Search Results

Search found 522 results on 21 pages for 'privilege elevation'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 1/21 | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Creating static NAT blocks outbound traffic Cisco ASA

    - by natediggs
    Hi Everyone, I have two web servers sitting behind a Cisco ASA 5505, which I don't have much experience with. I'm trying to create two static NATs. One static NAT that goes to xx.xx.xx.150 and another that goes to xx.xx.xx.151. I've created the static NAT for the .150 web server and it works FINE. Incoming and outgoing traffic work great. This is the staging web server. I now need to duplicate the setup for the production web server. So, I connect the webserver to the firewall, change the public IP address on one of the NICs reboot the server and I have outbound internet access. Then I run the command: static (inside,outside) xx.xx.xx.150 192.168.1.x which is successful. I then run the command: access-list acl-outside permit tcp any host xx.xx.xx.150 eq 80 Which is successful. I then try to browse the internet and I get nothing. I try to telnet in through port 80 and I get nothing (though I'm guessing because the response to the telnet request is being blocked). I've tried this with the production web server and then I tried it with another web server that is for internal testing and have the exact same problem. Both work fine until I run the static NAT rule and then no outbound internet access. I have a feeling that it's something simple that I'm missing, but my limited experience with this device is killing me. Below I've pasted the current configuration. I'm currently trying to get this to work on the .153 server which is the internal testing server. Once I can verify that works, I'll try it with production. : Saved : ASA Version 8.2(4) ! hostname QG domain-name XX.com enable password passwd names ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! interface Vlan1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address XX.XX.XX.148 255.255.255.0 ! interface Vlan3 shutdown no forward interface Vlan1 nameif dmz security-level 50 ip address dhcp ! boot system disk0:/asa824.bin ftp mode passive clock timezone EST -5 clock summer-time EDT recurring dns server-group DefaultDNS domain-name fw.XXgroup.com same-security-traffic permit inter-interface access-list acl-outside extended permit tcp any host XX.XX.XX.150 eq www access-list acl-outside extended permit tcp any host XX.XX.XX.150 eq https access-list acl-outside extended permit tcp any host XX.XX.XX.151 eq www access-list acl-outside extended permit tcp any host XX.XX.XX.151 eq https access-list acl-outside extended permit tcp any host XX.XX.XX.153 eq www access-list inside_access_in extended permit ip 192.168.1.0 255.255.255.0 any access-list inside_nat0_outbound extended permit ip any 192.168.1.32 255.255.255.240 pager lines 24 logging enable logging asdm informational mtu inside 1500 mtu outside 1500 mtu dmz 1500 ip local pool VPNIPs 192.168.1.35-192.168.1.44 mask 255.255.255.0 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-635.bin no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 0.0.0.0 0.0.0.0 static (inside,outside) XX.XX.XX150 192.168.1.100 netmask 255.255.255.255 static (inside,outside) XX.XX.XX153 192.168.1.102 netmask 255.255.255.255 access-group acl-outside in interface outside route outside 0.0.0.0 0.0.0.0 XX.XX.XX129 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 dynamic-access-policy-record DfltAccessPolicy aaa authorization command LOCAL http server enable http 192.168.1.0 255.255.255.0 inside http 0.0.0.0 0.0.0.0 outside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto dynamic-map outside_dyn_map 20 set pfs group1 crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside crypto isakmp enable outside crypto isakmp policy 10 authentication crack encryption 3des hash sha group 2 lifetime 86400 no crypto isakmp nat-traversal client-update enable telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd auto_config outside ! dhcpd address 192.168.1.2-192.168.1.33 inside dhcpd dns 208.77.88.4 interface inside dhcpd enable inside ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept webvpn enable outside svc image disk0:/sslclient-win-1.1.0.154.pkg 1 svc image disk0:/anyconnect-win-2.5.2019-k9.pkg 2 svc enable group-policy ATSAdmin internal group-policy ATSAdmin attributes dns-server value 208.77.88.4 208.85.174.9 vpn-tunnel-protocol IPSec svc webvpn webvpn url-list none svc keep-installer installed svc rekey method ssl svc ask enable username qgadmin password /oHfeGQ/R.bd3KPR encrypted privilege 15 username benl password 0HNIGQNI0uruJvhW encrypted privilege 0 username benl attributes vpn-group-policy ATSAdmin username kuzma password rH7MM7laoynyvf9U encrypted privilege 0 username kuzma attributes vpn-group-policy ATSAdmin username nate password BXHOURyT37e4O5mt encrypted privilege 0 username nate attributes vpn-group-policy ATSAdmin tunnel-group ATSAdmin type remote-access tunnel-group ATSAdmin general-attributes address-pool VPNIPs default-group-policy ATSAdmin tunnel-group SSLVPN type remote-access tunnel-group SSLVPN general-attributes address-pool VPNIPs default-group-policy ATSAdmin ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options ! service-policy global_policy global privilege cmd level 3 mode exec command perfmon privilege cmd level 3 mode exec command ping privilege cmd level 3 mode exec command who privilege cmd level 3 mode exec command logging privilege cmd level 3 mode exec command failover privilege show level 5 mode exec command running-config privilege show level 3 mode exec command reload privilege show level 3 mode exec command mode privilege show level 3 mode exec command firewall privilege show level 3 mode exec command interface privilege show level 3 mode exec command clock privilege show level 3 mode exec command dns-hosts privilege show level 3 mode exec command access-list privilege show level 3 mode exec command logging privilege show level 3 mode exec command ip privilege show level 3 mode exec command failover privilege show level 3 mode exec command asdm privilege show level 3 mode exec command arp privilege show level 3 mode exec command route privilege show level 3 mode exec command ospf privilege show level 3 mode exec command aaa-server privilege show level 3 mode exec command aaa privilege show level 3 mode exec command crypto privilege show level 3 mode exec command vpn-sessiondb privilege show level 3 mode exec command ssh privilege show level 3 mode exec command dhcpd privilege show level 3 mode exec command vpn privilege show level 3 mode exec command blocks privilege show level 3 mode exec command uauth privilege show level 3 mode configure command interface privilege show level 3 mode configure command clock privilege show level 3 mode configure command access-list privilege show level 3 mode configure command logging privilege show level 3 mode configure command ip privilege show level 3 mode configure command failover privilege show level 5 mode configure command asdm privilege show level 3 mode configure command arp privilege show level 3 mode configure command route privilege show level 3 mode configure command aaa-server privilege show level 3 mode configure command aaa privilege show level 3 mode configure command crypto privilege show level 3 mode configure command ssh privilege show level 3 mode configure command dhcpd privilege show level 5 mode configure command privilege privilege clear level 3 mode exec command dns-hosts privilege clear level 3 mode exec command logging privilege clear level 3 mode exec command arp privilege clear level 3 mode exec command aaa-server privilege clear level 3 mode exec command crypto privilege cmd level 3 mode configure command failover privilege clear level 3 mode configure command logging privilege clear level 3 mode configure command arp privilege clear level 3 mode configure command crypto privilege clear level 3 mode configure command aaa-server prompt hostname context call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email [email protected] destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily Cryptochecksum:0ed0580e151af288d865f4f3603d792a : end asdm image disk0:/asdm-635.bin no asdm history enable

