Search Results

Search found 43800 results on 1752 pages for 'drupal domain access'.

Page 389/1752 | < Previous Page | 385 386 387 388 389 390 391 392 393 394 395 396  | Next Page >

• User authentication -- username mismatch in IIS in ASP.NET application

  - by Cory Larson

  Last week, an employee's Active Directory username was changed (or a new one was created for them). For the purposes of this example, let's assume these usernames: Old: Domain\11111 New: Domain\22222 When this user now logs in using their new username, and attempts to browse to any one of a number of ASP.NET applications using only Windows Authentication (no Anonymous enabled), the system authenticates but our next layer of database-driven permissions prevents them from being authorized. We tracked it down to a mismatch of usernames between their logon account and who IIS thinks they are. Below are the outputs of several ASP.NET variables from apps running in a Windows 2008 IIS7.5 environment: Request.ServerVariables["AUTH_TYPE"]: Negotiate Request.ServerVariables["AUTH_USER"]: Domain\11111 Request.ServerVariables["LOGON_USER"]: Domain\22222 Request.ServerVariables["REMOTE_USER"]: Domain\11111 HttpContext.Current.User.Identity.Name: Domain\11111 System.Threading.Thread.CurrentPrincipal.Identity.Name: Domain\11111 From the above, I can see that only the LOGON_USER server variable has the correct value, which is the account the user used to log on to their machine. However, we use the "AUTH_USER" variable for looking up the database permissions. In a separate testing environment (completely different server: Windows 2003, IIS6), all of the above variables show "Domain\22222". So this seems to be a server-specific issue, like the credentials are somehow getting cached either on their machine or on the server (the former seems more plausible). So the question is: how do I confirm whether it's the user's machine or the server that is botching the request? How should I go about fixing this? I looked at the following two resources and will be giving the first one a try shortly: http://www.interworks.com/blogs/jvalente/2010/02/02/removing-saved-credentials-passwords-windows-xp-windows-vista-or-windows-7 http://stackoverflow.com/questions/2325005/classic-asp-request-servervariableslogon-user-returning-wrong-username/5299080#5299080 Thanks.

  Read the article

• Painless deployment of a Django app (port from Drupal). Do I have to switch to a VPS?

  - by Monden

  I'm about to complete porting my Drupal based community site to Django. My Drupal site is hosted at a shared hosting (Dreamhost) for last 4 years, and stability & performance has been satisfactory. The site gets around 5k unique visitors with 70-80k page views a day. This will be my first deployment of a Django application and I'm not comfortable with managing my own VPS. I use Ubuntu as a dev. server, but I don't have experience with it at the production env. I have an unrelated internal CRM app (Django) that I host with Webfaction. However security and performance isn't an issue as it's only accessed by 5 people. Unfortunately, I don't have much time to learn and maintain a VPS at this moment. I would like to know if I can host a site with this much traffic at Webfaction's shared environment? How would performance differ in comparison to Linode or Slicehost? Google AppEngine isn't an option at the moment as I'll be using my current Postgresql database.

  Read the article

• In Stud, which Private RSA Key should be concatenated in the x509 SSL certificate pem file to avoid "self-signed" browser warning?

  - by Aaron

  I'm trying to implement Stud as an SSL termination point before HAProxy as a proof of concept for WebSockets routing. My domain registrar Gandi.net offers free 1-year SSL certs. Through OpenSSL, I generated a CSR which gave me two files: domain.key domain.csr I gave domain.csr to my trusted authority and they gave me two files: domain.cert GandiStandardSSLCA.pem (I think this is referred to as the intermediary cert?) This is where I encountered friction: Stud, which uses OpenSSL, expects there to be an "rsa private key" in the "pem-file" - which it describes as "SSL x509 certificate file. REQUIRED." If I add the domain.key to the bottom of Stud's pem-file, Stud will start but I receive the browser warning saying "The certificate is self-signed." If I omit the domain.key Stud will not start and throws an error triggered by an OpenSSL function that appears intended to determine whether or not my "pem-file" contains an "RSA Private Key". At this point I cannot determine whether the problem is: Free SSL cert will always be self-signed and will always cause browser to present warning I'm just not using Stud correctly I'm using the wrong "RSA private key" The CA domain cert, the intermediary cert, and the private key are in the wrong order.

  Read the article

• Industrial strength cloud file storage

  - by ArthurG

  I'm looking for an industrial strength cloud file storage system. It will be used by multiple people in a startup. Our requirements: Transparent file system access: files and folders in the file system must be able transparently access (read and write) files in the cloud; files must be synchronized whenever network access is available and buffered otherwise. The system must be usable by non-technical people. Access control: we need to control who can access which files, at least on a very coarse basis. e.g., the developers will be able to access the system design documents, only the corporate folks can access recruiting documents, and only management can access certain corporate documents. Dropbox provides this via Sharing folders, but that's not adequate, if I understand it correctly, because there's no authentication of the sharing user. so the cloud service should have a notion of an account (our startup) with multiple users with distinct credentials and rights for each user Clients: it must be accessible from Macs and PCs; I would hope that it supports Linux (e.g., Ubuntu) too Security: it must provide robust security Backup: the cloud service must reliably backup the files Versioning: change version history, is a big plus, but not required Not free: we're willing to pay for the service So far, we've reviewed the following, albeit not completely thoroughly: Dropbox: has all except 1) Access control, which is provided via Sharing folders, but that's not adequate, if I understand it correctly, because there's no authentication of the sharing user. and 2) Security, as discussed here http://www.economist.com/blogs/babbage/2011/05/internet_security and here http://blog.dropbox.com/?p=821. Windows Live Mesh, has all except 1) Clients, only supporting Windows 7 and OS X. SpiderOak has all, except 1) Transparent file system access, which is only available for 1 user. Amazon Cloud, doesn't offer 1) Transparent file system access Rackspace Cloud Drive has all except 1) Access control and 2) Versioning I'll gladly include any clarifications or additional systems the community provides. Arthur

