Search Results

Search found 2782 results on 112 pages for 'it policy'.

Page 72/112 | < Previous Page | 68 69 70 71 72 73 74 75 76 77 78 79  | Next Page >

• When RDP as a Domain User, Smart Card Requested

  - by Paul

  My W8 machine is connected to domain zen. If I rdp to the W8 machine, I can log in as a local user without problems. If I try to log in as a domain user, I am prompted for a smart card instead of a password. Any ideas why? Note that Interactive login: require smart card is disabled in group policy: And here is the output from rsop.msc: Some additional information on this one. If my connecting machine is on the same domain/network as the W8 machine, then I am prompted for a password as usual. If the machine is remote, on a different domain, then I am prompted for a smart card. In addition, the machine I am connecting from that gets the smartcard prompt is an XP box. I haven't isolated exactly which of these factors triggers the different response.

  Read the article

• Limit a process's relative (not absolute) processor consumption in Linux

  - by BobBanana

  What is the standard way in Linux to enforce a system policy to limit the relative CPU use of a single process? That is, on a quad-core machine, I never want a process to use more than 2 CPUs at once, even if the process creates more threads. I do not want an absolute time limit, just a relative limit so that one task cannot dominate the machine. This is also different than renice, which allows a process to use all the resources but just politely step aside if others need them too. ulimit is the usual resource limiting tool, but it does not allow such CPU restrictions.. it can limit the number of processes per user, or absolute CPU time, not restrict the maximum number of active threads of a single process. I've found a couple of user-level tools, like CPUlimit, but not a system level tool or setting. Does such a standard resource controller exist in Linux (Red Hat Enterprise, if it matters.) If there is such a limit imposed, how would a user identify it?

  Read the article

• Packets marked INVALID in FORWARD rule

  - by Raphink

  I have a firewall that has 3 IP aliases on 1 physical interface. Packets get dropped between these 3 interfaces (either ICMP, HTTP, or anything else). We tracked it down to these packets being marked INVALID in the FORWARD rule and dropped due to the this rule: chain FORWARD { policy DROP; # connection tracking mod state state INVALID LOG log-prefix 'INVALID FORWARD DROP: '; mod state state INVALID DROP; mod state state (ESTABLISHED RELATED) ACCEPT; } (That is, we see the INVALID FORWARD DROP logs in dmesg) What could be causing this?

  Read the article

• ASA 5540 v8.4(3) vpn to ASA 5505 v8.2(5), tunnel up but I cant ping from 5505 to IP on other side

  - by user223833

  I am having problems pinging from a 5505(remote) to IP 10.160.70.10 in the network behind the 5540(HQ side). 5505 inside IP: 10.56.0.1 Out: 71.43.109.226 5540 Inside: 10.1.0.8 out: 64.129.214.27 I Can ping from 5540 to 5505 inside 10.56.0.1. I also ran ASDM packet tracer in both directions, it is ok from 5540 to 5505, but drops the packet from 5505 to 5540. It gets through the ACL and dies at the NAT. Here is the 5505 config, I am sure it is something simple I am missing. ASA Version 8.2(5) ! hostname ASA-CITYSOUTHDEPOT domain-name rngint.net names ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! interface Vlan1 nameif inside security-level 100 ip address 10.56.0.1 255.255.0.0 ! interface Vlan2 nameif outside security-level 0 ip address 71.43.109.226 255.255.255.252 ! banner motd ***ASA-CITYSOUTHDEPOT*** banner asdm CITY SOUTH DEPOT ASA5505 ftp mode passive clock timezone EST -5 clock summer-time EDT recurring dns server-group DefaultDNS domain-name rngint.net access-list outside_1_cryptomap extended permit ip host 71.43.109.226 host 10.1.0.125 access-list outside_1_cryptomap extended permit ip 10.56.0.0 255.255.0.0 10.0.0.0 255.0.0.0 access-list outside_1_cryptomap extended permit ip 10.56.0.0 255.255.0.0 10.106.70.0 255.255.255.0 access-list outside_1_cryptomap extended permit ip 10.56.0.0 255.255.0.0 10.106.130.0 255.255.255.0 access-list outside_1_cryptomap extended permit ip host 71.43.109.226 host 10.160.70.10 access-list inside_nat0_outbound extended permit ip host 71.43.109.226 host 10.1.0.125 access-list inside_nat0_outbound extended permit ip 10.56.0.0 255.255.0.0 10.0.0.0 255.0.0.0 access-list inside_nat0_outbound extended permit ip 10.56.0.0 255.255.0.0 10.106.130.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip 10.56.0.0 255.255.0.0 10.106.70.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip host 71.43.109.226 10.106.70.0 255.255.255.0 pager lines 24 logging enable logging buffer-size 25000 logging buffered informational logging asdm warnings mtu inside 1500 mtu outside 1500 icmp unreachable rate-limit 1 burst-size 1 icmp permit any inside no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 0.0.0.0 0.0.0.0 route outside 0.0.0.0 0.0.0.0 71.43.109.225 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 dynamic-access-policy-record DfltAccessPolicy aaa-server TACACS+ protocol tacacs+ aaa-server TACACS+ (inside) host 10.106.70.36 key ***** aaa authentication http console LOCAL aaa authentication ssh console LOCAL aaa authorization exec authentication-server http server enable http 192.168.1.0 255.255.255.0 inside http 10.0.0.0 255.0.0.0 inside http 0.0.0.0 0.0.0.0 outside snmp-server host inside 10.106.70.7 community ***** no snmp-server location no snmp-server contact snmp-server community ***** snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec transform-set ESP-AES-128-SHA esp-aes esp-sha-hmac crypto ipsec transform-set ESP-AES-128-MD5 esp-aes esp-md5-hmac crypto ipsec transform-set ESP-AES-192-SHA esp-aes-192 esp-sha-hmac crypto ipsec transform-set ESP-AES-192-MD5 esp-aes-192 esp-md5-hmac crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac crypto ipsec transform-set ESP-AES-256-MD5 esp-aes-256 esp-md5-hmac crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac crypto ipsec transform-set ESP-DES-SHA esp-des esp-sha-hmac crypto ipsec transform-set ESP-DES-MD5 esp-des esp-md5-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto map outside_map 1 match address outside_1_cryptomap crypto map outside_map 1 set pfs group1 crypto map outside_map 1 set peer 64.129.214.27 crypto map outside_map 1 set transform-set ESP-3DES-SHA crypto map outside_map interface outside crypto isakmp enable outside crypto isakmp policy 1 authentication pre-share encryption des hash md5 group 2 lifetime 86400 telnet timeout 5 ssh 10.0.0.0 255.0.0.0 inside ssh 0.0.0.0 0.0.0.0 outside ssh timeout 5 console timeout 0 management-access inside dhcpd auto_config outside ! dhcpd address 10.56.0.100-10.56.0.121 inside dhcpd dns 10.1.0.125 interface inside dhcpd auto_config outside interface inside ! dhcprelay server 10.1.0.125 outside dhcprelay enable inside dhcprelay setroute inside dhcprelay timeout 60 threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept tftp-server inside 10.1.1.25 CITYSOUTHDEPOT-ASA-Confg webvpn tunnel-group 64.129.214.27 type ipsec-l2l tunnel-group 64.129.214.27 ipsec-attributes pre-shared-key ***** ! ! prompt hostname context

  Read the article

• How can I restrict my mates to stop downloading?

  - by user239295

  We are sharing an internet broadband connection with 6 users at a place we live. We get 20 gb fup ( Fair usage policy) with 2 mbps speed from the ISP after the 20 gb is consumed the speed comes down to 512 kbps very difficult to browse any page. The problem is we cannot track which user/mate is downloading and ending the FUP. it is very difficult to track so is there something that we can allot per user some amount of space like 2 gb of downloading or restrict all from downloading so that we can utilize all the fup till the end of the month. We are using this connection as wifi configured. A adsl router is configured as wifi and we all using all 6 laptops. No PC. Any help would be appreciated. I apologize if i am not clear with my question.

  Read the article

• Proxy Server suggestions

  - by Jon Menefee

  Here is the question I have that hopefully is not too general of a question. I have a network with approximately 25 PC's, 3 servers and 25 IP cameras. I have a firewall already on the network and it works fine for what I need, but my client is asking me if there is a way to put a Proxy server on the network to monitor where his employees are going when they surf the Internet. He is not wanting to block them (at least not thru the Proxy server), but he wants to make sure that they arent going to sites that would compromise the networked PCs. I have looked at TMG and it is a little more than what I want. I hesitate adding another firewall to the system because of the security cameras that are presently on the network (IP Cameras). I just want to put a policy in AD that would make certain Users (or Computers) use a Proxy server. Any suggestions on a good proxy server are welcome. Thank you

  Read the article

• Windows updates behind a physical firewall with only IP based rules and generic outbound connections are turned off

  - by user125245

  I have some boxes that I do not want to allow any in or outbound traffic to the internet Except for windows updates. However the fire wall in place (Cisco ASA) apparently only supports ip based rules. As best I can tell access to Microsoft updates via anything other then the half dozen URL masks the Microsoft lists as needed does not appear possible. I have kicked around building a full WSUS that I would then manually copy the update files to so that no direct Microsoft access is needed but this sounds very top heavy for the very few boxes involved. I have also kicked around manual updates all around but am not certain how to be conveniently and confidently sure that the correct updates are being applied in the correct order. Any ideas from any direction would be appreciated. I want this as simple / cost effective as possible but have very little flexibility on the only absolutely required internet access policy.

  Read the article

• How to remove IE toolbar and menu bar

  - by Metallikanz

  We have a asp.net web application which will be used in an intranet environment on IE 6. We want to change the default configuration of the browser so that it's always rendered without the Tool Bars, Menu Bars and Address Bar, just the browser window frame and the status bar should be present. We were looking at the IEAK toolkit for IE6 but it doesn't seem to have the option of turning all this off though you can turn off certain menus and toolbar options. Any ideas of how this can be done, is there a group policy setting or something that we can utilize here to get this done? Thanks for your help.

  Read the article

• Windows Task Scheduler won't let me uncheck "Wake the computer" option for a backup task

  - by KdawgUD

  I have a problem with my windows 7 laptop automatically waking after I put it to sleep and then I find it later with the battery drained. I tracked down the culprit using the "powercfg -lastwake" command to be a Backup task in the "Windows Server" section of the task scheduler. I have tried unchecking the "Wake the computer to run this task" checkbox for this task, but after I do this and reboot, the box is always rechecked again. How can I make this setting persist? I have full admin rights to this laptop, but it is on a domain. Edit: I looked into the domain policy settings as suggested by Dave below and did not find any policies related to scheduled task settings. Any other ideas?

  Read the article

• Disqus cache of unposted posts

  - by user129107

  Some webpages implement Disqus and also have the rather bad policy of adding auto refresh to the page. This result in for example one writing a long answer in a debate and then a refresh comes along – and everything is gone. Is the comments, written, but not posted, cached somewhere? Is it possible to retrieve? I have experienced this on various pages. In the current case the debate page was reloaded and a rather lengthy post with a lot of references and long thought out sentences vanished. This page closes the debate during night time, and do a auto refresh of the page when one pass midnight – as such I'm not able to retrieve the debate for another 8 hours. Other pages implement for example an auto refresh after 20 minutes. Linux, Google Chrome.

  Read the article

• SFTP not working, but SSH is

  - by Dan

  I've had a server running CentOS for a few months now. A few days ago, I stopped being able to connect to it over SFTP. I've tried from multiple computers, OSes, clients, and internet connections. I can SSH in just fine, though. For example, Nautilus gives me this: Error: DBus error org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken. Please select another viewer and try again. I was under the impression that SFTP was just pure SSH, and if one worked, the other would, and vice-versa. Clearly that's not the case, though. What could I have done wrong?

  Read the article

• 'Unlimited' free trial of Windows Server 2008 by deleting and reinstalling VM? [closed]

  - by MrVimes

  I am using Virtual Machine software (VirtualBox) to learn Windows Server 2008 R2 Network Infrastructure (70-642). Trouble is - I'm learning at an extremely slow pace and so the trial periods of my virtual machines are close to running out. If I delete the VMs then install WS2008R2 from scratch on new VMs is that violating the acceptable use policy of Microsoft? I am aware that I can extend the trial, but it seems I can only do that by 10 days at a time. Also I think having to re-install from scratch is a good way to reinforce the knowledge.

  Read the article

• User account restriction error and unable to access share

  - by user44394

  I have a windows share with full control granted to individual domain user accounts on the share and security permission. Whenever the user attempts to browse to the share they receive the error: Logon failure user account restriction. Possible reasons are blank passwords not allowed, logon hour restrictions, or a policy restriction has been enforced. If the users are added to the administrators group on this machine they are able to browse the share without issue. What do I need to change to allow them access to the share without being administrators on that machine?

  Read the article

• TPM had to be reintialized: Does a new recovery password have to be uploaded to AD?

  - by MDMoore313

  Some way some how, a user's machine couldn't get read the bitlocker password off of the TPM chip, and I had to enter the recovery key (stored in AD) to get in. No big deal, but once in the machine, I tried to suspend bitlocker per recovery documentation, and got an error message about the TPM not being initialized. I knew the TPM was on and activated in the BIOS, but Windows still made me reinitialize the TPM chip, and in the process it created a new TPM owner password. I found that odd because it prompted me to save this password or print it (there wasn't an option not to), but it made no reference of a recovery password, nor did it back this password up to AD. After the user took her laptop and left I started thinking that if the TPM password change, does the recovery password change also? If so, that new recovery password will need to be uploaded to AD, but MS' documentation doesn't make that clear, and doesn't back up the new recovery key (if one exists) to AD automatically when the group policy says it must, and from a network standpoint AD is accessible.

  Read the article

• Domain Key Entries

  - by natediggs

  More BIND DNS questions. OK, my changes the the zone files are no propagating out. Now I'm having a problem with the domain key entries I'm trying to create. I'm starting by trying to set the domain key policy. To do so I added the following entry to my zone file (actual domain XXX'd out). Based on everything I've read this is properly formatted and should work. When I try to verify the DNS entry for our domain it doesn't how up. _domainkey.XXXX.com TXT "t=y; o=~;" Is there something I'm missing? Nate

  Read the article

• Minimum rights to access the whole Users directory on another computer

  - by philipthegreat

  What is the minimum rights required to access the Users directory on another computer via an admin share? I have a batch file that writes some information to a few other computers using a path of \\%COMPUTERNAME%\c$\Users\%USERNAME%\AppData\Roaming. The batch files run under an unprivileged user (part of Domain Users only). How do I set appropriate rights so that service account can access the AppData\Roaming folder for every user on another computer? I'd like to give rights lower than Local Admin, which I know will work. Things I've attempted: As Domain Admin, attempted to give Modify rights to the C:\Users\ directory on the local computer. Error: Access Denied. Set the service account as Local Admin on the other computer. This works, but is against IT policy where I work. I'd like to accomplish this with rights lower than Local Admin. Any suggestions?

  Read the article

• Windows Home Server restore causes computer to be removed from the domain?

  - by unknown (google)

  I restored my Dell M4400 that is a company laptop, and now I get an error when I try to log on and am connected to our corporate network, which says that the domain controller could not be found or that the computer is not part of the domain. Everyone else can log on, so it seems my computer is no longer part of the domain, even though it thinks it is per the settings. One thing of note: my computer crashed on 1/14/10, but I restored from a backup that was made on 12/20/09. So I am not sure if that made a difference? Also, I tried running "gpupdate" to update my group policy, but that did not seem to help. Any ideas? Seems like a bit of a flaw in the backup system for computers that are part of a domain. I guess I wanted to hear from someone with more knowledge about how a computer is recognized as part of a domain to know if this should be expected when doing a restore or if I should file a trouble ticket.

  Read the article

• IPSec VPN IP addresses

  - by Randomblue

  I have an IPSec VPN on my Windows 7 machine (all using the native Windows 7 gateway). The host I am connecting to has different ISAKMP "Phase 1" and "Phase 2" IP addresses. As I understand, the Phase 1 address is that of the IPsec endpoint, to which I can connect just fine. The Phase 2 address is found in their "crypto map", and the addresses need to match. At the moment, both my Phase 1 and Phase 2 addresses are configured the same. On my side, I get the error "Error 791: The L2TP connection attempt failed because security policy for the connection was not found" How can I configure the Phase 2 IP address for my Windows 7 IPSec VPN to be different to the IPSec endpoint address?

  Read the article

• How do you do the offsite hard drive backups?

  - by kentchen

  I have been doing hard drive backups for a while, which I believe a lot of you guys do as well, but am having trouble figuring out a better way storing them offsite. I am wondering how you guys out there do that. Any policy or tips & tricks when it comes to offsite store your backups, mainly hard drives not tapes. Thanks in advance. [update] Thanks for mentioning the online backup. We are actually in the middle of this process. And I 100% agree that it's the ultimate way to go. However, considering the cost, sometimes it may not be the option, as it's a quite expensive option if you also consider the application level. I guess online backup can be a very good one in the separate topic. :)

  Read the article

• Run 2008 R2 Service under 2000 Domain Account

  - by NoDisassemble

  I'm trying to get a service to run under a domain account. When I try to add the account, I get the error The account name is invalid or does not exist, or the password is invalid for the account name specified I know the account exists and the password is correct. I am also having trouble adding it manually to the "Log on as a service" setting, I get the error An extended error has occured. Failed to save Local Policy Database After a day of research I'm starting to suspect it has to do with it being a 2008 R2 server trying to use a 2000 domain account. I've tried to change the LAN Manager authentication level and the Minimum session security looks okay per my Google digging. I'm not sure what else I can do?

  Read the article

• Ideal permissions scheme for multiple Apache/PHP sites...

  - by Omega

  I'm hosting multiple sites from one server where each site has it's own user and www directory in their home dir. Currently our web server runs as user nobody(99). We're noticing that to run several popular scripts and engines, they require write access to their own files. As the home directory is owned by the user, not nobody(99), what is the best policy or change in hosting configuration that would: ...make it so that all the various engines and platforms work? ...still allow us to work with files and edit them without having to diddle with permissions as root? Thanks for the advice!

  Read the article

• Personally identifiable information (PII) on shared web hosting

  - by S. Cobbs

  Hey folks, I am providing web hosting services (shared and dedicated) and have had one of my shared hosting clients mention needing an SSL cert for their site where they are collecting insurance quotes in a form, including names and social security numbers. My privacy sense is tingling, and I'm pretty sure it's not legal (in the US) to do this on a shared system, but can't find anything to support my thoughts outside of PCI-DSS, but the customer isn't processing payments through the site so I'm not sure if that applies. I'm reading lots of policy documents where people advise to minimize and manage the PII footprint internally, but as the host I don't want to put all of my customer's clients at possible risk. I'm not looking here for legal advice necessarily, but perhaps someone in a similar position to mine can provide some rule of thumb or point me in the right direction.

  Read the article

• Getting a Non-Genuine windows message on a Genuin Windows 7

  - by user36257

  I have a Genuin Win7 enterprise on my Laptop. A few hours ago when I wanted to log into windows it did not accept my Password. I used the safe mode and it accepted the password I was using before this new password. It is the laptop for work and we have a changing password policy for every three months, so the pasword that I could use in SAFE MODE was the password I had for the last previous threee months. ... after that I used SYSTEM RESTORE and it reveretd it back to Yesterday ... so this time I could loging successfully with my current password. BUT It shows me a message that I am a victim of software counterfeiting and when I restarted the windows again and logged into windows, this time it is just a black desktop. weird...any ideas?

  Read the article

• How to prevent windows 7 shutdown/lock/logoff?

  - by user507993

  Hi, guys In my company staff have to check in after retch to company and check out before leave company on a internal site, sometimes I forget it totally...it's awful. Now i want a program which shows a prompt window when lock/logoff/shutdown, in this way i won't forget any more. Indeed i develop a program (some words and two buttons), and configure this program started when lock/logoff/shutdown in group policy, here is the question: how can i prevent my windows 7 shutdown/logoff/lock? it means i click the button "yes, i want" my pc still running and chrome or something showed up, if i click the button "no, thanks", my pc will shutdown/logoff/lock. please help, thx! i am looking forward to you. ps: i am not good in english, hope you understand. thx again!

  Read the article

• Windows 8.1 keeps prompting for Network Share Credentials after every log on or restart

  - by Peret del Trunfa

  I have a Network drive Shared in a Workgroup with 3 clients. Two clients with Windows 7 have persistent connections to the Share. No issues with those two. My windows 8.1 client keeps prompting for credentials at every restart / log on. I spent hours looking around for a solution: I have stored cred in cred manager, and tried every possible combination (WORKGROUP\user , COMPUTERNAME\user, user, .. and so on). I have changed NT and NTLM negotiation in policy manager. I've compared the settings under GPO network security with a working win 7 computer, everything is pretty much the same. -I've captured Wireshark to see SMB negotiation process, honestly I see the messages flowing around, and the share sending AUTH DENIED.. which means is how the 8.1 client formats the request.... that makes the share reject it.. Now I still don't really know why. Any ideas would be appreciated.

  Read the article

< Previous Page | 68 69 70 71 72 73 74 75 76 77 78 79  | Next Page >