Search Results

Search found 16797 results on 672 pages for 'directory traversal'.

Page 68/672 | < Previous Page | 64 65 66 67 68 69 70 71 72 73 74 75  | Next Page >

• Which firewall ports do I need to open in order for a domain trust to work?

  - by Massimo

  I have two Active Directory domains in two different forests; each domain has two DCs (all of them Windows Server 2008 R2). The domains are also in different networks, with a firewall connecting them. I need to create a two-way forest trust between the two domains and forest. How do I configure the firewall to allow this? I found this article, but it doesn't explain very clearly which traffic is required between DCs, and which traffic (if any) in needed instead between domain computers in one domain and DCs for the other one. I'm allowed to permit all traffic between the DCs, but allowing computers in one network to access DCs in the other one would be a little more difficult.

  Read the article

• Migrating Gmail to Office 365

  - by user218699

  Good Morning, I have been setting up Office 365 for my organization. We are currently using Gmail. I have synced our local Active Directory server w/ Office 365, as well as our domains. The problem I am having has to do with migrating mailboxes from Gmail to Office 365. I have been using this article to walk me through the process: http://technet.microsoft.com/en-us/library/dn568114.aspx The issue arises when I begin to sync the mailboxes. Currently I have been trying to sync my own mailbox as a test. The synchronization process has been going on for about 15 hours (for just one mailbox) with no errors or any information given by Office 365, other than the "Syncing" status on the migration page in the Exchange Admin Center. Is syncing a single mailbox supposed to take this long, or have I missed a step? Thanks!

  Read the article

• Find out what resource is triggering bad password attempt?

  - by Craig Tataryn

  Background: Have a problem at work where I am constantly being locked out of my computer. We are in an environment that has a Domain Controller and we use Active Directory for authentication. By going through my normal workflow while on the phone with Desktop Support we were able to track the bad password attempts that were causing the lockouts to an application: "Eclipse". This is the application I use to do software development. I immediately thought it was a cached password for our SVN server that's the culprit, however the desktop support person couldn't tell me which resource the password attempt was being made against (i.e. which URL for instance). Question: Is there a way that I can monitor bad authentication requests made by an application on my desktop and find out what resource they are attempting it against?

  Read the article

• Samba file shares - ownership of folder accessible for 1 group verified by MS active direcctory

  - by jackweirdy

  I have a machine set up to share a folder /srv/sambashare, here's an exerpt of the config file: [share] path = /srv/sambashare writable = yes The permissions of that folder are set at 700 and it is owned by nobody:nogroup at the moment. The problem I face is probably a simple one but I'm fairly new to Samba so I'm not sure what to do. The contents of the share should be accessible to a particular user who will authenticate with domain credentials, checked against Active Directory by kerberos. I haven't got kerberos configured yet as I wanted to test the share as soon as samba was configured, albeit basically, to ensure that it works. I've noticed that I can only access & write to the share when the folder is either owned by the user logging in or made world writable. The key issues are that this folder can't be world writable as it contains sensitive stuff, but at the same time can't be owned by a user or group since they come from the AD server. Anyone know what I should do?

  Read the article

• How are cached Windows credentials stored on the local machine?

  - by MDMarra

  How are cached Active Directory domain credentials stored on a Windows client? Are they stored in the local SAM database, thus making them susceptible to the same rainbow table attacks that local user accounts are susceptible to, or are they stored differently? Note, that I do realize that they are salted and hashed, so as not to be stored in plain-text, but are they hashed in the same way as local accounts and are they stored in the same location? I realize that at a minimum they're be susceptible to a brute force attack, but that's a much better situation than being vulnerable to rainbow tables in the event of a stolen machine.

  Read the article

• How can i use one Domain Controller to manage 3 separate small firms

  - by Plamen Jordanov

  currently we have one Domain Controller that have 15 users and cup off services(hMailServer, IIS, DNS, Active Directory). Now the owners of the firm created two new firms which computers and networks are my responsibility. Now i wonder how exactly to join users in existing domain. Did you think that is a good idea to just include all computers and user from all firms under one domain or there is another solution ? Did some of you run into this kind of situation and what did you do ? ---Edit--- Brent, Dan thank for info guys. For now i will follow Brent advice until we get the new server witch we will virtualize and the old server will be our second DC on different location. Heck we even might think some Pay-as-you-go VPS solution for DC redundancy.

