Search Results

Search found 3310 results on 133 pages for 'policy compliance'.

Page 50/133 | < Previous Page | 46 47 48 49 50 51 52 53 54 55 56 57  | Next Page >

  • Windows Shares / NTFS permissions on folder redirection in Active Directory

    - by Shawn Gradwell
    A client has folder redirection in AD setup on each user's Home Folder set to the Z:\ drive as \server\share\username. A Group Policy redirects the user's Documents to the user's Home Folder with the option 'Grant the user to exclusive rights to Documents' selected. The share on the server has permissions for the relevant user security group with 'Full Control', but each user's folder only have NTFS permissions only for 'CREATOR OWNER' and 'Domain Admins'. Why can the different users access other user's folders? I thought the most restrictive permissions applied effectively between the share and the NTFS permissions. Also, this setup has been like this for years, and this client recently updated all client computers to Windows 7. What is the best way to setup this redirection now? I assume only in Group Policy, also Basic Redirection - to create a folder for each user under the root path?

    Read the article

  • Is there a way to find what values comes from what file in HAL under Ubuntu?

    - by vava
    I've been playing with multitouch on my Thinkpad and read a few tutorials on how to setup it. One of them mentioned /usr/hal/fdi/policy/20thirdparty/11-x11-synaptics.fdi, I edited it and enabled SHMConfig through it. Later I found out about /etc/hal/policy/ directory and put some customization for my touchpad there as well in separate fdi file. But now it looks like touchpad doesn't care about my customizations. I have gsynaptec installed and can configure it though GUI, I can configure it with synclient but I can't set any values through fdi files. I even turned off SHMConfig, reverting 11-x11-synaptics,fdi file to it's original state but it seems like SHMConfig still enabled, otherwise I wouldn't be able to configure properties in runtime. So, I was thinking, maybe there's additional hal files I don't know about. How can I find them, particularly ones responsible for turning SHMConfig on?

    Read the article

  • Trusted Root certificates regularly disappear on Windows 7

    - by Evgeny
    I've installed several self-signed certificates on my Windows 7 Ultimate x64 machine for development purposes. One was installed into Trusted Root CAs and 2 were installed into My Certificates and Trusted People. Every day or two the certificate installed into Trusted Root CAs disappears and I have to re-install it! This is annoying the hell out of me. Why is it happening and how do I stop it? The other certificates (installed into other stores) do not disappear. My first thought was some kind of Group Policy, but my machine is not part of a domain - though it does obtains its IP address from a corporate DHCP server, so I'm not sure if they can somehow still manage to apply Group Policy to me.

    Read the article

  • Exchange 2007 Email Address Policies

    - by Ryan Migita
    We have recently upgraded to Exchange 2007 (from 2003) and have noticed the change from recipient policies to email address policies. We have two separate domains (let's call them domaina.com and domainb.com) we receive email for, have email address policies and both email address policies are not applied. In our Exchange 2003 environment, domaina.com was the default email address when we created new mailboxes and due to the migration, domainb is the default (and its email address policy is a higher priority). Now, when we create a new mailbox (or edit existing ones), the primary email address becomes domainb.com. Now the question is, is this as simple as putting the email address policies in the correct order? Do I have to apply both policies? What effect will the above changes make to existing mailboxes? Since we do not have any conditions set on the policies, I assume prior to making these changes, I should force all domainb mailboxes to not automatically update email address based on policy? Thanks in advance!

    Read the article

  • Allow users to view Word documents only and not be able to edit, copy or save them.

    - by Alexander
    Hello In a traditional Windows Server 2003 environment with AD, we have shared a folder for our policy documents (MS Word). These documents get edited/updated now and then by the administrator(principal of college). Users only have read-only access to the folder, but they can still save-as and then change the content. Sharepoint is a possible solution but not easy to implement. We also thought of using a CMS on Linux and installing Joomla to let users only view the docs with a document management system... but is it possible to automatically retrieve the policy folder on the network and convert or put it in a format that users can only view and not copy? We also thought of saving the docs to secure pdf format but the principal wants an automated system. Basically she just wants to work in Word and the policies must be available to staff members on the network. Any ideas? Much appreciated.