  Read the article

• Using a nat rule to translate 80/443 traffic to web server, but internal users cannot access it using external ip/domain name

  - by Josh

  I am using Cisco ASDM for ASA I have my internal network called soa. My outside interface is called outside. Let's say my outside IP given to me by my ISP isp is y.y.y.y I have a web server inside my network with a static ip of x.x.x.110. I have configured 2 static nat rules (one for http the other for https). Source is x.x.x.110. Interface is outside, service (http or https). Maybe I am doing this wrong, but when I run the packet tracer, I choose outside interface and for the source IP I used 8.8.8.8 and the destination ip is my outside IP address, y.y.y.y When I run that, it shows the packet traversing successfully, using 9 steps. For my other test, I switch to the soa interface, input an ip on that network, and leave the destination the same. This test comes up with 2 steps and then fails on my access list. When I see the rule that fails, it is my catch all which is source: any desitnation: any, service: ip action: deny. What rule do I need to make to allow my soa network access to go out and come back in by my external IP addess (using a domain name attached to that ip in my dns, of course)?

  Read the article

• Make nginx config like apache2 virtualhosts

  - by user2104070

  I have web server with apache2 with many subdomains on it like, domain.com, abc.domain.com, def.domain.com etc. etc. Now I got a new nginx server and want to set it up like apache2, so to test I created configs (2 files in /etc/nginx/sites-available/ and link to them from sites-enabled/) as shown, domain.config: server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; root /srv/www/; index index.html index.htm; # Make site accessible from http://localhost/ server_name domain.com; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } } abc-domain config: server { listen 80; listen [::]:80; root /srv/www/tmp1/; index index.html index.htm; # Make site accessible from http://localhost/ server_name abc.domain.com; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } } but when I access with domain.com I am getting index.html from /var/www/tmp1 only. Is there something I'm doing wrong in the nginx config?

  Read the article

• DNS redirecting to Apache

  - by leo

  I have CentOS installed on LVM, that is on Debian. There are BIND and Apache on CentOS. I need to access sites from browser on Debian with names like: 1.domain, 2.domain, etc. So I set up Apache and I can access these sites, but using /etc/hosts/ on Debian. And now I'm trying to configure bind. named.conf: zone "domain" IN { type master; file "/var/named/domain.zone"; allow-update { none; }; }; 192.168.100.1 is DNS' ip; 192.168.100.139 is Apache ip; domain.zone: $TTL 86400 @ IN SOA domain. root.domain. ( 100 1H 1M 1W 1D ) @ IN NS ns1.domain. @ IN A 192.168.100.139 ns1 IN A 192.168.100.1 WWW IN A 192.168.100.139 1 IN A 192.168.100.139 2 IN A 192.168.100.139 www.1 IN A 192.168.100.139 www.2 IN A 192.168.100.139 Also, is it necessary to configure 100.168.192.in-addr.arpa? Please, explain me where I'm wrong.

  Read the article

• exchange server 2010 with multiple domains

  - by air

  i have one exchange server 2010, which is working fine with one domain. my exchange is working as follows pop3 collector collect emails from one master catchall account and then deliver to exchange server, this working perfect. now what i want to add another domain to same exchange, i have added new domain as trusted domain & email policy and this new domain email account works fine with internal emails. now what i have done, i again forward new email account to same catchall account. but if i send email from any other external email address email is bounce, i can see email receive by pop3 collector but bounce by exchange server. to make you more clear let me explain logic on which i am working. i have 2 domains 1. domain1.com ([email protected]) 2. domain2.com ([email protected] -->[email protected]) now on my machine with exchange server i have pop3 collector which collect all emails from [email protected] and forward to exchange 2010 server. all emails to domain1.com is working perfect but when i send email to [email protected] this email redirect to [email protected] perfectly but when exchanger server receive this email, it bounce. i have also study the url link text and follow the whole process but no success. i also check that my DNS/MX is working fine as the bounce message is going from my exchange server. EDIT the only problem is with accepted domain, as email come to exchange server then bounce back. i just try this today i create one user called test, then i goto his properties -- email there was only one email account [email protected] i try to send email to [email protected] from internet (email bounce) then again i go to test user properties -- email and Add one email [email protected] again u try to send email to t*[email protected]* from internet (email received) i think the only problem is with accepted domain but in hub transport , it shows accepted is there any way to check does domain is properly accepted or not in exchange 2010 server. Thanks

  Read the article

• How can I find which logon script is being run?

  - by user2517266

  I'm having an issue with network drives. Suddenly some computers and users aren't getting their mapped network drives from the logon script. I am NOT a domain admin, I don't have permission to login to the domain controller. And I know very little about Active Directory. The issue seems random, some users this day, different users tomorrow. Some computers run fine and some won't map no matter who logs in. They are mixed OS's XP (SP3), Vista, and 7. I was looking at the domain in windows explorer and I have found the batch file(s) that maps the drives in several locations, how do I know which one is actually being ran? The .bat file is located in \DOMAIN\NETLOGON\script.bat and \DOMAIN\SYSVOL\DOMAIN\scripts\script.bat and \DOMAIN\SYSVOL\DOMAIN\policies\GUID(Right? It's a crazy string)\User\Scripts\Logon\script.bat So, how can I figure out which one is actually being ran per computer or user? Cause they are all slightly different from each other and one of them doesn't map properly. Do all the files in NETLOGON get ran? Cause there are 15+ files in there. Or is it specified in Group Policy which one(s) get ran? EDIT: I am able to access a program called Active Directory Users and Computers, but the properties tab for any user is blank for the logon script.

  Read the article

• Nginx vhost configuration

  - by user101494

  I am attempting to setup a new server with Nginx 1.0.10 on debian 6. The config below works perfectly on a server with nginx 0.8.36 on Ubuntu 10.04.3 but not on the new box. The desired result is to: Redirect non-www request on the tld to www, but not not subdomains Use the the folder structure /var/www/[domain]/htdocs /var/www/[domain]/subdomains/[subdomain]/htdocs Serve files any host for which files exist in this structure On the new server domains are matching correctly but subdomains are matching to /var/www/[subdomain].[domain]/htdocs not /var/www/[domain]/subdomains/[subdomain]/htdocs server { listen 80; server_name _________ ~^[^.]+\.[^.]+$; rewrite ^(.*)$ $scheme://www.$host$1 permanent; } server { listen 80; server_name _ ~^www\.(?<domain>.+)$; server_name_in_redirect off; location / { root /var/www/$domain/htdocs; index index.html index.htm index.php; fastcgi_index index.php; } location ~ \.php$ { include /etc/nginx/fastcgi_params; keepalive_timeout 0; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } location ~ /\.ht { deny all; } } server { listen 80; server_name __ ~^(?<subdomain>\.)?(?<domain>.+)$$; server_name_in_redirect off; location / { root /var/www/$domain/subdomains/$subdomain/htdocs; index index.html index.htm index.php; fastcgi_index index.php; } location ~ \.php$ { include /etc/nginx/fastcgi_params; keepalive_timeout 0; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } location ~ /\.ht { deny all; } }

  Read the article

• Quick guide to Oracle IRM 11g: Classification design

  - by Simon Thorpe

  Quick guide to Oracle IRM 11g indexThis is the final article in the quick guide to Oracle IRM. If you've followed everything prior you will now have a fully functional and tested Information Rights Management service. It doesn't matter if you've been following the 10g or 11g guide as this next article is common to both. ContentsWhy this is the most important part... Understanding the classification and standard rights model Identifying business use cases Creating an effective IRM classification modelOne single classification across the entire businessA context for each and every possible granular use caseWhat makes a good context? Deciding on the use of roles in the context Reviewing the features and security for context roles Summary Why this is the most important part...Now the real work begins, installing and getting an IRM system running is as simple as following instructions. However to actually have an IRM technology easily protecting your most sensitive information without interfering with your users existing daily work flows and be able to scale IRM across the entire business, requires thought into how confidential documents are created, used and distributed. This article is going to give you the information you need to ask the business the right questions so that you can deploy your IRM service successfully. The IRM team here at Oracle have over 10 years of experience in helping customers and it is important you understand the following to be successful in securing access to your most confidential information. Whatever you are trying to secure, be it mergers and acquisitions information, engineering intellectual property, health care documentation or financial reports. No matter what type of user is going to access the information, be they employees, contractors or customers, there are common goals you are always trying to achieve.Securing the content at the earliest point possible and do it automatically. Removing the dependency on the user to decide to secure the content reduces the risk of mistakes significantly and therefore results a more secure deployment. K.I.S.S. (Keep It Simple Stupid) Reduce complexity in the rights/classification model. Oracle IRM lets you make changes to access to documents even after they are secured which allows you to start with a simple model and then introduce complexity once you've understood how the technology is going to be used in the business. After an initial learning period you can review your implementation and start to make informed decisions based on user feedback and administration experience. Clearly communicate to the user, when appropriate, any changes to their existing work practice. You must make every effort to make the transition to sealed content as simple as possible. For external users you must help them understand why you are securing the documents and inform them the value of the technology to both your business and them. Before getting into the detail, I must pay homage to Martin White, Vice President of client services in SealedMedia, the company Oracle acquired and who created Oracle IRM. In the SealedMedia years Martin was involved with every single customer and was key to the design of certain aspects of the IRM technology, specifically the context model we will be discussing here. Listening carefully to customers and understanding the flexibility of the IRM technology, Martin taught me all the skills of helping customers build scalable, effective and simple to use IRM deployments. No matter how well the engineering department designed the software, badly designed and poorly executed projects can result in difficult to use and manage, and ultimately insecure solutions. The advice and information that follows was born with Martin and he's still delivering IRM consulting with customers and can be found at www.thinkers.co.uk. It is from Martin and others that Oracle not only has the most advanced, scalable and usable document security solution on the market, but Oracle and their partners have the most experience in delivering successful document security solutions. Understanding the classification and standard rights model The goal of any successful IRM deployment is to balance the increase in security the technology brings without over complicating the way people use secured content and avoid a significant increase in administration and maintenance. With Oracle it is possible to automate the protection of content, deploy the desktop software transparently and use authentication methods such that users can open newly secured content initially unaware the document is any different to an insecure one. That is until of course they attempt to do something for which they don't have any rights, such as copy and paste to an insecure application or try and print. Central to achieving this objective is creating a classification model that is simple to understand and use but also provides the right level of complexity to meet the business needs. In Oracle IRM the term used for each classification is a "context". A context defines the relationship between.A group of related documents The people that use the documents The roles that these people perform The rights that these people need to perform their role The context is the key to the success of Oracle IRM. It provides the separation of the role and rights of a user from the content itself. Documents are sealed to contexts but none of the rights, user or group information is stored within the content itself. Sealing only places information about the location of the IRM server that sealed it, the context applied to the document and a few other pieces of metadata that pertain only to the document. This important separation of rights from content means that millions of documents can be secured against a single classification and a user needs only one right assigned to be able to access all documents. If you have followed all the previous articles in this guide, you will be ready to start defining contexts to which your sensitive information will be protected. But before you even start with IRM, you need to understand how your own business uses and creates sensitive documents and emails. Identifying business use cases Oracle is able to support multiple classification systems, but usually there is one single initial need for the technology which drives a deployment. This need might be to protect sensitive mergers and acquisitions information, engineering intellectual property, financial documents. For this and every subsequent use case you must understand how users create and work with documents, to who they are distributed and how the recipients should interact with them. A successful IRM deployment should start with one well identified use case (we go through some examples towards the end of this article) and then after letting this use case play out in the business, you learn how your users work with content, how well your communication to the business worked and if the classification system you deployed delivered the right balance. It is at this point you can start rolling the technology out further. Creating an effective IRM classification model Once you have selected the initial use case you will address with IRM, you need to design a classification model that defines the access to secured documents within the use case. In Oracle IRM there is an inbuilt classification system called the "context" model. In Oracle IRM 11g it is possible to extend the server to support any rights classification model, but the majority of users who are not using an application integration (such as Oracle IRM within Oracle Beehive) are likely to be starting out with the built in context model. Before looking at creating a classification system with IRM, it is worth reviewing some recognized standards and methods for creating and implementing security policy. A very useful set of documents are the ISO 17799 guidelines and the SANS security policy templates. First task is to create a context against which documents are to be secured. A context consists of a group of related documents (all top secret engineering research), a list of roles (contributors and readers) which define how users can access documents and a list of users (research engineers) who have been given a role allowing them to interact with sealed content. Before even creating the first context it is wise to decide on a philosophy which will dictate the level of granularity, the question is, where do you start? At a department level? By project? By technology? First consider the two ends of the spectrum... One single classification across the entire business Imagine that instead of having separate contexts, one for engineering intellectual property, one for your financial data, one for human resources personally identifiable information, you create one context for all documents across the entire business. Whilst you may have immediate objections, there are some significant benefits in thinking about considering this. Document security classification decisions are simple. You only have one context to chose from! User provisioning is simple, just make sure everyone has a role in the only context in the business. Administration is very low, if you assign rights to groups from the business user repository you probably never have to touch IRM administration again. There are however some obvious downsides to this model.All users in have access to all IRM secured content. So potentially a sales person could access sensitive mergers and acquisition documents, if they can get their hands on a copy that is. You cannot delegate control of different documents to different parts of the business, this may not satisfy your regulatory requirements for the separation and delegation of duties. Changing a users role affects every single document ever secured. Even though it is very unlikely a business would ever use one single context to secure all their sensitive information, thinking about this scenario raises one very important point. Just having one single context and securing all confidential documents to it, whilst incurring some of the problems detailed above, has one huge value. Once secured, IRM protected content can ONLY be accessed by authorized users. Just think of all the sensitive documents in your business today, imagine if you could ensure that only everyone you trust could open them. Even if an employee lost a laptop or someone accidentally sent an email to the wrong recipient, only the right people could open that file. A context for each and every possible granular use case Now let's think about the total opposite of a single context design. What if you created a context for each and every single defined business need and created multiple contexts within this for each level of granularity? Let's take a use case where we need to protect engineering intellectual property. Imagine we have 6 different engineering groups, and in each we have a research department, a design department and manufacturing. The company information security policy defines 3 levels of information sensitivity... restricted, confidential and top secret. Then let's say that each group and department needs to define access to information from both internal and external users. Finally add into the mix that they want to review the rights model for each context every financial quarter. This would result in a huge amount of contexts. For example, lets just look at the resulting contexts for one engineering group. Q1FY2010 Restricted Internal - Engineering Group 1 - Research Q1FY2010 Restricted Internal - Engineering Group 1 - Design Q1FY2010 Restricted Internal - Engineering Group 1 - Manufacturing Q1FY2010 Restricted External- Engineering Group 1 - Research Q1FY2010 Restricted External - Engineering Group 1 - Design Q1FY2010 Restricted External - Engineering Group 1 - Manufacturing Q1FY2010 Confidential Internal - Engineering Group 1 - Research Q1FY2010 Confidential Internal - Engineering Group 1 - Design Q1FY2010 Confidential Internal - Engineering Group 1 - Manufacturing Q1FY2010 Confidential External - Engineering Group 1 - Research Q1FY2010 Confidential External - Engineering Group 1 - Design Q1FY2010 Confidential External - Engineering Group 1 - Manufacturing Q1FY2010 Top Secret Internal - Engineering Group 1 - Research Q1FY2010 Top Secret Internal - Engineering Group 1 - Design Q1FY2010 Top Secret Internal - Engineering Group 1 - Manufacturing Q1FY2010 Top Secret External - Engineering Group 1 - Research Q1FY2010 Top Secret External - Engineering Group 1 - Design Q1FY2010 Top Secret External - Engineering Group 1 - Manufacturing Now multiply the above by 6 for each engineering group, 18 contexts. You are then creating/reviewing another 18 every 3 months. After a year you've got 72 contexts. What would be the advantages of such a complex classification model? You can satisfy very granular rights requirements, for example only an authorized engineering group 1 researcher can create a top secret report for access internally, and his role will be reviewed on a very frequent basis. Your business may have very complex rights requirements and mapping this directly to IRM may be an obvious exercise. The disadvantages of such a classification model are significant...Huge administrative overhead. Someone in the business must manage, review and administrate each of these contexts. If the engineering group had a single administrator, they would have 72 classifications to reside over each year. From an end users perspective life will be very confusing. Imagine if a user has rights in just 6 of these contexts. They may be able to print content from one but not another, be able to edit content in 2 contexts but not the other 4. Such confusion at the end user level causes frustration and resistance to the use of the technology. Increased synchronization complexity. Imagine a user who after 3 years in the company ends up with over 300 rights in many different contexts across the business. This would result in long synchronization times as the client software updates all your offline rights. Hard to understand who can do what with what. Imagine being the VP of engineering and as part of an internal security audit you are asked the question, "What rights to researchers have to our top secret information?". In this complex model the answer is not simple, it would depend on many roles in many contexts. Of course this example is extreme, but it highlights that trying to build many barriers in your business can result in a nightmare of administration and confusion amongst users. In the real world what we need is a balance of the two. We need to seek an optimum number of contexts. Too many contexts are unmanageable and too few contexts does not give fine enough granularity. What makes a good context? Good context design derives mainly from how well you understand your business requirements to secure access to confidential information. Some customers I have worked with can tell me exactly the documents they wish to secure and know exactly who should be opening them. However there are some customers who know only of the government regulation that requires them to control access to certain types of information, they don't actually know where the documents are, how they are created or understand exactly who should have access. Therefore you need to know how to ask the business the right questions that lead to information which help you define a context. First ask these questions about a set of documentsWhat is the topic? Who are legitimate contributors on this topic? Who are the authorized readership? If the answer to any one of these is significantly different, then it probably merits a separate context. Remember that sealed documents are inherently secure and as such they cannot leak to your competitors, therefore it is better sealed to a broad context than not sealed at all. Simplicity is key here. Always revert to the first extreme example of a single classification, then work towards essential complexity. If there is any doubt, always prefer fewer contexts. Remember, Oracle IRM allows you to change your mind later on. You can implement a design now and continue to change and refine as you learn how the technology is used. It is easy to go from a simple model to a more complex one, it is much harder to take a complex model that is already embedded in the work practice of users and try to simplify it. It is also wise to take a single use case and address this first with the business. Don't try and tackle many different problems from the outset. Do one, learn from the process, refine it and then take what you have learned into the next use case, refine and continue. Once you have a good grasp of the technology and understand how your business will use it, you can then start rolling out the technology wider across the business. Deciding on the use of roles in the context Once you have decided on that first initial use case and a context to create let's look at the details you need to decide upon. For each context, identify; Administrative rolesBusiness owner, the person who makes decisions about who may or may not see content in this context. This is often the person who wanted to use IRM and drove the business purchase. They are the usually the person with the most at risk when sensitive information is lost. Point of contact, the person who will handle requests for access to content. Sometimes the same as the business owner, sometimes a trusted secretary or administrator. Context administrator, the person who will enact the decisions of the Business Owner. Sometimes the point of contact, sometimes a trusted IT person. Document related rolesContributors, the people who create and edit documents in this context. Reviewers, the people who are involved in reviewing documents but are not trusted to secure information to this classification. This role is not always necessary. (See later discussion on Published-work and Work-in-Progress) Readers, the people who read documents from this context. Some people may have several of the roles above, which is fine. What you are trying to do is understand and define how the business interacts with your sensitive information. These roles obviously map directly to roles available in Oracle IRM. Reviewing the features and security for context roles At this point we have decided on a classification of information, understand what roles people in the business will play when administrating this classification and how they will interact with content. The final piece of the puzzle in getting the information for our first context is to look at the permissions people will have to sealed documents. First think why are you protecting the documents in the first place? It is to prevent the loss of leaking of information to the wrong people. To control the information, making sure that people only access the latest versions of documents. You are not using Oracle IRM to prevent unauthorized people from doing legitimate work. This is an important point, with IRM you can erect many barriers to prevent access to content yet too many restrictions and authorized users will often find ways to circumvent using the technology and end up distributing unprotected originals. Because IRM is a security technology, it is easy to get carried away restricting different groups. However I would highly recommend starting with a simple solution with few restrictions. Ensure that everyone who reasonably needs to read documents can do so from the outset. Remember that with Oracle IRM you can change rights to content whenever you wish and tighten security. Always return to the fact that the greatest value IRM brings is that ONLY authorized users can access secured content, remember that simple "one context for the entire business" model. At the start of the deployment you really need to aim for user acceptance and therefore a simple model is more likely to succeed. As time passes and users understand how IRM works you can start to introduce more restrictions and complexity. Another key aspect to focus on is handling exceptions. If you decide on a context model where engineering can only access engineering information, and sales can only access sales data. Act quickly when a sales manager needs legitimate access to a set of engineering documents. Having a quick and effective process for permitting other people with legitimate needs to obtain appropriate access will be rewarded with acceptance from the user community. These use cases can often be satisfied by integrating IRM with a good Identity & Access Management technology which simplifies the process of assigning users the correct business roles. The big print issue... Printing is often an issue of contention, users love to print but the business wants to ensure sensitive information remains in the controlled digital world. There are many cases of physical document loss causing a business pain, it is often overlooked that IRM can help with this issue by limiting the ability to generate physical copies of digital content. However it can be hard to maintain a balance between security and usability when it comes to printing. Consider the following points when deciding about whether to give print rights. Oracle IRM sealed documents can contain watermarks that expose information about the user, time and location of access and the classification of the document. This information would reside in the printed copy making it easier to trace who printed it. Printed documents are slower to distribute in comparison to their digital counterparts, so time sensitive information in printed format may present a lower risk. Print activity is audited, therefore you can monitor and react to users abusing print rights. Summary In summary it is important to think carefully about the way you create your context model. As you ask the business these questions you may get a variety of different requirements. There may be special projects that require a context just for sensitive information created during the lifetime of the project. There may be a department that requires all information in the group is secured and you might have a few senior executives who wish to use IRM to exchange a small number of highly sensitive documents with a very small number of people. Oracle IRM, with its very flexible context classification system, can support all of these use cases. The trick is to introducing the complexity to deliver them at the right level. In another article i'm working on I will go through some examples of how Oracle IRM might map to existing business use cases. But for now, this article covers all the important questions you need to get your IRM service deployed and successfully protecting your most sensitive information.

  Read the article

• Postfix - suspend domain from which deferred status was received?

  - by Al Bundy

  Is there a possibility to make Postfix stop trying (for a period of time) to send emails to a domain from which it received a deferred response? Currently my Postfix goes through each address in the queue. Please see the below example. At 09:48:32 the status=deferred appears. After this Postfix should stop trying to send stuff to the yahoo.com domain. Jun 6 09:48:20 mailer postfix/smtp[8644]: C779A233C0: to=<[email protected]>, relay=mta7.am0.yahoodns.net[98.138.112.35]:25, delay=37163, delays=36519/638/1.2/4.9, dsn=2.0.0, status=sent (250 ok dirdel 5/0) Jun 6 09:48:20 mailer postfix/smtp[8644]: C779A233C0: to=<[email protected]>, relay=mta7.am0.yahoodns.net[98.138.112.35]:25, delay=37163, delays=36519/638/1.2/4.9, dsn=2.0.0, status=sent (250 ok dirdel 5/0) Jun 6 09:48:20 mailer postfix/smtp[8644]: C779A233C0: to=<[email protected]>, relay=mta7.am0.yahoodns.net[98.138.112.35]:25, delay=37163, delays=36519/638/1.2/4.9, dsn=2.0.0, status=sent (250 ok dirdel 5/0) Jun 6 09:48:30 mailer postfix/smtp[8643]: C779A233C0: to=<[email protected]>, relay=mta7.am0.yahoodns.net[63.250.192.46]:25, delay=37173, delays=36519/645/1.4/7.4, dsn=2.0.0, status=sent (250 ok dirdel 5/0) Jun 6 09:48:30 mailer postfix/smtp[8643]: C779A233C0: to=<[email protected]>, relay=mta7.am0.yahoodns.net[63.250.192.46]:25, delay=37173, delays=36519/645/1.4/7.4, dsn=2.0.0, status=sent (250 ok dirdel 5/0) Jun 6 09:48:30 mailer postfix/smtp[8643]: C779A233C0: to=<[email protected]>, relay=mta7.am0.yahoodns.net[63.250.192.46]:25, delay=37173, delays=36519/645/1.4/7.4, dsn=2.0.0, status=sent (250 ok dirdel 5/0) Jun 6 09:48:30 mailer postfix/smtp[8643]: C779A233C0: to=<[email protected]>, relay=mta7.am0.yahoodns.net[63.250.192.46]:25, delay=37173, delays=36519/645/1.4/7.4, dsn=2.0.0, status=sent (250 ok dirdel 5/0) Jun 6 09:48:30 mailer postfix/smtp[8643]: C779A233C0: to=<[email protected]>, relay=mta7.am0.yahoodns.net[63.250.192.46]:25, delay=37173, delays=36519/645/1.4/7.4, dsn=2.0.0, status=sent (250 ok dirdel 5/0) Jun 6 09:48:32 mailer postfix/smtp[8644]: C779A233C0: host mta6.am0.yahoodns.net[98.138.112.38] said: 421 4.7.0 [TS01] Messages from x.x.x.250 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html (in reply to MAIL FROM command) Jun 6 09:48:32 mailer postfix/smtp[8644]: C779A233C0: lost connection with mta6.am0.yahoodns.net[98.138.112.38] while sending RCPT TO Jun 6 09:48:33 mailer postfix/smtp[8644]: C779A233C0: to=<[email protected]>, relay=mta7.am0.yahoodns.net[98.138.112.35]:25, delay=37176, delays=36519/655/2.5/0.18, dsn=4.7.0, status=deferred (host mta7.am0.yahoodns.net[98.138.112.35] said: 421 4.7.0 [TS01] Messages from x.x.x.250 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html (in reply to MAIL FROM command)) Jun 6 09:48:33 mailer postfix/smtp[8644]: C779A233C0: to=<[email protected]>, relay=mta7.am0.yahoodns.net[98.138.112.35]:25, delay=37176, delays=36519/655/2.5/0.18, dsn=4.7.0, status=deferred (host mta7.am0.yahoodns.net[98.138.112.35] said: 421 4.7.0 [TS01] Messages from x.x.x.250 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html (in reply to MAIL FROM command)) Jun 6 09:48:34 mailer postfix/smtp[8644]: C779A233C0: to=<[email protected]>, relay=mta7.am0.yahoodns.net[98.138.112.35]:25, delay=37176, delays=36519/655/2.5/0.18, dsn=4.7.0, status=deferred (host mta7.am0.yahoodns.net[98.138.112.35] said: 421 4.7.0 [TS01] Messages from x.x.x.250 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html (in reply to MAIL FROM command)) Jun 6 09:48:34 mailer postfix/smtp[8644]: C779A233C0: to=<[email protected]>, relay=mta7.am0.yahoodns.net[98.138.112.35]:25, delay=37176, delays=36519/655/2.5/0.18, dsn=4.7.0, status=deferred (host mta7.am0.yahoodns.net[98.138.112.35] said: 421 4.7.0 [TS01] Messages from x.x.x.250 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html (in reply to MAIL FROM command)) Jun 6 09:48:34 mailer postfix/smtp[8644]: C779A233C0: to=<[email protected]>, relay=mta7.am0.yahoodns.net[98.138.112.35]:25, delay=37176, delays=36519/655/2.5/0.18, dsn=4.7.0, status=deferred (host mta7.am0.yahoodns.net[98.138.112.35] said: 421 4.7.0 [TS01] Messages from x.x.x.250 temporarily deferred due to user complaints - 4.16.55.1; see http://postmaster.yahoo.com/421-ts01.html (in reply to MAIL FROM command)) Jun 6 09:48:34 mailer postfix/error[8661]: C779A233C0: to=<[email protected]>, relay=none, delay=37177, delays=36519/658/0/0.07, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mta7.am0.yahoodns.net[98.138.112.35] while sending RCPT TO) Jun 6 09:48:34 mailer postfix/error[8661]: C779A233C0: to=<[email protected]>, relay=none, delay=37177, delays=36519/658/0/0.18, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mta7.am0.yahoodns.net[98.138.112.35] while sending RCPT TO) Jun 6 09:48:34 mailer postfix/error[8661]: C779A233C0: to=<[email protected]>, relay=none, delay=37177, delays=36519/658/0/0.35, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mta7.am0.yahoodns.net[98.138.112.35] while sending RCPT TO) Jun 6 09:48:34 mailer postfix/error[8661]: C779A233C0: to=<[email protected]>, relay=none, delay=37177, delays=36519/658/0/0.4, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mta7.am0.yahoodns.net[98.138.112.35] while sending RCPT TO) Jun 6 09:48:34 mailer postfix/error[8661]: C779A233C0: to=<[email protected]>, relay=none, delay=37177, delays=36519/658/0/0.46, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mta7.am0.yahoodns.net[98.138.112.35] while sending RCPT TO) Jun 6 09:48:35 mailer postfix/error[8661]: C779A233C0: to=<[email protected]>, relay=none, delay=37179, delays=36519/660/0/0.16, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mta7.am0.yahoodns.net[98.138.112.35] while sending RCPT TO) Jun 6 09:48:35 mailer postfix/error[8661]: C779A233C0: to=<[email protected]>, relay=none, delay=37179, delays=36519/660/0/0.22, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mta7.am0.yahoodns.net[98.138.112.35] while sending RCPT TO) Jun 6 09:48:36 mailer postfix/error[8661]: C779A233C0: to=<[email protected]>, relay=none, delay=37179, delays=36519/660/0/0.31, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mta7.am0.yahoodns.net[98.138.112.35] while sending RCPT TO) Jun 6 09:48:36 mailer postfix/error[8661]: C779A233C0: to=<[email protected]>, relay=none, delay=37179, delays=36519/660/0/0.36, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mta7.am0.yahoodns.net[98.138.112.35] while sending RCPT TO)

  Read the article

• How can I find the Windows domain logon name of a user from within Outlook 2010?

  - by Chris Farmer

  I need to figure out someone's login name for our domain, and I'd like to be able to do this from within Outlook 2010. I used to be able to do this from Outlook 2007 by right-clicking the user's name in an email message that they'd sent me, and clicking "Outlook Properties..." in the context menu. That would bring up this dialog, which contained what I need in the "alias" field: Now I've installed Outlook 2010. I want to do the same thing, but I can't seem to find a corresponding field. First, I don't see an explicit "Outlook Properties" menu option anymore, and what I think is the corresponding dialog looks completely different: It seems weird that, although I'm looking at the properties of my own name in the same email message in 2007 and 2010 in these screenshots, my name is shown differently in each -- Chris versus Christopher. That makes me think that Outlook isn't really looking in the same place to get this info in each case. So, can I get that "alias" field from within Outlook 2010?

  Read the article

• What does "Local Domain Name" on router do and how do I get it to work?

  - by Giovanni Galbo

  I have a D-Link DGL-4500 router. One of the settings is "Local Domain Name," which I have set to local (see screenshot). What I expect is for me to be able to hit my computers via name, e.g. m6.local should resolve to one of my computers; but this isn't happening. I know that I can do this via hosts file, but it would be neat if I could do it via the router... plus I have devices like an iPad that don't let you edit the hosts file. Am I misunderstanding this router feature or am I doing something wrong?

  Read the article

• Connecting to Aerohive APs from Laptops running Win. 7 using authentication from a Windows 2008 domain server

  - by user264116

  I have deployed a wireless network using Aerohive access points. 2 of them are set up as radius servers. I want my users to be able to use the same user name and password they use when they log onto our domain. They are able to do this from android devices or computers running Windows 8. It will not work on Windows 7 machines. How do I remedy this situation, keeping in mind that the machines are personal machines not company owned and I will have no way to change their hardware or software.

  Read the article

• Log into another XP machine's SQL Server with a different userid? (WORKGROUP, not domain)

  - by Eric H.

  I have two machines at home, both XP Pro SP3. I have no domain controller, so they're both just in WORKGROUP. How can I, using Windows Authentication, log into an instance of SQL Server running on the other machine? Whenever I try it, it seems to try to login as 'Guest', even though I have entered the machine name (OTHER-DESKTOP), and login (OTHER-DESKTOP\otheruser) in the User Accounts Control Panel box. It works fine if I use sql server name and password, so I know the server is running. Any clues?

  Read the article

• In a multi-domain forest, what EXACTLY happens when some, but not all, of the Infrastructure Masters are on Global Catalogs?

  - by MDMarra

  There are plenty of TechNet articles, like this one that say that phantom object don't get updated if an Infrastructure Master is also a Global Catalog, but other than that there isn't a lot of in depth information on what actually happens in this configuration. Imagine a configuration like this: |--------------| | example.com | | | | dedicated IM | |--------------| | | | |-------------------| | child.example.com | | | | IM on a GC | |-------------------| Where child has two DCs that are both global catalogs, meaning that the Infrastructure Master role is on a GC. And, example has three DCs with the Infrastructure Master role on a DC that is not a GC. I understand that it's usually best to just make everything a GC and not have to worry about this sort of thing, but assuming that's not the case - what is the exact error behavior that can be expected from a setup like this, and which domain(s) would this behavior manifest in? The child or the parent?

  Read the article

• How do I apply WinHTTP proxy settings domain-wide?

  - by Oliver Salzburg

  We're already configuring Internet Explorer proxy settings through group policy and it works great. Sadly, I've recently run into multiple issues where those settings are ignored by certain services. I realized that these service have one thing in common. They use WinHTTP, which has its own proxy settings. Now I'm asking myself how to apply those across the whole domain. I realize that I could create a logon script and simply run netsh winhttp import proxy source=ie, but, from experience I know that these settings require a reboot to take effect. So this wouldn't help me at all in a logon script. So, how can I do it?

  Read the article

• Should I be running my scheduled backups as SYSTEM or as the our domain admin?

  - by MetalSearGolid

  I have a daily backup which is scheduled through the Task Scheduler. It failed with a strange error code last night, but I was able to search and find a blog post with how to avoid the error in the future. However, one of his recommendations was to run the backups as the Administrator user of the domain. Since all of the files being backed up are local to this system, should I continue to have the backups run as SYSTEM? Or is it actually better to run it as a different user? I have been running these backups for well over a year now and have only had a handful of failures, but ironically when it does fail, the error code means it was a permissions issue (or so I read, this code seems to be undocumented by Microsoft). Thanks in advance for any insight into this. Might as well post the error code here too, in case anyone would like to share their insight on this as well, but I rarely ever get this error, so I don't care too much about it: 4294967294

  Read the article

• Is it safe to delete "Account Unknown" entries from Windows ACLs in a domain environment?

  - by Graeme Donaldson

  It's not uncommon to see entries in Windows ACLs (NTFS files/folders, registry, AD objects, etc.) with the name "Account Unknown (SID)". Obviously these are because of old AD users or groups which at some point had permissions manually configured on the relevant object and have since been deleted. Does anyone know if it is safe to remove these "Account Unknown" ACEs? My gut feeling is that it should be just fine, but I'm wondering if anyone has any past experiences where doing this has caused trouble? Normally I just ignore these, but the company I'm working at now seems to have an abnormal number of these, most likely due to past admins' inexperience with AD/Windows and assigning permissions to user accounts rather than groups in all sorts of weird places. FWIW, our environment is not complex, a single domain forest, 4 DCs in 3 sites, with all network connectivity and replication healthy, so I'm certain that these "Account Unknown" entries are really old accounts, and not just because of some failure to resolve the SID to a human-readable name.

  Read the article

• How can I correlate a wall jack to a user/machine on the domain?

  - by harryfino

  After reading Valve's new employee handbook, I was really interested in setting up a company map like they described on page 6: "The fact that everyone is always moving around within the company makes people hard to find. That’s why we have http://user — check it out. We know where you are based on where your machine is plugged in, so use this site to see a map of where everyone is right now." What I'm trying to figure out is: how I can tell which machine or domain user (either will do) is connected to a particular wall jack?

  Read the article

• Windows 2003 Server on a domain, XP client PCs on a workgroup - file share without authentication?

  - by Zach

  I have a windows 2003 server on a domain and client PCs running XP on a workgroup. I have created a file share on the server that should be accessible by the client PCs. I even set the security and sharing to 'Everyone' just to test. When I try to access the file share from any of the XP machines, I get an authentication prompt that displays asking for credentials, even though 'Everyone' has full control currently (just for testing purposes). Why is it asking to authenticate? I need it to where it doesn't ask to authenticate. I also made sure passwords were set on all XP machines since I found this could be one possible issue and they all were. Any ideas? Thanks!

  Read the article

• how to? 1 domain name, 1 ISP Static IP, 1 router, 3 physical web Servers

  - by buliwyf

  I have 1 Static IP from my ISP, 58.59.60.61 I have 3 local physical web servers: Win2008 IIS 7, local IP 192.168.10.11, mydomain.com Ubuntu Apache2, local IP 192.168.10.12, subdomain1.mydomain.com Win2003 IIS 6, local IP 192.168.10.13, subdomain2.mydomain.com I have 1 domain name, mydomain.com. It is configured this way: Host(A), @, 58.59.60.61 Host(A), subdomain1, 58.59.60.61 Host(A), subdomain2, 58.59.60.61 My router is a pfSense box. It forwards all port 80 traffic to a group alias called "WebServers," which is my 3 web server IP's. This setup should work right? I believe I need to set the "host header names" in my web servers. In IIS I know how to do this. How do I do this in Apache2?

  Read the article

• Security tips for adding wireless AP to domain network?

  - by Cy

  I am researching best-practices for adding wireless to our existing domain network. My DHCP server is running Windows Server 03 Standard (not sure if thats useful). I am familiar with simple home networking but I thought I'd get some expert advice for the more advanced stuff. Any tips and / or best-practices? Is this Cisco Wireless Access Point a good option? Are there any additional hardware recommendations? Thank you in advance for your help.

  Read the article

• *.example.com wildcard domain can be parsed from a single page?

  - by Sean Kean

  For a domain 'example.com' - what is the easiest way to set up a wildcard dns (*.example.com), hosting, and htaccess/httpd.conf/virtualhost, and script on a page so that: how.do.i.setup.a.site.with.wildcards.like.this.example.com or anything.that.is.given.as.a.subdomain.for.example.com is rendered by a page at example.com/index.html - yet keeps the wildcard subdomain in the URL bar and passes the full URL as a parameter for rendering tags in HTML? An example tag is a Facebook comment: { div class="fb-comments" data-href="http://how.do.i.setup.a.site.with.wildcards.like.this.example.com" data-num-posts="2" data-width="500" } I just opened a hosting account with spry.com and have a VPS running Ubuntu 11.04-x86-LAMP - Essentially, what is the most straightforward way of doing this? Thanks so much. (I originally posted this over on stackoverflow but realize its more of a serverfault question)

  Read the article

< Previous Page | 385 386 387 388 389 390 391 392 393 394 395 396  | Next Page >