  Read the article

• Data loss with roaming profiles on login on two different computers

  - by Jurriaan Pijpers

  We have a Windows server 2003 system with Active Directory and all of our users have roaming profiles. One of the users let someone login with his username and password on a different computer (2) while he was working on his own computer (1). Now when this user logs in on his own computer (1), the profile that is loaded is one that dates back many months (i think from the last time he logged on to computer 2). My suspicion is that the profile that was cached on computer 2 from many months back when this user last logged on on this computer, on logoff, synced over the newer profile on the server. so that now when he logs in, he gets this old profile. Now my questions: Is it possible to retrieve te newer profile? Is it possible to keep this from happening in the future?

  Read the article

• LDAP authentication: Windows Server2k3 vs. 2k8

  - by wolfgangsz

  We have around 70% linux users, all of which are configured to authenticate against Active Directory through LDAP. In order for this to work, we used the "Windows Services for Unix" under Windows Server 2003, and it all works fine. We are now at a point where the server running this contraption is getting a bit tired and will be replaced with a newer machine, running Windows Server 2008 (where the relevant services such as user name mapping and password changes, etc., are integrated with the OS). And here's the rub: If a new user is configured through the Win2k3 server, then it all works fine. If the same thing is done through the Win2k8 server, then : The ADS plugin on the 2k3 server does not recognize it and behaves as if the UNIX attributes were never set. The user cannot authenticate against ADS using LDAP. Has anybody encountered this problem? If so, how did you overcome this? If you need any additional information to provide further help, just ask and I shall provide it.

  Read the article

• nagios ldap-group based front end login permission issues

  - by Eleven-Two

  I want to grant users access to the nagios 3 core frontend by using an active directory group ("NagiosWebfrontend" in the code below). The login works fine like this: AuthType Basic AuthName "Nagios Access" AuthBasicProvider ldap AuthzLDAPAuthoritative on AuthLDAPURL "ldap://ip-address:389/OU=user-ou,DC=domain,DC=tld?sAMAccountName?sub?(objectClass=*)" AuthLDAPBindDN CN=LDAP-USER,OU=some-ou,DC=domain,DC=tld AuthLDAPBindPassword the_pass Require ldap-group CN=NagiosWebfrontend,OU=some-ou,DC=domain,DC=tld Unfortunately, every nagios page just shows "It appears as though you do not have permission to view information for any of the services you requested...". I got the hint, that I am missing a contact in nagios configuration which is equal to my login, but creating one with the same name as the domain user had no effect on this issue. However, it would be great to find a solution without manually editing nagios.conf for every new user, so the admins could grant access to nagios by just putting the user to "NagiosWebfrontend" group. What would be the best way to solve it?

  Read the article

• IIS App Pool Identity Internet Settings

  - by Programming Hero

  How does an IIS App Pool determine its Internet Settings? I'm specifying a custom identity under which to host a .NET web application, a service account that is part of our Active Directory domain. When the application runs, it needs to make HTTP requests to other servers. This action causes it to read web and proxy settings from some location, but I can't understand where it goes for this information. Does it look: At the default account's settings on that box? At the default profile on the AD server? Its own local/roaming profile? A combination of the above? Somewhere completely different?

  Read the article

• AD Local Admins without password sharing

  - by Cocoabean

  My team is building out an Active Directory environment in a small grad school with support for general computer labs, and staff/faculty machine and account management. We have a team of student consultants that are hired to do general help desk work. As of now we have a local admin account on every machine. It has the same password and all of us know it. I know it's not best practice and I want to avoid this with the new setup. We want to have local admin accounts in case there are network issues that prevent AD authentication, but we do not want this account to be generic with a shared password. Is there a way we can get each machine to cache the necessary information to authenticate a group of local admins so that if AD is somehow inaccessible, student consultants can still login with their AD admin accounts?

  Read the article

• Use Google Apps/Cloud Services as a Domain Controller Replacement

  - by user124548

  This is a Canonical Question about Cloud Services replacing Active Directory. Is it possible to use Google Apps or another Cloud Service as a replacement for a Windows Domain Controller (replacing my whole AD infrastructure)? Specifically, I want to remove our dependence on a local Windows Server; currently it acts as a Domain Controller with File and Print Services. I'd like to seamlessly replace this server with something based on hosted applications. I do not just want to move the server to a dedicated or collocated server. I have yet to figure out how to piece together printer/etc sharing. If anyone has any insight into this, it would be appreciated. The goal is to eventually move all my servers to the cloud then write up a case study on the whole affair.

