Search Results

Search found 427 results on 18 pages for 'privilege'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 1/18 | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • Creating static NAT blocks outbound traffic Cisco ASA

    - by natediggs
    Hi Everyone, I have two web servers sitting behind a Cisco ASA 5505, which I don't have much experience with. I'm trying to create two static NATs. One static NAT that goes to xx.xx.xx.150 and another that goes to xx.xx.xx.151. I've created the static NAT for the .150 web server and it works FINE. Incoming and outgoing traffic work great. This is the staging web server. I now need to duplicate the setup for the production web server. So, I connect the webserver to the firewall, change the public IP address on one of the NICs reboot the server and I have outbound internet access. Then I run the command: static (inside,outside) xx.xx.xx.150 192.168.1.x which is successful. I then run the command: access-list acl-outside permit tcp any host xx.xx.xx.150 eq 80 Which is successful. I then try to browse the internet and I get nothing. I try to telnet in through port 80 and I get nothing (though I'm guessing because the response to the telnet request is being blocked). I've tried this with the production web server and then I tried it with another web server that is for internal testing and have the exact same problem. Both work fine until I run the static NAT rule and then no outbound internet access. I have a feeling that it's something simple that I'm missing, but my limited experience with this device is killing me. Below I've pasted the current configuration. I'm currently trying to get this to work on the .153 server which is the internal testing server. Once I can verify that works, I'll try it with production. : Saved : ASA Version 8.2(4) ! hostname QG domain-name XX.com enable password passwd names ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 ! interface Ethernet0/2 ! interface Ethernet0/3 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! interface Vlan1 nameif inside security-level 100 ip address 192.168.1.1 255.255.255.0 ! interface Vlan2 nameif outside security-level 0 ip address XX.XX.XX.148 255.255.255.0 ! interface Vlan3 shutdown no forward interface Vlan1 nameif dmz security-level 50 ip address dhcp ! boot system disk0:/asa824.bin ftp mode passive clock timezone EST -5 clock summer-time EDT recurring dns server-group DefaultDNS domain-name fw.XXgroup.com same-security-traffic permit inter-interface access-list acl-outside extended permit tcp any host XX.XX.XX.150 eq www access-list acl-outside extended permit tcp any host XX.XX.XX.150 eq https access-list acl-outside extended permit tcp any host XX.XX.XX.151 eq www access-list acl-outside extended permit tcp any host XX.XX.XX.151 eq https access-list acl-outside extended permit tcp any host XX.XX.XX.153 eq www access-list inside_access_in extended permit ip 192.168.1.0 255.255.255.0 any access-list inside_nat0_outbound extended permit ip any 192.168.1.32 255.255.255.240 pager lines 24 logging enable logging asdm informational mtu inside 1500 mtu outside 1500 mtu dmz 1500 ip local pool VPNIPs 192.168.1.35-192.168.1.44 mask 255.255.255.0 icmp unreachable rate-limit 1 burst-size 1 asdm image disk0:/asdm-635.bin no asdm history enable arp timeout 14400 global (outside) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 1 0.0.0.0 0.0.0.0 static (inside,outside) XX.XX.XX150 192.168.1.100 netmask 255.255.255.255 static (inside,outside) XX.XX.XX153 192.168.1.102 netmask 255.255.255.255 access-group acl-outside in interface outside route outside 0.0.0.0 0.0.0.0 XX.XX.XX129 1 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 dynamic-access-policy-record DfltAccessPolicy aaa authorization command LOCAL http server enable http 192.168.1.0 255.255.255.0 inside http 0.0.0.0 0.0.0.0 outside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto dynamic-map outside_dyn_map 20 set pfs group1 crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside crypto isakmp enable outside crypto isakmp policy 10 authentication crack encryption 3des hash sha group 2 lifetime 86400 no crypto isakmp nat-traversal client-update enable telnet timeout 5 ssh timeout 5 console timeout 0 dhcpd auto_config outside ! dhcpd address 192.168.1.2-192.168.1.33 inside dhcpd dns 208.77.88.4 interface inside dhcpd enable inside ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept webvpn enable outside svc image disk0:/sslclient-win-1.1.0.154.pkg 1 svc image disk0:/anyconnect-win-2.5.2019-k9.pkg 2 svc enable group-policy ATSAdmin internal group-policy ATSAdmin attributes dns-server value 208.77.88.4 208.85.174.9 vpn-tunnel-protocol IPSec svc webvpn webvpn url-list none svc keep-installer installed svc rekey method ssl svc ask enable username qgadmin password /oHfeGQ/R.bd3KPR encrypted privilege 15 username benl password 0HNIGQNI0uruJvhW encrypted privilege 0 username benl attributes vpn-group-policy ATSAdmin username kuzma password rH7MM7laoynyvf9U encrypted privilege 0 username kuzma attributes vpn-group-policy ATSAdmin username nate password BXHOURyT37e4O5mt encrypted privilege 0 username nate attributes vpn-group-policy ATSAdmin tunnel-group ATSAdmin type remote-access tunnel-group ATSAdmin general-attributes address-pool VPNIPs default-group-policy ATSAdmin tunnel-group SSLVPN type remote-access tunnel-group SSLVPN general-attributes address-pool VPNIPs default-group-policy ATSAdmin ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options ! service-policy global_policy global privilege cmd level 3 mode exec command perfmon privilege cmd level 3 mode exec command ping privilege cmd level 3 mode exec command who privilege cmd level 3 mode exec command logging privilege cmd level 3 mode exec command failover privilege show level 5 mode exec command running-config privilege show level 3 mode exec command reload privilege show level 3 mode exec command mode privilege show level 3 mode exec command firewall privilege show level 3 mode exec command interface privilege show level 3 mode exec command clock privilege show level 3 mode exec command dns-hosts privilege show level 3 mode exec command access-list privilege show level 3 mode exec command logging privilege show level 3 mode exec command ip privilege show level 3 mode exec command failover privilege show level 3 mode exec command asdm privilege show level 3 mode exec command arp privilege show level 3 mode exec command route privilege show level 3 mode exec command ospf privilege show level 3 mode exec command aaa-server privilege show level 3 mode exec command aaa privilege show level 3 mode exec command crypto privilege show level 3 mode exec command vpn-sessiondb privilege show level 3 mode exec command ssh privilege show level 3 mode exec command dhcpd privilege show level 3 mode exec command vpn privilege show level 3 mode exec command blocks privilege show level 3 mode exec command uauth privilege show level 3 mode configure command interface privilege show level 3 mode configure command clock privilege show level 3 mode configure command access-list privilege show level 3 mode configure command logging privilege show level 3 mode configure command ip privilege show level 3 mode configure command failover privilege show level 5 mode configure command asdm privilege show level 3 mode configure command arp privilege show level 3 mode configure command route privilege show level 3 mode configure command aaa-server privilege show level 3 mode configure command aaa privilege show level 3 mode configure command crypto privilege show level 3 mode configure command ssh privilege show level 3 mode configure command dhcpd privilege show level 5 mode configure command privilege privilege clear level 3 mode exec command dns-hosts privilege clear level 3 mode exec command logging privilege clear level 3 mode exec command arp privilege clear level 3 mode exec command aaa-server privilege clear level 3 mode exec command crypto privilege cmd level 3 mode configure command failover privilege clear level 3 mode configure command logging privilege clear level 3 mode configure command arp privilege clear level 3 mode configure command crypto privilege clear level 3 mode configure command aaa-server prompt hostname context call-home profile CiscoTAC-1 no active destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService destination address email [email protected] destination transport-method http subscribe-to-alert-group diagnostic subscribe-to-alert-group environment subscribe-to-alert-group inventory periodic monthly subscribe-to-alert-group configuration periodic monthly subscribe-to-alert-group telemetry periodic daily Cryptochecksum:0ed0580e151af288d865f4f3603d792a : end asdm image disk0:/asdm-635.bin no asdm history enable