    Read the article

  • Map API with Building Elevation

    - by Laserallan
    Hi! I'm looking for a map API where I can get detailed elevation for points. I'm not looking elevation differences for certain paths along roads on the map but actual building heights. Getting the the 3d meshes for buildings would also be fine since I can compute the height myself using that information. Does any of the map API's out there support giving out this kind of information?

    Read the article

  • Privilege Elevation only when and if required.

    - by Cameron Peters
    My application only very occasionally requires privilege elevation... I need to reference some 3rd party COM components that only work correctly when run as administrator. I would like my application to request privilege elevation only when it needs it... Generally, I don't want my application to run as administrator unless I need to use the 3rd party COM components. I see that CoCreateAsAdmin could potentially solve the problem, but the component author doesn't set up the required registry entries, and I'm not sure how to use CoCreateAsAdmin in C# and in conjuction with Runtime-Callable-Wrapper that is created by tlbimp. Another solution would be to spawn another process, but I have no experience with this yet... I don't want to create a completely separate application... I would be happy to create an assembly that runs in a separated elevated process if someone can show me how to make it work. Thanks...

    Read the article

  • Map API with Building Elevation Data

    - by Laserallan
    Hi! I'm looking for a map API where I can get detailed elevation for points. I'm not looking elevation differences for certain paths along roads on the map but actual building heights. Getting the the 3d meshes for buildings would also be fine since I can compute the height myself using that information. Does any of the map API's out there support giving out this kind of information? EDIT: Free API's are preferred but if that's not an option I'd like to hear about non free alternatives as well.

    Read the article

  • Per query relevance elevation for solr?

    - by plusplus
    I want to tune the relevance of solr search results on a per user basis - based on the number of times the user has clicked through a result before. Frequently hit items FOR THAT USER should rise to the top of their search results. Is there a way to provide custom boost/elevation for particular document ids on the query? I'm thinking in the order of ~100s of particular documents to elevate. The elevation should have no effect if the rest of the query doesn't find those documents. Alternatively, if this isn't possible, what is a sane way for setting up an alternative indexing approach that would make this possible? Could I add a field per user in the index to store their scores? I'm thinking in the order of 1000 users. The major drawback of that approach is the number of times a document would need to be reindexed (i.e. each time it was used by the user).

    Read the article

  • .NET 2.0 Process Elevation for App Installation

    - by Brian Gillespie
    We have an application written in both C++ and .NET that installs for all users in the Program Files folder. This application downloads new versions of itself (as MSI installers) and spawns the new installer process to replace itself. The install process as it exists today: Copy an install manager app (C#, .NET 2.0) to the temp directory. Call this 'Manager' Manager is executed with elevated privs per this article. The original application exits. Manager spawns the MSI installer (with elevated privs, since the copy is elevated) Manager spawns the new version of the app. The bug: The newly installed app is running in an elevated state. This causes problems I won't enumerate here. Ideally, the launch of the newly installed app would be run with the permissions of the original user. I can't figure out how to demote the app back to being the standard user after elevation. An inelegant hack: (yeah, yeah, this whole process is inelegant anyway) Copy the install manager to the temp directory Run the install manager with standard user privs. Lets call this instance 'LowlyManager'. Original application exits. LowlyManager spawns the app again, this time with elevated privs. Let's name this instance 'UpperManagement' UpperManagement spawns the installer UpperManagement exits gracefully, returning the exit code of the installer. LowlyManager interprets the error code from UpperManagement, and spawns the newly installed application. This time as the original invoker. Is there a better way to do this? (I've left out a bunch of other details before and after these steps that make the process smoother for the user, but this should be enough to understand the core of the problem I'm trying to solve.) Other requirements: We can't install as a per-user app The user shouldn't be presented with an authentication dialog box if UAC would have simply asked "are you sure you want to allow this?". I think this might kill a solution using WindowsImpersonationContext, but I'm not sure. The system needs to work on XP, Vista, and Windows 7 (even if there is a separate process for XP).

    Read the article

  • Ubuntu 11.10 with KDE installed does not prompt for elevation for privileged ops in all apps

    - by Michael Goldshteyn
    I installed the KDE window manager on top of Ubuntu 11.10 and while I am using KDE, I do not get an elevation dialog when I try to perform tasks that require root privileges. Instead, the operations silently fail, unless I launch apps from a terminal, in which case I get errors like: Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/softwareproperties/gtk/SoftwarePropertiesGtk.py", line 649, in on_isv_source_toggled self.backend.ToggleSourceUse(str(source_entry)) File "/usr/lib/python2.7/dist-packages/dbus/proxies.py", line 143, in __call__ **keywords) File "/usr/lib/python2.7/dist-packages/dbus/connection.py", line 630, in call_blocking message, timeout) dbus.exceptions.DBusException: com.ubuntu.SoftwareProperties.PermissionDeniedByPolicy: com.ubuntu.softwareproperties.applychanges Or from the muon package manager, an error dialog such as: Does anyone know what I need to do to fix this, so that I get a proper dialog asking for elevation? Otherwise, I have to start each app that may need root privs with sudo from a terminal or gksudo. Thanks

    Read the article

  • C Privilege Escalation (With Password)

    - by AriX
    Hey everyone, I need to write a C program that will allow me to read/write files that are owned by root. However, I can only run the code under another user. I have the root password, but there are no "sudo" or "su" commands on the system, so I have no way of accessing the root account (there are practically no shell commands whatsoever, actually). I don't know a whole lot about UNIX permissions, so I don't know whether or not it is actually possible to do this without exploiting the system in some way or running a program owned by root itself (with +s or whatever). Any advice? Thanks! P.S. No, this isn't anything malicious, this is on an iPhone.

