Search Results

Search found 107356 results on 4295 pages for 'user account control'.

Page 287/4295 | < Previous Page | 283 284 285 286 287 288 289 290 291 292 293 294 | Next Page >

Is it safe to delete "Account Unknown" entries from Windows ACLs in a domain environment?

- by Graeme Donaldson

It's not uncommon to see entries in Windows ACLs (NTFS files/folders, registry, AD objects, etc.) with the name "Account Unknown (SID)". Obviously these are because of old AD users or groups which at some point had permissions manually configured on the relevant object and have since been deleted. Does anyone know if it is safe to remove these "Account Unknown" ACEs? My gut feeling is that it should be just fine, but I'm wondering if anyone has any past experiences where doing this has caused trouble? Normally I just ignore these, but the company I'm working at now seems to have an abnormal number of these, most likely due to past admins' inexperience with AD/Windows and assigning permissions to user accounts rather than groups in all sorts of weird places. FWIW, our environment is not complex, a single domain forest, 4 DCs in 3 sites, with all network connectivity and replication healthy, so I'm certain that these "Account Unknown" entries are really old accounts, and not just because of some failure to resolve the SID to a human-readable name.

Read the article
haproxy access list using path_dir having issues with firefox

- by user11243

I'm trying to route all requests containing a path directory of /socket.io/ to a separate port with HAProxy. Here is my config file: global maxconn 4096 # Total Max Connections. This is dependent on ulimit nbproc 2 defaults mode http frontend all 0.0.0.0:80 timeout client 86400000 default_backend web_servers acl is_stream path_dir socket.io use_backend stream_servers if is_stream backend web_servers balance roundrobin option forwardfor # This sets X-Forwarded-For timeout server 30000 timeout connect 4000 server web1 127.0.0.1:4000 weight 1 maxconn 1024 check backend stream_servers balance roundrobin option forwardfor # This sets X-Forwarded-For timeout queue 5000 timeout server 86400000 timeout connect 86400000 server stream1 127.0.0.1:5100 weight 1 maxconn 1024 check URL paths with a /socket.io/ get correctly directed to port 5100 in chrome and safari. However not for firefox. I'm running Haproxy locally on my mac for dev, not sure if it has anything to do with it. I'm using haproxy 1.4.8 and Firefox 3.6.15. I've tried clearing cache on firefox and it didn't help, so I'm thinking there's something wrong with the way HAProxy parses through the Firefox request headers.

Read the article
Can I create an SSH user which can access only certain directory?

- by RiMMER

I have a Virtual Private Server which I can connect to using SSH with my root account, being able to execute any linux command and access all the disk area, obviously. I would like to create another user account, which would be able to access this server using SSH too, but only to a certain directory, for example /var/www/example.com/ For example, imagine this user has a HUGE error.log file (500 MB) located in /var/www/example.com/logs/error.log When accessing this file using FTP, this user needs to download 500 MB to view the last lines of the log, but I'd like him to be able to execute something like this: tail error.log Therefore I need him to be able to access the server using SSH, but I don't want to grant him access to all server areas. How can I do this?

Read the article
How to add an account to Entourage that's only a mail forward?

- by Robot

I have two email accounts, one is my main account, and the other just forwards to the main. I'd like to select either address from the From: dropdown list, but I think the forward would need to be formal Entourage account for that to work. If I add the forward acct, it insists on trying to login, even though there is no real mailbox for it... it's just a forward. This happens even if I don't check the "Include this account in my Send & Receive All Schedule" checkbox. Is there any way to prevent login attempts, or to add From: addresses without adding them as real mailbox accounts? -Robot

Read the article
Change the Powershell $profile directory

- by Swoogan

I would like to know how to change my the location my $profile variable points to. PS H:\> $profile H:\WindowsPowerShell\Microsoft.PowerShell_profile.ps1 H:\ is a network share, so when I create my profile file, and load powershell I get the following: Security Warning Run only scripts that you trust. While scripts from the Internet can be useful, this script can potentially harm your computer. Do you want to run H:\WindowsPowerShell\Microsoft.PowerShell_profile.ps1? [D] Do not run [R] Run once [S] Suspend [?] Help (default is "D"): According to Microsoft, the location of the $profile is determined by the %USERPROFILE% environment variable. This is not true: PS H:\> $env:userprofile C:\Users\username For example, I have an XP machine working how I want: PS H:\> $profile C:\Documents and Settings\username\My Documents\WindowsPowerShell\Microsoft.PowerShell_profile.ps1 PS H:\> $env:userprofile C:\Documents and Settings\username PS H:\> $env:homedrive H: PS H:\> $env:homepath \ Here's the same output from the Vista machine where the $profile points to the wrong place: PS H:\> $profile H:\WindowsPowerShell\Microsoft.PowerShell_profile.ps1 PS H:\> $env:userprofile C:\Users\username PS H:\> $env:homedrive H: PS H:\> $env:homepath \ Since $profile isn't actually determined by %USERPROFILE% how do I change it? Clearly anything that involves changing the homedrive or homepath is not the solution I'm looking for.

Read the article
What Are Some Good Open Source Alternatives to Active Directory?

- by Laz

I'm looking for a good open-source alternative to active directory that can handle: Authorization/Authentication Group Policy Replication and Trust Monitoring In addition, are there any consolidated systems out there that handle these responsibilities? Edit: Since a lot have asked for more details, I am trying to offer a service setting up an infrastructure for organizations, hardware/software setups, right now I am looking at a Linux stack, both desktops and servers, however a hybrid stack is possible, and I am investigating alternatives.

Read the article
Regression testing for firewall changes

- by James C

We have a number of firewalls in place around our organisation and in some cases packets can pass through four levels of firewall limiting the flow TCP traffic. A concept that I'm used to from software testing is regression testing, allowing you to run a test suite against a changed application to verify that the new changes haven't affected any old features. Does anyone have any experience or an offer any solutions to being able to perform the same type of thing with firewall changes and network testing? The problem becomes a lot more complicated because you'd ideally want to be originating (and testing receipt) of packets across many machines.

Read the article
Mikrotik queues and limiting total upstream bandwidth

- by g18c

With a Mikrotik router (form of embedded Linux) I have created simple queues per machine matched by source IP address. Each of the 4 machine queues has an unlimited burst 3Mbps/3Mbps for Tx/Rx. During speedtest.net on all 4 machines at the same time, each machine shows 3Mbps (and is limited correctly there), however the total bandwidth on the uplink goes to 12Mbps (i need to set this to 10Mbps max for the upstream). I want to restrict the actual traffic passing across the uplink port to 10Mbps regardless of what the other queues are doing (I need this catch all queue to have the final say on the uplink speed). For example I need: Scenario A Machine A transferring @ 3Mbps Machine B transferring @ 3Mbps Machine C transferring @ 3Mbps Machine D transferring @ 0Mbps Up-link speed = 9Mbps Scenario B Machine A trying to transfer @ 3Mbps Machine B trying to transfer @ 3Mbps Machine C trying to transfer @ 3Mbps Machine D trying to transfer @ 3Mbps Up-link speed = 10Mbps Actual transfer speed of machine A,B,C,D = 2.5Mbps This is to allow slight over subscription of bandwidth queues as not all will be transmitting at 3Mbps all the time. Is this possible and if so how would one go about doing this?

Read the article
Allow WRITE access to local folders machine in 2003SBS AD

- by Dan M.

Have a SBS2003 client with a mess of a domain that is in process of being cleaned. But, for the life of me I cannot find a setting that will allow write access to the local hard disk for domain users with redirected profiles(to the server). This is needed only for one program that will not follow a symbolic link to the network path, instead it seems to be hard coded to the %appdata% folder but only on the c: drive.... So question is how can I allow "Domain users" write access to the local %appdata% directory? I have tried setting it manually on a machine but it kept resetting to RO no matter how many times I tried. Every time I would un-check the RO property it would reset sometime right after i hit OK. Thanks in advance! Dan

Read the article
Troubleshooting Guides for End-Users

- by user49995

I am an IT Administrator. I would like to create and distribute simple troubleshooting guides for my end-users. Does anyone know if these can be purchased anywhere? Has anyone tried a similar project and have any advice? For instance a sample entry would read: Can't connect to the internet 1) Check physical connection to internet (cable attached to your computer) 2) check wireless connection 3) ping dns server 4) if Ping fails call Tech Support

Read the article
Protect apache pages by URL

- by Thomas

Is it possible to allow access to specific URLs only to certain networks? Basically, I would like to restrict access to the admin area only to the local network This area's pages are prefixed by /admin Essentially, I would like all /admin/* to be forbidden from public access. Can apache handle such a case? Thanks UPDATE Using your suggestions I came up to <LocationMatch admin> Order allow,deny deny from all Allow From 192.168.11.0/255.255.255.0 </LocationMatch> However, I get 403 even though I am on the network. Additionally, if I put apache behind haproxy, is this going to work? Because the traffic will be coming from 127.0.0.1 to apache

Read the article
Allow READ access to local folders in 2003SBS AD

- by Dan M.

Have a SBS2003 client with a mess of a domain that is in process of being cleaned. But, for the life of me I cannot find a setting that will allow write access to the local hard disk for domain users with redirected profiles(to the server). This is needed only for one program that will not follow a symbolic link to the network path, instead it seems to be hard coded to the %appdata% folder but only on the c: drive.... So question is how can I allow "Domain users" write access to the local %appdata% directory? I have tried setting it manually on a machine but it kept resetting to RO no matter how many times I tried. Everytime I would uncheck the RO property it would reset sometime right after i hit OK. Thanks in advance! Dan

Read the article
Shared configuration for Eclipse on Debian server

- by Joris Meys

I've manually installed the latest Eclipse on our debian server and wanted to configure it so all users share the same configuration. It turned out less obvious than I thought: I don't seem to be able to install packages for all users. If I run it myself, all configuration data is saved under my own home directory. If I run Eclipse using sudo, everything is saved under the root directory but is not accessible for other users when they run Eclipse. I've been browsing the manual of Eclipse and some forums, but apart from a "yes, you can" I couldn't find any information on how that should be done. The biggest problem is installing plugins for all users to be found. Any help is greatly appreciated. Eclipse : 3.6.1 classic, installed using this procedure. Server uname: GNU/Linux * 2.6.26-2-amd64 Server is accessed using Putty, and Gnome desktop through realVNC. Just mentioning it if that is of any importance. Our sysadmin is on "prolonged leave" (working in Spain and never replaced), so I'm stuck without help here. EDIT : -- I asked this question also on StackOverflow as I wasn't certain this is a genuine server-related question. Please feel free to merge both questions at the appropriate place. --

Read the article
Freebsd jail for an small company - checklist - what shouldn't forget

- by cajwine

Looking for an checklist for an "small company freebsd/jail server". Having pretty common starting point: FreeBSD jail (remote/headless) for the company: public web, email, ftp server, and private (maybe in the future partially public) wiki (foswiki) 4 physical persons, (6 email addresses) + one admin - others will never use ssh) have already done usual hardening on the host side (like pf, sshguard etc). my major components are: dovecot, exim, apache22, proftpd, perl5.14. Looking for an checklist, what I shouldn't forget. My plan: openssl self-signed certificates for exim, dovecot and proftpd (wildcard keys) openssl self-signed certificate for apache (later will go for "trusted-signed" key) My questions are: is is an "good practice" having one pair of wildcard SSL-certificates for many programs? (exim, dovecot, proftpd) - or should I generate one key for each service? should I add all 4 persons as standard (unix) users, or I should go with virtual users? Asking because: have only small count of users, and it is more simple to configure everything (exim, dovecot) for local users ($HOME/Maildir), plus ability to set $HOME/.forward/vacation and etc. is here some (special) things what I should consider? (e.g. maybe, in the future we want setup our own webmail - will make this any difference?) any other recommendation? Thank you, hoping that this question fit into the http://serverfault.com/faq under the: Server and Business Workstation operating systems, hardware, software Operations, maintenance, and monitoring Looking for an checklist, but please explain why you're recommending it. See Good Subjective, Bad Subjective. related: What's your suggested mail server configuration for a FreeBSD server?

