Search Results

Search found 13222 results on 529 pages for 'security gate'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 84/529 | < Previous Page | 80 81 82 83 84 85 86 87 88 89 90 91  | Next Page >

  • How secure is a bluetooth keyboard against password sniffing?

    - by jhs
    In a situation where an admin will enter sensitive information into a keyboard (the root password), what is the risk that a bluetooth keyboard (ship by default with Mac systems these days) would put those passwords at risk? Another way of asking would be: what security and encryption protocols are used, if any, to establish a bluetooth connection between a keyboard and host system? Edit: Final Summary All answers are excellent. I accepted that which links to the most directly applicable information however I also encourage you to read Nathan Adams's response and discussion about security trade-offs.

    Read the article

  • cannot add a user to sysadmin role in SQL Server

    - by George2
    Hello everyone, I am using SQL Server 2008 Management Studio. The current logon account belongs to machine local administrator group. I am using Windows Integrated Security mode in SQL Server 2008. My issue is, after log into SQL Server Management Studio, I select my login name under Security/Logins, then select Server Roles Tab, then select the last item -- sysadmin to make myself belong to this group/role, but it says I do not have enough permission. Any ideas what is wrong? I think local administrator should be able to do anything. :-) thanks in advance, George

    Read the article

  • Grant account write access to specific attributes on Active Directory User object

    - by Patricker
    I am trying to allow an account to update very specific attributes on all User objects. I am setting this security on the "User" object. When I add the account on the security tab, go to advanced, edit the accounts permissions, and start going through the list of attributes I am only able to find a few, like First Name, but most of the attributes I want to let them write to are missing. How can I grant the account write access to these attributes? Attributes I need to grant permission for: First Name (givenName) Last Name (sn) Initials (initials) Department (department) Company (company) Title (title) Manager (manager) Location Info (physicalDeliveryOfficeName, streetAddress, postOfficeBox) Work Phone (telephoneNumber) Pager (pager) IP Phone (ipPhone) IP Phone Other (otherIpPhone) ThumbnailLogo (thumbnailLogo) jpegPhoto (jpegPhoto) Description (displayName) Thanks

    Read the article

  • OpenBSD has open ports in default installation

    - by celil
    I have been considering replacing Ubuntu with OpenBSD to improve the security on my local server. I need to have ssh access to it, and I also need it to serve static web content - so the only ports I need open are 22 and 80. However, when I scan my server for open ports after installing OpenBSD 4.8, and enabling ssh and http at /etc/rc.conf httpd_flags="" sshd_flags="" I discovered that it had several other open ports: Port Scan has started… Port Scanning host: 192.168.56.102 Open TCP Port: 13 daytime Open TCP Port: 22 ssh Open TCP Port: 37 time Open TCP Port: 80 http Open TCP Port: 113 ident ssh (22) and http (80) should be open as I enabled httpd and sshd, but why are the other ports open, and should I worry about them creating additional security vulnerabilities? Should they be open in a default installation?

    Read the article

  • How to create one additional hidden partition in a USB drive

    - by backslash17
    For security purposes I need to locate a additional hidden partition on USB flash drive. The USB drive contains a security application that will check (in code) if the hidden partition exists. If not I will assume that the application is a non valid copy. Any idea about it? Thanks in advance. EDIT: There is already a programmed secure method to check if the USB drive is correct using the WMI Win32_drive class. The idea is to locate the drive info into the hidden partition and to check if it correct for anti-tampering procedures.

