Search Results

Search found 3310 results on 133 pages for 'policy compliance'.

Page 83/133 | < Previous Page | 79 80 81 82 83 84 85 86 87 88 89 90  | Next Page >

• 8021x wireless clients auto connect prior to user login

  - by JohnyV

  I am using a 2008 r2 dc that also performs Radius (NPS), I also have a 2008 r2 certificate authority which is giving out certificates. The computers are getting the certificate and when a user logs into the device (that has previously logged in) gets put on the correct VLAN (according to there user access). However I cant get the computers to join the wireless network prior to logging in, so that they can log in with their domain accounts and authenticate through the wireless. The basic setup is Computer gets group policy which tells it to get a certificate the computer then has a seperate vlan to join just as a computer account however the wireless computer wont connect through that vlan. (this vlan allows login information only then once the users credentials are verified it puts them onto another VLAN). So I am trying to work out why the notebook wont auto connect to the wireless network as a computer. Thanks

  Read the article

• Windows 7 offline files - work temporarily offline even if network connection works

  - by Robert

  Sometimes I am connected via VPN to a network containing the server where files are stored which are cached by Windows offline files feature. Sometimes the connection works good and working this way is not a problem - on other times working is quite a pain because of high latency when working with the files in the Windows explorer. Is there an interactive way how a user (with admin permissions) can temporary suspend online usage of offline files? I already activated the "Transparent caching" group policy feature (Computer Configuration Policies Administrative Templates Networks Offline Files) with a network latency of 200msec but from my experience even if I get ping times to the file server of less than 40msec online usage is quite tenacious. Setting low latency times at this point causes the offline files often to toggle which makes problems with some applications working with several files and requires them to be consistent (like SVN client).

  Read the article

• Full disk encryption on linux (ubuntu) w/o re-installing - possible?

  - by sa125

  Hi - I work at a company that takes security very seriously (like most). Our IT guy came in today to prepare us mentally to re-install our systems after he'll apply the new encryption policy (which will basically scrape our HD clean). For our team this means about a week of re-configuring, installing, and tweaking our desktops until we are back to work capacity - anyone who has to re-install a development machine probably knows what I'm talking about. So, I guess my question is if there's any way to perform full disk encryption on a linux (ubuntu = 9.04) system without having to re-install EVERYTHING [sigh]. IT guy said there isn't any - please prove him wrong. thanks :)

  Read the article

• firehol (firewall) with bridge: how to filter

  - by Leon

  I have two interfaces: eth0 (public address) and lxcbr0 with 10.0.3.1. I have a LXC guest running with ip 10.0.3.10 This is my firehol config: version 5 trusted_ips=`/usr/local/bin/strip_comments /etc/firehol/trusted_ips` trusted_servers=`/usr/local/bin/strip_comments /etc/firehol/trusted_servers` blacklist full `/usr/local/bin/strip_comments /etc/firehol/blacklist` interface lxcbr0 virtual policy return server "dhcp dns" accept router virtual2internet inface lxcbr0 outface eth0 masquerade route all accept interface any world protection strong #Outgoing these protocols are allowed to everywhere client "smtp pop3 dns ntp mysql icmp" accept #These (incoming) services are available to everyone server "http https smtp ftp imap imaps pop3 pop3s passiveftp" accept #Outgoing, these protocols are only allowed to known servers client "http https webcache ftp ssh pyzor razor" accept dst "${trusted_servers}" On my host I can connect only to "trusted servers" on port 80. In my guest I can connect to port 80 on every host. I assumed that firehol would block that. Is there something I can add/change so that my guest(s) inherit the rules of the eth0 interface?

  Read the article

• Capslock turns on intermittenly on Windows Login Screen

  - by NoCarrier

  At first I thought it was a coworker playing a joke on me.. I have a habit of locking my workstation whenever I leave my desk. however i have noticed over the last several years that sometimes the capslock key would be on when I return. I don't notice this until i try typing in my password (which would fail because its in ALL CAPS) and then glance at the now illuminated caps lock key. This has happened on and off across half a dozen workstations on 2000, XP, Vista, and Windows 7. Possible causes I'm losing my mind "feature" in windows? some sort of institutional domain policy at my workplace someone has been messing with me for many many years ?

  Read the article

• WS-AT Issue between WPS 6.2 and WAS 7.0

  - by AK

  Hi, I have a BPEL running on WPS 6.2 trying to call a web service on developed on RAD 7.5, deployed on RAD test environment. I have setup WS Transaction policy on both client and server. I get an error on WAS 7.0 saying Must Understand check failed for headers: {http:// schemas.xmlsoap.org/ws/2004/10/wscoor}CoordinationContext I tried to generate the same webservice on ibm wid 6.2 and deployed on EAR on WAS 7, it works perfect. Any thoughts ? Is there a SOAP runtime mismatch ? Help appreciated . -AK

  Read the article

• OpenLDAP Password Expiration with pwdReset=TRUE?

  - by jsight

  I have configured the ppolicy overlay for OpenLDAP to enable password policies. These things work: Password lockouts on too many failed attempts Password Change required once pwdReset=TRUE added to user entry Password Expirations If the account is locked out due to intrusion attempts (too many bad passwords) or time (expiration time hit), the account must be reset by an administrator. However, when the administrator sets pwdReset=TRUE in the profile, this seems to also override the expiration policy. So, the password that the administrator sent out (which should be a temporary password) ends up being valid permanently. Is there a way in OpenLDAP to have a password that must be changed, but also MUST expire?

  Read the article

• Sharepoint Server 2007 generates event log entry every 5 minutes - "The SSP Timer Job Distribution L

  - by Teevus

  I get the following error logged into the Event Log every 5 minutes: The SSP Timer Job Distribution List Import Job was not run. Reason: Logon failure: the user has not been granted the requested logon type at this computer In addition, OWSTimer.exe periodically gets into a state where its consuming almost all the CPU and only killing the process or restarting the Sharepoint services fixes it (although I'm not sure if this is a related or seperate issue). I have tried the following (based on various suggestions floating around the web), all to no avail: iisreset (no affect) Added the Sharepoint and Sharepoint Search service accounts to Log on as a batch job and Log on as a service policies in the Group Policies for the domain. I went into the Local Computer Policy on the Sharepoint server and verified that those policies had actually been applied Verified that the Sharepoint and Sharepoint Search service accounts are both in the WSS_WPG group Verified in dcomcnfg that the WSS_WPG group (and indeed the Sharepoint and Sharepoint search service accounts) has local activation rights for SPSearch. Any more suggestions would be valued. Thanks

  Read the article

• Must I have Exchange to use Blackberry Enterprise Server Express?

  - by John Spaz

  In the past I've setup BES (not express) for a company that just wanted their users on the corporate network, they didn't care for email or any other enterprise feature, they just wanted to push a policy that the phones internet should be routed through the corporate network. I want to setup BES Express now for a customer that also just wants the phones on his network but wherever I look, it says that BES Express requires Exchange. Is there a way to install BES Express without Exchange and without a AD Domain? Basically what the customer wants to accomplish is to be able to filter and log the internet access on the phones.

  Read the article

• Cannot WMI Query root\MSCluster namespace as Local Admin

  - by Matt Zuberko

  I'm trying to use WMI Explorer to query the root\MSCluster namespace on various hosts to obtain cluster resource group and resource object data. I can access the namespace with no issue on Win2K3 cluster nodes but am getting an access denied error attempting to connect to Win2K8 and Win2K8R2 nodes. I can access the root\cimv2 namespace with no issue, just the MSCluster namespace even though I am a local Admin. Is there a feature setting, local security policy or server role I have to be a member of to access the namespace? Thank you!

  Read the article

• ITIL Incident Classification - Fault vs SR vs Technical Incident

  - by ExceptionLimeCat

  I am new to ITIL and Incident classifcations and I am trying learn more about them and understand how they could integrate in our organization. I have found it difficult to find a clear definition of Fault vs. Service Request vs. Technical incidents. I am basing my definitions on this article: http://www.itsmsolutions.com/newsletters/DITYvol6iss27.htm As I understand it: Service Request - Service provided by IT as part of regular administration of a system. Fault - An unexpected error in a system. Technical Incident - An interruption or potential interruption in IT service due to an expected incident caused by some IT policy.

  Read the article

• How to stop Windows 7 from applying patches on shutdown

  - by Stabledog

  I have my Windows 7 Pro set up to "download patches, but let me choose when to install them". However, on several occasions, when I have shut down the O/S, Windows Update has proceeded with a lengthy patch application even though I issued no permission to do so. This is a bit scary to me... in particular, it seems I cannot trust the Windows Update settings. Is this official policy somewhere at Microsoft, or am I witnessing a bug? What can be done about it?

  Read the article

• What is the harm in giving developers read access to application server application event logs?

  - by Jim Anderson

  I am a developer working on an ASP.NET application. The application writes logging messages to the Windows event log - a custom application log just for this application. However, I do not have any access to testing or staging web/application servers. I thought an admin could just give me read access to this event log to help in debugging problems (currently a service that is working in dev is not working in test environment and I have no idea why) but that is against my client's (I'm a consultant) policy. I feel silly to keep asking an admin to look at the event log for me. What is the harm in giving developers read access to application server application event logs? Is there a different method of application logging that sysadmins prefer programmers use? Surely, admins don't want to be fetching logging messages for developers all the time.

