout Screen Saver Enabled IT-Lockout Screen Saver executable name Enabled IT-Lockout Screen Saver executable name sstext3d.scr Policy Setting Winning GPO Screen Saver timeout Enabled IT-Lockout Number of seconds to wait to enable the Screen Saver Seconds: 1800 System/Power Management Policy Setting Winning GPO Prompt for password on resume from hibernate / suspend Enabled IT-Lockout

    Read the article

  • Cannot create a new domain in an existing active directory forest

    - by Mackenzie Carr
    I have a domain controller setup on Windows Server 2008 R2 (Forest) and I have another Windows Server 2008 R2 (New Domain) and I want to create a new domain in an existing forest. I get the following error: An Active Directory domain controller for the domain mackdev.mackenziecarr.com could not be contacted The error was "no records found for the given DNS query" The query was for the SRV record for: _ldap._tcp.dc._msdcs.mackdev.mackenziecarr.com I've seem to have tried everything even tried adding this record to the DNS server of the primary forest. I even successfully joined this server to the domain without any issues but trying to create a new domain under the existing forest is no luck. The primary forest I.P. address is 192.168.2.20 the server that I am using to try to make a child domain is 192.168.2.21 My ipconfig are as follows: I.P. Address: 192.168.2.21 Subnetmask: 255.255.255.0 Gateway: 192.168.2.1 Primary DNS: 192.168.2.20

    Read the article

  • Streamline Active Directory account creation via automated web site

    - by SteveM82
    In my company we have high employee turnover, and hence our helpdesk receives about a dozen requests per week for new Active Directory accounts. Currently, we receive these requests simply via e-mail or voice-mail, and rarely do we have all of the information necessary to create the account. I would like to find a web application that can be used by a manager or supervisor to formalize the requests they make for AD accounts for new employees under their command. Ideally, the application would prompt for all of necessary information, and allow the helpdesk to review the requests and approve or deny each one. If approved, the application would take care of creating the account and send an e-mail to the manager. I have found several application on the Internet that handle self-service account management (i.e., password resets or update contact info), which is also nice to have, but nothing that streamlines the new account request and creation part. Can anyone make suggestions on such an application? Thanks.

    Read the article

  • LDAP search filter for Active Directory

    - by Francesco De Vittori
    Hello, I'm trying to look for users inside Active Directory through a LDAP query. Basically I'm searching for the user in this way: Search DN: dc=mydomain, dc=com Filter: (sAMAccountName=USER) where USER is replaced with the provided username. Now if USER is only the username without domain (for ex. "Joe") this works fine. However I receive them in the form (domain\username, for ex. "myDomain\Joe") and obviously the search fails. I see two ways: using a regex inside the Search Filter to discard the domain using a completely different search filter I'm no LDAP expert and I don't even know if it's possible to use regular expressions inside the search filters. Does anyone know if it's possible and how? P.S. I cannot pre-process the username to strip the domain. This cannot be changed, as it's all part of a large system.

    Read the article

  • Mac Joining Active Directory Still Prompts For Authentication

    - by David Potter
    My Mac is joined to an Active Directory domain. What I expected to see was the same ease of access to file shares and internal websites that Windows computers joined to the domain experience (i.e., no authentication needed; it just uses Windows Integrated Authentication). Instead I am asked for credentials each time I try to access those shares and protected websites (e.g. SharePoint). Is this normal behavior, or is something wrong with my Mac that it prompts me for my username and password for the domain when I access Windows file shares or intranet sites protected by NTLM/Kerberos? Machines include: MacBook Pros running Mountain Lion MacBook Pros running Lion MacServer running Lion Server

    Read the article

  • Ask the Readers: How Do You Remote Desktop Access Distant Computers?

    - by Jason Fitzpatrick
    You’re at a computer at point A, but the computer you want to interact with is at point B, and the only thing connecting you is a series of network switches and cabling. How do you comfortably control the remote computer? While there are a variety of ways to control a computer from afar, sometimes there’s just no good substitute for accessing the user interface as if you were sitting at the computer–a feat made possibly by remote desktop software. This week we want to hear about both your favorite remote desktop tool and your best tips for getting the most out of a remote desktop session–from banishing lag to improving mouse-cursor tracking, any tips are fair game. Sound off in the comments below with your remote desktop tips and then check back in on Friday for the What You Said roundup. Java is Insecure and Awful, It’s Time to Disable It, and Here’s How What Are the Windows A: and B: Drives Used For? HTG Explains: What is DNS?

    Read the article

  • Setting Mercurial with Active Directory authentication and authorisation

    - by jbx
    I am evaluating the possibilities of moving my organisation to Mercurial, however I am stumbling on 2 basic requirements which I can't find proper pointers to. How do I set up Mercurial's central repository to authenticate users with the central active directory and only allow them to push or pull if they have the right credentials? How do I set up a Mercurial project repository to only allow users pertaining to a specific group to push / pull source code? We need this to have per-project authorisation. On which HTTP servers (IIS or Apache etc.) are the above 2 requirements supported? Apologies if I am asking something obvious or if I am missing something fundamental about how authentication and authorisation works. Thanks.

    Read the article

  • How can I access one desktop session from another on the same machine?

    - by d3vid
    I want to run a desktop session as user A, and from that session access a different desktop session as user B. This way I can test, screencast or share my screen from session B, while having access to apps/resources in session A that I do not want running/visible in session B. What application can I do this with? I assume some kind of a remote desktop client/server is what I'm looking for. So far I have tried: VNC. Logged in as user A and user B. In session B run Desktop Sharing. Switched to session A. Tried to access share with Remmina. Failed. (Can get image to appear but it's frozen.) x2go. Installed server and client from stable PPA (needed a workaround for installation to succeed). Created a connection which starts then fails instantly. Discovered mailing list post suggesting that accessing localhost is not supported. On the non-remote front: VirtualBox. Created a minimal virtual machine for session B. Too resource heavy. Am I attempting the impossible? Should I be looking for something other than a remote desktop tool?

    Read the article

  • Sql Server 2008, Active Directory Groups, and Failed Logins

    - by Ryan Michela
    I keep getting a Login Failed error in my ASP.net application when connecting to my SQL Server 2008 database. I am trying to login with the user domain\foo. When I grant a database login (server and database level) for domain\foo, my application can connect. When I put domain\foo in a group called domain/goo and give domain\goo a database login, the user domain\foo cannot authenticate. This does not make any sense. Am I doing something wrong? domain\foo and domain\goo are configured identically. The only difference is that on is a user and one is a group containing a user. Adding active directory groups as users to SQL Server 2008 is supposed to work.

    Read the article

  • SharePoint 2010 not seeing Active Directory users

    - by user117927
    I'm pretty new to Active Directory and SharePoint but I was given to understand they are supposed to play well together. Now I have successfully set up AD with multiple user accounts that work on any member computer. I have also successfully installed SharePoint 2010 Server on an AD machine. Both the AD server and SharePoint servers are on separate machines (VMs running on ESXi to be precise). I can only log on with user accounts I create on the local server. Furthermore the user browser thing for adding users will only see local users. I've followed the advice here http://technet.microsoft.com/en-us/library/cc262350.aspx#section2 for Classic authentication and also NTLM claims based authentication but to no avail. Is there something fundamental I am getting wrong here? I'd be really thankful for any help you can lend me; I've been googling and scratching my head for a couple of days now. P

    Read the article

  • Simple active directory permissions issue

    - by Antonio2011a
    So I've created a domain controller (DC) as well as 3 machines (SQL-A, SQL-B, SQL-CORE). All are running Windows Server2008R2 (on virtualbox). I have successfully joined the 3 machines to the domain controller. Next I created a user in active directory called Kim_Akers who is a member of "Domain Admins", "Domain users", "Enterprise Admins" and "Schema Admins". However when I login to SQL-A for example as contso/Kim_Akers and then try and run something like the ServerManager.msc I can't do it due to lack of permissions "Windows cannot access the specified device, path or file. You may not have the appropriate permissions". What am I doing wrong that Kim_Akers doesn't have permissions to do this? Thanks.

    Read the article

  • Mounting windows shares with Active Directory permissions

    - by Jamie
    I've managed to get my Ubuntu (server 10.04 beta 2) box to accept logins from users with Active Directory credentials, now I'd like those users to access there permissible windows shares on a W2003 R2 server. The Windows share ("\srv\Users\") has subdirectories named according to the domain account users and permissions are set accordingly. I would like to preserve these permissions, but don't know how to go about it. Would I mount as an AD administrator or have each user mount with there own AD credentials? How do determine between using mount.smbfs or mount.cifs?

    Read the article

  • How to use RDP protocol in Remote Desktop Viewer?

    - by drgrog
    I am using a Natty Live-USB, and the Remote Desktop Viewer application (Applications - Internet - Remote Desktop Viewer) only shows SSH & VNC protocols. How can I include RDP in the list, in order to connect to existing Windows Remote Desktop sessions on Windows XP machines. I am aware that I can use the gnome-rdp application, or even rdesktop hostname from a terminal, but I would like to create a persistent LiveUSB that uses Remote Desktop Viewer to connect to Windows RDP (port 3389). I do not want to set up VNC, TeamViewer or any others, as these do not solve my problem due to the fact they need additional software on the remote hosts.

    Read the article

  • "This computer has dynamically assigned IP addresses" error when installing Active Directory Domain Controller

    - by smhnaji
    This is a working Windows Server 2008 that I should install Active Directory on it. I found http://www.howtogeek.com/99323/ and followed the steps. After Additional Domain Controller Options, I'm asked the question "This computer has dynamically assigned IP addresses". As I see, the message states that Dynamic IP addressing has been used for the server, while this is wrong. When I come to Network And Sharing Center, and click on Local Area Connections - Properties - Internet Protocol Version 4 (TCP/IPv4) - Properties, I see that the main IP address (as well as DNS Server) and also all other IP addresses are assigned statically. So it should be OK. I cannot believe any server using dynamic IP(s)! Note: No IPv6 has been set for the server. Please tell me why the error is given and which of the options available, should I choose? Note that it's a production server and is working with many users in WORKGROUP. No change should be affected nor to the IPs, neither to users connecting to the server.

    Read the article

  • Using Active Directory Security Groups as Hierarchical Tags

    - by Nathan Hartley
    Because active directory security groups can... hold objects regardless of OU. be used for reporting, documentation, inventory, etc. be referenced by automated processes (Get-QADGroupMember). be used to apply policy be used by WSUS I would like to use security groups as hierarchical tags, representing various attributes of a computer or user. I am thinking of (computer centric) tags something like these: /tag/vendor/vendorName /tag/system/overallSystemName /tag/application/vendorsApplicationName /tag/dependantOn/computerName /tag/department/departmentName /tag/updates/Group1 Before fumbling through implementing this, I thought I would seek comments from the community. Specifically in the areas: Does this make sense? Would it work? Has anyone else attempted this? Is there a good reference on the matter I should read? How best to implement the hierarchy? Tag_OU\Type_OU\GroupName (limits quantity in OU, uniqueness not guaranteed) Tag_OU\Type_OU\Tag-Type-GroupName (limits quantity in OU, uniqueness guaranteed, verbose) etc ... Thanks in advance!

    Read the article

  • SSH and Active Directory authentication

    - by disserman
    Is it possible to set up Linux (and Solaris) SSH server to authenticate users in this way: i.e. user john is a member of the group Project1_Developers in the Active Directory. we have something on the server A (running Linux, the server has an access to the AD via i.e. LDAP) in the SSH server LDAP (or other module) authentication config like root=Project1_Developers,Company_NIX_Admins. when john connects to the server A using his username "john" and domain password, the server checks the john's group in the domain and if the group is "Project1_Developers" or "Company_NIX_Admins", makes him locally as a root with a root privileges. The idea is also to have only a "root" and a system users on the server, without adding user "john" to all servers where John can log in. Any help or the idea how to make the above or something similar to the above? Preferred using AD but any other similar solution is also possible. p.s. please don't open a discussions is it secure to login via ssh as root or not, thanks :)

    Read the article

  • How to Automatically Create Home Directory for Active Directory User on Solaris (using PowerBroker)

    - by neildeadman
    I have a number of existing users in Active Directory that need a home directory created. They don't log directly in to Solaris but into a service running on that box. If I login as them their home directory gets created and then they can login. This is the same for new users too! As there are a lot of users, I need a way to automate this so new users and existing users have it created automatically. Is this possible??

    Read the article

  • Multiple test Active Directory envirovments hand in hand with production domain controllers

    - by MadBoy
    What's the best approach of having multiple test environments next to production one? We have multiple programming teams that build solutions that use Active Directory very often. We have tried different approaches, starting with their own domain controllers (in same subnet), or additional OU's in our production AD that the team gets control over and can create/delete accounts within that one OU. We thought of possible 4 solutions: Setting up separate OU's in ou production env. Creating subdomains for our contoso.com domain like test.contoso.com, something.contoso.com and delegating control to the teams (would we need additional DC's or the two that we have already would be enough to hold this? Setting up additional test domain controler that has a trust to our main domain and all teams can use the test domain controler as they please. Setting up single domain controller for every team/project. We're taking in consideration amount of resources needed, security (for example having multiple domain controlers with multiple passwords may lead users to use simpler passwords) and overall best practices for this scenario.

    Read the article

  • Switching to LDAP over SSL for Active Directory

    - by bkildow
    On our active directory server, I would like to enable LDAP over SSL as per this: http://support.microsoft.com/kb/321051. I am wondering, once this is set up, will LDAP still be listening on the standard port, 389 once this is implemented as well as the secure port? Or will the secure port completely replace the standard port as an option to connect to? Also, will there need to be any other configurations besides the steps in the article for doing this? In other words, will domain users still be able to authenticate like normal, or is there additional setup that would need to occur?

    Read the article

  • is GTK Installation (PHP for desktop) affect the web application?

    - by Harshal Mahajan
    I just going to install the GTK for creating a desktop application. But I want to know if we install the GTK then is it affect our web application server or php.ini or other features of web based application? I know there is no requirement of server for desktop but the GTK create the other php.ini . so is it affect my other applications? I downloaded the GTK Tool kit from here. So I am just little bit confusing that it should not affect my all running web applications. I think the php for desktop is a very interesting issue for all of us, so I just want to know the affection of desktop on web?

    Read the article

  • What permissions are needed to do an LDAP bind to an Active Directory Server

    - by DrStalker
    What permissions are needed to perform an LDAP bind to an active directory server? I have a central domain (call it MAIN) that has two-way trusts to domains in other forests (call then REMOTE and FARAWAY) Using MAIN\myaccount as the username and my password I can bind to REMOTE fine, but not to FARAWAY; I get an invalid credentials response 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893 In all other ways the trusts seem to work fine. What permissions do I need to check to figure out why the bind is failing? My understanding is that anyone in AUTHENTICATED USERS should be able to bind to LDAP, but that only seems to hold true for some domaians and not others.

    Read the article

< Previous Page | 14 15 16 17 18 19 20 21 22 23 24 25  | Next Page >