Search Results

Search found 4763 results on 191 pages for 'policy administration'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 37/191 | < Previous Page | 33 34 35 36 37 38 39 40 41 42 43 44  | Next Page >

  • How to display password policy information for a user (Ubuntu)?

    - by C.W.Holeman II
    Ubuntu Documentation Ubuntu 9.04 Ubuntu Server Guide Security User Management states that there is a default minimum password length for Ubuntu: By default, Ubuntu requires a minimum password length of 4 characters Is there a command for displaying the current password policies for a user (such as the chage command displays the password expiration information for a specific user)? > sudo chage -l SomeUserName Last password change : May 13, 2010 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7 This is rather than examining various places that control the policy and interpreting them since this process could contain errors. A command that reports the composed policy would be used to check the policy setting steps.

    Read the article

  • Exchange Activesync policy - can I make it not required for a user?

    - by TheCleaner
    Exchange 2010 sp2. I have a "C" level exec that wants to get his email on his android tablet. Easy enough. However, he doesn't want any Activesync policy applied to his device for remote wipe, etc. not even the default policy, and doesn't want to use OWA. I thought I knew Exchange pretty well, but can't find a Powershell command or anything that will allow a device to connect without enforcing at least some kind of policy. Is he out of luck using Activesync? I can set him up with POP3/IMAP, but would rather not.

    Read the article

  • How to grant AllPermission to not extracted war file in tomcat

    - by André
    Hello, I'm developing a web application and have created a war file. If I deploy it to my tomcat server, it is used without being unpacked (which is the setting I want to have for this server). For unpacked web apps I have a policy file to grant AllPermission to my application grant codeBase "file:${catalina.base}/webapps/tc/-" { permission java.security.AllPermission; }; But what has the codeBase to be for unpacked war files? Thanks, André

    Read the article

  • Applying Microsoft Management Console Policies

    - by Hipno
    Hello, I am using windows 7. i got a user on my computer a non-admin user, and i want to apply on him user policies from the Microsoft Management Console. i added group policy object editor, chose Non-admin group, set a setting, saved and close. but i when i logon to that user i applied to, it just won't effect! please tell me what i miss, thank you.

    Read the article

  • javascript to determine if page on remote domain has changed

    - by uku
    Hi, I am trying to find a client-side way to determine if a page on a remote domain has changed. I can't load the page in an iframe and examine its contents due to same origin policy. So I tried using .getResponseHeader("Content-Length") and .getResponseHeader("Last-Modified") but apparently these are also restricted by SOP even though FireBug shows Content-Length in the console. Is there a way to do this? I just need a way to know if the page has changed. Thx

    Read the article

  • Clarification On Write-Caching Policy, Its Underlying Options And How It Applies To Hard Drives And Solid-State Drives

    - by Boris_yo
    In last week after doing more research on subject matter, I have been wondering about what I have been neglecting all those years to understand write-caching policy, always leaving it on default setting. Write-caching policy improves writing performance and consists of write-back caching and write-cache buffer flushing. This is how I understand all the above, but correct me if I erred somewhere: Write-through cache / Write-through caching itself is not a part of write caching policy per se and it's when data is written to both cache and storage device so if Windows will need that data later again, it is retrieved from cache and not from storage device which means only improved read performance as there is no need for waiting for storage device to read required data again. Since data is still written to storage device, write performance isn't improved and represents no risk of data loss or corruption in case of power failure or system crash while only data in cache gets lost. This option seems to be enabled by default and is recommended for removable devices with no need to use function of "Safely Remove Hardware" on user's part. Write-back caching is similar to above but without writing data to storage device, periodically releasing data from cache and writing to storage device when it is idle. In my opinion this option improves both read and write performance but represents risk if power failure or system crash occurs with the outcome of not only losing data eventually to be written to storage device, but causing file inconsistencies or corrupted file system. Write-back caching cannot be enabled together with write-through caching and it is not recommended to be enabled if no backup power supply is availabe. Write-cache buffer flushing I reckon is similar to write-back caching but enables immediate release and writing of data from cache to storage device right before power outage occurs but I don't know if it applies also to occasional system crash. This option seem to be complementary to write-back cache reducing or potentially eliminating risk of data loss or corruption of file system. I have questions about relevance of last 2 options to today's modern SSDs in order to get best performance and with less wear on SSDs: I know that traditional hard drives come with onboard cache (I wonder what type of cache that is), but do SSDs also come with cache? Assuming they do, is this cache faster than their NAND flash and system RAM and worth taking the risk of utilizing it by enabling write-back cache? I read somewhere that generally storage device's cache is faster than RAM, but I want to be sure. Additionally I read that write-caching should be enabled since current data that is to be written later to NAND flash is kept for a while in cache and provided there is data that gets modified a lot before finally being written, holding of this data and its periodic release reduces its write times to SSD thereby reducing its wearing. Now regarding to write-cache buffer flushing, I heard that SSD controllers are so fast by themselves that enabling this option is not required, because they manage flushing. However, once again, I don't know if SSDs have their own onboard cache and whether or not it is faster than their NAND flash and system RAM because if it is, keeping this option enabled would make sense. Recently I have posted question about issue with my Intel 330 SSD 120GB which was main reason to do deeper research having suspicion of write-caching policy being the culprit of SSD's freezing issue assuming data being released is what causes freezes. Currently I have write-cache enabled and write-cache buffer flushing disabled because I believe SSD controller's management of write-cache flushing and Windows write-cache buffer flushing are conflicting with each other: Since I want to troubleshoot in small steps to finally determine the source of issue, I have decided to start with write-caching policy and the move to drivers, switching to AHCI later on and finally disabling DIPM (device initiated power management) through registry modification thanks to @TomWijsman

    Read the article

  • Where to draw the line between development-led security and administration-led security?

    - by haylem
    There are cases where you have the opportunity, as a developer, to enforce stricter security features and protections on a software, though they could very well be managed at an environmental level (ie, the operating system would take care of it). Where would you say you draw the line, and what elements do you factor in your decision? Concrete Examples User Management is the OS's responsibility Not exactly meant as a security feature, but in a similar case Google Chrome used to not allow separate profiles. The invoked reason (though it now supports multiple profiles for a same OS user) used to be that user management was the operating system's responsibility. Disabling Web-Form Fields A recurrent request I see addressed online is to have auto-completion be disabled on form fields. Auto-completion didn't exist in old browsers, and was a welcome feature at the time it was introduced for people who needed to fill in forms often. But it also brought in some security concerns, and so some browsers started to implement, on top of the (obviously needed) setting in their own preference/customization panel, an autocomplete attribute for form or input fields. And this has now been introduced into the upcoming HTML5 standard. For browsers who do not listen to this attribute, strange hacks *\ are offered, like generating unique IDs and names for fields to avoid them from being suggested in future forms (which comes with another herd of issues, like polluting your local auto-fill cache and not preventing a password from being stored in it, but instead probably duplicating its occurences). In this particular case, and others, I'd argue that this is a user setting and that it's the user's desire and the user's responsibility to enable or disable auto-fill (by disabling the feature altogether). And if it is based on an internal policy and security requirement in a corporate environment, then substitute the user for the administrator in the above. I assume it could be counter-argued that the user may want to access non-critical applications (or sites) with this handy feature enabled, and critical applications with this feature disabled. But then I'd think that's what security zones are for (in some browsers), or the sign that you need a more secure (and dedicated) environment / account to use these applications. * I obviously don't deny the ingenuity of the people who were forced to find workarounds, just the necessity of said workarounds. Questions That was a tad long-winded, so I guess my questions are: Would you in general consider it to be the application's (hence, the developer's) responsiblity? Where do you draw the line, if not in the "general" case?

    Read the article

  • Development-led security vs administration-led security in a software product?

    - by haylem
    There are cases where you have the opportunity, as a developer, to enforce stricter security features and protections on a software, though they could very well be managed at an environmental level (ie, the operating system would take care of it). Where would you say you draw the line, and what elements do you factor in your decision? Concrete Examples User Management is the OS's responsibility Not exactly meant as a security feature, but in a similar case Google Chrome used to not allow separate profiles. The invoked reason (though it now supports multiple profiles for a same OS user) used to be that user management was the operating system's responsibility. Disabling Web-Form Fields A recurrent request I see addressed online is to have auto-completion be disabled on form fields. Auto-completion didn't exist in old browsers, and was a welcome feature at the time it was introduced for people who needed to fill in forms often. But it also brought in some security concerns, and so some browsers started to implement, on top of the (obviously needed) setting in their own preference/customization panel, an autocomplete attribute for form or input fields. And this has now been introduced into the upcoming HTML5 standard. For browsers that do not listen to this attribute, strange hacks* are offered, like generating unique IDs and names for fields to avoid them from being suggested in future forms (which comes with another herd of issues, like polluting your local auto-fill cache and not preventing a password from being stored in it, but instead probably duplicating its occurences). In this particular case, and others, I'd argue that this is a user setting and that it's the user's desire and the user's responsibility to enable or disable auto-fill (by disabling the feature altogether). And if it is based on an internal policy and security requirement in a corporate environment, then substitute the user for the administrator in the above. I assume it could be counter-argued that the user may want to access non-critical applications (or sites) with this handy feature enabled, and critical applications with this feature disabled. But then I'd think that's what security zones are for (in some browsers), or the sign that you need a more secure (and dedicated) environment / account to use these applications. * I obviously don't deny the ingeniosity of the people who were forced to find workarounds, just the necessity of said workarounds. Questions That was a tad long-winded, so I guess my questions are: Would you in general consider it to be the application's (hence, the developer's) responsiblity? Where do you draw the line, if not in the "general" case?

    Read the article

  • Fiddler not working in Windows 7 - LAN Settings locked?

    - by Glen Little
    I've been using Fiddler for years, but now, on Windows 7 (64 bit) I cannot get it to monitor traffic from IE 8. With the Firefox add-on, it is able to monitor Firefox traffic with no problem. This is not related to monitoring HTTPS traffic, or traffic to localhost. I've tried running IE and/or Fiddler with "Run as Administrator", but no luck. The best clue to the problem that I have is that in IE8, the "Local Area Network (LAN) Settings" dialog accessed from "LAN Settings" in the Internet Options / Connections tab is all grayed out. I have two Windows 7, 64 bit computers, both on the same LAN. One works fine, the other has these settings grayed out, and a note on the Connections tab: "Some settings are managed by your system administrator". However, the system administrator has NOT set any. Any ideas?

    Read the article

  • pfSense with two WANs, routing skype traffic over a specific WAN

    - by Eric
    I have a pfSense setup with two WANs (WAN1 and WAN2) and one LAN network. The two WANs are setup for failover. However, QoS has recently been an issue for skype calls in our office place (about 30 people) so we want to dedicate WAN2 for skype traffic (we use skype for all voip calls, etc.) As Skype is notoriously difficult to deal with, does anyone have any suggestions on how I should deal with this? A simple rile based on ports will not work, and using layer7 inspection witha skype porfile on all incoming LAN packets doesn't seem like the way to go eiter. here is a related pfsense forum post: http://forum.pfsense.org/index.php/topic,50406.msg268520.html#msg268520

    Read the article

  • Folder Redirection Issues - Freezing, Strange Warnings

    - by JCardenas
    I have Folder Redirection set up in a test environment for a couple accounts. I have followed the instructions for setting up the folder security settings here, and I can confirm that folders are created automatically by the system with the correct security settings when a user logs in. The GPO has been configured to automatically move user files up to the redirected folders, and this is working properly. Problems start occurring when a Windows 7 PC is in use. It is rare, but Explorer will lock up when performing a file write operation (move/copy/save from application). This results in the entire system being unusable, with only a hard reset resolving it (Task Manager doesn't start, the "three finger salute" does nothing, apps stop working). The mouse functions, but clicks do nothing. The other issue is that occasionally when copying/creating/modifying files a dialog box will pop up with the message "You need permission to perform this action. You require permission from XYZ\cardenas to make changes to this folder." The folder that was created by copying an existing one has the correct security settings and lists me as the owner. My company will not be implementing Folder Redirection on XP, since we are making a "clean break" with implementing new technologies with the Windows 7 rollout, so this behavior has not been - nor will be - checked for in XP. Thanks in advance for your help!

    Read the article

  • GPO Startup script did not execute on some computers

    - by Aaron Ooi
    The GPO Startup scripts works fine on other machine but not for another half of the machine. gpresult show that GPO was there. I ran RSOP and it show that the Startup script was there but it was never executed. There nothing on application error or anything related to the failed execution in the event viewer. I have set to Allow slow network connection too but it did not help for the startup script to execute. Permission read/execute granted to Domain Computers & Authenticated Users Other GPO settings works except Startup Script did not execute. The scripts works fine as other machine which success without any issue except some machine. I need help to sort this out as it troubles me where another half of the machine did not execute the script at all. It was all WIndows 7.

    Read the article

  • Windows 2008 R2 CA and auto-enrollment: how to get rid of >100,000 issued certificates?