  Read the article

• Blocking the Apple OS X App Store

  - by Jon Rhoades

  Being the evil corporate IT overlords we need to block the new OS X App Store. As you may be aware the 10.6.6 update installs the App Store App which allows users to download and install apps without admin privileges. Some Suggestions: Don't update to 10.6.6+ Use parental controls Presumably some OD policy (if you have an OD server which we don't) Block the App store by DNS or Proxy Not updating to 10.6.6+ isn't really a long term solution as it contains security fixes and new Macs will come with it anyway. Blocking the App store at a network level doesn't solve laptop users. Ideally a simple system preference or editing of a plist that can be pushed out by ARD would be the best solution. Please note the question isn't should we block the App store, it's how we can block the App store.

  Read the article

• OpenLDAP Password Expiration with pwdReset=TRUE?

  - by jsight

  I have configured the ppolicy overlay for OpenLDAP to enable password policies. These things work: Password lockouts on too many failed attempts Password Change required once pwdReset=TRUE added to user entry Password Expirations If the account is locked out due to intrusion attempts (too many bad passwords) or time (expiration time hit), the account must be reset by an administrator. However, when the administrator sets pwdReset=TRUE in the profile, this seems to also override the expiration policy. So, the password that the administrator sent out (which should be a temporary password) ends up being valid permanently. Is there a way in OpenLDAP to have a password that must be changed, but also MUST expire?

  Read the article

• How to allow IAM users to setup their own virtual MFA devices

  - by Ali

  I want to let my IAM users to setup their own MFA devices, through the console, is there a single policy that I can use to achieve this? So far I can achieve this through a number of IAM policies, letting them list all mfa devices and list users (so that they can find themselves in the IAM console and ... I am basically looking for a more straight forward way of controlling this. I should add that my IAM users are trusted users, so I don't have to (although it will be quite nice) lock them down to the minimum possible, so if they can see a list of all users that is ok.

  Read the article

• How to run a command as administrator on Windows7 from a command line?

  - by Radek

  I need to run tscon.exe 0 /dest:console remotely = not manually on Windows7 as an administrator. More info here How to use tscon on Windows7? I did my research and OPTION 1 - runas for user root (no password) on computer yogurt works C:\>runas /user:yogurt\root cmd Enter the password for yogurt\root: Attempting to start cmd as user "yogurt\root" ... for user administrator (I thought the the password is blank too) on computer yogurt doesn't work. I am asked for password, hit the enter and C:\>runas /user:yogurt\administrator cmd Enter the password for yogurt\administrator: Attempting to start cmd as user "yogurt\administrator" ... RUNAS ERROR: Unable to run - cmd 1327: Logon failure: user account restriction. Possible reasons are blank passwo rds not allowed, logon hour restrictions, or a policy restriction has been enforced. OPTION 2 - setting properties of a batch file so it always runs as administrator. The 'privilege level' section is greyed out for me under Compatibility level. So I am not able to tick the check box Run this program as an administrator

  Read the article

• Task Scheduler : Logon as Batch Job Rights

  - by Brohan

  I'm trying to set up a scheduled task which will work under the Network Administrators account, whether the account is logged in or not (on a specificed computer) According to the Task Scheduler, I need 'Logon as batch job rights'. Attempting to change this setting in the Local Security Policy window has it the option to add the Administrator account to the groups greyed out. Currently, only LOCAL_SERVICE may Logon as Batch job. Attempting to add administrator to this group hasn't worked. How do I make it able to set this permission so that I can run tasks if I'm logged in or not?

  Read the article

• The Server Fault Wiki of recommended practices [migrated]

  - by Avery Payne

  So I've noticed that there are several recommendations on basic practices on Server Fault, but there doesn't seem to be a cohesive view as to how those recommendations would all fit together. So I thought I would lump these together as a kind of mental exercise to see what the "ServerFault Community IT Department" would look like if it were implemented. This would give a few things: it would make a reasonable wiki (in the true wiki spirit of many contributions), it would provide several links to well-vetted practices, and it would be kind of fun to see what the amalgamation would look like. And who knows, it may even point out some interesting issues between different forms of "best practices", although I would be stunned if there was a conflict hidden in there someplace... Add your favorites from Server Fault as answers, and I'll re-edit this section with the results. Here's a few catagories to collect different ideas together. Hardware Configuration(s) Server room configuration. Server room temperature Firmware Updates and Scheduling Storage Configuration(s) Selecting a NAS box Linux: Dealing with /tmp Linux: Install apps in /var or /opt? Network Configuration(s) checking DNS health and compliance Security Practice(s) Password (General) Best Practices Password sharing methods Windows Update Updating Windows Servers that are hosts for VMs Network Service(s) User Service(s) User Naming & Deletion Upgrade Process(es) Disaster Recovery Checking Backups Documenting an outage for a post-mortem review Last Edit: 2010-02-17