    Read the article

  • iptables & allowed port refusing connection

    - by marfarma
    Can you see what I'm doing wrong? On Ubuntu Server 9.1, I'm attempting to allow traffic on port 1143 for a non-privileged IMAP host. Connection is refused when testing with telnet example.com 1143 but connection is allowed testing with telnet example.com 80 from my pc to remote internet hosted server. Both rules appear identical and are located near each other with no rules rejecting connections intervening in the rules file. I can't figure it out. iptables -L returns this: Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere REJECT all -- anywhere 127.0.0.0/8 reject-with icmp-port-unreachable ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpt:www ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:http-alt ACCEPT tcp -- anywhere anywhere tcp dpt:7070 ACCEPT tcp -- anywhere anywhere tcp dpt:1143 ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT icmp -- anywhere anywhere icmp echo-request LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix `iptables denied: ' REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere and my rules file contains this: # Generated by iptables-save v1.4.4 on Wed May 26 19:08:34 2010 *nat :PREROUTING ACCEPT [3556:217296] :POSTROUTING ACCEPT [6909:414847] :OUTPUT ACCEPT [6909:414847] -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080 COMMIT # Completed on Wed May 26 19:08:34 2010 # Generated by iptables-save v1.4.4 on Wed May 26 19:08:34 2010 *filter :INPUT ACCEPT [1:52] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1:212] -A INPUT -i lo -j ACCEPT -A INPUT -d 127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT -A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT -A INPUT -p tcp -m tcp --dport 7070 -j ACCEPT -A INPUT -p tcp -m tcp --dport 1143 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT -A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7 -A INPUT -j REJECT --reject-with icmp-port-unreachable -A FORWARD -j REJECT --reject-with icmp-port-unreachable -A OUTPUT -j ACCEPT COMMIT # Completed on Wed May 26 19:08:34 2010

    Read the article

  • How soon does nginx's token bucket replenish when limiting at requests per minute?

    - by Michael Gorsuch
    Hi all. We've decided that we want to experiment and limit requests per minute instead of requests per second on our sites. However, I am confused by the burst parameter in this context. I am under the impression that when you use the 'nodelay' flag, the rate limiting facility acts like a token bucket instead of a leaky bucket. That being the case, the bucket size is equal to the burst parameter, and every time that you violate the policy (say 1 req/s), you have to put a token in the bucket. Once the bucket is full (being equal to the burst setting), you are given a 503 error page. I am also under the impression that once a violator stops going against the policy, a token is removed from the bucket at a rate of 1 token/s allowing him to regain access to the site. Assuming that I have the above correct, my question is what happens when I start regulating access per minute? If we chose 60 requests per minute, at what rate does the token bucket replenish?

    Read the article

  • How to backup a remote VPS machine?

    - by morpheous
    I am considering opting for a VPS solution, with the server running Ubuntu server. I am pretty new to this, and I need to come up with a backup policy for my server data. Initial data is likely to be about 80Mb, and I expect the data to grow at approximately 5Mb to 10 Mb a day. Can anyone recommend: A backup/restore policy (best practises for a small startup) Which tools to use for backup? Another thing that is not clear to me is - where are the files backed up to normally (in the case of remote servers). If the files are backed up to the same machine (or even to another machine but with the same host), there is potentially, a single point of failure). How do people normally backup their server data, and is the probability of machine meltdown or the host company server farm "catching fire" so remote as not to be worth worrying about - especially for a small (read one man) startup like me?

    Read the article

  • Postfix flow/hook reference, or high-level overview?