  Read the article

• How do I get a listing of music files on a specific drive

  - by Kevin34

  I'm helping someone setup thier IPOD, but they are using Windows 7, and I know XP. I don't see the music in the directory lising on his computer that I see on the IPOD. So I'm trying to search for all music files on e: In Windows XP, this is easy. Windows 7 has changed everything. I googled this, and I found to type "music" in the Windows search bar. This result in music "Libraries." Great. There's still not a listing of the files. I can search for *.wma, but that doesn't list all the music on the IPOD. There are many types of music files, how do I get a list of ALL music files on JUST drive e:? Again, on XP this was VERY easy.

  Read the article

• Microsoft Outlook 2007 Limit attachment size

  - by tasmanian_devil

  I have qmail server and authetication on Active Directory. All clients use Microsoft Outlook 2007 as default mail client. A have one central location and several remote location wich are connected with slow link speed connection. I have attachment limit on qmail, but i have problem when client attach file localy and send mail, attachment is been uploaded to qmail server and rejected because exceeded limit. Is it possible to limit attachment localy on MS Outlook 2007? I know that Office 2010 have attachment limitation but i think that is not working on Office 2007.

  Read the article

• Allow Domain Users to install software on their computers

  - by Christa

  How would I go about allowing a 'domain user' to install software on their computer. I have active directory and group policy in place. Is there a setting in group policy that would allow this? I don't really want to make the domain users domain admins as well. There is a way to do this by adding the user to their local admins group under computer management. I need this for about 50 users so that gets to be a long process with that many users. Server: Windows Server 2008 R2 Client Machines: Windows 7

  Read the article

• How to blacklist Terminal Services startup environment setting?

  - by JBurace

  I have a user in Active Directory who uses this setting in the Environment tab: Start the following program at logon: "C:\Program Files\PName\Folder\gui.exe" This runs okay on various computers (that are on the domain) including his own. But the user needs to RDP into a Windows Server which does not have this program (which is normal). When the user RDPs into the server and logs in with the AD account, an error occurs about C:\Program Files\PName\Folder\gui.exe missing and the user then gets stuck at a grey screen. The user needs to RDP into this server; how can one blacklist that Environment setting from activation on a specific machine on the domain?

  Read the article

• Putting shortcuts onto user's machines using AD

  - by Rod

  I just handled a small task, which I would like to automate through Active Directory. We’ve written a few Intranet applications which get used a lot here. Occasionally someone will have to go to the front desk and work on something there, while one of the receptionists are away. They’ll always call us to have us put a shortcut onto their desktop linking to these Intranet applications. It’s just a bit of a nuisance, and I’m sure that AD could be used to automate creating shortcuts on user’s desktops pointing to our Intranet applications. The only thing is, I don’t know how to do this, and being a small shop that we are, we don’t have a system administrator at this time. So, how do we automate the creation of desktop shortcuts to websites, using AD in a Windows 2003 Server environment?

  Read the article

• RHEL 6.5 and LDAP

  - by zuboje

  I am trying to connect our Active directory server to brand new RHEL 6.5 server. I want to authenticate users using AD credentials, but I want to restrict that only certain users can login, I don't want to allow anybody from AD to connect to it. I would like to use something like this: CN=linuxtest,OU=SecurityGroups,DC=mydomain,DC=local but I am not sure how would I setup OU and CN. I use sssd for authentication and my id_provider = ad. I wanted to use id_provider = ldap, but that did not work at all and RHEL customer service told me to setup this way. But I want to have a little bit more control who can do what. I know I can use this to restrict simple_allow_users = user1, user2, but I have 400+ users, I really don't want to go and type them all. Question is how would I setup OU or CN for my search?

  Read the article

• System Center 2012 R2 System Discovery Network Utilization

  - by AtomicReaction

  I'm in charge of a deployment of Microsoft System Center Configuration Manager 2012 R2. Currently, I'm working through the discovery methods and trying to decide how to enable automatic discovery of systems and users. On Microsoft's documentation, they warn that Configuration Manager Automatic Discovery traffic can get pretty significant if you aren't careful in your implementation. Can anyone who has used this give me some information on how much traffic I should expect? We currently have around 1000 computers and 4000 user accounts in Active Directory. Thanks!

  Read the article

• Modifying Exchange 2003 accounts in Exchange 2010 management console?

  - by MartinC

  You can look at Exchange 2003 accounts via the 2010 Management console but is modifying supported? No warnings that it is not, and all is held in Active Directory. Adding an additional email address works... But results in Error 4, Keywords "classic" Task Get-MailboxStatistics writing error when processing record of index 0. Error: Microsoft.Exchange.Management.Tasks.MdbAdminTaskException: Mailbox 'domain/OU/account name' doesn't exist in an Exchange 2007 or later mailbox database. Management Console has the updated change, as does ADUC in 2003.