  Read the article

• Need to setup a RADIUS server to authenticate a Windows client to a Windows server

  - by drosenblatt

  I have a server that I have technicians who need to be able to access using shared credentials. However, doing that violates our security policy (!). I need each user to be able to authenticate using their own credentials, but the server in question has to be logged in with a certain login (these two requirements are clearly diametrically opposed). I thought that this would be a great application for a RADIUS server. I know how to setup RADIUS to go from Windows -- Cisco, but I have no idea how to use RADIUS to authenticate Windows -- Windows. Can this be done? If so, how?

  Read the article

• Metro Apps on Win 8 aren't working with static ip behind auth proxy

  - by Kamal

  In Windows 8 Professional, Metro Apps and Windows Update do not work on static IP settings behind authenticated proxy server. They work on DHCP on the same proxy settings. (We have DHCP for wifi and static IP for LAN, both using the same proxy server). IE, Chrome and other desktop apps work nicely on both. Metro apps worked on an auth proxy (DHCP only), when I changed their proxy settings from the 'edit group policy' option. (StartSettingsEdit Group PolicyComputer ConfigurationAdministrative TemplatesNetwork IsolationInternet Proxy for Apps) Can this be fixed?

  Read the article

• Folder keeps changing back to read-only. What permissions setup causes this in Windows?

  - by farmerbuzz

  I think I'm going crazy. Every time I create a folder it automatically is set to readonly, but I can still then rename the folder or add folders to it. If I attempt to uncheck the readonly flag it becomes checked again when I next open the folder properties. What the heck? Could my IT dept really have set up a policy like this somehow? If so, how? Seems crazy that Windows would even do this -- no errors when I uncheck read-only and hit ok but the change fails.

  Read the article

• CREDSSP 500 errors

  - by Andy Milsark

  Hello all, We are experience a 500 http error when trying to run remote powershell on a win 2008 R2 server. I have run enable-wsmancredssp for both client and server roles on this machine. I have also run "winrm quickconfig". Also the allowfreshcredentials delegation group policy is setup correctly as well. There are active listeners running and credssp is enabled for client and service. I can connect with kerberos (by not specifing authentication type), but the following remote powershell command fails: Enter-PSSession -ComputerName serverX -credential domain\user -Authentication Credssp Error: Enter-PSSession : Connecting to remote server failed with the following error message : The WinRM client received an HTTP server error status (500), but the remote service did not include any other information about the cause of the failure. For more information, see the about_Remote_Troubleshooting Help topic. At line:1 char:16 I have not been able to find any useful information on how to troubleshoot this. I have restarted Winrm, rebooted, disabled and re-enabled credssp. Please help.

  Read the article

• Windows Malicious Software Removal Tool log says it can't do all required actions. Should I be conce

  - by Tom

  Here's what the log file c:/Windows/debug/mrt.log of my Windows 7 install says: WARNING: Security policy doesn't allow for all actions MSRT may require. ->Scan ERROR: resource process://pid:6080 (code 0x00000005 (5)) ->Scan ERROR: resource process://pid:5300 (code 0x00000057 (87)) ->Scan ERROR: resource process://pid:3512 (code 0x00000057 (87)) I use the default setup. I didn't change anything. This is the first time I checked the log file and this warning is in there from the start. Can I do something about it? Or I shouldn't be concerned, because it can do everything what's necessary anyway? Do you have this warning in your logfile?

  Read the article

• Problems to connect Java visualVM to a EC2-instance

  - by kasten

  I'm trying to profile a AWS EC2 instance via visualVM. The instance is in a securitygroup which allows all connections and i'm runing jstatd with a grant codebase "file:${java.home}/../lib/tools.jar" { permission java.security.AllPermission; }; policy on it. When i try to connect from my local machine with visulVM nothing happens. When i use jps i get the following response $ jps -l -m -v rmi://ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com Error communicating with remote host: Connection refused to host: xxx.xxx.xxx.xxx; nested exception is: java.net.ConnectException: Connection timed out But i can ssh into the instance and use jps locally. Has anyone a pointer in which direction i can debug further?

  Read the article

< Previous Page | 79 80 81 82 83 84 85 86 87 88 89 90  | Next Page >