Search Results

Search found 4763 results on 191 pages for 'policy administration'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 119/191 | < Previous Page | 115 116 117 118 119 120 121 122 123 124 125 126  | Next Page >

  • How can I restrict the backuppc client user as much as possible? (rsync)

    - by jxn
    I have backuppc making full backups of servers, but I'd like to be sure that my set up is as paranoid as possible. BackupPC is set up to backup via rsync, and it is set up to use a specific user on each client to be backed up. Because the backuppc client user has to have access to every file on the client machine and the ability to ssh into the machine without an interactive password, I'm a little nervous about securing the clients, and I'd like to know I haven't overlooked any options. Here's what I have in place: in the client user's authorized_keys file, i've included from="IPTOSERVER",command="/usr/bin/rsync" before the user's public key, so that the user can only login coming from the BackupPC server. Next, in the sudoers file, I've added this line: backuppc ALL=NOPASSWD: /usr/bin/rsync to allow root-level permissions only for the rsync command for that user. Are there other user, policy, or ssh restrictions that I can add while still allowing the backup pc client user to rsync all files?

    Read the article

  • Binding services to localhost and using SSH tunnels - can requests be forged?

    - by Martin
    Given a typical webserver, with Apache2, common PHP scripts and a DNS server, would it be sufficient from a security perspective to bind administration interfaces like phpmyadmin to localhost and access it via SSH tunnels? Or could somebody, who knew eg. that phpmyadmin (or any other commonly availible script) is listening at a certain port on localhost easily forge requests that would be executed if no other authentication was present? In other words: could somebody from somewhere in the internet easily forge a request, so that the webserver would accept it, thinking it originated from 127.0.0.1 if the server is listening on 127.0.0.1 only? If there were a risk, could it be somehow dealt with on a lower level than the application, eg. by using iptables? The idea being, that if someone found a weakness in a php script or apache, the network would still block this request because it did not arrive via a SSH-tunnel?

    Read the article

  • When, if ever, can i expect Perl 5.10 to be available on CentOS?

    - by mithaldu
    Hi, I'm mainly a Perl programmer and as such entirely clueless about linux administration and politics, but i figure people here would be able to help me on this one. I'm working on a website that is being run on a CentOS 5.4 server, which seems to be stuck on Perl 5.8.8. I know there are several guides and such out there on how to install it manually, but I'm wondering: Can i expect whoever maintains CentOS (I really have no clue about the sysadmin side.) to ever officially make Perl 5.10 (or higher) available for 5.4? If so, when?

    Read the article

  • HP 4530s: Fan is Always On even When Laptop/CPU is Idle

    - by tolitius
    Just bought an HP 4530s from newegg. Laptop is great, but.. The FAN is always on. I did some googling, found it is a known problem, but no easily googlable solution. Tried to: Update BIOS to the latest Disable "CPU fan always on when plugged in" BIOS setting Installed Windows 7 Home (came with), Live CDed Ubuntu, Windows XP Spent 2 hours with horrible HP support Some other things that I can't already recall = spent too much time on it Laptop is not refundable (learned it the hard way, after the fact, by looking at the NEWEGG clever policy that is hidden in "details") I would really appreciate a workable solution / workaround / hack. The laptop is for my friend who will most likely be running Windows XP/7.

    Read the article

  • Configuration Of modem/router to Telnet IPV6 addr

    - by vito
    Can any one help me to configure the modem/router, so that IPV6 address assigned by modem/router to Pc. I should telnet to that IPV6 address so that i can open the modem/router administration user interface. Now I have enabled the IPV6 in my PC, i am getting a IPV6 address from Modem/router. But not able to telnet to IPV6 address given by modem/router. It is possible to telnet to IPV6 address given by modem/router. I have tried it before. But now i have forgotten the configurations. Configuration snapshot has been attached. Thank you. configuration snapshot

    Read the article

  • Centrally manage Windows 7 computers without Active Directory

    - by Sean W.
    I manage three Windows PCs at home using the principle of least privilege. This means that practically every other day when a new version of Java is released, I have to manually install the update using my administrative credentials on each machine. This is starting to become more work than I had expected. I would love to set up an active directory domain at home, but Microsoft has discontinued Windows home server; its replacement, Windows server 2012 essentials is much more expensive (about $500). Are there any free (preferably as in speech) that would allow me to centrally manage the software installed on each machine in a manner similar to that of active directory? I'd also like to find a way to centrally manage security settings, but I doubt there's an equivalent of group policy. Samba 4 would be an ideal solution, but according to its own developers, it is not yet stable enough for production use.

    Read the article

  • Overrideen ASPNet.config does not apply for legacyImpersonationPolicy

    - by Grumbler85
    I tried to override the <legacyImpersonationPolicy> Element, so a single application, will enable this policy (which is necessary, since this application breaks if disabled). So my Framework64/aspnet.config states: <configuration> <runtime> <legacyUnhandledExceptionPolicy enabled="false" /> <legacyImpersonationPolicy enabled="false" /> <alwaysFlowImpersonationPolicy enabled="false" /> <SymbolReadingPolicy enabled="1" /> <shadowCopyVerifyByTimestamp enabled="true"/> </runtime> <startup useLegacyV2RuntimeActivationPolicy="true" /> </configuration> And a local aspnet.config file has this change: <legacyImpersonationPolicy enabled="false" /> Procmon tells me the file is read by the w3wp.exe, but the settings will not apply. Can anyone point out a way how to correctly override the setting? *The Server has been restarted meanwhile, but still no changes.

    Read the article

  • How to manage a large email delivery volume from a Email Marketing App ?

    - by Newtonx
    We provide Email Marketing service through our online Application. We have about 30 customers. And each one has it's own mailling list (5k to 100k emails each). What we really want is to distribute email's delivery between 2 or more servers. I was wondering What kind of aproach/solutions MailChimp , Constant Contact uses to provide a great service ? use many servers ? many IPs ? Our spam policy suspends ANY user/customer that gets 10% bounced . We currently rotate our outgoing Mail Ip once deliveries limit per remote host is reached. Is it the best approach/solution ?

    Read the article

  • How to manage a large email delivery volume from a Email Marketing App ?

    - by Newtonx
    We provide Email Marketing service through our online Application. We have about 30 customers. And each one has it's own mailling list (5k to 100k emails each). What we really want is to distribute email's delivery between 2 or more servers. I was wondering What kind of aproach/solutions MailChimp , Constant Contact uses to provide a great service ? use many servers ? many IPs ? Our spam policy suspends ANY user/customer that gets 10% bounced . We currently rotate our outgoing Mail Ip once deliveries limit per remote host is reached. Is it the best approach/solution ?

    Read the article

  • How to allow simple file sharing on Windows Server 2008R2 through VPN

    - by Martin Wiboe
    We are a small, distributed company with a Windows Server 2008R2 installation. I would like to set up a way for our employees to connect securely to this server via VPN and then be able to map a network drive. I have gotten this to work somewhat by installing the Network Policy and Access Services Role on the server and using the default settings. I have also created a network share on the server. The problem is that our connectivity is sporadic (sometimes the service stops listening on the port or simply refuses to authorize correct credentials) and slow. I can always connect through VPN, but mapping is problematic. I would be grateful for the answer on how to accomplish this as well as some guidance on whether I am on the right track. Thanks in advance!

    Read the article

  • Recommendations for a cloud/hosted server environment that can run different Windows VMs?

    - by Rory
    I currently have a colocated Win 2008 server that I use for hosting different windows VMs for testing: Win 2008, Win XP, Vista, Win7, Win 2000. I'd like to ditch the server and use something like Amazone AWS but the key thing is I need to be able to launch VMs for these different windows versions. AWS doesn't allow this currently. Can anyone recommend somewhere that I could use? The main reasons I want to get away from my own server are: administration: backup, windows updates, etc space: disk limitations mean I can't have all the VMs I want. I'd like to be able to pay for space incrementally. I'll typically only run 1-3 at a time but want lots of snapshots of different machines.

    Read the article

  • What are the components required to run taskpads on a workstation?

    - by Darktux
    we are planning to implement task pads in our enviroment for delegation for user administration.I have few questions regarding this. 1.) To run a taskpad (with AD users and computers) ; does the workstation contain whole set of Administrative tools oris there a way just to compy dsa.msc to all workstations and get done with? Note: All tak pads will be shared on a file share and users access them via powershell scripts. 2.) We are creating MMC's in Windows 7 and keeeping them in a share; will the work with Windows XP too or do we need to develop 2 versions of them? We are aiming to keep away software from workstations and maintain it as much as possible on centralized file shares. Please shoot me any questions or clarifications pertaining to my query.

    Read the article

  • How do I turn autocomplete on for a server running Windows Server 2008?

    - by user16011
    My end users are not able to use autocomplete when they use a web application hosted on a particular server. Autocomplete is usually a client-side setting. My users can use autocomplete when they are on other websites so I think it is a server setting in this case. How do I turn autocomplete on for a server running Windows Server 2008? Is this a setting in IIS, a registry setting, a group policy setting, or something else? Thanks in advance.

    Read the article

  • Restricting output to only allow localhost using iptables

    - by Dave Forgac
    I would like to restrict outbound traffic to only localhost using iptables. I already have a default DROP policy on OUTPUT and a rule REJECTing all traffic. I need to add a rule above that in the OUTPUT chain. I have seen a couple different examples for this type of rule, the most common being: -A OUTPUT -o lo -j ACCEPT and -A OUTPUT -o lo -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT Is there any reason to use the latter rather than the former? Can packets on lo have an address other than 127.0.0.1?

    Read the article

  • What are the default/recommendet access rights for %ALLUSERSPROFILE%?

    - by RED SOFT ADAIR-StefanWoe
    We have a Windows application that reads and writes some data for all users. We place it at %ALLUSERSPROFILE%\OurProgram*.* We now encounter a few cases in larger companies, where users do not have write permission to %ALLUSERSPROFILE%. Most of these cases are running Windows 7. The problem does not occur on a normal desktop installation of Windows 7 though. What is the recommended policy for this location? I have not found any "official" information about this. Is there a different location where all users have write permission?

    Read the article

  • WSUS Looping 2 updates on 2003 servers

    - by Ericrobert
    Good afternoon, Hopefully I can articulate this so that people understand my problem. We have WSUS on windows server 2008. We have 8 Windows 2003 servers. There is an update ready to install KB2982792. We install it then it says there is another update to install KB2728973. Then it says there is another update to install, again KB2982792. This goes on and on. Talked to microsoft support and they confirmed that the update was infact installed and applied to the computer (Checking untrusted certifactions confirmed that for these updates) and their suggestion was to just "Hide update". This is fine except on the WSUS server it still shows failed updates which is not okay with our policy. I'm here to ask for help figuring this out and what I can do to trouble shoot it. Thank you in advanced.

    Read the article

  • configuring linux server firewall to allow acces on a certain range of IP addresses

    - by eggman20
    Hi Guys, I'm new to linux server. I'm currently trying to get an Ubuntu 10.10 server up and running for the first time and I'm using Webmin for administration. I'm stuck on the setting up the firewall. What I need to do is to ONLY allow a range of IPs (e.g 128.171.21.1 - 128.171.21.100) to access the HTTP server and Webmin. I've seen a lot of tutorials but none of them fits what I needed. Thanks in advance!

    Read the article

  • How do I capture the output of a tty while still allowing sent characters to reach the correct desti

    - by Zak
    I currently have some systems that multiple people have access to for administration purposes. We've modified the history log so that we capture 2k lines of history per user to help aid in who has done what on the system. However, we would additionally like to capture all keyboard input when we (the administrators) log in, and log it to a file so we can see what changes were made to files once people go into vi to edit them. It will also aid us in documenting when we are going through a compile of software and the like. How can I do this? CentOS 5.4 if it makes a difference.

    Read the article

  • configuring linux server firewall to allow acces on a certain range of IP addresses

    - by eggman20
    Hi Guys, I'm not sure if this is the right place to ask this but I'm currently trying to get an Ubuntu 10.10 server up and running for the first time and I'm using Webmin for administration. I'm stuck on the setting up the firewall. What I need to do is to ONLY allow a range of IPs (e.g 128.171.21.1 - 128.171.21.100) to access the HTTP server and Webmin. I've seen a lot of tutorials but none of them fits what I needed. Thanks in advance!

    Read the article

  • Protecting a SVN server

    - by user35072
    For various reasons we are finding it increasingly difficult to work with remote workers. We are a very small developer shop and it's becoming impractical to do manual merges on a daily basis. So we're left with little choice (?) but to consider opening up our SVN servers. I'm looking into the following: Full HTTPS session Running non-80 port Strong password policy Is this enough to prevent someone hacking and stealing data? I will also look into VPN but first would like to understand any alternative solutions.

    Read the article

  • outlook iptables configuration [update]

    - by mediaexpert
    I've a Debian mail server, but only the outlook users can't be able to download the emails. I've seen a lot of post about some kind of forwarding port configuration, I've tried some commands, but I don't be able to solve this problem, please help me. [LAST UPDATE] I find a lot of TIME WAIT on ipv6 netstat tcp6 0 0 my.mailserver.it:imap2 200-62-245-188.ip2:17060 TIME_WAIT - below some config files: pop3d I think the problem was here ##NAME: POP3AUTH:1 # # To advertise the SASL capability, per RFC 2449, uncomment the POP3AUTH # variable: # # POP3AUTH="LOGIN" # # If you have configured the CRAM-MD5, CRAM-SHA1 or CRAM-SHA256, set POP3AUTH # to something like this: # # POP3AUTH="LOGIN CRAM-MD5 CRAM-SHA1" POP3AUTH="" ##NAME: POP3AUTH_ORIG:1 # # For use by webadmin POP3AUTH_ORIG="PLAIN LOGIN CRAM-MD5 CRAM-SHA1 CRAM-SHA256" ##NAME: POP3AUTH_TLS:1 # # To also advertise SASL PLAIN if SSL is enabled, uncomment the # POP3AUTH_TLS environment variable: # # POP3AUTH_TLS="LOGIN PLAIN" POP3_TLS_REQUIRED = 0 POP3AUTH_TLS="" ##NAME: POP3AUTH_TLS_ORIG:0 # # For use by webadmin POP3AUTH_TLS_ORIG="LOGIN PLAIN" ##NAME: POP3_PROXY:0 # # Enable proxying. See README.proxy # # For use by webadmin POP3AUTH_TLS_ORIG="LOGIN PLAIN" ##NAME: POP3_PROXY:0 # # Enable proxying. See README.proxy POP3_PROXY=0 ##NAME: PROXY_HOSTNAME:0 # # Override value from gethostname() when checking if a proxy connection is # required. # PROXY_HOSTNAME= ##NAME: PORT:1 ##NAME: PROXY_HOSTNAME:0 # # Override value from gethostname() when checking if a proxy connection is # required. # PROXY_HOSTNAME= ##NAME: PORT:1 # # Port to listen on for connections. The default is port 110. # # Multiple port numbers can be separated by commas. When multiple port # numbers are used it is possibly to select a specific IP address for a # given port as "ip.port". For example, "127.0.0.1.900,192.68.0.1.900" # accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1 # The ADDRESS setting is a default for ports that do not have a specified # IP address. # Port to listen on for connections. The default is port 110. # # Multiple port numbers can be separated by commas. When multiple port # numbers are used it is possibly to select a specific IP address for a # given port as "ip.port". For example, "127.0.0.1.900,192.68.0.1.900" # accepts connections on port 900 on IP addresses 127.0.0.1 and 192.68.0.1 # The ADDRESS setting is a default for ports that do not have a specified # IP address. PORT=110 ##NAME: ADDRESS:0 # # IP address to listen on. 0 means all IP addresses. ADDRESS=0 ##NAME: TCPDOPTS:0 # ##NAME: ADDRESS:0 # # IP address to listen on. 0 means all IP addresses. ADDRESS=0 ##NAME: TCPDOPTS:0 # # Other couriertcpd(1) options. The following defaults should be fine. # TCPDOPTS="-nodnslookup -noidentlookup" ##NAME: LOGGEROPTS:0 # # courierlogger(1) options. # LOGGEROPTS="-name=pop3d" ##NAME: DEFDOMAIN:0 # # Optional default domain. If the username does not contain the # first character of DEFDOMAIN, then it is appended to the username. # If DEFDOMAIN and DOMAINSEP are both set, then DEFDOMAIN is appended # only if the username does not contain any character from DOMAINSEP. # You can set different default domains based on the the interface IP # address using the -access and -accesslocal options of couriertcpd(1). DEFDOMAIN="@interzone.it" ##NAME: POP3DSTART:0 # # POP3DSTART is not referenced anywhere in the standard Courier programs # or scripts. Rather, this is a convenient flag to be read by your system # startup script in /etc/rc.d, like this: # # . /etc/courier/pop3d DEFDOMAIN="@mydomain.com" ##NAME: POP3DSTART:0 # # POP3DSTART is not referenced anywhere in the standard Courier programs # or scripts. Rather, this is a convenient flag to be read by your system # startup script in /etc/rc.d, like this: # # . /etc/courier/pop3d # case x$POP3DSTART in # x[yY]*) # /usr/lib/courier/pop3d.rc start # ;; # esac # # The default setting is going to be NO, until Courier is shipped by default # with enough platforms so that people get annoyed with having to flip it to # YES every time. # x[yY]*) # /usr/lib/courier/pop3d.rc start # ;; # esac # # The default setting is going to be NO, until Courier is shipped by default # with enough platforms so that people get annoyed with having to flip it to # YES every time. POP3DSTART=YES ##NAME: MAILDIRPATH:0 # # MAILDIRPATH - directory name of the maildir directory. # MAILDIRPATH=.maildir iptables Chain INPUT (policy DROP 20 packets, 1016 bytes) pkts bytes target prot opt in out source destination 60833 16M ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:143 state NEW,ESTABLISHED 18970 971K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:110 state NEW,ESTABLISHED Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- * * 192.168.0.0/24 0.0.0.0/0 tcp dpt:110 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 192.168.1.0/24 0.0.0.0/0 tcp dpt:110 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:25 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:110 pop3d.cnf RANDFILE = /usr/lib...pop3d.rand [req] default_bits = 1024 encrypt_key = yes distinguidhed_name = req_dn x509_extensions = cert_type prompt = no [req_dn] C=US ST=NY L= New York O=Courier Mail Server OU=Automatically-generated POP3 SSL key CN=localhost [email protected] [cert_type] nsCertType = server

    Read the article

  • How do I change the Admin password on a Ubee DVW3201B?

    - by Iszi
    I must admit that I feel rather foolish having to ask this. I recently switched ISPs, and the new one gave us a Ubee DVW3201B as our home gateway. I want to change the Administrator username/password from the defaults, but I've been having some difficulty. Every time, after I save the new username and password, I'm prompted to re-authenticate to the administration interface. It fails no matter what I try. I've tried using: New username / New password Default username / New password Default username / Default password None of the above works. This has happened twice now, with my only recourse after failure being to do a reset to factory defaults (press and hold the hard reset button for 10 seconds). Is there something I'm missing?

    Read the article

  • Unable to renew certificate in certmgr.msc in windows 2003

    - by VicF
    I am trying to renew a certificate using CertManager on Windows 2003 Server. (I have also used the certificate plug-in in MMC but its the same thing.) I am logged in with the Administrator account. When I select any of my Personal certificates and go to the All-Tasks menu I only see Open and Export. I do not see the "Renew Certificate with New Key" or "Renew this certificate with the same key" options. How do I get those options to show up? I there some security policy or service that I need to run?

    Read the article

  • How to remove IE toolbar and menu bar

    - by Metallikanz
    We have a asp.net web application which will be used in an intranet environment on IE 6. We want to change the default configuration of the browser so that it's always rendered without the Tool Bars, Menu Bars and Address Bar, just the browser window frame and the status bar should be present. We were looking at the IEAK toolkit for IE6 but it doesn't seem to have the option of turning all this off though you can turn off certain menus and toolbar options. Any ideas of how this can be done, is there a group policy setting or something that we can utilize here to get this done? Thanks for your help.

    Read the article

  • Best use of new express card on Windows

    - by jckdnk111
    I just bought a 48GB SSD express card for my laptop and I am trying to decide how best to use it. I will be running some sort of virtualization (prob VirtualBox) to test / learn Windows Server administration. I am running Windows 7 Ultimate 64 bit. I have 4GB of RAM and a 7200 RPM SATA hard disk. The express card will read at 115MB/s and write at 65MB/s. So how best to use this new disk? Readyboost, relocate pagefile, store VM disks, mix / match?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 115 116 117 118 119 120 121 122 123 124 125 126  | Next Page >