Search Results

Search found 22982 results on 920 pages for 'users'.

Page 22/920 | < Previous Page | 18 19 20 21 22 23 24 25 26 27 28 29  | Next Page >

  • Preventing users from deleting SQL data

    - by me2011
    We just purchased a program that requires the users to have an account in the MS SQL server, with read/write access to the program's database. My concern is that since these users will now have write access to the database, they could directly connect to the SQL server outside of the program's client and then mess with the data directly in the tables. Is there anyway I can prevent access to the database while still allowing access via the client program?

    Read the article

  • gpresult for local users on local machine?

    - by Jonas
    I would like to list the group policies for local users on a machine I'm setting up. However, when I run gpresult /v /u localmachine\user I get the error that I do have to specify a server name, and when I run gpresult /v /s 127.0.0.1 /u localmachine\user I get the message user credentials for local system are ignored, and I get the group policies for the local administrator as a result. How do I get the settings for the users?

    Read the article

  • Using the public ssh key from local machine to access two remote users [closed]

    - by Nick
    I have an new Ubuntu (Hardy 8.04) server; it has two users, Alice and Bob. Alice is listed in sudoers. I appended my public ssh key (my local machine's public key local/Users/nick/.ssh/id_rsa.pub) to authorized_keys in remote_server/home/Alice/.ssh/authorized_keys, changed the permissions on Alice/.ssh/ to 700 and Alice/.ssh/authorized_keys to 600, and both the file and folder are owned my Alice. Then added I Alice to sshd_config (AllowUsers Alice). This works and I can login into Alice: ssh -v [email protected] ... debug1: Offering public key: /Users/nick/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 277 debug1: Authentication succeeded (publickey). debug1: channel 0: new [client-session] debug1: Entering interactive session. Last login: Mon Mar 15 09:51:01 2010 from 123.456.789.00 I then copied the authorized_keys file remote_server/home/Alice/.ssh/authorized_keys to remote_server/home/Bob/.shh/authorized_keys and changed the permissions and ownership and added Bob to AllowUsers in sshd_config (AllowUsers Alice Bob). Now when I try to login to Bob it will not authenticate the same public key. ssh -v [email protected] ... debug1: Offering public key: /Users/nick/.ssh/id_rsa debug1: Authentications that can continue: publickey debug1: Trying private key: /Users/nick/.ssh/identity debug1: Trying private key: /Users/nick/.ssh/id_dsa debug1: No more authentication methods to try. Permission denied (publickey). Am I missing something fundamental about the way ssh works?

    Read the article

  • RDP and New Accounts

    - by leeand00
    I created a new user account on the domain and added them to the Remote Desktop Users group. I could login just fine locally, but when I logged in remotely I was basically told that I could not login from there using that user. I could login just fine as the administrator or anybody else other than that new account. So I researched it a bit more and found that my setting looked like this on the local machine: So I changed it to Allow connections only from computers running Remote Desktop with Network Level Authentication (NLA). Now when I tried this down at my office I connected with RDP just fine on another computer. But low and behold when I got home and simply try to connect to the machine, I get the message: There has to be some kind of in between setting, or additional setting that I need to change on the user that allows me to connect directly via remote desktop over the VPN. At the moment I can connect by connecting to another computer on the network and then RDPing from there into my machine, but this is not ideal.

    Read the article

  • whats the point of @localhost entries for a mail server

    - by radman
    Hi, After recently setting up a mail server I am now adding the users that I need. As part of the tutorial I followed I created root@localhost as an account and also a bunch of aliases (postmaster@localhost, webmaster@localhost etc). What is the point of having al these localhost addresses? it seems that no one can ever mail them directly... Also I am curious as to what targets I should include on my domain (like postmaster, root, webmaster etc) and what ramifications there might be for doing so?

    Read the article

  • How to limit access to Exchange 2003 Mobile Activesync server by user?

    - by micilin
    So I was asked to set up an Exchange Activesync mobile gateway. That's done. It's a separat eExchange 2003 front-end server configured for SSL, and I've put an off-domain ISA server in front of it. Now I'm being asked to limit which users can connect to it. By default an Exchange front-end server allows any user who has a mail account to connect to the front -end server. So I'm looking at the permissions on the various IIS sites/apps on the server, but I know that it's easy to break Exchange Front-end server perms. So I've got the following in IIS: Exadmin Exchange EchWeb Microsoft-SErver-ActiveSync MobileAdmin OMA And a couple of others that I dont think are relevant. Can I change the permissions on one of these to restrict who can connect to Activesync? As a bonus: Can I do it in a way that does not affect ordinary browser based Exchange Access? Thanks in Advance!!

    Read the article

  • How to limit access to Exchange 2003 Mobile Actviesync server by user?

    - by micilin
    So I was asked to set up an Exchange Activesync mobile gateway. That's done. It's a separat eExchange 2003 front-end server configured for SSL, and I've put an off-domain ISA server in front of it. Now I'm being asked to limit which users can connect to it. By default an Exchange front-end server allows any user who has a mail account to connect to the front -end server. So I'm looking at the permissions on the various IIS sites/apps on the server, but I know that it's easy to break Exchange Front-end server perms. So I've got the following in IIS: Exadmin Exchange EchWeb Microsoft-SErver-ActiveSync MobileAdmin OMA And a couple of others that I dont think are relevant. Can I change the permissions on one of these to restrict who can connect to Activesync? As a bonus: Can I do it in a way that does not affect ordinary browser based Exchange Access? Thanks in Advance!!

    Read the article

  • Does RVM "failover" to another ruby instance on error?

    - by JohnMetta
    Have a strange problem in that I have a Rake task that seems to be using multiple versions of Ruby. When one fails, it seems to try another one. Details MacBook running 10.6.5 rvm 1.1.0 Rubies: 1.8.7-p302, ree-1.8.7-2010.02, ruby-1.9.2-p0 Rake 0.8.7 Gem 1.3.7 Veewee (provisioning Virtual Machines using Opcode.com, Vagrant and Chef) I'm not entirely sure the specific details of the error matter, but since it might be an issue with Veewee itself. So, what I'm trying to do is build a new box base on a veewee definition. The command fails with an error about a missing method- but what's interesting is how it fails. Errors I managed to figure out that if I only have one Ruby installed with RVM, it just fails. If I have more than one Ruby install, it fails at the same place, but execution seems to continue in another interpreter. Here are two different clipped console outputs. I've clipped them for size. The full outputs of each error are available as a gist. One Ruby version installed Here is the command run when I only have a single version of Ruby (1.8.7) available in RVM boudica:veewee john$ rvm rake build['mettabox'] --trace rvm 1.1.0 by Wayne E. Seguin ([email protected]) [http://rvm.beginrescueend.com/] (in /Users/john/Work/veewee) ** Invoke build (first_time) ** Execute build … creating new harddrive rake aborted! undefined method `max_vdi_size' for #<VirtualBox::SystemProperties:0x102d6af80> /Users/john/.rvm/gems/ruby-1.8.7-p302/gems/virtualbox-0.8.3/lib/virtualbox/abstract_model/dirty.rb:172:in `method_missing' <------ stacktraces cut ----------> /Users/john/.rvm/gems/ruby-1.8.7-p302/gems/rake-0.8.7/bin/rake:31 /Users/john/.rvm/gems/ruby-1.8.7-p302@global/bin/rake:19:in `load' /Users/john/.rvm/gems/ruby-1.8.7-p302@global/bin/rake:19 Multiple Ruby Versions Here is the same command run with three versions of Ruby available in RVM. Prior to doing this, I used "rvm use 1.8.7." Again, I don't know how important the details of the specific errors are- what's interesting to me is that there are three separate errors- each with it's own stacktrace- and each in a different Ruby interpreter. Look at the bottom of each stacktrace and you'll see that they are all sourced from different interpreter locations- First ree-1.8.7, then ruby-1.8.7, then ruby-1.9.2: boudica:veewee john$ rvm rake build['mettabox'] --trace rvm 1.1.0 by Wayne E. Seguin ([email protected]) [http://rvm.beginrescueend.com/] (in /Users/john/Work/veewee) ** Invoke build (first_time) ** Execute build … creating new harddrive rake aborted! undefined method `max_vdi_size' for #<VirtualBox::SystemProperties:0x1059dd608> /Users/john/.rvm/gems/ree-1.8.7-2010.02/gems/virtualbox-0.8.3/lib/virtualbox/abstract_model/dirty.rb:172:in `method_missing' … /Users/john/.rvm/gems/ree-1.8.7-2010.02/gems/rake-0.8.7/bin/rake:31 /Users/john/.rvm/gems/ree-1.8.7-2010.02@global/bin/rake:19:in `load' /Users/john/.rvm/gems/ree-1.8.7-2010.02@global/bin/rake:19 (in /Users/john/Work/veewee) ** Invoke build (first_time) ** Execute build isofile ubuntu-10.04.1-server-amd64.iso is available ["a1b857f92eecaf9f0a31ecfc39dee906", "30b5c6fdddbfe7b397fe506400be698d"] [] Last good state: -1 Current step: 0 last good state -1 destroying machine+disks (re-)executing step 0-initial-a1b857f92eecaf9f0a31ecfc39dee906 VBoxManage: error: Machine settings file '/Users/john/VirtualBox VMs/mettabox/mettabox.vbox' already exists VBoxManage: error: Details: code VBOX_E_FILE_ERROR (0x80bb0004), component Machine, interface IMachine, callee nsISupports Context: "CreateMachine(bstrSettingsFile.raw(), name.raw(), osTypeId.raw(), Guid(id).toUtf16().raw(), FALSE , machine.asOutParam())" at line 247 of file VBoxManageMisc.cpp rake aborted! undefined method `memory_size=' for nil:NilClass /Users/john/Work/veewee/lib/veewee/session.rb:303:in `create_vm' /Users/john/Work/veewee/lib/veewee/session.rb:166:in `build' /Users/john/Work/veewee/lib/veewee/session.rb:560:in `transaction' /Users/john/Work/veewee/lib/veewee/session.rb:163:in `build' /Users/john/Work/veewee/Rakefile:87 /Users/john/.rvm/gems/ruby-1.8.7-p302/gems/rake-0.8.7/lib/rake.rb:636:in `call' /Users/john/.rvm/gems/ruby-1.8.7-p302/gems/rake-0.8.7/lib/rake.rb:636:in `execute' /Users/john/.rvm/gems/ruby-1.8.7-p302/gems/rake-0.8.7/lib/rake.rb:631:in `each' … /Users/john/.rvm/gems/ruby-1.8.7-p302/gems/rake-0.8.7/bin/rake:31 /Users/john/.rvm/gems/ruby-1.8.7-p302@global/bin/rake:19:in `load' /Users/john/.rvm/gems/ruby-1.8.7-p302@global/bin/rake:19 (in /Users/john/Work/veewee) ** Invoke build (first_time) ** Execute build isofile ubuntu-10.04.1-server-amd64.iso is available ["a9c4ab3257e1da3479c984eae9905c2a", "30b5c6fdddbfe7b397fe506400be698d"] [] Last good state: -1 Current step: 0 last good state -1 (re-)executing step 0-initial-a9c4ab3257e1da3479c984eae9905c2a VBoxManage: error: Machine settings file '/Users/john/VirtualBox VMs/mettabox/mettabox.vbox' already exists VBoxManage: error: Details: code VBOX_E_FILE_ERROR (0x80bb0004), component Machine, interface IMachine, callee nsISupports Context: "CreateMachine(bstrSettingsFile.raw(), name.raw(), osTypeId.raw(), Guid(id).toUtf16().raw(), FALSE , machine.asOutParam())" at line 247 of file VBoxManageMisc.cpp rake aborted! undefined method `memory_size=' for nil:NilClass /Users/john/Work/veewee/lib/veewee/session.rb:303:in `create_vm' /Users/john/Work/veewee/lib/veewee/session.rb:166:in `block in build' /Users/john/Work/veewee/lib/veewee/session.rb:560:in `transaction' /Users/john/Work/veewee/lib/veewee/session.rb:163:in `build' /Users/john/Work/veewee/Rakefile:87:in `block in <top (required)>' /Users/john/.rvm/rubies/ruby-1.9.2-p0/lib/ruby/1.9.1/rake.rb:634:in `call' /Users/john/.rvm/rubies/ruby-1.9.2-p0/lib/ruby/1.9.1/rake.rb:634:in `block in execute' … /Users/john/.rvm/rubies/ruby-1.9.2-p0/lib/ruby/1.9.1/rake.rb:2013:in `top_level' /Users/john/.rvm/rubies/ruby-1.9.2-p0/lib/ruby/1.9.1/rake.rb:1992:in `run' /Users/john/.rvm/rubies/ruby-1.9.2-p0/bin/rake:35:in `<main>' It isn't until we reach the last installed version of Ruby that execution halts. Discussion Does anyone have any idea what's going on here? Has anyone seen this "failover"-like behavior before? It seems strange to me that the first exception would not halt execution as it did with one interpreter, but I wonder if there are things happening when RVM is installed that we Ruby developers are not considering.

    Read the article

  • PHP/MySQL User system w/ groups.

    - by Ben C
    I have a user system set up in a 'users' table, and I have groups set up in a 'groups' table. Essentially, I want users to be able to join any and all the groups that they want, in the same was as one would on facebook. How would one go about structuring this in a mysql/php database system? Just a quick summary would be helpful! I've looked around, but I can only find info on creating 'groups' where the users just have a sort of 1, 2 or 3 permission rank. Thanks!

    Read the article

  • Grant access for users on a separate domain to SharePoint

    - by Geo Ego
    Hello. I just completed development of a SharePoint site on a virtual server and am currently in the process of granting users from a different domain to the site. The SharePoint domain is SHAREPOINT, and the domain with the users I want to give access to is COMPANY. I have provided them with a link to the site and added them as users via SharePoint, which is all I thought I would need to do. However, when they go to the link, the site shows them a SharePoint error page. In the security event log, I am showing the following: Event Type: Failure Audit Event Source: Security Event Category: Object Access Event ID: 560 Date: 3/18/2010 Time: 11:11:49 AM User: COMPANY\ThisUser Computer: SHAREPOINT Description: Object Open: Object Server: Security Account Manager Object Type: SAM_ALIAS Object Name: DOMAINS\Account\Aliases\00000404 Handle ID: - Operation ID: {0,1719489} Process ID: 416 Image File Name: C:\WINDOWS\system32\lsass.exe Primary User Name: SHAREPOINT$ Primary Domain: COMPANY Primary Logon ID: (0x0,0x3E7) Client User Name: ThisUser Client Domain: PRINTRON Client Logon ID: (0x0,0x1A3BC2) Accesses: AddMember RemoveMember ListMembers ReadInformation Privileges: - Restricted Sid Count: 0 Access Mask: 0xF Then, four of these in a row: Event Type: Failure Audit Event Source: Security Event Category: Object Access Event ID: 560 Date: 3/18/2010 Time: 11:12:08 AM User: NT AUTHORITY\NETWORK SERVICE Computer: SHAREPOINT Description: Object Open: Object Server: SC Manager Object Type: SERVICE OBJECT Object Name: WinHttpAutoProxySvc Handle ID: - Operation ID: {0,1727132} Process ID: 404 Image File Name: C:\WINDOWS\system32\services.exe Primary User Name: SHAREPOINT$ Primary Domain: COMPANY Primary Logon ID: (0x0,0x3E7) Client User Name: NETWORK SERVICE Client Domain: NT AUTHORITY Client Logon ID: (0x0,0x3E4) Accesses: Query status of service Start the service Query information from service Privileges: - Restricted Sid Count: 0 Access Mask: 0x94 Any ideas what permissions I need to grant to the user to get them access to SharePoint?

    Read the article

  • VSFTPD does not allow upload with virtual users

    - by Mr. Squig
    I am attempting to setup VSFTPD with virtual users on a server running Ubuntu 12.04. I have configured the server to allow for virtual users to login, but I am having trouble getting it to allow uploads. My vsftpd.conf is as follows: listen=YES anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 anon_upload_enable=YES dirmessage_enable=YES use_localtime=YES xferlog_enable=YES connect_from_port_20=YES chroot_local_user=YES virtual_use_local_privs=YES guest_enable=YES guest_username=virtual user_sub_token=$USER local_root=/var/www/$USER hide_ids=YES secure_chroot_dir=/var/run/vsftpd/empty pam_service_name=vsftpd rsa_cert_file=/etc/ssl/private/vsftpd.pem /etc/pam.d/vsftpd contains: auth required pam_pwdfile.so pwdfile /etc/vsftpd.passwd crypt=hash account required pam_permit.so crypt=hash I have two virtual users set up, one of which has the same name as a local user. They each have a directory in /var/www/ owned by 'virtual'. As I understand it, when a virtual user logs in this way they will appear to the system as the user virtual. Using this configuration user can log on, but cannot upload files. The error given in /var/log/vsftpd.log is: Tue Nov 20 19:49:00 2012 [pid 2] CONNECT: Client "96.233.116.53" Tue Nov 20 19:49:07 2012 [pid 1] [zac] OK LOGIN: Client "96.233.116.53" Tue Nov 20 19:49:11 2012 [pid 2] CONNECT: Client "96.233.116.53" Tue Nov 20 19:49:11 2012 [pid 1] [zac] OK LOGIN: Client "96.233.116.53" Tue Nov 20 19:49:11 2012 [pid 3] [zac] FAIL CHMOD: Client "96.233.116.53", "/test.ppm 644" I have tried changing the permissions of these directories in all sorts of ways, but nothing seem to work. I have a feeling that it is something simple related to permissions. Any ideas?

    Read the article

  • Apache directive for authenticated users?

    - by Alex Leach
    Using Apache 2.2, I would like to use mod_rewrite to redirect un-authenticated users to use https, if they are on http.. Is there a directive or condition one can test for whether a user is (not) authenticated? For example, I could have set up the restricted /foo location on my server:- <Location "/foo/"> Order deny,allow # Deny everyone, until authenticated... Deny from all # Authentication mechanism AuthType Basic AuthName "Members only" # AuthBasicProvider ... # ... Other authentication stuff here. # Users must be valid. Require valid-user # Logged-in users authorised to view child URLs: Satisfy any # If not SSL, respond with HTTP-redirect RewriteCond ${HTTPS} off RewriteRule /foo/?(.*)$ https://${SERVER_NAME}/foo/$2 [R=301,L] # SSL enforcement. SSLOptions FakeBasicAuth StrictRequire SSLRequireSSL SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 </Location> The problem here is that every file, in every subfolder, will be encrypted. This is quite unnecessary, but I see no reason to disallow it. What I would like is the RewriteRule to only be triggered during authentication. If a user is already authorised to view a folder, then I don't want the RewriteRule to be triggered. Is this possible? EDIT: I am not using any front-end HTML here. This is only using Apache's built-in directory browsing interface and its in-built authentication mechanisms. My <Directory> config is: <Directory ~ "/foo/"> Order allow,deny Allow from all AllowOverride None Options +Indexes +FollowSymLinks +Includes +MultiViews IndexOptions +FancyIndexing IndexOptions +XHTML IndexOptions NameWidth=* IndexOptions +TrackModified IndexOptions +SuppressHTMLPreamble IndexOptions +FoldersFirst IndexOptions +IgnoreCase IndexOptions Type=text/html </Directory>

    Read the article

  • Deployment and Ownership issues

    - by kylemac
    As an extreme newbie, I am having difficulty managing ownership and permissions on my first box. What I can't figure out is how to deploy using one user, we will call him deploy and operate my php application with www-data user. Currently as it stands, I know my server runs as www-data through this function <?php echo(exec("whoami")); ?> but I am having to chown between deploy and www-data every time I deploy. There has got to be an easier way to deploy with one user and still run as www-data. EDIT: Here is the output from ls- l on the folder in question. You will see user deploy and group www-pub, the group is from an attempt to add the two different users to a new group and chown one of them in the hopes that they both would have the permissions (newb alert) drwxrwxr-x 4 deploy www-pub 4096 Mar 7 01:41 example.com I am using capistrano for deployment under the user deploy then once its done i chown to www-data, otherwise I can't use php to manipulate files. I am also unsure how to even change which user apache is running.

    Read the article

  • Forcing users to change password on first login - Windows Server 2008 R2 Remote Desktop Services

    - by George Durzi
    I'm setting up a demo lab environment in which each demo lab user is assigned 4 accounts to use in the lab. Users access the lab via Remote Desktop to the "client" machine in the lab - exposed at demolab.mydomain.com. The Client machine is a Windows 2008 Server R2 Enterprise Edition server The Remote Desktop Services role is configured on this server Remote Connection settings are configured to allow users to connect with any version of the Remote Desktop Client All accounts are members of the local Administrators and Remote Desktop Users groups All accounts are configured to be forced to change the default password after first login The user is instructed to remote into the lab with an account designated as their main account, and establish 3 more remote desktop sessions within the lab using their 3 other assigned demo lab accounts. When establishing the initial remote desktop connection to the lab using their main account, the user sees the change password dialog as expected. However, after logging in and trying to establish remote desktop connections to the server with their three other accounts, they are prompted that they need to change the password after logging in but can't continue with the login process - they don't see the expected change password experience. After logging in with a primary accounts, it doesn't make a difference if I try establishing a Remote Desktop connection to the environment using the name of the server, e.g. Client, or demolab.mydomain.com. I experimented with changing the settings for Remote Connections to require NLA but that didn't make a different. Appreciate any tips. Thanks

    Read the article

  • Autologin 2 Windows users OR Login another user from the desktop

    - by fpdragon
    I'm using two windows users on my HTPC at the same time. One is just for watching videos and one for administration via remote. This setup is quite ideal for me since windows can handle multiple concurrent logins and the win "rdp concurrent hack" (Google). The problem is, I want both users to be logged in automatically when the pc was started. It shall be possible to watch tv and also the admin user shall be automatically logged in to start my scripts and other tasks, even if I haven't logged in via remote desktop manually. Later, when I want to admin my htpc I can just rdp connect the admin user without interrupting the video playback on the actual HTPC's screen and check my cleanup tasks, downloads, ... witch already executed for this admin user. But right now I found no solution to automatically login user A from a user B desktop and I also found no solution to autologin both users immediately at startup. As a workaround I have to fire up my other notebook machine and login one time with the remote user via rdp. From this time on the remote admin user is running concurrent with the main user in the background of the machine. The other workaround would be... after startup switch user from main user to admin user and then back again. But that also requires manual steps. I'm on a Windows 8 System right now but all infos for Win7 or XP would be also interesting. thanks a lot for all ideas. PS: just to prevent useless posts... don't tell me that only one user can be logged in to windows. ;)

    Read the article

  • How to reject messages to unknown user in sendmail cooperating with MS-Exchange?

    - by user71061
    Hi! I have an MS Exchange 2003 configured as a mail server for an organization. As this server is located in this organization internal network and I don't want to expose it directly over internet, I have second server - linux box with sendmail - configured as intelligent relay (it accept all messages from internet addressed to @my_domain, and forward it to internal Exchange serwer, and accepts all messages from this internal Exchange server and forward it over internet). This configuration work's fine, but I want to eliminate messages addressed to not exiting users as early as possible. Good solution could be Enabling on Exchange server function of filtering recipients together with "tar pitting", but in my case this dosn't solve problem, because before any message reach my Exchange server (which could eventually reject it), it has to be already accepted by sendmail server, sitting in front of this Exchange server. So, I want to configure my sendmail server in such a way, that during initial SMTP conversation it could query somehow my Exchange server checking whether recipient address is valid or not, and based on result of this query, accept or reject (possibly with some delay) incoming message in a very early phase. In fact, I have already solved this issue by writing my own, simple sendmail milter program which checks recipient address against text file with list of valid addresses. But this solution is not satisfying me any longer, because it requires frequent updates of this file, and due to lack of time/motivation/programming skills, I don't want to cope further with my source code, adding to it functionality of querying my Exchange server. Maybe I can achieve desired effect by configuring any component of already available linux software. Any ideas?

    Read the article

  • Preventing applications from performing run once tasks for multiple users

    - by JohnyV
    In our environment we have several applications that are installed that have a need to run a little prompt the first time they run eg Media player, Google earth etc. The problem is we have many users on many different computers. And the computers have deepfreeze running on them which removes the users profile once the computer is restarted. So next time that user logs in they have to go through the whole thing of run once again. I have managed to prevent IE runonce using group policy and office run once from using the office customisation tool. Is there a way to make this happen for other applications. On windows xp we used to copy a user that has run all the apps and place their default profile into the default profile so that new users get that profile template. Now with windows 7 the process of copy profiles is not as easy. Is there an easy way to copy profiles in win 7 or is there a better way (eg modify reg or app data) to prevent apps from performing an initial run. Thanks

    Read the article

  • Users removing Administrator from files/folders permissions

    - by user64204
    We're running Windows Server 2003 R2 with Active Directory and are having an issue with network shares whereby users, in an attempt to secure their documents, remove everybody (including the Administrator account) from their files/folders permissions. Since the Administrator no longer has read permission to them, we can't even backup files manually as we get permission errors. One solution that we've found is to change the owner of the files and directories to the Administrator account. We can then change the permissions as we wish. The problem is that this has to be done manually so can't really be applied to an entire share. Another solution that we've tried is to use cacls as follows: cacls d:\path\to\share /C /T /E /G Administrator:F The problem with this is that we're still getting an ACCESS DENIED error on files/folders on which Administrator was removed. Q1: Is there a way to restore at least read access to all files/folders to the Administrator account in a recursive fashion? That would be for the short term. For the long term we're looking for a solution to prevent users from removing Administrator from files/folders permissions. Since we're going to migrate to Windows Server 2008 R2 soon we could wait until we've migrated to implement such solution if need be. Q2: Is there a way to prevent users from removing Administrator from files/folders permissions on Windows Server 2003/2008?

    Read the article

  • Users getting 'flooded' with not read notifications (NRNs) for old emails and meeting requests

    - by Exile
    I'm being placed under quite a lot of pressure from senior management over a relatively trivial issue. Basically the vast majority of users are complaining that they receive not read notifications (NRNs) for old emails and meeting requests in large numbers multiple times a day. I know something strange is happening because some are delivered at silly times in the morning (i.e 3AM or 4AM). The problem I have is that these some of these NRNs are from meeting requests and messages that are 120 days old, so some users have deleted the original message so I don’t actually know if the NRN is from an email or meeting request. This is typical of what users receive as a NRN: From: Sender Sent: 23 March 2012 04:16 To: Recepient Subject: Not read: Accepted: Status update Your message To: Sender Subject: Accepted: Status update Sent: Wednesday, November 23, 2011 8:59:00 AM (UTC) Dublin, Edinburgh, Lisbon, London was deleted without being read on Friday, March 23, 2012 4:15:32 AM (UTC) Dublin, Edinburgh, Lisbon, London. ... From: Sender Sent: 18 March 2012 01:13 To: Recepient Subject: Not read: Gold delivery - Sourcing module Your message To: Sender Subject: Gold delivery - Sourcing module Sent: Friday, November 18, 2011 9:37:58 AM (UTC) Dublin, Edinburgh, Lisbon, London was deleted without being read on Sunday, March 18, 2012 1:12:37 AM (UTC) Dublin, Edinburgh, Lisbon, London. I have done a search and found the following: http://support.microsoft.com/kb/2544246 http://support.microsoft.com/kb/2471964 But we already installed 'Update Rollup 6 for Exchange Server 2010 Service Pack 1' back in December, so I am not sure what we can do to fix this?

    Read the article

  • UIDs for service users in Mac OS X

    - by LaC
    Some third-party servers should be run under a special user for security reasons (eg, PostgreSQL is typically run by "postgres"). Of course, these service users should not show up in the Mac OS X login windows. I know how to create hidden users using dscl or dsimport, but I'm wondering what the best policy is for assigning UIDs (and matching GIDs). Apple's documentation states that UIDs from 0 to 100 are reserved (pg. 69), but OS X comes with several special users and groups outside that range. I used to use ids from 401 onwards for services, but I noticed that OS X 10.6 has started using that range for groups created by the Sharing pane in System Preferences. What is the recommended ID range to use for third-party services, then? Perhaps I should just use IDs in the 500 range, since all that is needed to hide a user in Snow Leopard is setting his password to "*"? Also, most of Apple's services have names starting with an underscore, with an alias sans underscore; eg, _sandbox and sandbox. Is there any special significance to this? Should I do the same for my services?

    Read the article

  • Configure Web app for external access (IIS7), allowing only certain users via AD group. All users need internal access

    - by White Island
    We have a Web app running in IIS7 (Server 2008 R2). I now need to allow external access with an SSL certificate, so certain users (e.g. the owner of the company) can use it remotely without VPN. They want to roll out the external access only to those specific users at first (thinking: a Windows credential prompt), BUT everyone will still need access internally (HTTP), without the prompt. I have the SSL cert installed on the server and public DNS configured. I've been trying to figure out how to work the authentication/authorization. I was thinking I need to disable Anonymous authn and set Windows authn, then I keep coming back to 'URL Authorization' in my research for the group setting; however, when I tried URL authz, (removed allow all, added allow rule for the special group), it broke the site internally (403.2 Forbidden, I believe it was). I thought maybe setting up a second site in IIS pointing to the same program would work, but the exact same thing happened (and again with a new app pool, just for kicks). So I guess my question is, how would you do this: allow external access, limited to users in a specific AD group, while still allowing internal access without a credentials prompt? How do I separate the external HTTPS and internal HTTP authorization requirements? Will I need to just copy the entire contents of the app in Windows Explorer to a new folder and create my external site from that? Is Windows authentication the correct option for this? I did come across this, which refers to creating a custom module. While it sounds like a solution, it's not one I'm familiar with, and I just wondered if there is a simpler way to get it to work: http://forums.iis.net/p/1182792/2000775.aspx Thanks!

    Read the article

  • Quarterly E-Business Suite Upgrade Recommendations: October 2012 Edition

    - by Steven Chan (Oracle Development)
    I've previously published advice on the general priorities for applying EBS updates.  But what are your top priorities for major upgrades to EBS and its technology stack components? Here is a summary of our latest upgrade recommendations for E-Business Suite updates and technology stack components.  These quarterly recommendations are based upon the latest updates to Oracle's product strategies, support deadlines, and newly-certified releases.  Upgrade Recommendations for October 2012 EBS 11i users should upgrade to 12.1.3, or -- if staying on 11i -- should be on the minimum 11i patching baseline, EBS 12.0 users should upgrade to 12.1.3, or -- if staying on 12.0 -- should be on the minimum 12.0 patching baseline, EBS 12.1 users should upgrade to 12.1.3. Oracle Database 10gR2 and 11gR1 users should upgrade to 11gR2 11.2.0.3. EBS 12 users of Oracle Single Sign-On 10g users should migrate to Oracle Access Manager 11g 11.1.1.5. EBS 11i users of  Oracle Single Sign-On 10g users should migrate to Oracle Access Manager 10g 10.1.4.3. Oracle Internet Directory 10g users should upgrade to Oracle Internet Directory 11g 11.1.1.6. Oracle Discoverer users should migrate to Oracle Business Intelligence Enterprise Edition (OBIEE), Oracle Business Intelligence Applications (OBIA), or Discoverer 11g 11.1.1.6. Oracle Portal 10g users should migrate to Oracle WebCenter 11g 11.1.1.6 or upgrade to Portal 11g 11.1.1.6. All Windows desktop users should migrate from JInitiator and older Java releases to JRE 1.6.0_35 or later 1.6 updates. All Firefox users should upgrade to Firefox Extended Support Release 10. Related Articles Extended Support Fees Waived for E-Business Suite 11i and 12.0 On Database Patching and Support: A Primer for E-Business Suite Users On Apps Tier Patching and Support: A Primer for E-Business Suite Users EBS Support Information Center + Patching & Maintenance Advisor Available on My Oracle Support What's the Best Way to Patch an E-Business Suite Environment?

    Read the article

  • postfwd not rate limiting sasl users

    - by golemwashere
    I would like to use postfwd version 2 to limit the amount of daily mail sent by my sasl authenticated users. I installed latest tarball: postfwd-1.35 with latest postfix from Centos 6.4 In my I have only this rule id=RULEZEROSASL sasl_username=~/^(\S+)$/ action=rcpt(sasl_username/500/86400/REJECT only 500 recipients per day for $$sasl_username) which should reject only mail with authenticated users (not mail from trusted mailservers). My postfwd2 listens on tcp 10045 and in my postfix main.cf I have # Restriction Classes smtpd_restriction_classes = postfwdcheck postfwdcheck = check_policy_service inet:127.0.0.1:10045 127.0.0.1:10045_time_limit = 3600 ... smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated permit_tls_clientcerts reject_unauth_destination check_recipient_access hash:/etc/postfix/access reject_invalid_helo_hostname # postfwd con rate limiting check_policy_service inet:127.0.0.1:10045 warn_if_reject reject_non_fqdn_helo_hostname warn_if_reject reject_unknown_helo_hostname warn_if_reject reject_unknown_client reject_non_fqdn_sender reject_non_fqdn_recipient reject_unknown_sender_domain reject_unknown_recipient_domain warn_if_reject reject_unverified_sender reject_unverified_recipient reject_rbl_client zen.spamhaus.org permit in /etc/postfix/policy . postfwdcheck I see no rule matching entries in log and the command postfwd2 -vv --dumpcache -f /etc/postfwd.cf shows the request number [STATS] postfwd2::policy 1.35: **5** requests since 0 days, 01:05:31 hours increasing only for manual tests done with: nc 127.0.0.1 10045 <request.sample Any idea why postfwd is not engaged by postfix?

    Read the article

  • Safely adding SSH users to pfSense

    - by Goyuix
    I would like to add a user for myself to login via SSH to a pfSense box. I don't want to just blindly go through the adduser command and inadvertently break something / open a vulnerability somewhere though. Looking at the config page in the WebUI: I can't find where to add users or to specify their keys. What is the right way to add users that can use SSH? Can I also safely use the AllowUsers directive to keep tighter control of those allowed to login via SSH? Bonus: I would also like to disable root from being able to login via SSH. I can see the option PermitRootLogin in the /etc/ssh/sshd_config file, though I don't necessarily want to modify it directly as I could potentially lose those changes with updates/patches or changes through the WebUI. Thoughts?

    Read the article

  • IIS 7.5 FTP IIS Manager Users Login Fail (530)

    - by Jim
    IIS 7.5 FTP IIS Manager Users Login Fail (530) I'm trying to set up a FTP site on IIS 7.5 that allows IIS Manager Users to login. I'm following this guide: http://learn.iis.net/page.aspx/321/configure-ftp-with-iis-7-manager-authentication/. After set up, I cannot login to the FTP using an IIS Manager User account. The client error I got was 530 User cannot log in. Win32 error: Unspecified error. Error details: An error occured during the authentication process. I tried both with or without a virtual host. A Windows account login fine. The only strange thing I noticed was that when setting up Read permission for Network Service, there was an access denied error when setting up permission for "%SystemDrive%\Windows\System32\inetsrv\config\schema". Any thoughts? Thanks!

    Read the article

< Previous Page | 18 19 20 21 22 23 24 25 26 27 28 29  | Next Page >