    Read the article

  • Privilege Elevation only when and if required.

    - by Cameron Peters
    My application only very occasionally requires privilege elevation... I need to reference some 3rd party COM components that only work correctly when run as administrator. I would like my application to request privilege elevation only when it needs it... Generally, I don't want my application to run as administrator unless I need to use the 3rd party COM components. I see that CoCreateAsAdmin could potentially solve the problem, but the component author doesn't set up the required registry entries, and I'm not sure how to use CoCreateAsAdmin in C# and in conjuction with Runtime-Callable-Wrapper that is created by tlbimp. Another solution would be to spawn another process, but I have no experience with this yet... I don't want to create a completely separate application... I would be happy to create an assembly that runs in a separated elevated process if someone can show me how to make it work. Thanks...

    Read the article

  • C Privilege Escalation (With Password)

    - by AriX
    Hey everyone, I need to write a C program that will allow me to read/write files that are owned by root. However, I can only run the code under another user. I have the root password, but there are no "sudo" or "su" commands on the system, so I have no way of accessing the root account (there are practically no shell commands whatsoever, actually). I don't know a whole lot about UNIX permissions, so I don't know whether or not it is actually possible to do this without exploiting the system in some way or running a program owned by root itself (with +s or whatever). Any advice? Thanks! P.S. No, this isn't anything malicious, this is on an iPhone.

    Read the article

  • Degrading administrative privilege to standard with single admin user account

    - by Vivek S Panicker
    I recently met with a severe issue with user accounts. In my system, there is only administrator user named vivek. I added another user with name vivi and changed its privilege to administrator. After clicked on my username, vivek,and changed its privilege to standard. Since vivek is being the current user, I dropped with all administrator privileges. No password was set for the new administrator user vivi and hence it was disabled by default. I no longer access to any administrative activities. Later I corrected this by editing etc/group file. Isn't this a severe bug? Being the current administrator user, how could I degrade myself to a standard user and got out from administrator's seat? I did not get any warning messages indicating no other administrators exists to manage my system. I suggest this warning should be included there in user accounts when an administrator user changes his privilege without any enabled administrators. Your thoughts?

    Read the article

  • CVE-2014-3520 Privilege Escalation vulnerability in OpenStack Keystone

    - by Ritwik Ghoshal
    CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-3520 Privilege Escalation vulnerability 3.5 OpenStack Identity (Keystone) Solaris 11.2 11.2.1.5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

    Read the article

  • Newbie: get access privilege

    - by Mellon
    I am newbie on Linux Ubuntu machine. I logged in to the Ubuntu with username: student. There are some directories only allowed root user to access, for example /var/lib/mysql ,(I know I can use sudo to access but it is not what I want). If I want to get the access privilege on those directories with student account, is it so that I can run the following command : chown student: PATH_TO_ROOT_USER_PRIVILEGED_DIR and after that, I can access that directory by using my own account ? am I right? If I am right, then will root user lose the access privilege because I changed it to student user? If I am wrong, please tell me the right solution. P.S. please don't concern on what I am going to do on /var/lib/mysql directory, that is only my example, as I mentioned above, I mean generally *for those directories which only have root privilege*, can I use chown to change access privilege and will root user then loose the access because of the change made by chown ? I just wanna know the effect of chown.

    Read the article

  • Ubuntu no longer prompts for root privilege (but doesn't give it either)

    - by Elad Avron
    So on 14.04 LTS I was playing around with some settings to solve another problem, and somehow managed to screw things up and now Ubuntu no longer asks for root privileges before trying to perform administrative actions. The catch is that my user does NOT have them by default, which means those actions ALL fail. I can still run "sudo " from terminal and it'll ask for my password and work fine, but any GUI that requires root just fails without asking anything. Any ideas what I did wrong and how to solve it? Thanks in advance.

    Read the article

  • BIOS interrupts, privilege levels and paging

    - by Jack
    Hi, I was learning about Intel 8086-80486 CPUs and their interactions with HW. But I still don´t understand it quite well. Please, help me fill blank spots. First, I know that CPU communicates with HW using BIOS interrupts. But, what really happens in PC, when I call some INT instruction? I know that according the interrupt table some instructions begin to execute, but how by executing some instructions can BIOS recognize what I want to do? Becouse as far as I know, CPU has no extra communication channel with BIOS, it can only adress memory and receive data. So how can I instruct BIOS to do something, when I can only address RAM? Next thing I don't understand is about privilege levels. I know about ring model, and access rights, but how does the CPU know which privilege level has executed an instruction? I think that these privileges apply only when intruction is trying to address memory, but how does an application get its privilege level? I mean I know its level 3, but how is it set? And last thing, I know that paging is address scheme that is used to support aplication-transparent virtual memory, or swapping, but I could not find any information about how paging is tied with protected mode. Like if paging is like next mode independent of protected mode, or its somehow implemented within protected mode. And if it is implemented in protected mode, isn´t it too slow, to first address application space, then offset, and then paging folder, page and offset once again?

