Search Results

Search found 29574 results on 1183 pages for 'directory services'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 169/1183 | < Previous Page | 165 166 167 168 169 170 171 172 173 174 175 176  | Next Page >

  • Block Domain User login

    - by Param
    I have created a Domain User id ( for example - Auser ). I have integrated my LDAP login with Firewall. I use this user to login in to firewall only. So, I want to block all the login for this User except on Firewall. Is there any way to accomplish this? As per my knowledge, we can specify :- By right click on Domain User -- Properties -- Account tab -- Logonto ( but here we have to specify Computer Name, we don't have any computer name for Firewall -- So i can't use this option ) Through Group Policy Window Setting -- Security Setting -- Local Policies -- User Rights Assignment -- Allow logon Locally (But it has to apply on Computer OU -- So i can't use this option also ) Any Other Option you know ??

    Read the article

  • Revamping an old and unstable office IT-solution using Windows Server and OpenVPN

    - by cmbrnt
    I've been given the cumbersome task to totally redo the IT-infrastructure for a customer's office. They are currently running Windows XP all over, with one computer acting as a file server with no control over which users have access to which files, and so on. To top it off, this file server also functions as a workstation, which means it gets rebooted every time the user notices some sluggish behavior or experiences problems with flash games. To say the least, this isn't working for them. Now - I've got a very slim budget, but I need to set up a new server, and I wish to run Windows Server 2008 on it. I also need the ability to access the network remotely via VPN. Would it be a good idea to install VMware ESXi 4.1 onto the new server, and then run Windows Server 2008 as well as a separate Debian install for openvpn on it? I don't like the Domain Controller for the future AD to also run a VPN-server, because of stability issues when something goes to hell with either of them. There will be no redundancy though. However, I'm not sure if there is something to gain by installing a VPN solution on the Windows Server itself, when it comes to accessing file shares on the network via VPN. I don't know how to enable users logging in via the VPN to access the remote files, since they will be accessing the network from their own home computers (which is indeed a really bad idea, but this is what I've got to work with). They won't be logged in to the windows Domain, but rather their home workgroups. I need to be able to grant access to files in certain directories based on the logged in AD-user, but every computer won't necessarily be configured to log into the domain. I'm not sure how to explain this in a good way, but I'd be happy to clarify if somethings not clear. Any help would be great, because I've got a feeling that I can't do this without introducing a bunch of costly new rules when it comes to their IT-solution. I'd rather leave that untouched and go on my merry way to the next assignment.

    Read the article

  • Can not find the source of Grant permission on a folder

    - by Konrads
    I have a security mystery :) Effective permissions tab shows that a few sampled users (IT ops) have any and all rights (all boxes are ticked). The permissions show that Local Administrators group has full access and some business users have too of which the sampled users are not members of. Local Administrators group has some AD IT Ops related groups of which the sampled users, again, appear not be members. The sampled users are not members of Domain Administrators either. I've tried tracing backwards (from permissions to user) and forwards (user to permission) and could not find anything. At this point, there are two options: I've missed something and they are members of some groups. There's another way of getting full permissions. Effective Permissions are horribly wrong. Is there a way to retrieve the decision logic of Effective Permissions? Any hints, tips, ideas?

    Read the article

  • Unable to remove invalid(orphaned?) SPNs

    - by Brent
    tldr version: Renamed domain from internal.domain.com to domain.com, have 4 SPNs that am unable to remove from DC. So my domain was internal.domain-name.com and I renamed it to domain-name.com and I thought everything was good. Several days later, I start setting up my RD Gateway and am noticing issues surrounding group policy. I run dcdiag and the SystemLog part fails. Starting test: SystemLog A warning event occurred. EventID: 0x00001796 Time Generated: 08/25/2014 02:48:30 Event String: Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a client uses NTLM with this server. An error event occurred. EventID: 0xC0001B70 Time Generated: 08/25/2014 02:49:18 Event String: The SQL Server (MSSQLSERVER) service terminated with the following service-specific error: An error event occurred. EventID: 0xC0001B70 Time Generated: 08/25/2014 02:49:48 Event String: The SQL Server (MSSQLSERVER) service terminated with the following service-specific error: An error event occurred. EventID: 0xC0001B70 Time Generated: 08/25/2014 02:52:47 Event String: The SQL Server (MSSQLSERVER) service terminated with the following service-specific error: This made me check my AD for possible connections to the .internal domain. I found four which I remove by: setspn -D E3514235-4B06-11D1-AB04-00C04FC2DCD2/d79fa59c-74ad-4610-a5e6-b71866c7a157/internal.domain-name.com ServerName setspn -D HOST/ServerName.domain-name.com/internal.domain-name.com ServerName setspn -D GC/ServerName.domain-name.com/internal.domain-name.com ServerName setspn -D ldap/ServerName.domain-name.com/internal.domain-name.com ServerName Also, checking my dns records, there's an internal subdomain that I can delete but it comes back as well. I've tried removing the spns to no avail. Is there something I'm missing?

    Read the article

  • optimal folder structure for storing 100k files on a USB drive

    - by cherouvim
    I need to store 100k files (around 40GB) in a USB drive. Each file has a unique int id (e.g 45000). Option one is to put all files in a single folder: root/ root/1.pdf root/2.pdf root/3.pdf ... root/567.pdf root/568.pdf root/569.pdf ... root/10001.pdf root/10002.pdf root/10003.pdf ... root/99998.pdf root/99999.pdf root/100000.pdf Option two is to create a [1-9][0-9]* folder hierarchy based on that id: root/ root/1/file.pdf root/2/file.pdf root/3/file.pdf ... root/5/6/7/file.pdf root/5/6/8/file.pdf root/5/6/9/file.pdf ... root/1/0/0/0/1/file.pdf root/1/0/0/0/2/file.pdf root/1/0/0/0/3/file.pdf ... root/9/9/9/9/8/file.pdf root/9/9/9/9/9/file.pdf root/1/0/0/0/0/0/file.pdf Which option will scale better? I can understand that the second option will require tons of folders but each folder will at most contain 10 folders and 1 file. Maintenance will not be an issue since everything will be controlled by an application. Note that this is a USB drive on linux and based on the above I'd also like to know whether I should go with FAT32 or NTFS.

    Read the article

  • When to raise domain functional level?

    - by Joel Coel
    We very recently completed a project to retire two old domain controllers running Server 2003 R2. They are now replaced with shiny new 2008 R2 boxes. However, the functional level of the domain has not yet been updated for the 2008 R2 servers, just in the long-shot case of the need for a rollback to the old controllers. I expect to have the all clear to update the domain by next weekend. I also want to note that our desktop clients are still 95% Windows XP. However, we're about to start a project to update our 200 or so clients to Windows 7 before the end of the calendar year. Is there any advantage to holding the domain at the 2003 functional level while we are still supporting more Windows XP than Windows 7, especially given that some of the management stations are still XP? Update: I forgot to mention earlier that we still have a pair of windows 2000 servers (not domain controllers) that support some legacy software. I'm working to replace those, but in the meantime I need to be sure that Windows 2000 can still participate in a 2008 R2 domain.

    Read the article

  • Cannot Delete an Empty Folder in Windows 7

    - by Mike Gates
    I've used this question's answer by user "Moab" to give myself permission to delete an empty folder, so that I no longer get "accessed denied". However, now when I try removing this folder, I get a message that says "The process cannot access the file because it is being used by another process." This is merely my "eclipse" (IDE) folder that I totally emptied out and am trying to delete, but for some reason cannot. I've tried quite a few things: Via Windows Explorer: Right Click - Delete Via Command Prompt RD /S /Q eclipse del /F eclipse rmdir /S eclipse I'm out of ideas, and I'd really like to delete this folder without having to install any software. I've done a bit of research and this is all I found that I could try. Does anyone have any other ideas?

    Read the article

  • Default user logon on Windows Server system

    - by Robert Koritnik
    I installed Remote Desktop Services role (ex Terminal Services) on my Windows Server 2008 R2 machine. After installation when I try to logon locally, there's no default user as it used to be. Can I tweak group policy to have my default user back? I did enable to remember last logon user, but it didn't work... Obviously RDS (ex TS) ignores this policy setting. Additional note: I'm not connected to a domain. It's a standalone development machine running server OS. No domain needed for it.

    Read the article

  • Laptops on Windows Domain sometimes have problems accessing internet when off-site

    - by FSUScoot
    Hi all-- We've had this problem for a long time. When users travel, sometimes they can't get internet access from a wired or wireless connection. Here are a couple examples: 1) A user goes to a hotel and tries to access the wireless in their room. They can connect to the access point. They open a web browser and they can't get re-directed to the hotel's login page. Because they can't log in, there's no internet access. 2) A user goes to another laboratory/university and tries to access the wired network. They connect, link is fine, PC gets IP from DHCP but no internet access. There's no login page to be re-directed to. It should just "work". What I've found is that it's a DNS issue. Because the computer is on a Windows Domain, it seems it MUST use our DNS servers. Even if you connect to an outside network and do an ipconfig /all, it looks like everything is ok. It'll even show their DNS servers listed in the config. The computer just won't use the other network's DNS server. I found a reg key that keeps our DNS servers listed and it seems that they take priority every time: HKLM\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient All the values under that key are for our AD domain. NameServer and Searchlist never change. What I've found is if the user edits the NameServer string and puts the DNS server of the network they're on, everything works just fine. They get re-directed to the hotel's correct login page or their internet access starts working. It's only a problem if the network they're on blocks outside DNS or a hotel that uses an internal name in their front page redirection that only their DNS server knows about, i.e., not public. If the re-direct page starts with an IP, like 10.10.10.10, it'll work just fine. Obviously this isn't a fix for everyone. Most of my users are pretty knowledgeable so it’s easy for me to walk them through or send them a .reg file that they can edit and run. This problem isn't limited to Windows 7. It was like this with XP as well. It's not hardware related. The problem exists on both wired and wireless, Intel or Broadcom, laptops or desktops. Anyone else have this problem? Is there a GPO I can change that I missed? Got a good work-around for this? Thanks for any help!

    Read the article

  • What filesystem comes closest to matching NTFS for support of ACLs, and highly-granular permissioning?

    - by warren
    It seems that most other filesystems handle the basic *nix permissions (ugo±rwx), with maybe an addition here or there. Or can be "made" to handle ACLs through the use of other tools on top of the system. On the wikipedia pages about filesystems (http://en.wikipedia.org/wiki/List%5Fof%5Ffile%5Fsystems & http://en.wikipedia.org/wiki/Comparison%5Fof%5Ffile%5Fsystems), it appears that while some do support extended meta-data, none support natively the level of permissioning that NTFS does. Am I wrong in this understanding?

    Read the article

  • Is there a security concern exposing NTLM authentication over http or should it only be https?

    - by Shane
    We are setting up a SharePoint 2010 site. Don't worry, this is not a Sharepoint question, just adding it for context. Most of the site will be anonymous, but some users are able to authenticate in and edit content. They use NTLM (users exist in AD). Is there any concern about exposing NTLM login for users that can modify content over the internet via http or should that only be exposed via https?

    Read the article

  • Simulate a DFS share for a user not on domain with a folder in path

    - by user223655
    I have a consultant whose computer is not on the domain and needs to access various network resources. Unfortunately while adding a computer to the domain is a difficult bureaucratic process (and would disallow much of his development software from even running given the domain restrictions), we can allow him to have credentials to access network resources. As such, he accesses various network resources via NET USE etc. without using DFS. There is one piece of software which requires him to have the same hardcoded path as other domain users but that path is a DFS path which he can't map (i.e., the software checks the path at runtime and will only run if it matches the registered path and will reject it in the context of using a DFS versus conventional machine path) I was wondering if there's some method to simulate the DFS path without actually using DFS. e.g., the path the software needs to see is "\ABC\DFS\software\app.exe" whereas the non DFS path is "\DEF\Software\app.exe" while I could make his hosts file point DEF to ABC, I'm not sure if I can somehow make it point there with the DFS "folder" as well are there any methods for this short of making changes to the AD to allow him to use DFS or add him to the domain (both of which are politically/technically challenging sadly)? Thanks guys

    Read the article

  • trouble with AD and profile import

    - by GeorgeWNYC
    I am involuntary Admin for a MOSS 2007 site. We use profile import from AD, from two domains: Mycompany.com and AM.MyCompany.Com I was looking at the log for the PEOPLE_DL_IMPORT Content source and it has many entries like: spsimport://?$$dl$$/MyCompany.com/MyCompany.com/MyCompany.com/am.MyCompany.com/MyCompany.com/am.MyCompany.com/MyCompany.com/am.MyCompany.com/am.MyCompany.com/MyCompany.com/am.MyCompany.com/am.MyCompany.com/am.MyCompany.com/MyCompany.com/MyCompany.com/am.MyCompany.com/am.MyCompany.com It certainly doesn't look right. Is this normal? What can I do to remedy it ? Can I start over? There are users already in SP and some of them are in SP groups for permission purposes.

    Read the article

  • How do I prevent 'net ads join' from doing DDNS update?

    - by genehack
    I'm using 'net ads join' to add Linux servers to an AD domain. The servers are multi-homed, with a public IP on eth1 and a non-routable private background network on eth0 (in the 172.20 space, used for netboots and installs and stuff -- no routing to the Internet on that network). When I 'net ads join', it appears that a DDNS entry is getting created for the 172.20 interface. How can I prevent this from happening? (FWIW, my powers at the AD level are very limited -- I can join servers and delete server records but that's about it...)

    Read the article

  • Replacement for NIS/YP

    - by mdpc
    The company that I am working for is embarking on replacing the current locally developed NIS/YP structure with LDAP. We already have AD in house for the Windows stuff and would like to consider using an AD system. The AD people are quite restrictive and would not support extensive modifications. We have needs to have the replacement include the support the full capabilities of the NIS/YP suite include netgroups, login restrictions to specific servers for specific users or groups of users, consistent passwords between the *nix and Windows environment,etc. Our environment is a mixture of Linux (suse, RH, Debian), Sun, IBM, HP and MPRAS as well as a NETAPP. So whatever we use must be totally inclusive to all environment. We have looked at Likewise, but our management wants other alternatives to compare with. What other things should I be looking at and what is you assessment of the alternative? Thanks

    Read the article

  • Windows 2008 R2 DNS cant resolve own SOA

    - by user46742
    We have two Domain Controllers for our network. They both run DHCP, DNS, and ADS. They are both VM's sitting on MS Hyper V Server 2008 on separate physical hosts. We had our primary DC go down a week ago. I upgraded an already existing VM to Primary DC and built a new VM for the secondary. Both DNS servers are running and the SOA is configured correctly for Primary DC 1. However when I run the best practice analyzer it states the server cannot resolve it's own SOA. Check the configuration in the adapter. I checked and they are configured properly. I also went through the DNS entries thoroughly and made sure there was no records of the previous DC that went down. NSLOOKUP resolves the domain and primary dc fine. I also checked the firewalls on the machines and our physical firewall for any deny packets. Any suggestions? I appreciate any help!

    Read the article

  • How to clean up orphaned SID's in ACEs in AD?

    - by geoffc
    As a follow up to my question Do backlinks clear in AD for deleted users I have another related but different question. Since I am informed in the answers there that a deleted object's SID (Group or User, so assigning rights to group only minimizes the issue, and does not fix it) will remain within ACEs they have been assigned, leaving them orphaned. Lotus Domino, which has similar issues with back references, has an adminp process to clean up such orphaned references. Is there a similar process in AD that would allow you to clean up such orphaned SIDs floating around your domain?

    Read the article

  • Is there a way in IE9 on a Virtual Machine to do AD auth in IE9 without the machine being added to the domain but the host machine is?

    - by Micah Armantrout
    I have a virtual machine that is running IE 9 and windows 7 Latest Updates that I want to use to test my intranet site (ASP.Net Application). I can't add the virtual machine to the domain and I don't want to have to type my ad cruds everytime I load the site up. Is there a way for the IE on the virtualbox to Authenticate as my AD Cruds on the host machine so I don't have to always put my username and password in ? I guess I can just have IE on the virtual machine remember my username and password but other than that is there another way to do this ?

    Read the article

  • Correção de permissão de pastas [closed]

    - by Cezar Luiz
    Olá todos boa tarde. Fiz uma mer... aqui e uma pasta minha ficou assim. ls -lha total 20K ?--------- ? ? ? ? ? brsdinfra001 Onde deveria ter alguma coisa como drwxrwxr-x 2 nobody nobody 4.0K Oct 4 09:45 Alguem sabe como consertar isso? ENGLISH TRANSLATION: Hello good afternoon everyone. I made a mer ... and here I was just a folder. ls-lha 20K total? ---------? ? ? ? ? brsdinfra001 Where should have something like drwxrwxr-x 2 nobody nobody 4.0K Oct 4 09:45 Anyone know how to fix this?

    Read the article

  • Create a new domain with the same name of a trusted domain

    - by Russ
    I have a domain blah.com that was aquired a while back by my company foo.com. I set up a two way trust between the two domains, but now I want to move their servers into our forest, while keeping the domain name of blah.com. Is this possible? What things do I need to consider when doing this? I know I can't move the domain from its forest into our forest. blah.com is a 2003 native domain/forest foo.com is a 2008R2 domain/2003 forest.

    Read the article

  • AD password not synchronising properly

    - by Kaczmar
    I have 600+ users in AD, but only one causes me trouble. The problem is I can reset his password from AD, he can then log in to his machine. After that he would like to change his password from Windows 7, and proceeds without errors. Logs out or locks the workstation but cannot access it again using either old or new password. So I have to reset it again and he can only use the one I provide for him. All our machines are in the same physical location in the same subnet. Functional level is 2003. I'm totally out of ideas. I could create him new user account, but I'd possibly like to know what causes this. I can only suspect some sort of synchronisation problems but other accounts work fine, and I don't know how to dig deeper into this. Thanks, Piotr

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 165 166 167 168 169 170 171 172 173 174 175 176  | Next Page >