    - by threecheeseopera
    The Postfix MTA consists of several components/services that work together to perform the different stages of delivery and receipt of mail; these include the smtp daemon, the pickup and cleanup processes, the queue manager, the smtp service, pipe/spawn/virtual/rewrite ... and others (including the possibility of custom components). Postfix also provides several types of hooks that allow it to integrate with external software, such as policy servers, filters, bounce handlers, loggers, and authentication mechanisms; these hooks can be connected to different components/stages of the delivery process, and can communicate via (at least) IPC, network, database, several types of flat files, or a predefined protocol (e.g. milter). An old and very limited example of this is shown at this page. My question: Does anyone have access to a resource that describes these hooks, the components/delivery stages that the hook can interact with, and the supported communication methods? Or, more likely, documentation of the various Postfix components and the hooks/methods that they support? For example: Given the requirement "if the recipient primary MX server matches 'shadysmtpd', check the recipient address against a list; if there is a match, terminate the SMTP connection without notice". My software would need to 1) integrate into the proper part of the SMTP process, 2) use some method to perform the address check (TCP map server? regular expressions? mysql?), and 3) implement the required action (connection termination). Additionally, there will probably be several methods to accomplish this, and another requirement would be to find that which best fits (ex: a network server might be faster than a flat-file lookup; or, if a large volume of mail might be affected by this check, it should be performed as early in the mail process as possible). Real-world example: The apolicy policy server (performs checks on addresses according to user-defined rules) is designed as a standalone TCP server that hooks into Postfix inside the smtpd component via the directive 'check_policy_service inet:127.0.0.1:10001' in the 'smtpd_client_restrictions' configuration option. This means that, when Postfix first receives an item of mail to be delivered, it will create a TCP connection to the policy server address:port for the purpose of determining if the client is allowed to send mail from this server (in addition to whatever other restrictions / restriction lookup methods are defined in that option); the proper action will be taken based on the server's response. Notes: 1)The Postfix architecture page describes some of this information in ascii art; what I am hoping for is distilled, condensed, reference material. 2) Please correct me if I am wrong on any level; there is a mountain of material, and I am just one man ;) Thanks!

    Read the article

  • AWS Elastic load balancer doesn't decrease instances from Alarm Trigger

    - by jchysk
    I have a load balancer that I created an auto-scaling-group and launch-config for. I created the auto-scaling-group with a min-size of 1 and max size of 20. I have a scaledown policy: as-put-scaling-policy SBMScaleDownPolicy --auto-scaling-group SBMAutoScaleGroup --adjustment=-1 --type ChangeInCapacity --cooldown 300 Then I set up an alarm: mon-put-metric-alarm SBMLowCPUAlarm --comparison-operator LessThanThreshold --evaluation-periods 1 --metric-name CPUUtilization --namespace "AWS/EC2" --period 600 --statistic Average --threshold 35 --alarm-actions arn:aws:autoscaling:us-east-1:policystuffhere:autoScalingGroupName/SBMAutoScaleGroup:policyName/SBMScaleDownPolicy --dimensions "AutoScalingGroupName=SBMAutoScaleGroup" When average CPU usage over 10 minutes is under 35, in CloudFront the alarm shows up as "In Alarm State" but doesn't decrease the number of instances. Also, if there's only one instance running it'll spin up another to 2 even if a scale up alarm isn't hit. It seems like the default value is just set to 2 somehow. How can I change this?

    Read the article

  • Using IIS7 why are my PNGs being cached by the browser, but my JS and CSS files not?

    - by Craig Shearer
    I am trying to sort out caching in IIS for my site. Basically, I want nothing cached, except for .png, .js, and .css files. At my site level, I opened the HTTP Reponse Headers and used the "Set Common Hedaers..." to set content to expire immediately. I have no Output Caching profiles set at any level in IIS. I clear my browser cache then try accessing my site. When my site requests a PNG file, I see responses like: Accept-Ranges bytes Age 0 Connection Keep-Alive Content-Type image/png Date Thu, 12 Apr 2012 21:55:15 GMT Etag "83b7322de318cd1:0" Last-Modified Thu, 12 Apr 2012 19:33:45 GMT Server Microsoft-IIS/7.5 X-Powered-By ASP.NET For JS and CSS files, I see responses like: Accept-Ranges bytes Cache-Control no-cache Connection Keep-Alive Content-Encoding gzip Content-Length 597 Content-Type text/css Date Thu, 12 Apr 2012 21:55:15 GMT Etag "06e45ede15bca1:0" Last-Modified Mon, 02 Nov 2009 17:28:44 GMT Server Microsoft-IIS/7.5 Vary Accept-Encoding X-Powered-By ASP.NET Accept-Ranges bytes Cache-Control no-cache Connection Keep-Alive Content-Encoding gzip Content-Length 42060 Content-Type application/x-javascript Date Thu, 12 Apr 2012 21:55:14 GMT Etag "2356302de318cd1:0" Last-Modified Thu, 12 Apr 2012 19:33:45 GMT Server Microsoft-IIS/7.5 Vary Accept-Encoding X-Powered-By ASP.NET So, why are my PNGs able to be cached, but JS and CSS files not? Then, I go into the Output Caching feature in IIS and set up profiles for .png, .css, and .js files. This updates the web.config file as follows: <caching> <profiles> <add extension=".png" policy="CacheUntilChange" kernelCachePolicy="DontCache" /> <add extension=".css" policy="CacheUntilChange" kernelCachePolicy="DontCache" /> <add extension=".js" policy="CacheUntilChange" kernelCachePolicy="DontCache" /> </profiles> </caching> I do a "precautionary" IISReset then try accessing my site again. For PNG files, I see the following response: Accept-Ranges bytes Age 0 Connection Keep-Alive Content-Length 3833 Content-Type image/png Date Thu, 12 Apr 2012 22:02:30 GMT Etag "0548c9e2c5dc81:0" Last-Modified Tue, 22 Jan 2008 19:26:00 GMT Server Microsoft-IIS/7.5 X-Powered-By ASP.NET For CSS and JS files, I see the following responses: Accept-Ranges bytes Cache-Control no-cache,no-cache Connection Keep-Alive Content-Encoding gzip Content-Length 2680 Content-Type application/x-javascript Date Thu, 12 Apr 2012 22:02:29 GMT Etag "0f743af9015c81:0" Last-Modified Tue, 23 Oct 2007 16:20:54 GMT Server Microsoft-IIS/7.5 Vary Accept-Encoding X-Powered-By ASP.NET Accept-Ranges bytes Cache-Control no-cache,no-cache Connection Keep-Alive Content-Encoding gzip Content-Length 3831 Content-Type text/css Date Thu, 12 Apr 2012 22:02:29 GMT Etag "c3f42d2de318cd1:0" Last-Modified Thu, 12 Apr 2012 19:33:45 GMT Server Microsoft-IIS/7.5 Vary Accept-Encoding X-Powered-By ASP.NET What am I doing wrong? Have I completely misunderstood the features of IIS, or is there a bug. Most importantly, how do I achieve what I want - that is get the browser to cache only PNG, JS and CSS files?

    Read the article

  • Time between AWS Notifying of Scale Down and Terminating instance

    - by SteveEdson
    Here is the scenario, there are multiple EC2 instances behind a load balancer. When traffic dies down, the SCALE_DOWN policy is triggered from a CloudWatch alarm. What I would like, is for the instance that is going to be terminated, or a separate server altogether, to be able to run a quick script that will execute a few commands to ensure all data has been transferred. My initial question was going to be how can I send a notification when an instance is going to be terminated by an auto scale, SCALE_DOWN policy. But then I saw this question Amazon EC2 notifying the instance when the autoscale service terminates it. If the notification is sent, how much time is there before the instance actually gets terminated? Are there any parameters to specify this time? Would it be a better idea to notify an instance that it is no longer needed, and get the instance to terminate itself once it has finished running the final script? Or, am I making this into a bigger problem than it actually is, and theres a far simpler solution?

    Read the article

  • Bridge and OpenVPN with shorewall

    - by Javier Martinez
    I have this scenario and everything it's working OK, but I want to configure my Shorewall and I can't do it. My interfaces are: br0 (bridge of eth0) tun0 (OpenVPN) vnet* (each one of bridged interfaces with public IP's) Public Main IP: 188.165.X.Y OpenVPN IP's: 172.28.0.x Bridge: public ip's So, I have the next configuration for shorewall: /etc/shorewall/zones #ZONE TYPE OPTIONS IN OUT # OPTIONS OPTIONS fw firewall inet ipv4 road ipv4 /etc/shorewall/interfaces #ZONE INTERFACE BROADCAST OPTIONS inet br0 detect routeback road tun+ detect routeback /etc/shorewall/policy #SOURCE DEST POLICY LOG LIMIT: CONNLIMIT: # LEVEL BURST MASK $FW all ACCEPT inet $FW DROP info road all DROP inet road DROP /etc/shorewall/tunnels #TYPE ZONE GATEWAY GATEWAY # ZONE openvpnserver:1194 inet 0.0.0.0/0 The problem is that even with shorewall running I am able to ping or connect to the virtual machines behind the bridge

    Read the article

  • RDP failing due to Audit Failure on the IPSec driver

    - by paulwhit
    I am trying to RDP into a Windows 7 Hyper-V image connected to a corporate network that publishes IPSec policies via Active Directory. I am seeing this error in the log: IPsec dropped an inbound clear text packet that should have been secured. If the remote computer is configured with a Request Outbound IPsec policy, this might be benign and expected. This can also be caused by the remote computer changing its IPsec policy without informing this computer. This could also be a spoofing attack attempt. Remote Network Address: XXX.XXX.XXX.XXX Inbound SA SPI: 0 How do I change my settings on the computer using RDP to something suitable for the domain-joined Hyper-V image?

    Read the article

  • Is it possible to use SELinux MCS permissions with Samba?

    - by Yuri
    Created a user1: adduser --shell /sbin/nologin --no-create-home user1 passwd user1 smbpasswd -a user1 smbpasswd -e user1 semanage login -a -s "unconfined_u" -r "s0-s0:c0" user1 Added a category c0 for the folder ./123 inside the Samba share chcat s0:c0 /share/123/ After that the user1 can't go into this folder: type=AVC msg=audit(1332693158.129:48): avc: denied { read } for pid=1122 comm="smbd" name="123" dev=sda1 ino=786438 scontext=system_u:system_r:smbd_t:s0 tcontext=unconfined_u:object_r:samba_share_t:s0:c0 tclass=dir But if remove the c0 category: restorecon -v /share/123/ user1 opens folder with no problem. Is I'm doing something wrong or Samba doesn't support SELinux MCS? Have installed on CentOS 6.2 are: samba3.i686 3.6.3-44.el6 @sernet-samba selinux-policy.noarch 3.7.19-126.el6_2.10 @updates selinux-policy-targeted.noarch 3.7.19-126.el6_2.10 @updates

    Read the article

  • subversion: enforce TLS

    - by Daniel Marschall
    Hello, I am running subversion on a Debian Squeeze system with Apache2 and mod_dav for viewing the contents with a webbrowser. I want to enforce the usage of TLS, so that the login data and the SVN contents cannot be read from the connection. I have tried following: <Location /svn> DAV svn SVNParentPath /daten/subversion/ # our access control policy AuthzSVNAccessFile /daten/subversion/access_control # try anonymous access first, resort to real # authentication if necessary. Satisfy Any Require valid-user # how to authenticate a user AuthType Basic AuthName "Subversion repository" AuthUserFile /daten/subversion/.htpasswd # Test SSLRequireSSL RewriteEngine On RewriteCond %{SERVER_PORT} !443 RewriteRule ^svn/(.)$ https://www.viathinksoft.de/svn/$1 [R,L] </Location> at file /etc/apache2/conf.d/subversion.conf Alas, this does not work. There is no redirect and there is still a HTTP request working at /svn/(projectname)/(somefolder) . This SSL-enforce-policy should work for - viewing the contents with webbrowser - retrieve contents with TurtoiseSVN client - committing contents with TurtoiseSVN client Can you please help me? Regards Daniel Marschall

    Read the article

  • Metro Apps on Windows 8 aren't working with static IP behind auth proxy

    - by Kamal
    In Windows 8 Professional, Metro Apps and Windows Update do not work with static IP settings behind authenticated proxy server. They work with DHCP on the same proxy settings (we have DHCP for wifi and static IP for LAN, both using the same proxy server). IE, Chrome and other desktop apps work nicely with both. Metro apps worked with an auth proxy (DHCP only), when I changed their proxy settings from the "edit group policy" option: Start → Settings → Edit Group Policy → Computer Configuration → Administrative Templates → Network Isolation → Internet Proxy for Apps How can I fix this?

    Read the article

  • FTP not listing files behind firewall (setsockopt (ignored): Permission denied)

    - by KennyDs
    We are developing a Magento application that has a module that works with FTP. Today we deployed this on the testing environment which is setup in the following way: Gateway server which has the following iptables rules: # iptables -L -n -v Chain INPUT (policy ACCEPT 2 packets, 130 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 165 13720 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED Chain FORWARD (policy ACCEPT 7 packets, 606 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 15 965 ACCEPT all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0 0 0 REJECT all -- eth1 eth1 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT 126 packets, 31690 bytes) pkts bytes target prot opt in out source destination These are set at runtime via the following bash script: #!/bin/sh PATH=/usr/sbin:/sbin:/bin:/usr/bin # # delete all existing rules. # iptables -F iptables -t nat -F iptables -t mangle -F iptables -X # Always accept loopback traffic iptables -A INPUT -i lo -j ACCEPT # Allow established connections, and those not coming from the outside iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow outgoing connections from the LAN side. iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT # Masquerade. iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE # Don't forward from the outside to the inside. iptables -A FORWARD -i eth1 -o eth1 -j REJECT # Enable routing. echo 1 > /proc/sys/net/ipv4/ip_forward The gateway server is connected to the WAN via eth1 and is connected to the internal network via eth0. One of the servers from eth1 has the following problem when trying to list files over ftp: $ ftp -vd myftpserver.com Connected to myftpserver.com 220 Welcome to MY FTP Server ftp: setsockopt: Bad file descriptor Name (myftpserver.com:magento): XXXXXXXX ---> USER XXXXXXXX 331 User XXXXXXXX, password please Password: ---> PASS XXXX 230 Password Ok, User logged in ---> SYST 215 UNIX Type: L8 Remote system type is UNIX. Using binary mode to transfer files. ftp> ls ftp: setsockopt (ignored): Permission denied ---> PORT 192,168,19,15,135,75 421 Service not available, remote server has closed connection When I try listing the files in passive mode, same result. When I run the same command on the gateway server, everything works fine so I believe that the issue is happening because of the iptables rules not forwarding properly. Does anyone have an idea which rule I need to add to make this work?

    Read the article

  • How can I get a Windows 2008 print server to deploy to child domains?

    - by Tyler Benson
    I am setting up a print server for our company that has a parent domain and 2 child domains. The print server is on the parent domain and I have no problems getting the print server to deploy printers through group policy to users on its own domain. The problem I am having is that it isn't deploying the printers to users that are in it's child domains. Some other info that may help: I am not sharing or listing printers in the directory I have added pushprinterconnections.exe to the group policy login script Does anything come to mind?

    Read the article

  • Windows Server 2003 GPO Applied to only a few users?

    - by caleban
    How do I apply the policy: Computer Configuration/Administrative Templates/Windows Components/Terminal Services/Client Server data redirection/Do not allow client printer redirection only to a few users? Do I have to create 2 OU's and 2 policies just for this? I see I can't create a group and apply the GPO to the group and add the users to that group. How do I selectively apply a policy to only a few users without creating a whole new OU for them (and without changing each user's AD properties individually)? Thanks in advance.

    Read the article

  • Exchange 2007 Email Address Policies

    - by Ryan Migita
    We have recently upgraded to Exchange 2007 (from 2003) and have noticed the change from recipient policies to email address policies. We have two separate domains (let's call them domaina.com and domainb.com) we receive email for, have email address policies and both email address policies are not applied. In our Exchange 2003 environment, domaina.com was the default email address when we created new mailboxes and due to the migration, domainb is the default (and its email address policy is a higher priority). Now, when we create a new mailbox (or edit existing ones), the primary email address becomes domainb.com. Now the question is, is this as simple as putting the email address policies in the correct order? Do I have to apply both policies? What effect will the above changes make to existing mailboxes? Since we do not have any conditions set on the policies, I assume prior to making these changes, I should force all domainb mailboxes to not automatically update email address based on policy? Thanks in advance!

    Read the article

  • Check a list of passwords strength

    - by user144705
    Is there any way to check a list of passwords whether they strong or not? I have a list of passwords, around 2000, and want to check them against this policy Password must contain a minimum of eight (8) characters Password must contain at least one letter Password must contain at least one number Password must contain at least one punctuation character And count how many compliant with that policy before we save them. Is there any tool, script or maybe rules in excel to do this instead of doing it manually? Could you please help me?

    Read the article

  • When the Windows Firewall Service is disabled I cannot remote desktop (RDP) to the machine

    - by Matt
    When the Windows Firewall Service is disabled I cannot remote desktop (RDP) to the machine. Has anyone seen this? This is on Win7 64 Enterprise on a domain. Is it some sort of domain policy perhaps? EDIT: Yes, when the firewall service is enabled, RDP works like a charm. I can also ping the system when the firewall service is on, but not when it is off. I am starting to suspect some sort of corporate imposed security policy, but GPedit hasn't really showed anything of significance.

    Read the article

  • SSH stops at "using username" with IPTables in effect

    - by Rautamiekka
    We used UFW but couldn't make the Source Dedicated ports open, which was weird, so we purged UFW and switched to IPTables, using Webmin to configure. If the inbound chain is on DENY and SSH port open [judged from Webmin], PuTTY will say using username "root" and stops at that instead of asking for public key pw. Inbound chain on ACCEPT the pw is asked. This problem didn't happen with UFW. Picture of IPTables configuration in Webmin: http://s284544448.onlinehome.us/public/PlusLINE%20Dedicated%20Server,%20Webmin,%20IPTables,%200.jpgThe address is to the previous rautamiekka.org. iptables-save when on INPUT DENY: # Generated by iptables-save v1.4.8 on Wed Apr 11 16:09:20 2012 *mangle :PREROUTING ACCEPT [1430:156843] :INPUT ACCEPT [1430:156843] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1415:781598] :POSTROUTING ACCEPT [1415:781598] COMMIT # Completed on Wed Apr 11 16:09:20 2012 # Generated by iptables-save v1.4.8 on Wed Apr 11 16:09:20 2012 *nat :PREROUTING ACCEPT [2:104] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT # Completed on Wed Apr 11 16:09:20 2012 # Generated by iptables-save v1.4.8 on Wed Apr 11 16:09:20 2012 *filter :INPUT DROP [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [1247:708906] -A INPUT -i lo -m comment --comment "Machine-within traffic - always allowed" -j ACCEPT -A INPUT -p tcp -m comment --comment "Services - TCP" -m tcp -m multiport --dports 22,80,443,10000,20,21 -m state --state NEW,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m comment --comment "Minecraft - TCP" -m tcp --dport 25565 -j ACCEPT -A INPUT -p udp -m comment --comment "Minecraft - UDP" -m udp --dport 25565 -j ACCEPT -A INPUT -p tcp -m comment --comment "Source Dedicated - TCP" -m tcp --dport 27015 -j ACCEPT -A INPUT -p udp -m comment --comment "Source Dedicated - UDP" -m udp -m multiport --dports 4380,27000:27030 -j ACCEPT -A INPUT -p udp -m comment --comment "TS3 - UDP - main port" -m udp --dport 9987 -j ACCEPT -A INPUT -p tcp -m comment --comment "TS3 - TCP - ServerQuery" -m tcp --dport 10011 -j ACCEPT -A OUTPUT -o lo -m comment --comment "Machine-within traffic - always allowed" -j ACCEPT COMMIT # Completed on Wed Apr 11 16:09:20 2012 iptables --list when on INPUT DENY: Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere /* Machine-within traffic - always allowed */ ACCEPT tcp -- anywhere anywhere /* Services - TCP */ tcp multiport dports ssh,www,https,webmin,ftp-data,ftp state NEW,ESTABLISHED ACCEPT tcp -- anywhere anywhere /* Minecraft - TCP */ tcp dpt:25565 ACCEPT udp -- anywhere anywhere /* Minecraft - UDP */ udp dpt:25565 ACCEPT tcp -- anywhere anywhere /* Source Dedicated - TCP */ tcp dpt:27015 ACCEPT udp -- anywhere anywhere /* Source Dedicated - UDP */ udp multiport dports 4380,27000:27030 ACCEPT udp -- anywhere anywhere /* TS3 - UDP - main port */ udp dpt:9987 ACCEPT tcp -- anywhere anywhere /* TS3 - TCP - ServerQuery */ tcp dpt:10011 Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere /* Machine-within traffic - always allowed */ The UFW rules prior to purging on INPUT DENY: 127.0.0.1 ALLOW IN 127.0.0.1 3306 DENY IN Anywhere 20,21/tcp ALLOW IN Anywhere 22/tcp (OpenSSH) ALLOW IN Anywhere 80/tcp ALLOW IN Anywhere 443/tcp ALLOW IN Anywhere 989 ALLOW IN Anywhere 990 ALLOW IN Anywhere 8075/tcp ALLOW IN Anywhere 9987/udp ALLOW IN Anywhere 10000/tcp ALLOW IN Anywhere 10011/tcp ALLOW IN Anywhere 25565/tcp ALLOW IN Anywhere 27000:27030/tcp ALLOW IN Anywhere 4380/udp ALLOW IN Anywhere 27014:27050/tcp ALLOW IN Anywhere 30033/tcp ALLOW IN Anywhere

    Read the article

  • Gentoo box can't cURL or ping after restarting net.eth1

    - by Curlybraces
    Hi all, the following is completely baffling me. We currently have a gentoo box which acts as our LAMP, DNS, DHCP server. This is assigned a static IP on the network. This server is connected directly to the internet via a BT BusinessHub Router. The server is also connected to a patch panel/switch port which connects the remaining office (around 10 PC's) to the server. Everything has been plain sailing until the other day when the server was restarted. For some reason now only portions of network accessibility is available depending on which ethernet device was last restarted. Restarting net.eth0 allows the office server to cURL, ping, etc but stops all networked PC's from accessing the internet. Then restarting net.eth1 restores all internet to the network but stops the server from curling, pinging, etc again. However, even when the server can't ping, curl, etc, I can still remote SSH and remote MySQL connect from the server command line to other external servers that we own. Here's my route map (router is 192.168.1.254): Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo 0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth1 Here's my /etc/conf.d/net: iface_eth0="192.168.1.99 broadcast 192.168.1.255 netmask 255.255.255.0" iface_eth1="dhcp" None of the above have ever been changed however. Things have just ceased to operate correctly, which makes me think it's a freshly added Iptables rule. Here's the Iptables Filter table: Chain INPUT (policy ACCEPT) target prot opt source destination DROP tcp -- ##.##.##.## anywhere tcp dpt:ssh ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:2199 ACCEPT tcp -- anywhere anywhere tcp dpt:3199 ACCEPT tcp -- ##.###.###.## anywhere tcp dpt:http ACCEPT tcp -- ###.###.##.## anywhere tcp dpt:2199 ACCEPT tcp -- ##.###.###.### anywhere tcp dpt:http ACCEPT tcp -- ##.###.##.## anywhere tcp dpt:http ACCEPT tcp -- ##.###.###.### anywhere tcp dpt:3128 ACCEPT udp -- ##.###.###.### anywhere udp dpt:3128 ACCEPT tcp -- ##.###.###.### anywhere tcp dpt:http ACCEPT tcp -- ##.###.###.### anywhere tcp dpt:https Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere ##.###.###.## DROP all -- anywhere ##.###.###.## ACCEPT all -- anywhere anywhere state NEW,ESTABLISHED Chain OUTPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- anywhere anywhere udp spt:2199 ACCEPT udp -- anywhere anywhere udp spt:4817 ACCEPT udp -- anywhere anywhere udp spt:4819 ACCEPT udp -- anywhere anywhere udp spt:3199 Help gratefully appreciated.

    Read the article

< Previous Page | 46 47 48 49 50 51 52 53 54 55 56 57  | Next Page >