  Read the article

• Automate setup of constrained kerberos delegation in AD

  - by Grhm

  I have a web app that uses some backend servers (UNC, HTTP and SQL). To get this working I need to configure ServicePrincipalNames for the account running the IIS AppPool and then allow kerberos delegation to the backend services. I know how to configure this through the "Delegation" tab of the AD Users and Computers tool. However, the application is going to be deployed to a number of Active Directory environments. Configuring delegation manually has proved to be error prone and debugging the issues misconfiguration causes is time consuming. I'd like to create an installation script or program that can do this for me. Does anyone know how to script or programmatically set constrained delegation within AD? Failing that how can I script reading the allowed services for a user to validate that it has been setup correctly?

  Read the article

• join ZFS/Solaris to windows AD 2003/2008 domain

  - by user95587

  I have a client trying to join his newly updated ZFS/Solaris box to my Windows AD 2003/2008 domain. Here is the command he is using and the error he is getting; Console: root@xxx:/etc/inet# smbadm join -u USER DOMAIN After joining DOMAIN the smb service will be restarted automatically.Would you like to continue? [no]: yes Enter domain password: Joining DOMAIN ... this may take a minute ... failed to join DOMAIN: UNSUCCESSFUL Please refer to the system log for more information. From /var/adm/messages: Sep 22 10:12:00 xxx smbd[593]: [ID 702911 daemon.error] smbrdr_exchange[116]: failed (-3) Sep 22 10:12:01 xxx smbd[593]: [ID 232655 daemon.notice] ldap_modify: Insufficient access Sep 22 10:12:01 xxx smbd[593]: [ID 898201 daemon.notice] Unable to set the TRUSTED_FOR_DELEGATION userAccountControl flag on the machine account in Active Directory. Please refer to the Troubleshooting guide for more information. Sep 22 10:12:01 xxx smbd[593]: [ID 526780 daemon.notice] Failed to establish NETLOGON credential chain Sep 22 10:12:01 xxx smbd[593]: [ID 871254 daemon.error] smbd: failed joining DOMAIN (UNSUCCESSFUL)

  Read the article

• Cant Add Columns to a AD Task pad except for the top level of the domain

  - by Darktux

  We are working on Active Directory taskpads application for user management in our organization and facing stange issue. When we create a taskpad, and when we are at top level of the domain, i can click view - Add/Remove Columns and add "Pre Windows Name" (and lots of other properties) to the taskpad as columns, but when i just go 1 level down , i can only see "Operating System" and "Service Pack" ; why is it happening , isnt "Domain Admins" supposed to god access to all the things in AD domain , atleast of objects they own? It is important to have "Pre Windows 2000" Name as a column begause with out that our "Shell Command" task wont show up in taskpads, since its bound to parameter "Col<9" (which is pre qindows name). Please do let me know if any additions questions to clarify my problem.

  Read the article

• How can I log in to a malfunctioning domain controller?

  - by Billy ONeal

  Hello :) I have a setup here with a single domain controller and 4 servers which were whithin it's domain. The servers were brought down and are being repurposed, but we would like to keep backups of the machines around. I am going through one by one and taking the backups, which requires that I login to these machines. I've been able to login to all the servers, except the domain controller. The domain controller itself seems to have not started all it's active directory services, and when one tries to login, it complains that the system cannot log you on now because the domain XXXXX is not available. How can I login to this box? Billy3

  Read the article

• Cannot assign multi-line values to CustomAttributes with Set-Mailbox

  - by Biglig

  A colleague is implementing an application that generates signatures and publishes them to Outlook. It would be useful to him if I could store a multi-line string for each user in Active-Directory. Using one of the Custom-Attributes seems obvious, but if I try set-mailbox biglig -CustomAtribute1 "First Line``r``n Second Line" then CustomAttribute1 gets set to "FirstLineSecondLine" and looses the breaks. However, the same syntax works fine when I set e.g. StreetAddress or Notes. Of course, those are changed with set-user rather than set-mailbox. According to Technet's reference for set-user and set-mailbox, The CustomAttributes, StreetAddress, and Notes all take a system.string as their value. Is it just the case that some attributes accept multi-line strings and some don't? If so, can anyone suggest a workaround?

  Read the article

< Previous Page | 64 65 66 67 68 69 70 71 72 73 74 75  | Next Page >