    Read the article

  • Changing privilege rights on Arch Linux for a particular program

    - by sherrellbc
    I am quite new to linux and have had issues surrounding every program that I install. Basically, anything that is placed outside of my home directory requires a sudo call prior to opening/executing. I cannot write to files, open usb devices, or run programs that exist outside of this directory (specifically, above this directory). I know this is a privilege problem, but I come here to ask how this can be permanently stopped. How can I configure things such that when programs are installed I do not have to manually find the executable and change its privilege requirements?

    Read the article

  • Why do I start at privilege level 1 when logging into a Cisco ASA 5510?

    - by Alain O'Dea
    I have created a test user that is set to privilege 15 in the config: username test password **************** encrypted privilege 15 When I log in to the ASA 5510 I am in privilege 1 according to sh curpriv: login as: test [email protected]'s password: Type help or '?' for a list of available commands. asa> sh curpriv Username : test Current privilege level : 1 Current Mode/s : P_UNPR Attempting enable fails even though I know I have the correct enable password: asa> en Password: ************************* Password: ************************* Password: ************************* Access denied. Logging in from unprivileged puts me on privilege 15 and I can do as a please: asa> login Username : test Pasword: ************************* asa> sh curpriv Current privilege level : 15 Current Mode/s : P_PRIV asa> The only thing I can track this to is a configuration change I made where I removed a VPN user we no longer needed. Why do I start at privilege level 1 when logging into a Cisco ASA 5510?

    Read the article

  • Giving Select Windows Domain Users Symbolic Link Privilege

    - by fp0n
    I would like to setup select users on our domain to have the ability to create symbolic links on local NTFS drives and network shares without needing to run as Administrator, as part of an application with will call the CreateSymbolicLink() API directly. The default configuration for our users is to be Administrator of their computer and I think I am fighting UAC to make the privileges work the way that I want because of that. I found this link on MSDN: http://social.msdn.microsoft.com/Forums/en-SG/windowssdk/thread/fa504848-a5ea-4e84-99b7-0eb4e469cbef which describes the interaction between the SeCreateSymbolicLinkPrivilege, UAC and a domain but really does not have a solution. Here's the three options I've come up with: 1) Create a new group, give the SeCreateSymbolicLinkPrivilege to the group and assign users to the group 2) Give each individual user (2 now, more later) the privilege 3) Give the privilege to the default User group which opens it up to all Users 4) Change config so Users are not Admins by default (probably would work but not likely) Based on my testing, only 3 works for me and that is the least desirable but I've only got a local server to test with, not a domain. I need to recommend to the admin how to set this up and also have something that we can easily explain to other users of our application that are on their own domain or not on a domain. The other option seems to be to create a Service that runs with a SYSTEM account that creates the links for the application but I'd rather not go that route. Thanks.

    Read the article

  • least privilege account for WinRM remote calls on Windows 2008 Server

    - by aldrin
    ServerFault Windows experts: please consider the following use case: I have 2 Windows 2008 Server SP2 boxes let’s call them – SOURCE, CLIENT. On SOURCE: I create a new user called 'normal'. Just a plain user - no special privileges. On CLIENT: I run the following from a command prompt winrm get wmi/root/cimv2/Win32_UTCTime -r:SOURCE -u:normal -p:NormalPassword I get an output containing WSManFault: Message = Access is denied. On CLIENT: I repeat step 3 with the administrator identity, i.e. winrm get wmi/root/cimv2/Win32_UTCTime -r:SOURCE -u:Administrator -p:AdminPassword I get the current UTC time at SOURCE. The question is, what are the least privileges I need to assign to the user 'normal' to ensure that Step 3 behaves like Step 5. In other words, what's the least privilege to enable WinRM access for a non-Admin account?

    Read the article

  • Update RDS db via mysqlbinlog: "you need (at least one of) the SUPER privilege(s)"

    - by timoxley
    We are moving a production site to EC2/RDS Followed these instructions: http://geehwan.posterous.com/moving-a-production-mysql-database-to-amazon I have set up row-based binary logging on the production server did a: mysqldump --single-transaction --master-data=2 -C -q -u root -p backup.sql then imported to RDS instance. No dramas. Due to the size of the db, and minimal downtime requirements, I've got to update the ec2 db to the latest datas via the binlogs, and it won't let me. mysqlbinlog mysql-bin.000004 --start-position=360812488 | mysql -uroot -p -h and it says: ERROR 1227 (42000) at line 6: Access denied; you need (at least one of) the SUPER privilege(s) for this operation My guess, based on what is on line 6 of the binlog, is that it's the 'write to the BINLOG' statements in the SQL backup, and because RDS doesn't support this, it can't run these statements, or something, I don't really know. Please help.

    Read the article

  • Win 7 Privilege Level (Run as administrator) via GP or command line

    - by FinalizedFrustration
    Is there a way to set the Privilege Level for legacy software via group policy or on the command line? I have some legacy software, which we unfortunately cannot move away from. This software requires administrator access. I know I can go into the Properties dialog and check "Run this program as an administrator" on every single instance on every single one of my workstations, but that gets old after the 30th install. If I had my way, we would dump this software, find some software that did what we needed, was fully compliant with Win7 security best-practices and give everyone limited user accounts... However, I am not the boss, so everyone gets administrator accounts. Given that, I suppose I could just tell everyone to open the context menu and choose "Run as administrator", but we have some very, very, VERY low-tech users, and half of them might just choose "Delete" instead. Anyone know of a way to set this option on the command line? or better yet, through Group Policy?

    Read the article

  • Gnu/Linux package manager, multiple versions, no root privilege

    - by user744629
    I'm looking for a Gnu/Linux package manager, that can help to package, distribute, install sofware (actually scientific libraries), like this: do not required root privilege, for example, install in $HOME/opt or $HOME/local manage muliple version of a library, for example, with this directories organisation: $HOME/opt/somelib/4.2.1/lib/ $HOME/opt/somelib/4.2.1/include/ $HOME/opt/somelib/4.2.1/bin/ $HOME/opt/somelib/4.2.2/lib/ $HOME/opt/somelib/4.2.2/include/ $HOME/opt/somelib/4.2.2/bin/ $HOME/opt/anotherlib/1.0.0/lib/ $HOME/opt/anotherlib/1.0.0/include/ $HOME/opt/anotherlib/1.0.0/bin/ package contains source files, not binaries, build is performed during install. support for Mac OS X too would be good. Then it's up to the user to manage it's LD_LIBRARY_PATH, or compile with -L/good/path etc. Does it exists?

    Read the article

  • Windows Server 2008 Create Symbolic Link, updated Security Policy still gives privilege error

    - by Matt
    Windows Server 2008, RC2. I am trying to create a symbolic/soft link using the mklink command: mklink /D LinkName TargetDir e.g. c:\temp\>mklink /D foo bar This works fine if I run the command line as Administrator. However, I need it to work for regular users as well, because ultimately I need another program (executing as a user) to be able to do this. So, I updated the Local Security Policy via secpol.msc. Under "Local Policies" "User Rights Management" "Create symbolic links", I added "Users" to the security setting. I rebooted the machine. It still didn't work. So I added "Everyone" to the policy. Rebooted. And STILL it didn't work. What on earth am I doing wrong here? I think my user is even an Administrator on this box, and running plain command line even with this updated policy in place still gives me: You do not have sufficient privilege to perform this operation.

    Read the article

  • Managing User & Role Security with Oracle SQL Developer

    - by thatjeffsmith
    With the advent of SQL Developer v3.0, users have had access to some powerful database administration features. Version 3.1 introduced more powerful features such as an interface to Data Pump and RMAN. Today I want to talk about some very simple but frequently ran tasks that SQL Developer can assist with, like: identifying privs granted to users managing role privs assigning new roles and privs to users & roles Before getting started, you’ll need a connection to the database with the proper privileges. The common ROLE used to accomplish this is the ‘DBA‘ role. Curious as to what the DBA role is actually comprised of? Let’s find out! Open the DBA Console First make sure you’re connected to the database you want to manage security on with a privileged administrator account. Then open the View menu and select ‘DBA.’ Accessing the DBA panel ‘Create’ a Connection Click on the green ‘+’ button in the DBA panel. It will ask you to choose a previously defined SQL Developer connection. Defining a DBA connection in Oracle SQL Developer Once connected you will see a tree list of DBA features you can start interacting with. Expand the ‘Security’ Tree Node As you click on an object in the DBA panel, the ‘viewer’ will open on the right-hand-side, just like you are accustomed to seeing when clicking on a table or stored procedure. Accessing the DBA role If I’m a newly hired Oracle DBA, the first thing I might want to do is become very familiar with the DBA role. People will be asking you to grant them this role or a subset of its privileges. Once you see what the role can do, you will become VERY protective of it. My favorite 3-letter 4-letter word is ‘ANY’ and the DBA role is littered with privileges like this: ANY TABLE privs granted to DBA role So if this doesn’t freak you out, then maybe you should re-consider your career path. Or in other words, don’t be granting this role to ANYONE you don’t completely trust to take care of your database. If I’m just assigned a new database to manage, the first thing I might want to look at is just WHO has been assigned the DBA role. SQL Developer makes this easy to ascertain, just click on the ‘User Grantees’ panel. Who has the keys to your car? Making Changes to Roles and Users If you mouse-right-click on a user in the Tree, you can do individual tasks like grant a sys priv or expire an account. But, you can also use the ‘Edit User’ dialog to do a lot of work in one pass. As you click through options in these dialogs, it will build the ‘ALTER USER’ script in the SQL panel, which can then be executed or copied to the worksheet or to your .SQL file to be ran at your discretion. A Few Clicks vs a Lot of Typing These dialogs won’t make you a DBA, but if you’re pressed for time and you’re already in SQL Developer, they can sure help you make up for lost time in just a few clicks!

    Read the article

  • Administrator File Modification Privilege

    - by Leigh Riffel
    Windows Server 2008 apparently allows an application to somehow configure the folder so that any changes made within the folder require administrator level access. I login with an account that has administrator privileges, but is not the local administrator account. When I do so I find that I can't save changes to files opened within this folder. I know I can open the application as administrator or move the file out of the folder, make the change, then move it back in, but I'm hoping there is a better way short of disabling the protection entirely. Is there a way perhaps to remove it for the files I frequently edit?

    Read the article

  • External mouse clicks not working during UAC prompt/windows or other elevated privilege programs

    - by user26453
    I have a Logitech Revolution VX, a small portable mouse. I use it on my laptop running Windows 7 64bit Professional. When a UAC prompt comes up, I can use the mouse to move the pointer, however any clicking via the external mouse is disabled. I have to use my trackpad to actually click. This continues on into whatever UAC window comes next, such as a program install. The mouse pointer can move via my external mouse, but no button clicks register except on the trackpad. This also happens if I am to right click a program and select "Run as Administrator". The external mouse will move the pointer, but no button clicks work. I've tried to google for this issue but haven't found anything. To be it seems generally a problem with my external mouse driver not running with elevated privileges itself. Any help would be appreciated.

    Read the article

  • LDAP for privilege control?

    - by neoice
    I've been wondering for a while if LDAP can be used to control user privileges. For example, if I have UNIX and web logins, is there an easy way to grant a user access to just or just UNIX (or even both?) My current attempt at solving this very problem was to create 'login' and 'nologin' groups, but this doesn't seem fine-grained enough to meet the ideas I have in my head. I'm also still in the situation where all UNIX users are web users, which isn't a problem so much as an indicator of the limitations. Does anyone have any input on this? Has this problem already been solved?

    Read the article

  • Windows Vista/Win7 Privilege Problem: SeDebugPrivilege & OpenProcess

    - by KevenK
    Everything I've been able to find about escalating to the appropriate privileges for my needs has agreed with my current methods, but the problem exists. I'm hoping maybe someone has some Windows Vista/Win7 internals experience that might shine some light where there is only darkness. I'm sure this will get long, but please bare with me. Context: I'm working on an app that requires accessing the memory of other processes on the current machine. This, obviously, requires administrator rights. It also requires SeDebugPrivilege, which I believe myself to be acquiring correctly, although I question if more privileges aren't necessary and thus the cause of my problems. Code has so far worked successfully on all versions of Windows XP, and on my test Vista32 and Win7x64 environments. Process: Program will Always be run with Administrator Rights. This can be assumed throughout this post. Escalating the current process's Access Token to include SeDebugPrivilege rights. Using EnumProcesses to create a list of current PIDs on the system Opening a handle using OpenProcess with PROCESS_ALL_ACCESS access rights Using ReadProcessMemory to read the memory of the other process. Problem: Everything has been working fine during development and my personal testing (including Windows XP 32 & 64, Windows Vista 32, and Windows 7 x64). However, during a test deployment onto both Windows Vista(32-bit) and Windows 7(64-bit) machines of a colleague, there seems to be a privilege/rights problem with OpenProcess failing with a generic Access Denied error. This occurs both when running as a limited User (as would be expected) and also when run explicitly as Administrator (Right-click Run as Administrator and when run from an Administrator level command prompt). However, this problem has been unreproducible for myself in my test environment. I have witnessed the problem first hand, so I trust that the problem exists. The only difference that I can discern between the actual environment and my test environment is that the actual error is occurring when using a Domain Administrator account at the UAC prompt, whereas my tests (which work with no errors) use a local administrator account at the UAC prompt. It appears that although the credentials being used allow UAC to 'run as administrator', the process is still not obtaining the correct rights to be able to OpenProcess on another process. I am not familiar enough with the internals of Vista/Win7 to know what this might be, and I am hoping someone has an idea of what could be the cause. The Kicker: The person who has reported this error, and who's environment can regularly reproduce this bug, has a small application named along the lines of RunWithDebugEnabled which is a small bootstrap program which appears to escalate its own privileges and then launch the executable passed to it (thus inheriting the escalated privileges). When run with this program, using the same Domain Administrator credentials at UAC prompt, the program works correctly and is able to successfully call OpenProcess and operates as intended. So this is definitely a problem with acquiring the correct privileges, and it is known that the Domain Administrator account is an administrator account that should be able to access the correct rights. (Obviously obtaining this source code would be great, but I wouldn't be here if that were possible). Notes: As noted, the errors reported by the failed OpenProcess attempts are Access Denied. According to MSDN documentation of OpenProcess: If the caller has enabled the SeDebugPrivilege privilege, the requested access is granted regardless of the contents of the security descriptor. This leads me to believe that perhaps there is a problem under these conditions either with (1) Obtaining SeDebugPrivileges or (2) Requiring other privileges which have not been mentioned in any MSDN documentation, and which might differ between a Domain Administrator account and a Local Administrator account Sample Code: void sample() { ///////////////////////////////////////////////////////// // Note: Enabling SeDebugPrivilege adapted from sample // MSDN @ http://msdn.microsoft.com/en-us/library/aa446619%28VS.85%29.aspx // Enable SeDebugPrivilege HANDLE hToken = NULL; TOKEN_PRIVILEGES tokenPriv; LUID luidDebug; if(OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken) != FALSE) { if(LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &luidDebug) != FALSE) { tokenPriv.PrivilegeCount = 1; tokenPriv.Privileges[0].Luid = luidDebug; tokenPriv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; if(AdjustTokenPrivileges(hToken, FALSE, &tokenPriv, 0, NULL, NULL) != FALSE) { // Always successful, even in the cases which lead to OpenProcess failure cout << "SUCCESSFULLY CHANGED TOKEN PRIVILEGES" << endl; } else { cout << "FAILED TO CHANGE TOKEN PRIVILEGES, CODE: " << GetLastError() << endl; } } } CloseHandle(hToken); // Enable SeDebugPrivilege ///////////////////////////////////////////////////////// vector<DWORD> pidList = getPIDs(); // Method that simply enumerates all current process IDs ///////////////////////////////////////////////////////// // Attempt to open processes for(int i = 0; i < pidList.size(); ++i) { HANDLE hProcess = NULL; hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pidList[i]); if(hProcess == NULL) { // Error is occurring here under the given conditions cout << "Error opening process PID(" << pidList[i] << "): " << GetLastError() << endl; } CloseHandle(hProcess); } // Attempt to open processes ///////////////////////////////////////////////////////// } Thanks! If anyone has some insight into what possible permissions/privileges/rights/etc that I may be missing to correctly open another process (Assuming the executable has been properly "Run as Administrator"ed) on Windows Vista and Windows 7 under the above conditions, it would be most greatly appreciated. I wouldn't be here if I weren't absolutely stumped, but I'm hopeful that once again the experience and knowledge of the group shines bright. I thank you for taking the time to read this wall of text. The good intentions alone are appreciated, thanks for being the type of person that makes SO so useful to all!

    Read the article

  • How to add a privilege to an account in Windows?

    - by mark
    Given: A VM running Windows 2008 I am logged on there using my domain account (SHUNRANET\markk) I have added the "Create global objects" privilege to my domain account: The VM is restarted (I know logout/logon is enough, but I had to restart) I logon again using the same domain account. It seems still to have the privilege: I run some process and examine its Security properties using the Process Explorer. The account does not seem to have the privilege: This is not an idle curiousity. I have a real problem, that without this privilege the named pipe WCF binding works neither on Windows 2008 nor on Windows 7! Here is an interesting discussion on this matter - http://social.msdn.microsoft.com/forums/en-US/wcf/thread/b71cfd4d-3e7f-4d76-9561-1e6070414620. Does anyone know how to make this work? Thanks. EDIT BTW, when I run the process elevated, everything is fine and the process explorer does display the privilege as expected: But I do not want to run it elevated. EDIT2 I equally welcome any solution. Be it configuration only or mixed with code. EDIT3 I have posted the same question on MSDN forums and they have redirected me to this page - http://support.microsoft.com/default.aspx?scid=kb;EN-US;132958. I am yet to determine the relevance of it, but it looks promising. Notice also that it is a completely coding solution that they propose, so whoever moved this post to the ServerFault - please reinstate it back in the StackOverflow.

    Read the article

  • MySQL asking a user for SUPER privilege to perform a delete.

    - by Fran
    Hello, When trying to do a delete operation on a table, mysql reports the following error: Error code 1227: Access denied; you need the SUPER privilege for this operation. However, my user has this privilege granted for all tables in the schema: GRANT ALL PRIVILEGES ON myschema.* TO 'my_admin'@'%' How come it asks me for SUPER privilege for a delete? Thanks in advance.

    Read the article

  • Help with error creating SharePoint list (probably due to privilege issues)

    - by Swami
    I'm getting an error when trying to activate a webpart. It activates fine in one setup , but fails in a different one. Administrator in both. Seems like it fails because it's not able to create the list. The error is: Message: Value cannot be null. Stack Trace: at Microsoft.Sharepoint.SPRoleAssignment..ctor at ClientRequestHandler.CreateList(... private static void CreateLists() { try { SPSecurity.RunWithElevatedPrivileges(delegate() { using (SPSite site = SPContext.Current.Site) { using (SPWeb web = site.RootWeb) { string listName = LIST_NAME; bool listExist = ContainList(web, listName); if (!listExist) { AddFieldDelegate _delegate = new AddFieldDelegate(AddAttachmentFields); SPList list = CreateList(web, listName, _delegate); RegisterList(web, list, KEY); } } } }); } catch (Exception ex) { throw new Exception(String.Format("Message: {0} Stack Trace: {1}", ex.Message, ex.StackTrace.ToString())); } } private static SPList CreateList(SPWeb web, string listName, AddFieldDelegate _delegate) { web.AllowUnsafeUpdates = true; SPListTemplateType genericList = new SPListTemplateType(); genericList = SPListTemplateType.GenericList; Guid listGuid = web.Lists.Add(listName, "List", genericList); SPList list = web.Lists[listGuid]; list.Hidden = true; SPView view = _delegate(list); view.Update(); //Remove permissions from the list list.BreakRoleInheritance(false); //Make site owners the list administrators SPPrincipal principal = web.AssociatedOwnerGroup as SPPrincipal; SPRoleAssignment assignment = new SPRoleAssignment(principal); assignment.RoleDefinitionBindings.Add(web.RoleDefinitions.GetByType(SPRoleType.Administrator)); list.RoleAssignments.Add(assignment); //update list changes list.Update(); return list; }

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >