Search Results

Search found 14260 results on 571 pages for 'regex group'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 258/571 | < Previous Page | 254 255 256 257 258 259 260 261 262 263 264 265  | Next Page >

  • How to authenticate users in nested groups in Apache LDAP?

    - by mark
    I've working LDAP authentication with the following setup AuthName "whatever" AuthType Basic AuthBasicProvider ldap AuthLDAPUrl "ldap://server/OU=SBSUsers,OU=Users,OU=MyBusiness,DC=company,DC=local?sAMAccountName?sub?(objectClass=*)" Require ldap-group CN=MySpecificGroup,OU=Security Groups,OU=MyBusiness,DC=company,DC=local This works, however I've to put all users I want to authenticate into MySpecificGroup. But on LDAP server I've configured that MySpecificGroup also contains the group MyOtherGroup with another list of users. But those users in MyOtherGroup are not authenticated, I've to manually add them all to MySpecificGroup and basically can't use the nested grouping. I'm using Windows SBS 2003. Is there a way to configure Apache LDAP to do this? Or is there a problem with possible infinite recursion and thus not allowed?

    Read the article

  • Restoring permissions on Windows 2008

    - by Andrey
    I have played with folder permissions due to SVN not being able to write to a folder and now I got into a state where I go to any folder of C: drive in Windows Explorer and when I right-click it takes 30 seconds to show the context menu and it just hangs the window after that. It definitely has something to do with permissions as it was all working fine until I started tweaking permissions about an hour ago. My login belongs to two groups Users and Administrators. I changed ownership of C drive to Administrators group and I think it screwed everything, but I can't change it back because I don't even remember what it was :) Oh, and only Administrators group has access to drive C now. Any way to reset permissions to some previous state or some workable state?

    Read the article

  • Mac Leopard Server Apache Permission Denied

    - by dallasclark
    I've setup the web server successfully on Mac Leopard Server and sites work fine within the DocumentRoot directory. I have mounted a volume which has restricted access to users within a group. I would like to point the web server to directories within this volume. Can I add the user the web service is using to the group that has access to this Volume, if so: how do I find out what the user is? I can confirm the web server is pointing to the right directory as log files show the full directory path. When you access the site's URL, it shows Access Forbidden.

    Read the article

  • Jail Linux user to directory for FTP login

    - by Greg
    I'm planning on using vsftpd to act as a secure ftp server, but I am having difficulty controlling the linux users that will be used as ftp logins. The users are required to be "jailed" into a specific directory (and subdirectories) and have full read/write access. Requirements: - User account "admin_ftp" should be jailed to /var/www directory. - Other accounts will be added as needed, for each site... e.g: - User account "picturegallery_ftp" should be jailed to /var/www/picturegallery.com directory. I have tried the following, but to no avail: # Group to store all ftp accounts in. groupadd ftp_accounts # Group for single user, with the same name as the username. groupadd admin_ftp useradd -g admin_ftp -G ftp_accounts admin_ftp chgrp -R ftp_accounts /var/www chmod -R g+w /var/www When I log into FTP using account admin_ftp, I am given the error message: 500 OOPS: cannot change directory:/home/admin_ftp But didn't I specify the home directory? Extra internets for a guide how to do this specifically for vsftpd :)

    Read the article

  • Apache security for multi-user development web server.

    - by mrmartinblue
    I've been searching and reading through documents all morning and understand that I need to use some combination of chown and probably 'jailing' to securely give programmers access to directories on my centos webserver. Here's the situation: I have an apache web server that has any number of virtual sites located in /var/www/site1 /var/www/site2 etc.. I have different developers that need full access both ssh and vsFTP to only the site they are working on. What is the best way to create and maintain security in this scenario. My thought would be to create a new user for each coder, jail that user to the website directory they are allowed to work in, add their user to a group and set the webroot's owner to that group. Any thoughts? Good, bad, ugly? Thanks!

    Read the article

  • Windows Server 2008 Migration - Did I miss something?

    - by DevNULL
    I'm running in to a few complications in my migration process. My main role has been a Linux / Sun administrator for 15 yrs so Windows server 2008 environment is a bit new to me, but understandable. Here's our situation and reason for migrating... We have a group of developers that develop VERY low-level software in Visual C with some inline assembler. All the workstations were separate from each other which cased consistency problems with development libraries, versions, etc... Our goal was to throw them all on to a Windows domain were we can control workstation installations, hot fixes (which can cause enormous problems), software versions, etc... All Development Workstations are running Windows XP x32 (sp3) and x64 (sp2) I running in to user permission problems and I was wondering maybe I missed one, tWO or a handful of things during my deployment. Here is what I have currently done: Installed and Activated Windows Server 2008 Added Roles for DNS and Active Directory Configured DNS with WINS for netbios name usage Added developers to AD and mapped their shared folders to their profile Added roles for IIS7 and configured the developers SVN Installed MySQL Enterprise Edition for development usage Not having a firm understanding of Group Policy I haven't delved deeply in to that realm yet. Problems I'm encountering: 1. When I configure any XP workstations to logon our domain, once a user uses their new AD login, everything goes well, except they have very restrictive permissions. (Eg: If a user opens any existing file, they don't have write access, except in their documents folder.) Since these guys are working on low system level events, they need to r/w all files. All I'm looking to restrict in software installations. Am I correct to assume that I can use WSUS to maintain the domains hot fixes and updates pushed to the workstations? I need to map a centralized shared development drive upon the users login. This is open to EVERYONE. Right now I have the users folders mapped upon login through their AD profile. But how do I map a share if I've already defined one within their profile in AD? Any responses would be very grateful. Do I have to configure and define a group policy for the domain users? Can I use Volume Mirroring to mirror / sync two drives on two separate servers or should I just script a rsync or MS Synctool? The drives simply store nightly system images.

    Read the article

  • Metro Apps on Windows 8 aren't working with static IP behind auth proxy

    - by Kamal
    In Windows 8 Professional, Metro Apps and Windows Update do not work with static IP settings behind authenticated proxy server. They work with DHCP on the same proxy settings (we have DHCP for wifi and static IP for LAN, both using the same proxy server). IE, Chrome and other desktop apps work nicely with both. Metro apps worked with an auth proxy (DHCP only), when I changed their proxy settings from the "edit group policy" option: Start → Settings → Edit Group Policy → Computer Configuration → Administrative Templates → Network Isolation → Internet Proxy for Apps How can I fix this?

    Read the article

  • Scheduled task based on Microsoft patch release cycle

    - by floyd
    I have a simple powershell script which unapproves all patches based on computer group name in WSUS which works great. All of our servers patch on a specific Day/Week/Time starting on Week0-Wednesday which would be the Wednesday after Microsoft Patch Tuesday (2nd Tuesday of every month) all the way to Week3-Sunday. This obviously causes problems as sometimes not all patches get applied in one reboot cycle, and then will install patches the following week during their group policy scheduled patching day/time which is what I'm trying to prevent. My question is I'm trying to schedule my script to run based on this schedule and I am finding it next to impossible using Windows Task Scheduler. For instance if I wanted something to always run on the 4th Monday after Microsoft Patch Tuesday, I cant always use the task scheduler option "4th Monday of the Month" Has anyone run into a similar situation, or know of any task scheduling tools which give you more flexibility than Windows Task Scheduler?

    Read the article

  • How can I get a Windows 2008 print server to deploy to child domains?

    - by Tyler Benson
    I am setting up a print server for our company that has a parent domain and 2 child domains. The print server is on the parent domain and I have no problems getting the print server to deploy printers through group policy to users on its own domain. The problem I am having is that it isn't deploying the printers to users that are in it's child domains. Some other info that may help: I am not sharing or listing printers in the directory I have added pushprinterconnections.exe to the group policy login script Does anything come to mind?

    Read the article

  • How would one run a task sequence within a task sequence in SCCM 2012 SP1

    - by BigHomie
    A Shining Example: Inside all of my task sequences I have a group that installs driver packages conditionally based on computer model: And of course, this list does nothing but grow. The fact that it grows isn't a big deal, what is a big deal is that every time it changes I have to manually copy and paste those changes across every task sequence I have, which of course leaves huge room for human error. The same goes for other groups of tasks that are common across task sequences. Looking for a solution where I could centrally manage these tasks, be it link other task sequences to a group within another task sequence, or create a separate task sequence and link to that. I came across a solution by John Marcum (SCCM MVP) that mentioned this ability, but this was a while ago and I can't find the link to it anymore to see if it's even still being updated/maintained, but I'm looking for more of a free solution, or even using Powershell or the ConfigMgr SDK is fine with me, I'm no stranger to either. Update Getting close: http://msdn.microsoft.com/en-us/library/jj217869.aspx

    Read the article

  • Linux file permissions seem right but I can't write to a directory

    - by CaseyB
    I believe that I have the permissions set correctly but I can't write to a directory. Here's my problem: cborders@Kraken:/var/www$ ls -la total 12 drwxrwxr-x 2 webz webz 4096 2011-12-30 14:58 ./ drwxr-xr-x 13 root root 4096 2011-12-30 14:58 ../ -rw-rw-r-- 1 webz webz 177 2011-12-30 14:58 index.html cborders@Kraken:/var/www$ id cborders uid=1000(cborders) gid=1000(cborders) groups=1000(cborders),4(adm),20(dialout),24(cdrom),46(plugdev),109(sambashare),113(lpadmin),114(admin),1002(webz) cborders@Kraken:/var/www$ mkdir test mkdir: cannot create directory `test': Permission denied The owner of the directory is a user called webz and the permissions allow the user and group rwx access to it. I am in the webz group but I still can't make any changes. What am I doing wrong here?

    Read the article

  • How to configure auto-logon in Active Directory

    - by Jonas Stensved
    I need to improve our account management (using Active Directory) for a customer support site with 50+ computers. The default "AD"-way is to give each user their own account. This adds up with a lot of administration with adding/disabling/enabling user accounts. To avoid this supervisors have started to use shared "general" accounts like domain\callcenter2 etc and I don't like the idea of everyone knowing and sharing accounts and passwords. Our ideal solution would be to create a group with computers which requires no login by the user. I.e. the users just have to start the computer. Should I configure auto-logon with a single user account like domain\agentAccount? Is there anything else to consider if I use the same account for all users? How do I configure the actual auto-logon with a GPO on the group? Is there a "Microsoft way" without 3rd party plugins? Or is there a better solution?

    Read the article

  • Not able to delete file from server with permissions of 644 via PHP script

    - by letseatfood
    I am trying to delete JPEG files that were uploaded to the server via FTP. The files are uploaded and written with permissions of 644. The owner and group of the upload directory are mike and mike. I have tried changing the owner and group to www-data, but that does not seem to work. I am trying to delete the files with a PHP script using unlink(). This works on the production server (which is a hosting service), but not my development server, which is a LAMP setup. This leads me to believe it has something to do with permissions on my development server.

    Read the article

  • Grant permission for specific other AD users to unlock/log out user from PC

    - by Simon Needham
    What I'm looking to do is permission a Windows PC (ideally XP but if a later OS version is required so be it) so that a select group of users can unlock the machine, logging the current user out. This something that a Local Admin for the machine would be able to do from a locked screen, however, I'd like to avoid granting Local Admin rights to this group of users if I can. The background here is that this machine is 80% used by one person but is treated as a 'shared machine' on days that the primary user is not around. It's usefull that everybody using the machine can carry on using their own accounts with all the personalisations they are used to. I'd also like to void logging the primary user out every night. No one else in the firm has to put up with that and she does use the machine herself most of the time.

    Read the article

  • Microsoft Cluster or Oracle Fail Safe error

    - by osdm
    Trying to get Oracle Database 10g to work on Microsoft cluster (using Oracle Fail Safe, not RAC). Everything installed, but when trying to verify group or add database to group I get following error: FS-10220: Network name MSK00-NST01-1 maps to IP address 10.1.11.74 in the cluster resource but maps to IP address 10.1.1.74 on the system MSK00-NST01-1 is cluster name, 10.1.11.74 is first node IP, 10.1.1.74 is second node IP. Oracle documentation says "The cluster and the system must have the same IP address mapping for a network name. Check that either the network name server or the local host file has the same IP address mapping as the cluster." Where is the error - in Oracle configuration or in cluster configuration? What are possible ways to correct it? Thanks a lot for any ideas.

    Read the article

  • Cisco 877 as PPPoA/PPPoE bridge (no routing) - how to make it listen to IP for management?

    - by Ingmar Hupp
    I have a Cisco 877 configured to bridge ADSL with PPPoA to PPPoE on Vlan1. This works fine, but in this mode the only way I can configure the Cisco is via the serial console. I'd like to have the Cisco also listen on an IP address so I can telnet/ssh into it. I think the right way to go about this would be via bridge irb, but I'm not sure exactly how (or if that's even the right direction). IOS is 12.4T and my current config (cut down to essentials) is: no ip routing no ip cef ! ! interface ATM0 no ip address no ip route-cache no atm ilmi-keepalive pvc 0/38 encapsulation aal5snap ! dsl operating-mode auto bridge-group 1 ! ! interface Vlan1 no ip address no ip route-cache bridge-group 1 Just setting an IP address on Vlan1 didn't have the desired effect, but surely this must be possible somehow (the Draytek Vigor 120 even does it by default).

    Read the article

  • Intraforest user account merge with Active Directory

    - by Neobyte
    I have a scenario where there is a root domain (RD) and two child domains (CD1 and CD2). Users have accounts on both CD1 and CD2, with identical samAccountNames, names etc, and various applications either use the CD1 or CD2 account for authentication to resources. I need to collapse CD2 into CD1, so I want to merge the accounts together. However ADMT does not allow me this option (merge options are greyed out), I think because it does not support intraforest merge of accounts (although it does not explicitly state this anywhere in the documentation). My question is - what is the easiest way for me to merge these accounts? Ultimately all I really need (I think) is for the SID of CD2\user1 to be added to the SIDHistory of CD1\user1 - is there a tool that supports this? Computer accounts and profiles are not a concern for this scenario. Group migration is unlikely to be an issue either - CD2\user1 is usually granted resource access through membership of a group on CD1.

    Read the article

  • Publishing and setting permissions to a Linux share to AD

    - by blsub6
    I have a Linux share that I want to publish to users on my Active Directory domain. I'd like to be able to control the permissions to access that share using security groups. So say I have a share named "Share" on my Linux machine named "Linux" with IP address 192.168.1.2. I publish \\192.168.1.2\Share in AD and make it so that only people who are part of the "IT" security group can access it. What's to stop anyone who's not in the "IT" security group from just going to explorer and typing in \\192.168.1.2\Share or \\Linux\Share into their Explorer to access this share? Do I need to set up permissions on the Linux file server?

    Read the article

  • PHP + IIS Application Pool Identity Windows\Temp permissions

    - by Matt Boothman
    I am currently running PHP (5.3) on IIS 7.5 on a Win2k8 R2 Web Edition Server and would like to know what, if any, problems or security vulnerabilities I may introduct into a system by assigning Read, Write, Modify & Execute permissions to either IUSR account or the IIS_USERS group for %SystemRoot%\Temp? Should I be altering permissions to that folder at all (as Windows reminds me I probably shouldn't when i attempt to change them)? Should I create a temp folder somewhere else and set permissions accordingly? The problem is when i set Anonymous Authentication (I'm guessing is a more secure option???) to use the App Pool identity, when starting sessions PHP gets stuck in a loop because it's unable to create session files in the %SystemRoot%\Temp folder due to lack of permission on the application pool user or IIS_USERS group. Another problem being ImageMagick (PHP Extension) is being denied access to %SystemRoot%\Temp to write temporary files so is throwing exceptions. I have tried searching Google however have not found anything that touches upon this subject specifically. Any help greatly appreciated.

    Read the article

  • Preventing 'Reply-All' to Exchange Distribution Groups

    - by Larold
    This is another question in a short series regarding a challenging Exchange project my co-workers have been asked to implement. (I'm helping even though I'm primarily a Unix guy because I volunteered to learn powershell and implement as much of the project in code as I could.) Background: We have been asked to create many distribution groups, say about 500+. These groups will contain two types of members. (Apologies if I get these terms wrong.) One type will be internal AD users, and the other type will be external users that I create Mail Contact entries for. We have been asked to make it so that a "Reply All" is not possible to any messages sent to these groups. I don't believe that is 100% possible to enforce for the following reasons. My question is - is my following reasoning sound? If not, please feel free to educate me on if / how things can properly be implemeneted. Thanks! My reasoning on why it's impossible to prevent 100% of potential reply-all actions: An interal AD user could put the DL in their To: field. They then click the '+' to expand the group. The group contains two external mail contacts. The message is sent to everyone, including those external contacts. External user #1 decides to reply-all, and his mail goes to, at least, external user #2, which wouldn't even involve our Exchange mail relays. An internal AD user could place the DL in their Outlook To: field, then click the '+' button to expand the DL. They then fire off an email to everyone that was in the group. (But the individual addresses are listed in the 'To:' field.) Because we now have a message sent to multiple recipients in the To: field, the addresses have been "exposed", and anyone is free to reply-all, and the messages just get sent to everyone in the To: field. Even if we try to set a Reply-To: field for all of these DLs, external mail clients are not obligated to abide by it, or force users to abide by it. Are my two points above valid? (I admit, they are somewhat similar.) Am I correct to tell our leadership "It is not possible to prevent 100% of the cases where someone will want to Reply-All to these groups UNLESS we train the users sending emails to these groups that the Bcc: field is to be used at all times." I am dying for any insight or parts of the equation I'm not seeing clearly. Thank you!!!

    Read the article

  • Plesk hosting on MediaTemple DV

    - by David
    Hi there, We have a MediaTemple dedicated virtual running Plesk. The problem we're having is that changing the permissions of files on the server to be writable by server owner (apache) is conflicting with the ability to upload and overwrite files via the FTP user. Here's an example, I upload a file from user "serverftp" and they own the new file in the httpdocs folder. I then change the permission of an image upload folder to the apache user to that I can upload images via a PHP script. Uploading or changing that folder with the serverftp user is then locked out. Speaking to tech support didn't get very far because there are some strange group permissions going on and it would involve me adding every single domain FTP user to the pcantl group or something similar. I'm wondering how I can easily change things so that I don't have this problem anymore.

    Read the article

  • A network share folder is invisible to users

    - by Myrddin Emrys
    I have a network share folder that I was recently cleaning up permissions to. I took off the four individual names from the access permissions to the folder, and added a new security group (Universal) with standard Read/Write permissions to that folder, then added those 4 people to the group. However... now nobody can see the folder. The users can see the other 9 folders in that shared drive, but the 10th is missing. I cannot see any security permission in the parent folder or in the folder itself which would cause it to be invisible to anyone, regardless of whether they have permission to open it or edit files within.

    Read the article

  • CD/DVD cataloging software?

    - by NoCanDo
    I'm looking for freeware, or preferably open source CD/DVD cataloging applications. Right now I'm testing http://www.gentibus.com/us/Download.htm, anyone got any other suggestions? I'd like the software to be actively maintained and not released and left behind. I'm looking for software which allows me to catalog, sort, search my DVDs/CDs into databases. Like I've 1 group of 10 dvds only with Fonts etc. I want to read the content into a Database called "Fonts'". Another group of 5 DVD's with Stockimages, and I want to read all 5 DVDs into the Database "Stock Images". Then I want this software to be able to open Database "Stock Images", I want to be able to browse DVD 1 - 5 and to see DVD 1 - 5's contents without having the DVD's in the optical drive.

    Read the article

  • Windows authenticated users have lost access to master (default) database

    - by Rob Nicholson
    Something very strange has occurred on our production SQL database. Users connecting via Windows authentication appear to have lost all access to the master database. By default, all logins have the default database set to master. So when you connect using SQL Server management studio, they get the error: "Cannot open user default database. Login failed error 4064". What's also worrying is that we have a group called "COMPANY - SQL Administrator" which has sysadmin rights and users in this group also get the same error. Worse, they don't appear to be system administrators anymore... If they change their default database to something else, they can connect and then work on the database, it's just the master database that is problematic. I'm not even sure by what mechanism windows authenticated users get access to the master database. Is it something hard coded in or some property that's got changed? Any ideas? Cheers, Rob.

    Read the article

  • A proper way to create non-interactive accounts?

    - by AndreyT
    In order to use password-protected file sharing in a basic home network I want to create a number of non-interactive user accounts on a Windows 8 Pro machine in addition to the existing set of interactive accounts. The users that corresponds to those extra accounts will not use this machine interactively, so I don't want their accounts to be available for logon and I don't want their names to appear on welcome screen. In older versions of Windows Pro (up to Windows 7) I did this by first creating the accounts as members of "Users" group, and then including them into "Deny logon locally" list in Local Security Policy settings. This always had the desired effect. However, my question is whether this is the right/best way to do it. The reason I'm asking is that even though this method works in Windows 8 Pro as well, it has one little quirk: interactive users from "User" group are still able to see these extra user names when they go to the Metro screen and hit their own user name in the top-right corner (i.e. open "Sign out/Lock" menu). The command list that drops out contains "Sign out" and "Lock" commands as well as the names of other users (for "switch user" functionality). For some reason that list includes the extra users from "Deny logon locally" list. It is interesting to note that this happens when the current user belongs to "Users" group, but it does not happen when the current user is from "Administrators". For example, let's say I have three accounts on the machine: "Administrator" (from "Administrators", can logon locally), "A" (from "Users", can logon locally), "B" (from "Users", denied logon locally). When "Administrator" is logged in, he can only see user "A" listed in his Metro "Sign out/Lock" menu, i.e. all works as it should. But when user "A" is logged in, he can see both "Administrator" and user "B" in his "Sign out/Lock" menu. Expectedly, in the above example trying to switch from user "A" to user "B" by hitting "B" in the menu does not work: Windows jumps to welcome screen that lists only "Administrator" and "A". Anyway, on the surface this appears to be an interface-level bug in Windows 8. However, I'm wondering if going through "Deny logon locally" setting is the right way to do it in Windows 8. Is there any other way to create a hidden non-interactive user account?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 254 255 256 257 258 259 260 261 262 263 264 265  | Next Page >