    Read the article

  • Unable to set NTFS permissions for ApplicationPoolIdentity on Windows 2008 SP2

    - by Kev
    On Windows 2008 R2 I am able to set NTFS permissions for an application pool's synthesised ApplicationPoolIdentity account thus: ICACLS d:\websites\site1\www /grant "IIS AppPool\site1":(CI)(OI)(M) The website's application pool is named site1 and is configured to run as ApplicationPoolIdentity. The site's authentication is also configured to authenticate as ApplicationPoolIdentity. I've done this a thousand times on Windows 2008 Standard Edition R2 with never a hitch. However if I try to do the same in Windows 2008 Standard Edition SP2 I get the error: IIS AppPool\site1: No mapping between account names and security IDs was done. Successfully processed 0 files; Failed processing 1 files I also notice that this fails if I try to set permissions for the application pool identity via the security GUI as well. I've seen this before and a reboot has cleared this issue but I'd like to know why this happens periodically. Googling around suggests other folks have hit this problem but there's never a satisfactory explanation. Why would this be?

    Read the article

  • Requiring mulitple group membership in order to access folder

    - by David
    How would I go about creating a file or folder that requires a user to be a member of two or more different groups in order to read/write to the folder? For example, say I run an auto repair shop, and I have a folder called "Repair History" and I only want people to access it if they are members of BOTH the "Mechanics" and "Cashiers" group? This would be an AND requirment instead of an OR requirement which seems to be the norm. I know we can create a separate group that is needed to access the folder, but this is more of an academic question, since it pertains to a different security structure that we are creating. I'm not sure if MS security handles it, but I'm wondering how it would be done either way.

    Read the article

  • My server's been hacked EMERGENCY

    - by Grant unwin
    I'm on my way into work at 9.30 p.m. on a Sunday because our server has been compromised somehow and was resulting in a DOS attack on our provider. The servers access to the Internet has been shut down which means over 5-600 of our clients sites are now down. Now this could be an FTP hack, or some weakness in code somewhere. I'm not sure till I get there. How can I track this down quickly? We're in for a whole lot of litigation if I don't get the server back up ASAP. Any help is appreciated. UPDATE Thanks to everyone for your help. Luckily I WASN'T the only person responsible for this server, just the nearest. We managed to resolve this problem, although it may not apply to many others in a different situation. I'll detail what we did. We unplugged the server from the net. It was performing (attempting to perform) a Denial Of Service attack on another server in Indonesia, and the guilty party was also based there. We firstly tried to identify where on the server this was coming from, considering we have over 500 sites on the server, we expected to be moonlighting for some time. However, with SSH access still, we ran a command to find all files edited or created in the time the attacks started. Luckily, the offending file was created over the winter holidays which meant that not many other files were created on the server at that time. We were then able to identify the offending file which was inside the uploaded images folder within a ZenCart website. After a short cigarette break we concluded that, due to the files location, it must have been uploaded via a file upload facility that was inadequetly secured. After some googling, we found that there was a security vulnerability that allowed files to be uploaded, within the ZenCart admin panel, for a picture for a record company. (The section that it never really even used), posting this form just uploaded any file, it did not check the extension of the file, and didn't even check to see if the user was logged in. This meant that any files could be uploaded, including a PHP file for the attack. We secured the vulnerability with ZenCart on the infected site, and removed the offending files. The job was done, and I was home for 2 a.m. The Moral - Always apply security patches for ZenCart, or any other CMS system for that matter. As when security updates are released, the whole world is made aware of the vulnerability. - Always do backups, and backup your backups. - Employ or arrange for someone that will be there in times like these. To prevent anyone from relying on a panicy post on Server Fault. Happy servering!

    Read the article

  • Windows XP Pro 'Connect to' logon box greyed out with Guest

    - by HaydnWVN
    Have a machine i've just nuked and paved to be used in a public enviroment, yet still connected to a Workgroup. Would like it to prompt for a logon when accessing any of the network shares as different departments will be using it. It does prompt for a login but the username field is greyed out. Have disabled simple file sharing, disabled guest account, changed Local Security Policies (Network access Sharing and Security model to 'classic') all to no avail. A google around has lots of other people with the same issues, lots of 'fixes' with very few feedback. Of course none of these work for me! :)

    Read the article

  • Disable passwd history feature with remember=0

    - by user1915177
    PAM version - pam-0.79 Is setting 0 allowed on "remember" option in /etc/pam.d/common-passwd file of pam.d module to disable passwd history feature? With "remember=0" in /etc/pam.d/common-passwd file, I am observing a memfault when running the passwd command as a USER. When browsed the source, the function in _set_ctrl in support.c file of pam_unix module handles wrong values of remember, but currently its not robust enough to handle 0, which is a wrong value. So the valid and only option to disable history feature, is to not include the "remember" option in /etc/pam.d/common-passwd file and not to set-up /etc/security/opasswd file? Could see in the following link mention of setting "remember" to 0 has no effect to remember value in "/etc/security/opasswd" file. =https://lists.fedorahosted.org/pipermail/linux-pam-commits/2011-June/000060.html

    Read the article

  • Number of malicious attacks defended/done on the average user daily [closed]

    - by DalexL
    As a web hoster, it is very easy to notice the large amounts of exploit/abuse attempts done on my servers. Out of curiosity, how often are these attempts done on the average user? I'm assuming almost all of them are prevented just by simple security protocols in place by their browsers, local network, etc. How many attempts, on average, are committed against a single user daily through any method? (email, internet, downloads, etc.)? If known, what percentage of these things are blocked by the average users security? I tried googling but I was having a hard time getting the right search terms together.

    Read the article

  • What is the secure way to isolate ftp server users on unix?

    - by djs
    I've read documentation for various ftp daemons and various long threads about the security implications of using a chroot environment for an ftp server when giving users write access. If you read the vsftpd documentation, in particular, it implies that using chroot_local_user is a security hazard, while not using it is not. There seems to be no coverage of the implications of allowing the user access to the entire filesystem (as permitted by their user and group membership), nor to the confusion this can create. So, I'd like to understand what is the correct method to use in practice. Should an ftp server with authenticated write-access users provide a non-chroot environment, a chroot environment, or some other option? Given that Windows ftp daemons don't have the option to use chroot, they need to implement isolation otherwise. Do any unix ftp daemons do something similar?

    Read the article

  • Understanding IUSR_<machine> account

    - by liho1eye
    Namely how is setting read/write permission for this account different from giving read/write access in the IIS (Windows 2003, so it should be IIS6 if I am not mistaken). Here is the issue: It looks like we had a security sweep and as a part of that IUSR account lost write access everywhere. A whole bunch of legacy ASP sites didn't like that at all... My very surfacish understanding is that it is enough to deny write access in the IIS console to protect a website from someone just dropping random files into it, and IUSR access only has effect on the application scripts running server side, and thus can be safely given write access back. edit: The applications in question obviously require write access to their own web folders, otherwise this wouldn't be an issue at all. Question is how to configure IIS/application to both satisfy security and make them work. My first instinct was to change account which is used to run the app pool. However that is already set to NETWORK_SERVICE, and that guy already has full access to folders in question.

    Read the article

  • Access Denied of a folder on a Drive

    - by kanchan bor gohain
    I wanted to restrict access of other people in a certain drive of my computer. What I did was go to the Security Tab (under Drive Properties) and remove the All Users entry. My account is an administrator account. I left only Systems and Administrator on the list. However, when I tried to access drive D, I got an Access Denied error, and Security Tab is already missing.i resolved the problem using safe mode way but i got another problem, I'd used command prompt to hide(attrib) a folder in drive D but i can't access it, though i can access all other files. I used cmd to unhide but access denied

    Read the article

  • Who should own /var/www? [closed]

    - by John
    Possible Duplicate: How should I structure my users/groups/permissions for a web server? I've seen a few answers to this on the internet, but I'm looking for a definitive answer. I have a new Ubuntu 12.04 LTS server with LAMP. Apache is set to run as "www-data" and /var/www is set as having "root" as the owner and "root" as the group. The permissions for /var/www are "drwxr-xr-x" which I believe translates to 755 numerically. I know that /var/www should not be owned by "www-data" because then buggy/malicious code could have a field day. However, should I keep it as root:root (inconvenient) or should I change it to ubuntu:ubuntu, the default user that Ubuntu preconfigures for you to log in with? Should the permissions remain at 755? I've been administrating systems for a while with no big security issues, but I'm trying to get really serious about security, double-check everything, and make sure that there are no gaps in my knowledge.

    Read the article

  • Why is it possible to change the password of an admin user on linux?

    - by enum
    A few days ago, a friend of mine, wanted to show me that he can use my linux even if I don't tell him my password. He entered in GRUB, selected the recovery mode option. My first problem is that he already had access to my files (read only). He tried to do passwd but failed. Then he did some kind of remount (I guess that gave him write rights) and after that he was able to change my password. Why is this possible? I personally see it a security issue. Where I work there are several people that use linux and neither of them have a BIOS password set or some other kind of security wall.

    Read the article

  • CSO Summit @ Executive Edge

    - by Naresh Persaud
    If you are attending the Executive Edge at Open World be sure to check out the sessions at the Chief Security Officer Summit. Former Sr. Counsel for the National Security Agency, Joel Brenner ,  will be speaking about his new book "America the Vulnerable". In addition, PWC will present a panel discussion on "Crisis Management to Business Advantage: Security Leadership". See below for the complete agenda. TUESDAY, October 2, 2012 Chief Security Officer Summit Welcome Dave Profozich, Group Vice President, Oracle 10:00 a.m.–10:15 a.m. America the Vulnerable Joel Brenner, former Senior Counsel, National Security Agency 10:15 a.m.–11:00 a.m. The Threats are Outside, the Risks are Inside Sonny Singh, Senior Vice President, Oracle 11:00 a.m.–11:20 a.m. From Crisis Management to Business Advantage: Security Leadership Moderator: David Burg, Partner, Forensic Technology Solutions, PwC Panelists: Charles Beard, CIO and GM of Cyber Security, SAIC Jim Doggett, Chief Information Technology Risk Officer, Kaiser Permanente Chris Gavin, Vice President, Information Security, Oracle John Woods, Partner, Hunton & Williams 11:20 a.m.–12:20 p.m. Lunch Union Square Tent 12:20 p.m.–1:30 p.m. Securing the New Digital Experience Amit Jasuja, Senior Vice President, Identity Management and Security, Oracle 1:30 p.m.–2:00 p.m. Securing Data at the Source Vipin Samar, Vice President, Database Security, Oracle 2:00 p.m.–2:30 p.m. Security from the Chairman’s Perspective Jeff Henley, Chairman of the Board, Oracle Dave Profozich, Group Vice President, Oracle 2:30 p.m.–3:00 p.m.

    Read the article

  • All my Ubuntu VMs have apt-get update problems

    - by kashani
    I'm running Virtualbox 4.1 on an x86_64 Windows 7 host. I've got a collection of 12.04 and 10.04 LTS VMs I use to create debs for work. In the last week I started noticing problems on the 12.04 VMs. Tried the usual apt-get clean bit which didn't help. I rolled a new 11.10 VM for testing a Worpress upgrade. This VM has never been able to run apt-get update without errors. The interesting errors look like this: Get: 8 http://security.ubuntu.com oneiric-security/main Translation-en_US [344 B] 14% [7 Sources 48686/877 kB 6%] [Waiting for headers]bzip2: (stdin) is not a bzip2 file. Hit http://security.ubuntu.com oneiric-security/multiverse Translation-en Hit http://security.ubuntu.com oneiric-security/restricted Translation-en Hit http://security.ubuntu.com oneiric-security/universe Translation-en 22% [7 Sources 127526/877 kB 15%] [Waiting for headers]/usr/bin/xz: (stdin): File format not recognized and ends with /usr/bin/xz: (stdin): File format not recognized Ign http://us.archive.ubuntu.com oneiric/main Translation-en_US Ign http://us.archive.ubuntu.com oneiric-updates/main Translation-en_US Fetched 18.5 MB in 47s (392 kB/s) W: GPG error: http://us.archive.ubuntu.com oneiric InRelease: File /var/lib/apt/lists/partial/us.archive.ubuntu.com_ubuntu_dists_oneiric_InRelease doesn't start with a clearsigned message W: GPG error: http://security.ubuntu.com oneiric-security InRelease: File /var/lib/apt/lists/partial/security.ubuntu.com_ubuntu_dists_oneiric-security_InRelease doesn't start with a clearsigned message xv-utils, lzma, etc are all installed. I've reinstalled the VM from scratch three times and up at the same point.

    Read the article

  • error while installing ia32-libs

    - by user3405516
    I am trying to install "ia32-libs" After doing google I did following steps. Yet not able to do it... 1st step i have added dpkg --add-architecture i386 2nd step added "deb http://archive.ubuntu.com/ubuntu/ raring main restricted universe multiverse" ia32-libs-raring.list" root@user:/etc/apt/sources.list.d# sudo dpkg --add-architecture i386 root@user:/etc/apt/sources.list.d# echo "deb http://archive.ubuntu.com/ubuntu/ raring main restricted universe multiverse" >ia32-libs-raring.list root@user:/etc/apt/sources.list.d# apt-get update Ign http://us-east-1.ec2.archive.ubuntu.com trusty InRelease Ign http://security.ubuntu.com trusty-security InRelease Ign http://archive.ubuntu.com raring InRelease Ign http://us-east-1.ec2.archive.ubuntu.com trusty-updates InRelease Hit http://security.ubuntu.com trusty-security Release.gpg Ign http://archive.ubuntu.com raring Release.gpg Hit http://us-east-1.ec2.archive.ubuntu.com trusty Release.gpg Hit http://security.ubuntu.com trusty-security Release Hit http://us-east-1.ec2.archive.ubuntu.com trusty-updates Release.gpg Ign http://archive.ubuntu.com raring Release Hit http://us-east-1.ec2.archive.ubuntu.com trusty Release Hit http://us-east-1.ec2.archive.ubuntu.com trusty-updates Release Hit http://security.ubuntu.com trusty-security/main Sources Hit http://us-east-1.ec2.archive.ubuntu.com trusty/main Sources Hit http://security.ubuntu.com trusty-security/universe Sources Hit http://us-east-1.ec2.archive.ubuntu.com trusty/universe Sources Hit http://security.ubuntu.com trusty-security/main amd64 Packages Hit http://us-east-1.ec2.archive.ubuntu.com trusty/main amd64 Packages Hit http://security.ubuntu.com trusty-security/universe amd64 Packages Hit http://us-east-1.ec2.archive.ubuntu.com trusty/universe amd64 Packages Hit http://security.ubuntu.com trusty-security/main i386 Packages Hit http://us-east-1.ec2.archive.ubuntu.com trusty/main i386 Packages Hit http://security.ubuntu.com trusty-security/universe i386 Packages Hit http://us-east-1.ec2.archive.ubuntu.com trusty/universe i386 Packages Hit http://security.ubuntu.com trusty-security/main Translation-en Hit http://security.ubuntu.com trusty-security/universe Translation-en Hit http://us-east-1.ec2.archive.ubuntu.com trusty/main Translation-en Hit http://us-east-1.ec2.archive.ubuntu.com trusty/universe Translation-en Hit http://us-east-1.ec2.archive.ubuntu.com trusty-updates/main Sources Hit http://us-east-1.ec2.archive.ubuntu.com trusty-updates/universe Sources Hit http://us-east-1.ec2.archive.ubuntu.com trusty-updates/main amd64 Packages Hit http://us-east-1.ec2.archive.ubuntu.com trusty-updates/universe amd64 Packages Hit http://us-east-1.ec2.archive.ubuntu.com trusty-updates/main i386 Packages Hit http://us-east-1.ec2.archive.ubuntu.com trusty-updates/universe i386 Packages Hit http://us-east-1.ec2.archive.ubuntu.com trusty-updates/main Translation-en Hit http://us-east-1.ec2.archive.ubuntu.com trusty-updates/universe Translation-en Ign http://us-east-1.ec2.archive.ubuntu.com trusty/main Translation-en_US Ign http://us-east-1.ec2.archive.ubuntu.com trusty/universe Translation-en_US Err http://archive.ubuntu.com raring/main amd64 Packages 404 Not Found [IP: 91.189.91.13 80] Err http://archive.ubuntu.com raring/restricted amd64 Packages 404 Not Found [IP: 91.189.91.13 80] Err http://archive.ubuntu.com raring/universe amd64 Packages 404 Not Found [IP: 91.189.91.13 80] Err http://archive.ubuntu.com raring/multiverse amd64 Packages 404 Not Found [IP: 91.189.91.13 80] Err http://archive.ubuntu.com raring/main i386 Packages 404 Not Found [IP: 91.189.91.13 80] Err http://archive.ubuntu.com raring/restricted i386 Packages 404 Not Found [IP: 91.189.91.13 80] Err http://archive.ubuntu.com raring/universe i386 Packages 404 Not Found [IP: 91.189.91.13 80] Err http://archive.ubuntu.com raring/multiverse i386 Packages 404 Not Found [IP: 91.189.91.13 80] Ign http://archive.ubuntu.com raring/main Translation-en_US Ign http://archive.ubuntu.com raring/main Translation-en Ign http://archive.ubuntu.com raring/multiverse Translation-en_US Ign http://archive.ubuntu.com raring/multiverse Translation-en Ign http://archive.ubuntu.com raring/restricted Translation-en_US Ign http://archive.ubuntu.com raring/restricted Translation-en Ign http://archive.ubuntu.com raring/universe Translation-en_US Ign http://archive.ubuntu.com raring/universe Translation-en W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/raring/main/binary-amd64/Packages 404 Not Found [IP: 91.189.91.13 80] W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/raring/restricted/binary-amd64/Packages 404 Not Found [IP: 91.189.91.13 80] W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/raring/universe/binary-amd64/Packages 404 Not Found [IP: 91.189.91.13 80] W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/raring/multiverse/binary-amd64/Packages 404 Not Found [IP: 91.189.91.13 80] W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/raring/main/binary-i386/Packages 404 Not Found [IP: 91.189.91.13 80] W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/raring/restricted/binary-i386/Packages 404 Not Found [IP: 91.189.91.13 80] W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/raring/universe/binary-i386/Packages 404 Not Found [IP: 91.189.91.13 80] W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/raring/multiverse/binary-i386/Packages 404 Not Found [IP: 91.189.91.13 80] E: Some index files failed to download. They have been ignored, or old ones used instead.

    Read the article

  • Spring security or BCrypt algorithm which one is good for accounts like project?

    - by Ranjith Kumar Nethaji
    I am using spring security for hashing my password.And is it safe ,because am using spring security for first time. my code here <security:http auto-config="true"> <security:intercept-url pattern="/welcome*" access="ROLE_USER" /> <security:form-login login-page="/login" default-target-url="/welcome" authentication-failure-url="/loginfailed" /> <security:logout logout-success-url="/logout" /> </security:http> authentication-failure-url="/loginfailed" /> <security:logout logout-success-url="/logout" /> </security:http> <authentication-manager> <authentication-provider> <password-encoder hash="sha" /> <user-service> <user name="k" password="7c4a8d09ca3762af61e59520943dc26494f8941b" authorities="ROLE_USER" /> </user-service> </authentication-provider> </authentication-manager> .And I havnt used bcrypt algorithm.what is your feedback for both?any recommendation?

    Read the article

  • Why is my global security group being filtered out of my logon token?

    - by Jay Michaud
    While investigating the effects of filtered tokens on my file permissions, I noticed that one of my global security groups is being filtered in addition to the regular system-defined filtered groups. My Active Directory environment is a single-domain forest on the Windows Server 2003 functional level. I'll call the domain "mydomain.example.com". I am logged onto a Windows Server 2008 Enterprise Edition machine (not a domain controller) as a member of the "MYDOMAIN\Domain Admins" group and the "MYDOMAIN\MySecurityGroup" global security group (among others). When I run "whoami /groups" from an elevated command prompt, I see the full list of groups to which my account belongs as expected. When I run "whoami /groups" from a regular, non-elevated command prompt, I see the same list of groups, but the following groups are described as "Group used for deny only". BUILTIN\Administrators MYDOMAIN\Schema Admins MYDOMAIN\Offer Remote Assistance Helpers MYDOMAIN\MySecurityGroup Numbers 1 through 3 above are expected based on Microsoft documentation; number 4 is not. The "MYDOMAIN\MySecurityGroup" global security group is a group that I created. It contains three non-built-in global security groups, and these security groups contain only non-built-in user accounts. (That is, I created all of the accounts and groups that are members of the "MYDOMAIN\MySecurityGroup" global security group.) There are other, similar groups of which my account is a member that are not being filtered out of my logon token, and this group is not granted any specific user rights in the security settings of this computer or in Group Policy. What would cause this one group to be filtered out of my logon token?

    Read the article

  • Why is my global security group being filtered out of my logon token?

    - by Jay Michaud
    While investigating the effects of filtered tokens on my file permissions, I noticed that one of my global security groups is being filtered in addition to the regular system-defined filtered groups. My Active Directory environment is a single-domain forest on the Windows Server 2003 functional level. I'll call the domain "mydomain.example.com". I am logged onto a Windows Server 2008 Enterprise Edition machine (not a domain controller) as a member of the "MYDOMAIN\Domain Admins" group and the "MYDOMAIN\MySecurityGroup" global security group (among others). When I run "whoami /groups" from an elevated command prompt, I see the full list of groups to which my account belongs as expected. When I run "whoami /groups" from a regular, non-elevated command prompt, I see the same list of groups, but the following groups are described as "Group used for deny only". BUILTIN\Administrators MYDOMAIN\Schema Admins MYDOMAIN\Offer Remote Assistance Helpers MYDOMAIN\MySecurityGroup Numbers 1 through 3 above are expected based on Microsoft documentation; number 4 is not. The "MYDOMAIN\MySecurityGroup" global security group is a group that I created. It contains three non-built-in global security groups, and these security groups contain only non-built-in user accounts. (That is, I created all of the accounts and groups that are members of the "MYDOMAIN\MySecurityGroup" global security group.) There are other, similar groups of which my account is a member that are not being filtered out of my logon token, and this group is not granted any specific user rights in the security settings of this computer or in Group Policy. What would cause this one group to be filtered out of my logon token?

    Read the article

  • How can I use WCF with only basichttpbinding, SSL and Basic Authentication in IIS?

    - by Tim
    Hello, Is it possible to setup a WCF service with SSL and Basic Authentication in IIS using only BasicHttpBinding-binding? (I can’t use the wsHttpBinding-binding) The site is hosted on IIS 7, with the following authentication set up: - Anonymous access: off - Basic authentication: on - Integrated Windows authentication: off !! Service Config: <services> <service name="NameSpace.SomeService"> <host> <baseAddresses> <add baseAddress="https://hostname/SomeService/" /> </baseAddresses> </host> <!-- Service Endpoints --> <endpoint address="" binding="basicHttpBinding" bindingNamespace="http://hostname/SomeMethodName/1" contract="NameSpace.ISomeInterfaceService" name="Default" /> <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/> </service> </services> <behaviors> <serviceBehaviors> <behavior> <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment --> <serviceMetadata httpsGetEnabled="true"/> <!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information --> <serviceDebug includeExceptionDetailInFaults="false"/> <exceptionShielding/> </behavior> </serviceBehaviors> </behaviors> I tried 2 types of bindings with two different errors: 1 - IIS Error: 'Could not find a base address that matches scheme http for the endpoint with binding BasicHttpBinding. Registered base address schemes are [https]. <bindings> <basicHttpBinding> <binding> <security mode="TransportCredentialOnly"> <transport clientCredentialType="Basic"/> </security> </binding> </basicHttpBinding> </bindings> 2 - IIS Error: Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service. <bindings> <basicHttpBinding> <binding> <security mode="Transport"> <transport clientCredentialType="Basic"/> </security> </binding> </basicHttpBinding> </bindings> Does somebody know how to configure this correctly? (if possible?)

    Read the article

  • Intermittent PolicyException: Execution permission cannot be acquired.

    - by Aaron Maenpaa
    We are intermittently seeing the following exception shortly after an App Pool recycle in an ASP.NET application: System.Configuration.ConfigurationErrorsException: Could not load file or assembly 'Microsoft.Web.Mvc, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. Failed to grant permission to execute. (Exception from HRESULT: 0x80131418) ---> System.IO.FileLoadException: Could not load file or assembly 'Microsoft.Web.Mvc, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' or one of its dependencies. Failed to grant permission to execute. (Exception from HRESULT: 0x80131418) File name: 'Microsoft.Web.Mvc, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null' ---> System.Security.Policy.PolicyException: Execution permission cannot be acquired. at System.Security.SecurityManager.ResolvePolicy(Evidence evidence, PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset, PermissionSet& denied, Boolean checkExecutionPermission) at System.Security.SecurityManager.ResolvePolicy(Evidence evidence, PermissionSet reqdPset, PermissionSet optPset, PermissionSet denyPset, PermissionSet& denied, Int32& securitySpecialFlags, Boolean checkExecutionPermission) at System.Reflection.Assembly._nLoad(AssemblyName fileName, String codeBase, Evidence assemblySecurity, Assembly locationHint, StackCrawlMark& stackMark, Boolean throwOnFileNotFound, Boolean forIntrospection) at System.Reflection.Assembly.InternalLoad(AssemblyName assemblyRef, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection) at System.Reflection.Assembly.InternalLoad(String assemblyString, Evidence assemblySecurity, StackCrawlMark& stackMark, Boolean forIntrospection) at System.Reflection.Assembly.Load(String assemblyString) at System.Web.Configuration.CompilationSection.LoadAssemblyHelper(String assemblyName, Boolean starDirective) The specific DLL that fails to load varies from incident to incident, but is always one referenced by the main assembly. We're running on ASP.NET 3.5 on Windows Server 2008. This seems to happen in batches affecting some but not all of sites on the same App Pool. We have a large number of sites all running the same code. Once a site has failed to load a DLL it throws up a Yellow Screen of Death until the next App Pool recycle. We haven't been able to reproduce this behavior and the sites seem to work fine for days or weeks at a time (and many App Pool recycles) before failing. Has anybody else seen similar behavior? Update: We've tried reproducing the failure by setting up a few hundred sites and writing a script to hit them repeatedly while recycling the App Pool once every couple of minutes and were unable to accomplish much other than loading down the server's CPU for a few days straight. We then tried messing (locking one of the DLLs, changing the file permissions) with the copies of the DLLs that ASP.NET makes and managed to reproduce similar behavior but not the same exception. Does anybody have any ideas on how to adjust the security policy to get it to throw a System.Security.Policy.PolicyException: Execution permission cannot be acquired. when loading a specific DLL?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 80 81 82 83 84 85 86 87 88 89 90 91  | Next Page >