    Read the article

  • Degrading administrative privilege to standard with single admin user account

    - by Vivek S Panicker
    I recently met with a severe issue with user accounts. In my system, there is only administrator user named vivek. I added another user with name vivi and changed its privilege to administrator. After clicked on my username, vivek,and changed its privilege to standard. Since vivek is being the current user, I dropped with all administrator privileges. No password was set for the new administrator user vivi and hence it was disabled by default. I no longer access to any administrative activities. Later I corrected this by editing etc/group file. Isn't this a severe bug? Being the current administrator user, how could I degrade myself to a standard user and got out from administrator's seat? I did not get any warning messages indicating no other administrators exists to manage my system. I suggest this warning should be included there in user accounts when an administrator user changes his privilege without any enabled administrators. Your thoughts?

    Read the article

  • windows 7 (windows-system32-systemproperties.exe n) need programme elevation message

    - by mohammedjas
    hi, i have the issue with windows 7 32-bit professional, since this is a network computer, when i download or install something it was asking for admin password , i gave password, then its shows programme need elevation , after i gone to my computer-properties-advanced tap - again the same message displays as windows-system32-systempropertiesadvanced.exe need programme elevation .this same message showing in all eg: if i click to install something wind/sys32/isyspropertiesins.exe progrmme need elevation , also i was not able to add or change somthing in the computermanagement, user or group , says some error , even i logged in admin also,, please help me out with good soluton ..i am looking forward reply , as soon as possible. regards, mohmmed

    Read the article

  • CVE-2014-3520 Privilege Escalation vulnerability in OpenStack Keystone

    - by Ritwik Ghoshal
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-3520 Privilege Escalation vulnerability 3.5 OpenStack Identity (Keystone) Solaris 11.2 11.2.1.5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Run program as admin without entering credentials? (Automatic Win7 elevation)

    - by Sam
    I'm working on my systems without admin rights, but I'd like to start sysinternals process explorer as full admin to have some debug access on my machine. Right now I run procexp.exe with parameter /e, which prompts me for admin credentials. Of course I could use runas, but for this I would need to put my admin passwort in clear text in the corresponding batch file, which is something I don't like to do. Is there a way to tell windows that this one procexp.exe is allowed to run as admin without needing to enter the credentials?

    Read the article

  • Newbie: get access privilege

    - by Mellon
    I am newbie on Linux Ubuntu machine. I logged in to the Ubuntu with username: student. There are some directories only allowed root user to access, for example /var/lib/mysql ,(I know I can use sudo to access but it is not what I want). If I want to get the access privilege on those directories with student account, is it so that I can run the following command : chown student: PATH_TO_ROOT_USER_PRIVILEGED_DIR and after that, I can access that directory by using my own account ? am I right? If I am right, then will root user lose the access privilege because I changed it to student user? If I am wrong, please tell me the right solution. P.S. please don't concern on what I am going to do on /var/lib/mysql directory, that is only my example, as I mentioned above, I mean generally *for those directories which only have root privilege*, can I use chown to change access privilege and will root user then loose the access because of the change made by chown ? I just wanna know the effect of chown.

    Read the article

  • How do I create a shortcut to CMD.EXE that asks for elevation using INNO Setup?

    - by Maltrap
    Hi, using INNO Setup I currently have the following entry under the [ICONS] section: Name: "{group}\My App\My App - Command Prompt"; Filename: "cmd.exe"; WorkingDir: "{app}" This shortcut launches a command prompt straight into my application's folder. Unfortunately it isn't launched as elevated which means the commands the user runs from there doesn't have appropriate rights. Using INNO Setup, how can I create a shortcut to CMD.exe (in a specific folder) that requires elevation? Doing this for other applications can be done via a manifest file. My question is, how do I use it using INNO, and if I can't, what are my alternatives?

    Read the article

  • How to allow to allow admins to edit my app's config files without UAC elevation?

    - by Justin Grant
    My company produces a cross-platform server application which loads its configuration from user-editable configuration files. On Windows, config file ACLs are locked down by our Setup program to allow reading by all users but restrict editing to Administrators and Local System only. Unfortunately, on Windows Server 2008, even local administrators no longer have admin privileges (because of UAC) unless they're running an elevated app. This has caused complaints from users who cannot use their favorite text editor to open and save config files changes-- they can open the files (since anyone can read) but can't save. Anyone have recommendations for what we can do (if anything) in our app's Setup to make editing easier for admins on Windows Server 2008? Related questions: if a Windows Server 2008 admin wants to edit an admins-only config file, how does he normally do it? Is he forced to use a text editor which is smart enough to auto-elevate when elevation is needed, like Windows Explorer does in response to access denied errors? Does he launch the editor from an elevated command-prompt window? Something else?

    Read the article

  • Ubuntu no longer prompts for root privilege (but doesn't give it either)

    - by Elad Avron
    So on 14.04 LTS I was playing around with some settings to solve another problem, and somehow managed to screw things up and now Ubuntu no longer asks for root privileges before trying to perform administrative actions. The catch is that my user does NOT have them by default, which means those actions ALL fail. I can still run "sudo " from terminal and it'll ask for my password and work fine, but any GUI that requires root just fails without asking anything. Any ideas what I did wrong and how to solve it? Thanks in advance.

    Read the article

  • windows 7 (windows-system32-systemproperties.exe n) need programme elevation message

    - by mohammedjas
    hi, i have the issue with windows 7 32-bit professional, since this is a network computer, when i download or install something it was asking for admin password , i gave password, then its shows programme need elevation , after i gone to my computer-properties-advanced tap - again the same message displays as windows-system32-systempropertiesadvanced.exe need programme elevation .this same message showing in all eg: if i click to install something wind/sys32/isyspropertiesins.exe progrmme need elevation , also i was not able to add or change somthing in the computermanagement, user or group , says some error , even i logged in admin also,, please help me out with good soluton ..i am looking forward reply , as soon as possible. regards, mohmmed

    Read the article

  • BIOS interrupts, privilege levels and paging

    - by Jack
    Hi, I was learning about Intel 8086-80486 CPUs and their interactions with HW. But I still don´t understand it quite well. Please, help me fill blank spots. First, I know that CPU communicates with HW using BIOS interrupts. But, what really happens in PC, when I call some INT instruction? I know that according the interrupt table some instructions begin to execute, but how by executing some instructions can BIOS recognize what I want to do? Becouse as far as I know, CPU has no extra communication channel with BIOS, it can only adress memory and receive data. So how can I instruct BIOS to do something, when I can only address RAM? Next thing I don't understand is about privilege levels. I know about ring model, and access rights, but how does the CPU know which privilege level has executed an instruction? I think that these privileges apply only when intruction is trying to address memory, but how does an application get its privilege level? I mean I know its level 3, but how is it set? And last thing, I know that paging is address scheme that is used to support aplication-transparent virtual memory, or swapping, but I could not find any information about how paging is tied with protected mode. Like if paging is like next mode independent of protected mode, or its somehow implemented within protected mode. And if it is implemented in protected mode, isn´t it too slow, to first address application space, then offset, and then paging folder, page and offset once again?

    Read the article

  • Changing privilege rights on Arch Linux for a particular program

    - by sherrellbc
    I am quite new to linux and have had issues surrounding every program that I install. Basically, anything that is placed outside of my home directory requires a sudo call prior to opening/executing. I cannot write to files, open usb devices, or run programs that exist outside of this directory (specifically, above this directory). I know this is a privilege problem, but I come here to ask how this can be permanently stopped. How can I configure things such that when programs are installed I do not have to manually find the executable and change its privilege requirements?

    Read the article

  • Why do I start at privilege level 1 when logging into a Cisco ASA 5510?

    - by Alain O'Dea
    I have created a test user that is set to privilege 15 in the config: username test password **************** encrypted privilege 15 When I log in to the ASA 5510 I am in privilege 1 according to sh curpriv: login as: test [email protected]'s password: Type help or '?' for a list of available commands. asa> sh curpriv Username : test Current privilege level : 1 Current Mode/s : P_UNPR Attempting enable fails even though I know I have the correct enable password: asa> en Password: ************************* Password: ************************* Password: ************************* Access denied. Logging in from unprivileged puts me on privilege 15 and I can do as a please: asa> login Username : test Pasword: ************************* asa> sh curpriv Current privilege level : 15 Current Mode/s : P_PRIV asa> The only thing I can track this to is a configuration change I made where I removed a VPN user we no longer needed. Why do I start at privilege level 1 when logging into a Cisco ASA 5510?

    Read the article

  • Giving Select Windows Domain Users Symbolic Link Privilege

    - by fp0n
    I would like to setup select users on our domain to have the ability to create symbolic links on local NTFS drives and network shares without needing to run as Administrator, as part of an application with will call the CreateSymbolicLink() API directly. The default configuration for our users is to be Administrator of their computer and I think I am fighting UAC to make the privileges work the way that I want because of that. I found this link on MSDN: http://social.msdn.microsoft.com/Forums/en-SG/windowssdk/thread/fa504848-a5ea-4e84-99b7-0eb4e469cbef which describes the interaction between the SeCreateSymbolicLinkPrivilege, UAC and a domain but really does not have a solution. Here's the three options I've come up with: 1) Create a new group, give the SeCreateSymbolicLinkPrivilege to the group and assign users to the group 2) Give each individual user (2 now, more later) the privilege 3) Give the privilege to the default User group which opens it up to all Users 4) Change config so Users are not Admins by default (probably would work but not likely) Based on my testing, only 3 works for me and that is the least desirable but I've only got a local server to test with, not a domain. I need to recommend to the admin how to set this up and also have something that we can easily explain to other users of our application that are on their own domain or not on a domain. The other option seems to be to create a Service that runs with a SYSTEM account that creates the links for the application but I'd rather not go that route. Thanks.

    Read the article

  • least privilege account for WinRM remote calls on Windows 2008 Server

    - by aldrin
    ServerFault Windows experts: please consider the following use case: I have 2 Windows 2008 Server SP2 boxes let’s call them – SOURCE, CLIENT. On SOURCE: I create a new user called 'normal'. Just a plain user - no special privileges. On CLIENT: I run the following from a command prompt winrm get wmi/root/cimv2/Win32_UTCTime -r:SOURCE -u:normal -p:NormalPassword I get an output containing WSManFault: Message = Access is denied. On CLIENT: I repeat step 3 with the administrator identity, i.e. winrm get wmi/root/cimv2/Win32_UTCTime -r:SOURCE -u:Administrator -p:AdminPassword I get the current UTC time at SOURCE. The question is, what are the least privileges I need to assign to the user 'normal' to ensure that Step 3 behaves like Step 5. In other words, what's the least privilege to enable WinRM access for a non-Admin account?

    Read the article

  • Update RDS db via mysqlbinlog: "you need (at least one of) the SUPER privilege(s)"

    - by timoxley
    We are moving a production site to EC2/RDS Followed these instructions: http://geehwan.posterous.com/moving-a-production-mysql-database-to-amazon I have set up row-based binary logging on the production server did a: mysqldump --single-transaction --master-data=2 -C -q -u root -p backup.sql then imported to RDS instance. No dramas. Due to the size of the db, and minimal downtime requirements, I've got to update the ec2 db to the latest datas via the binlogs, and it won't let me. mysqlbinlog mysql-bin.000004 --start-position=360812488 | mysql -uroot -p -h and it says: ERROR 1227 (42000) at line 6: Access denied; you need (at least one of) the SUPER privilege(s) for this operation My guess, based on what is on line 6 of the binlog, is that it's the 'write to the BINLOG' statements in the SQL backup, and because RDS doesn't support this, it can't run these statements, or something, I don't really know. Please help.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >