Search Results

Search found 3926 results on 158 pages for 'same origin policy'.

Page 28/158 | < Previous Page | 24 25 26 27 28 29 30 31 32 33 34 35  | Next Page >

  • Managing SharePoint permissions via Active Directory?

    - by rgmatthes
    My company has thousands of employees organized thoroughly via Active Directory. I have confidence in the accuracy of the Department and Title information displayed in the user profiles. I'm helping to put up a brand new SharePoint 2007 site, and I contacted IT about managing the site's permissions through AD Groups. The goal is to have the site automatically assign read/write/contribute/whatever permissions based on the information in AD. For example, we could create an AD Group called "Managers" that would contain anyone with the "Manager" title in their AD user profile. I would have SharePoint tap into this AD Group to mass assign permissions if I knew all managers would need a certain level of access (read/write/contribute/whatever). Then if a manager joins the company or leaves it, the group is automatically updated (provided AD gets updated, of course). My IT rep called back and said it couldn't be done. This seems like a pretty straightforward business requirement, and one of the huge benefits of having Active Directory, but maybe I'm mistaken. Could anyone shed some light on this? A) Is it possible to use dynamically-updated AD Groups when assigning permissions via SharePoint? (Does anyone know of a guide I could show my doubtful IT rep?) B) Is there a "best practice" way to go about this? I've read some debate on whether SharePoint Groups or AD Groups are the way to go. My main concern is dynamic updating. C) If this isn't available out of the box, can someone recommend third-party software that will provide the functionality I'm looking for? A big thanks to anyone who can help me out!!

    Read the article

  • Lockdown users on Windows Server 2012

    - by el.severo
    I set up a Active Directory on a server machine with Windows Server 2012 and I'd like to create some users with limitations like Windows Steady State does in Windows XP (locally). Seen already the Windows SteadyState Handbook (with Windows Server 2008), but I'd like to know if anyone has tried this before, the limitations are the following: 1. Prevent locked or roaming user profiles that cannot be found on the computer from logging on 2. Do not cache copies of locked or roaming user profiles for users who have previously logged on to this computer 3. Do not allow Windows to compute and store passwords using LAN Manager Hash values 4. Do not store usernames or passwords used to log on to the Windows Live ID or the domain 5. Prevent users from creating folders and files on drive C:\ 6. Lock profile to prevent the user from making permanent changes 7. Remove the Control Panel, Printer and Network Settings from the Classic Start menu 8. Remove the Favorites icon 9. Remove the My Network Places icon 10. Remove the Frequently Used Program list 11. Remove the Shared documents folder from My Computer 12. Remove control Panel icon 13. Remove the Set Program Access and Defaults icon 14. Remove the Network Connection(Connect To)icon 15. Remove the Printers and Faxes icon 16. Remove the Run icon 17. Prevent access to Windows Explorer features: Folder Options, Customize Toolbar, and the Notification Area 18. Prevent access to the taskbar 19. Prevent access to the command prompt 20. Prevent access to the registry editor 21. Prevent access to the Task Manager 22. Prevent access to Microsoft Management Console utilities 23. Prevent users from adding or removing printers 24. Prevent users from locking the computer 25. Prevent password changes (also requires the Control Panel icon to be removed) 26. Disable System Tools and other management programs 27. Prevent users from saving files to the desktop 28. Hide A Drive 29. Hide B Drive 30. Hide C Drive 31. Prevent changes to Internet Explorer registry settings 32. Empty the Temporary Internet Files folder when Internet Explorer is closed 33. Remove Internet Options 34. Remove General tab in Internet Options 35. Remove Security tab in Internet Options 36. Remove Privacy tab in Internet Options 37. Remove Content tab in Internet Options 38. Remove Connections tab in Internet Options 39. Remove Programs tab in Internet Options 40. Remove Advanced tab in Internet Options 41. Set a home page (Internet Explorer) 42. Restrict the possibility to change desktop image 43. Restrict the possibility to change wallpaper 44. Restrict usb flash drives Any suggestions for this? UPDATE: As @Dan suggested me I'd like to specify that would be applied to a educational scenario where students can login from a computer and want to add some restrictions to them.

    Read the article

  • Automate new AD user's home folder creation and permission setup

    - by vn.
    I know if we setup a base folder or a profile path in the Profile tab of an AD user, we can copy it and the folder creation and permission setup will be automated. My problem is that not all my users have a roaming profile and the home folder linking is done thru GPO. When I copy from these users, the home folder isn't created automatically and I have to create it manually and change permission and ownership on that folder, located on the fileserver. What should I do? A script may be nice but it'd have to be run everytime a new user is created and I don't think we can link a script to an AD user creation? I'd like to avoid any manual steps and keep my GPO that way. Using a W2008r2 DC on w7 client boxes. Thanks.

    Read the article

  • How to filter RSOP to show only modified policies?

    - by guest
    Is it possible to view only those elements of GPO that are actually modified/specified? For example, when looking at RSOP for an OU, I have loads of options which are mostly not specified - can I automatically filter it to show only e.g. that it doesn't allow to use control panel or install software, instead of looking through all options? I am using Win2003 and I have only the default tools. Thanks in advance!

    Read the article

  • powershell vs GPO for installation, configuration, maintenance

    - by user52874
    My question is about using powershell scripts to install, configure, update and maintain Windows 7 Pro/Ent workstations in a 2008R2 domain, versus using GPO/ADMX/msi. Here's the situation: Because of a comedy of cumulative corporate bumpfuggery we suddenly found ourselves having to design, configure and deploy a full Windows Server 2008R2 and Windows 7 Pro/Enterprise on very short notice and delivery schedule. Of course, I'm not a windows expert by any means, and we're so understaffed that our buzzword bingo includes 'automate' and 'one-button' and 'it needs to Just Work'. (FWIW, I started with DEC, then on to solaris and cisco, then linux of various flavors with a smattering of BSD nowadays. I use Windows for email and to fill out forms). So we decided to bring in a contractor to do this for us. and they met the deadline. The system is up and mostly usable, and this is good. We would not have been able to do this. But it's the 'mostly' part that is proving to be the PIMA now, and I'm having to learn Microsoft stuff anyway until/if we can get a new contract with these guys for ongoing operations. Here's my question. The contractor used powershell almost exclusively for deployment, configuration and updating. My intensive reading over the last week leads me to think that the generally accepted practices for deployment, configuration and updating microsoft stuff uses elements of GPOs and ADMX templates, along with maybe some third party stuff like PolicyPak. Are there solid reasons that I've not found yet that powershell scripts would be preferred over the GPO methods? I'm going to discuss this with the contractor lead when he gets back from his vacation, and he'll be straight with me (nor do I think they set us up). But I can also see this might be a religious issue, so I would still like some background on this. Thoughts? or weblinks? Thanks!

    Read the article

  • AD password not synchronising properly

    - by Kaczmar
    I have 600+ users in AD, but only one causes me trouble. The problem is I can reset his password from AD, he can then log in to his machine. After that he would like to change his password from Windows 7, and proceeds without errors. Logs out or locks the workstation but cannot access it again using either old or new password. So I have to reset it again and he can only use the one I provide for him. All our machines are in the same physical location in the same subnet. Functional level is 2003. I'm totally out of ideas. I could create him new user account, but I'd possibly like to know what causes this. I can only suspect some sort of synchronisation problems but other accounts work fine, and I don't know how to dig deeper into this. Thanks, Piotr

    Read the article

  • How do I set a service startup type to be 'Automatic (delayed)' using GPO?

    - by growse
    A Windows service has 4 different startup types that can be configured: Automatic, Automatic (delayed), Manual and Disabled. I have a service running on a combination of Windows 7 and Server 2008 R2 Desktops that I need to set as 'Automatic (delayed)' using a GPO setting, but from what I can see in the GPO editor, the delayed option is missing: Have I missed something obvious, or is this a rather basic omission from Microsoft?

    Read the article

  • no internet mail group / mail sending and delivery restrictions

    - by Jeff
    I run a win 2k8 a/d server and an win 2k8 exchange 07 server I have a group called 'No Internet Mail', i made it a distribution group. I tried to setup a transport rule on the exchange server that is configured as follows for outgoing: from a member of no internet mail and sent to users outside the organization redirect the message to administrator and send message refused, forwarded to administrator. Please talk to management for external email use. however , when i enable this it forwards everyones emails to me regardless if they are a member of the no internet mail group or not. not sure what im doing wrong, thanks in advanced.

    Read the article

  • Why would my domain admins turn of UAC?

    - by DanO
    I'm a developer of internal software in our company, I've gotten used to UAC in Win7, I prefer to run with in enabled so that our software works correctly with it enabled. Sysadmins have recently pushed out GPO that turns it off every time we log-in. (So I turn it back on every time I log in.) I can imagine some people are annoyed by it and turn it off, but is that really a good company-wide decision? anyone annoyed by it (local admins) would already have permission to turn it of themselves.. right? On the other hand we don't have to worry creating UAC friendly software if no workstations or servers have it enabled. Is there a good reason for doing this? Other than reducing help-desk calls from recent XP users? I can't see the upside of this decision, help me understand.

    Read the article

  • Users own mapped network drives disappear when I set a GPP mapped drive

    - by Kim
    All the clients use Windows 7 SP1 x64 Enterprise. The domain controllers are Windows Server 2008 R2. I have configured the GPP to map "\server\data" to first available drive letter starting with I:. The action is replace and I have set the Hide/Show this drive and Hide/Show all drives to "Show". I have set targeting to a specified security group. This works as expected and the drive is mapped to the correct users. The problem is that if the user has created their own mapped drives these mappings will disappear when the GPP mapping is applied. Only the mapped drives from the GPP is shown in Explorer. I have not found any other mention of this particular problem when I search the Internet and on TechNet there is no mention of what happens to drives already mapped.

    Read the article

  • Automatically make user local administrator on their computer through GPO?

    - by Grant
    In our AD 2003 domain each user gets local admin permissions on their computer. Everyone else can login with their domain account as normal user. Right now this means going to the desktop and manually adding the user as a local administrator. Is there any way to automate this process through logon scripts or GPOs? I have found ways to use a gpo to make everyone who logs in to a computer a local admin, but really only want to give it to the primary user (or in some cases users) of the computer. I've also seen methods that required adding a group for each computer...but really dont want to clutter AD like that. I do have a list mapping each user to each computer name. If it matters the desktops are a mix of xp and win7.

    Read the article

  • Server service fails to start, event 7023, error 1079

    - by toffitomek
    Hello, Environment: Windows Server 2008 R2 fully patched, working as Domain Controller in Win 2003 native domain. Users started to report problems with share, it turned out that server service won't start. I've scrambled google but can't find a thing. Any ideas will be appreciated. Thanks in advance :) Service fails to start, then when starting service I get: Windows could not start the Server service on SERVERNAME. Error 1079: The account specified for this service is different from the account specified for other services running in the same process. In System Event Log: Event 7023 The Server service terminated with the following error: The account used is a server trust account. Use your global user account or local user account to access this server.

    Read the article

  • Configure users and groups for Git

    - by Peter Penzov
    I want to create Git server on which every developer can commit code with his own linux account. The Git repository is initialized under the directory /opt/git_repo.git I created a group developers which owns the directory git_repo.git. Then I created three users which are part of the same group - DeA, DevB, DevC. I created a soft link into each developer home directory which points to the /opt/git_repo.git location. The problem is that when a user connects to the Git server and use the soft link to access the files he cannot do it. Can you help me what are the proper steps and commands to configure the repository?

    Read the article

  • gpresult for local users on local machine?

    - by Jonas
    I would like to list the group policies for local users on a machine I'm setting up. However, when I run gpresult /v /u localmachine\user I get the error that I do have to specify a server name, and when I run gpresult /v /s 127.0.0.1 /u localmachine\user I get the message user credentials for local system are ignored, and I get the group policies for the local administrator as a result. How do I get the settings for the users?

    Read the article

  • Need to call a script at logon based on hostname. Win 2k3 Domain and XP/7 workstations.

    - by Malocchio
    I have a user logon script. I want to install printers based on hostname. Inside this folder \domain.local\SYSVOL\domain.local\Policies{DF3F608C-8D78-934F-B79F-1965F3C4409B}\User\Scripts\Logon I have cmd files for each host/workstation and the logon.cmd. Terminal Servers are honoring the environment variable %clientname% but the workstations are not. Relevant area of logon.cmd rem Delete all existing printer connections c:\windows\system32\con2prt.exe /f rem Call workstation specific script for connecting to printers %clientname%.cmd Excerpt from clientname.cmdL: rundll32 printui,PrintUIEntry /in /n\\fileserv\PhaserPS rundll32 printui,PrintUIEntry /in /n\\fileserv\CanonIR rundll32 printui,PrintUIEntry /y /n\\fileserv\CanonIR

    Read the article

  • Best cloud based IT Systems management services out there?

    - by Ryk
    Our startup organisation is growing fast in 2 different office locations. That brings new challenges and headaches. Our entire company is cloud based, and I am looking for a good product to manage our remote systems. Currently we do not have on-site AD servers, we are using the Windows Azure AD services, so cannot rely on group policies at this stage. I would like to be able to achieve the following: (they are all laptops) Remote Desktop Support Patch management Lock down software on machines (restrict them) Monitor and manage systems Other benefits would be good, but if I can achieve the ones listed above, it will go a long way. We have a combination of Windows 7 pro & Windows 8 & 8.1 machines. I am currently using Windows Intune, but it is really limited. Really just a glorified patch enforcer. Thank you in advance to your help.

    Read the article

  • Windows GPO default mapped drives

    - by SteB
    Is there a way, using Windows GPO, to set up a list of "default" mapped drives that can be applied to a group of users? I runs small network and would like to make sure that certain groups of users (like Sales or Support) have the same network shares mapped to the same drive letters irrespective of which PC they log onto. This would make the setup of new users easier and allow the centralised administration of the network locations shared. Any links to examples and/or step-by-step guides would be greatly appreciated.

    Read the article

  • Batch file installing executable only gives SYSTEM permissions

    - by Alex
    So, I have a couple of batch files that install some executables and they work, but when the executables setup shortcuts on the desktop only SYSTEM has access to them. Is there a way I can prevent that or make it so it adds Domain Users access or something like that. I realize that the batch files are ran under the SYSTEM context, but I'd like to find a way to clean up after them. Thanks in advance!

    Read the article

  • Why would my domain admins turn off UAC? [closed]

    - by DanO
    I'm a developer of internal software in our company, I've gotten used to UAC in Win7, I prefer to run with in enabled so that our software works correctly with it enabled. Sysadmins have recently pushed out GPO that turns it off every time we log-in. (So I turn it back on every time I log in.) I can imagine some people are annoyed by it and turn it off, but is that really a good company-wide decision? anyone annoyed by it (local admins) would already have permission to turn it of themselves.. right? On the other hand we don't have to worry creating UAC friendly software if no workstations or servers have it enabled. Is there a good reason for doing this? Other than reducing help-desk calls from users recently upgraded from XP? I can't see the upside of this decision, help me understand.

    Read the article

  • How can I limit other (administrator) users access to my profile?

    - by kojo
    Hi, We in our club have a computer with Windows 7 Professional that every club member may use. And everyone has their own separate account. Those accounts have to have administrator priveleges since I want everyone to be able to install any software and use any feature they want. However, there is a single thing that they shouldn't be allowed to do - that is, look into another users' profiles. Now when anyone goes to 'c:\Users(Any User Name)' a little prompt appears that this folder is secured and whether you really want to look inside. Simply clickinh 'ok' give you access to any profile. I tried disabling taking ownership for Administrators group in Group Policies but that had no effect. How can I effectively prohibit administrators looking into each others' profiles and documents?

    Read the article

  • Issue with Administratively Assigned Offline Files

    - by ZnewmaN
    I need to use Administratively Assigned Offline files in conjunction with folder redirection, but user home folders live on 26 different shares. Do I just need to add 52 file paths similar to: \\server\shareA\%username%\Desktop \\server\shareA\%username%\My Documents \\server\shareB\%username%\Desktop \\server\shareB\%username%\My Documents ... and so on? Or do I need to create 26 GPOs, one for each share; or is there an easier way to do it? Edit: The solution provided by @berniewhite in the comments of using %homeshare% has resolved the issue and Administratively Assigned Offline Files is now working well.

    Read the article

  • How to run a logon script but not as the current user

    - by user139951
    I want to create a log of when people login or logout of computers in a computer lab. My first idea was to just create login/logout scripts that contact a server, but the problem is since these scripts would run as the current user, that they would then be able to run this script outside of these two occasions. Is there any way to go about running a login/logout script as the domain computer rather than as the user?

    Read the article

  • Help to argue why to develop software on a physical computer rather than via a remote desktop

    - by s5804
    Remote desktops are great and many times a blessing and cost effective (instead of leasing expensive cables). I am not arguing against remote desktops, just if one have the alternative to use either remote desktop or physical computer, I would choose the later. Also note that I am not arguing for or against remote work practices. But in my case I am required to be physically present in the office when developing software. Background, I work in a company which main business is not to develop software. Therefore the company IT policies are mainly focused on security and to efficiently deploying/maintaing thousands of computer to users. Further, the typical employee runs typical Office applications, like a word processors. Because safety/stability is such a big priority, every non production system/application, shall be deployed into a physical different network, called the test network. Software development of course also belongs in the test network. To access the test network the company has created a standard policy, which dictates that access to the test network shall go only via a remote desktop client. Practically from ones production computer one would open up a remote desktop client to a virtual computer located in the test network. On the virtual computer's remote desktop one would be able to access/run/install all development tools, like Eclipse IDE. Another solution would be to have a dedicated physical computer, which is physically only connected to the test network. Both solutions are available in the company. I have tested both approaches and found running Eclipse IDE, SQL developer, in the remote desktop client to be sluggish (keyboard strokes are delayed), commands like alt-tab takes me out of the remote client, enjoying... Further, screen resolution and colors are different, just to mention a few. Therefore there is nothing technical wrong with the remote client, just not optimal and frankly de-motivating. Now with the new policies put in place, plans are to remove the physical computers connected to the test network. I am looking for help to argue for why software developers shall have a dedicated physical software development computer, to be productive and cost effective. Remember that we are physically in office. Further one can notice that we are talking about approx. 50 computers out of 2000 employees. Therefore the extra budget is relatively small. This is more about policy than cost. Please note that there are lots of similar setups in other companies that work great due to a perfectly tuned systems. However, in my case it is sluggish and it would cost more money to trouble shoot the performance and fine tune it rather than to have a few physical computers. As a business case we have argued that productivity will go down by 25%, however it's my feeling that the reality is probably closer to 50%. This business case isn't really accepted and I find it very difficult to defend it to managers that has never ever used a rich IDE in their life, never mind developed software. Further the test network and remote client has no guaranteed service level, therefore it is down for a few hours per month with the lowest priority on the fix list. Help is appreciated.

    Read the article

  • In XHR, is it possible to distinguish network errors from cross-origin errors?

    - by greim
    http://www.w3.org/TR/access-control/ Reading the CORS spec linked above, it seems to be the case that it's impossible to reliably distinguish between a generic "network error" and a cross-origin access denied error. From the spec: If there is a network error Apply the network error steps. Perform a resource sharing check. If it returns fail, apply the network error steps. http://www.w3.org/TR/access-control/#simple-cross-origin-request0 In my testing, I couldn't locate any features of Firefox's implementation that seem to indicate that the resource sharing check definitely failed. It just switches readyState to 4 and sets status to 0. Ultimately I'd like the ability to pass a success callback, a general fail callback, and an optional cross-origin fail callback, to my function. Thanks for any help or insight.

    Read the article

< Previous Page | 24 25 26 27 28 29 30 31 32 33 34 35  | Next Page >