    - by HopelessN00b
    The basic problem I'm having is that I have 100,000 useless machine certificates cluttering up my CA, and I'd like to delete them, without deleting all certs, or time jumping the server ahead, and invalidating some of the useful certs on there. This came about as a result of accepting a couple defaults with our Enterprise Root CA (2008 R2) and using a GPO to auto-enroll client machines for certificates to allow 802.1x authentication to our corporate wireless network. Turns out that the default Computer (Machine) Certificate Template will happily allow machines to re-enroll instead of directing them to use the certificate they already have. This is creating a number of problems for the guy (me) who was hoping to use the Certificate Authority as more than a log of every time a workstation's been rebooted. (The scroll bar on the side is lying, if you drag it to the bottom, the screen pauses and loads the next few dozen certs.) Does anyone know how to DELETE 100,000 or so time-valid, existing certificates from a Windows Server 2008R2 CA? When I go to delete a certificate now, now, I get an error that it cannot be delete because it's still valid. So, ideally, some way to temporarily bypass that error, as Mark Henderson's provided a way to delete the certificates with a script once that hurdle is cleared. (Revoking them is not an option, as that just moves them to Revoked Certificates, which we need to be able to view, and they can't be deleted from the revoked "folder" either.) Update: I tried the site @MarkHenderson linked, which is promising, and offers much better certificate manageability, buts still doesn't quite get there. The rub in my case seems to be that the certificates are still "time-valid," (not yet expired) so the CA doesn't want to let them be deleted from existence, and this applies to revoked certs as well, so revoking them all and then deleting them won't work either. I've also found this technet blog with my Google-Fu, but unfortunately, they seemed to only have to delete a very large number of certificate requests, not actual certificates. Finally, for now, time jumping the CA forward so the certificates I want to get rid of expire, and therefore can be deleted with the tools at the site Mark linked is not a great option, as would expire a number of valid certificates we use that have to be manually issued. So it's a better option than rebuilding the CA, but not a great one.

    Read the article

  • Where default settings are stored after applying GPO?

    - by tester5566
    When I apply a GPO that changes Service startup settings, where the default service startup settings are kept? And how can I read and modify them? The reason of the question is that I have a hundred of servers where most of services are disabled by a baseline GPO for hardening purposes. I want to relax this GPO by removing some services but I do not want that the service startup settings becomes default ones after the GPO is relaxed. So I want to keep the actual hardened state as a default state but allow local admins to change it if necessary. Thank you

    Read the article

  • Hide notification area GPO not applying

    - by Richard
    I have created a GPO to hide the notification area on Windows XP SP3. The GPO must apply to all students but only in certain rooms so I've also enabled loopback processing on the GPO and linked to the OUs the computers are in. I've then added a group to the security filter that contains all student accounts. This is not applying. It doesn't even show up in gpresult. I have also tried linking it in the Students OU which contains all student accounts and applying a security filter with a group of the computers I want it to apply to. This didn't work either. It's possible I'm missing something straightforward. Would a WMI filter do the job, and if so how would I go about writing one so that it'll only apply to computers whose name begins with XX-RT for example.

    Read the article

  • routing based on source IP

    - by user1977050
    I am trying to do source-based routing, following the question http://unix.stackexchange.com/questions/131527/routing-based-on-source-ip. The source IP floating one and assigned to a cluster (consists from 2 servers). Let's say that the physical IP on server1 is 192.0.2.1, on server2 192.0.2.2, and the virtual IP is 192.0.2.3 (and this should be the source IP for outgoing traffic). How can I configure static source IP routing for this in RHEL?

    Read the article

  • Grant a user access to directories shared by root (mod: 770)

    - by Paul Dinham
    I want to grant a user (username: paul) access to all directories shared by root with mod 770. I do it this way: groups root (here comes a list of groups in which root user is) usermod -a -G group1 paul usermod -a -G group2 paul usermod -a -G group3 paul ... All the 'group1', 'group2', 'group3' are seen in the group list of root user. However, after adding 'paul' to all groups above, he still can not write to directories shared by root user with mod 770. Did I do it wrongly?

    Read the article

  • Deploy binary hex registry via GPO or PowerShell

    - by Prashanth Sundaram
    I am trying to deploy a custom registry entry which I exported from a test machine. It looks like below. I came across THIS similar request on another site, but I couldn't make it to work. "TextFontSimple"=hex:3c,00,00,00,1f,00,00,f8,00,00,00,40,dc,00,00,00,00,00,00,\ 00,00,00,00,ff,00,31,43,6f,75,72,69,65,72,20,4e,65,77,00,00,00,00,00,00,00,\ 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 As per the other solution, my PS command below, throws error."A parameter cannot be found that matches parameter name" Set-ItemProperty -Path "HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MailSettings" -Name "TextFontSimple" -PropertyType Binary -Value ([byte[]] (0x3c,0x00,0x00,0x00,0x1f....0x00)) Any ideas? ====EDIT===== The key & value already exists. When I use Get-ItemProperty PSPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common\MailSettings PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Common PSChildName : MailSettings PSProvider : Microsoft.PowerShell.Core\Registry TextFontSimple : {60, 0, 0, 0...}

    Read the article

  • Event ID for modified GPOs

    - by Hinek
    I have to know, who (usersid or loginname) changed a specified GPO for a specified OU in the Active Directory. Given our audit settings include this, what would be the right Event ID to look for?

    Read the article

  • Configuring only one Internet Explorer zone (IntranetZone) thru GPO without affecting other zones?

    - by MadBoy
    I need to deploy some trusted intranet sites into Intranet Zone in Internet Explorer. It works fine when using GPO at: Setting Path: Computer Configuration/Administrative Templates/Windows Components/Internet Explorer/Internet Control Panel/Security Page Supported On: At least Internet Explorer 6.0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 Problem is this settings also affect other zones making it impossible for people in company to add sites to other zones themselves. Is there a way to fix this so that Intranet Zone is deployed thru GPO and rest of settings stay in gesture of users?

    Read the article

  • Active Directory: delete vs. disable departed employees

    - by Matt Rogish
    When an employee leaves your organization, do you delete or disable their Active Directory account? Our SOP is to disable, export/purge the Exchange mailbox, and then after "some time" has elapsed (usually quarterly), delete the account. Is there any need for that delay? After exporting and purging their mailbox, why shouldn't I delete the account right then and there?

    Read the article

  • Security and Windows Login

    - by Mimisbrunnr
    I'm not entirely sure this is the right place for the is question but I cannot think of another so here goes. In order to login to the windows machines at my office one must press the almighty CTRL-ALT-DELETE command combo first. I, finding this very frustrating, decided to look into why and found claims from both my sys and Microsoft stating that it's a security feature and that "Because only windows could read the CTRL-ALT-DELETE it helped to ensure that an automated program cannot log in. Now I'm not a master of the windows operating system ( as I generally use *nix ) but I cannot believe that "Only windows can send that signal" bull. It just doesn't sit right. Is there a good reason for the CTRL-ALT-DELETE to login thing? is it something I'm missing? or is it another example of antiquated legacy security measures?

    Read the article

  • Setup.exe called from a batch file crashes with error 0x0000006

    - by Alex
    We're going to be installing some new software on pretty much all of our computers and I'm trying to setup a GPO to do it. We're running a Windows Server 2008 R2 domain controller and all of our machines are Windows 7. The GPO calls the following script which sits on a network share on our file server. The script it self calls an executable that sits on another network share on another server. The executable will imediatelly crash with an error 0x0000006. The event log just says this: Windows cannot access the file for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Setup.exe because of this error. Here's the script (which is stored on \\WIN2K8R2-F-01\Remote Applications): @ECHO OFF IF DEFINED ProgramFiles(x86) ( ECHO DEBUG: 64-bit platform SET _path="C:\Program Files (x86)\Canam" ) ELSE ( ECHO DEBUG: 32-bit platform SET _path="C:\Program Files\Canam" ) IF NOT EXIST %_path% ( ECHO DEBUG: Folder does not exist PUSHD \\WIN2K8R2-PSA-01\PSA Data\Client START "" "Setup.exe" "/q" POPD ) ELSE ( ECHO DEBUG: Folder exists ) Running the script manually as administrator also results in the same error. Setting up a shortcut with the same target and parameters works perfectly. Manually calling the executable also works. Not sure if it matters, but the installer is based on dotNETInstaller. I don't know what version though. I'd appreciate any suggestions on fixing this. Thanks in advance! UPDATE I highly doubt this matters, but the network share that the script is hosted in is a shared drive, while the network share the script references for the executable is a shared folder. Also, both shares have Domain Computers listed with full access for the sharing and security tabs. And PUSHD works without wrapping the path in quotes.

    Read the article

  • Deny to administrators to change network configuration settings

    - by moronrats
    I need to provide admin rights to every user but the users should not able to change network configuration settings. For this I have enabled following policies in User Configuration\Administrative Templates\Network\Network connections Enable Windows 2000 network connection settings for administrators Prohibit access to properties of a LAN connection Prohibit access to properties of components a LAN connection Users (that exist in administrators) still can change the LAN properties. Are there any other solutions?

    Read the article

  • New IE windows open in background on restricted computer

    - by Adam Towne
    We have a new computer build that is locked down via GPO. We have locked it down as tight as we can, but now new IE windows that are opened with shortcuts open behind the active window. I can post the whole list of restrictions if it is necessary, but there are a lot of restrictions. The machine has a domain account that automatically logs in, that account is the actual AD object that we have locked down. What restrictions could cause the new windows to not have focus? I apologize for a question like this, but I had 1 day to build this, and now 2 days to iron out bugs our clinical analysts find.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 33 34 35 36 37 38 39 40 41 42 43 44  | Next Page >