Read the article
How to access MySQL when I delete the root user on openSUSE 11?

- by Negin Nicki

Unfortunately I deleted MySQL users with the command delete from mysql.user and now I can't access MySQL. I tried looking at MySQL - ERROR 1045 - Access denied, but it is not proper for me because I don't have any user for MySQL. I uninstalled and reinstalled MySQL but I can't access MySQL. What should I do? I wanted to have phpMyAdmin without login and I ruined the whole thing. After uninstalling and having no result, I tried to delete the directories of MySQL and again installing them but again no result and now I have this error: Error 2002:can't connect to local mysql server through socket /var/lib/mysql/mysql.sock I don't have any user to reset the password of, but if I have by reinstalling which I don't know how to connect to MySQL. I tried MySQL -u root I tried MySQL I tried mysqld-safe and etc in the link

Read the article
Linux Program Source Management

- by Blackninja543

This particular problem has little do with SubVersion Repositories and more to do with the management of installed programs. My question revolves around the problem of installing a program from source. If I where to build a distro with no package management system what possibilities would I have for maintaining the program is up to date. My only idea would be to keep a record of all the programs installed from source and perform a periodic check to identify if a new version is out.

Read the article
Running Visual Studio 2010 in a University Campus

- by Woondows

We have just installed Windows 7 Enterprise x64 in one of our computer labs being used by students for programming. However, when we installed Visual Studio 2010 Ultimate on the machines, we found that to even launch the application (devenv.exe), required the student to enter the administrator password (the usual UAC prompt). Of course, we could just turn off UAC, but that would defeat the purpose of having it in Windows 7. On the other hand, we cannot really give the students local administrator privilege, as we are concerned that they will do some malicious stuff on the computers. Previously when we used Windows XP Professional running Visual Studio 2005, we had no problems. Kindly advise if there's any workaround for this. EDIT: Thanks for the answer guys. Mayank, your links may work for Visual Studio .Net, but it doesn't seem to work for Visual Studio 2010. Ryan, Tieson, I'm intrigued that you guys managed to get it working easily. FYI I don't manage the Group Policies, but I can get them changed if necessary. Any particular GP that I should be looking at? Suggestions to how to troubleshoot further why UAC is being invoked? At least now I know for sure that this is not supposed to be the default behaviour for Visual Studio 2010 so I'm going to keep digging for a solution. Will try running Procmon and see if i can find something..

Read the article
New users' directories owned by root

- by dotancohen

On a CentOS server running Plesk, new users are added for each new domain. The users' home directories are in /var/www/vhosts/. New users' home directories are owned by root, and need to have an admin with root access come in and chown them: dotan@sh2:~$ echo $HOME /var/www/vhosts/someDomain.com dotan@sh2:~$ pwd /var/www/vhosts/someDomain.com dotan@sh2:~$ touch testFile touch: cannot touch `testFile': Permission denied dotan@sh2:~$ ls -la ../ | grep someDomain drwxr-xr-x 13 root root 4096 2012-08-07 19:47 someDomain.com dotan@sh2:~$ whoami dotan dotan@sh2:~$ chown dotan /var/www/vhosts/someDomain.com chown: changing ownership of `/var/www/vhosts/someDomain.com': Operation not permitted dotan@sh2:~$ Why might the new users' directories be owned by root, and how might we fix this? Thanks.

Read the article
Which built-in account is used for Anonymous Authentication in IIS 7?

- by smwikipedia

We know that Microsoft IIS 7.0 offer a slew of authentication methods such as Anonymous Authentication, Form Based Authentication, Digest Authentication, etc. I read from Professional IIS 7 published by Wrox that: When we use Anonymous Authentication, the end-user does not supply credentials, effectively mak- ing an anonymous request. IIS 7.0 impersonates a fixed user account when attempting to process the request (for example, to read the file off the hard disk). So, what is the fixed user account impersonated by IIS? Where can I see it? If I don't know what this account is, how could I assign proper permissions for the clients who are authenticated as anonymous users? Thanks.

Read the article
PowerShell - Limit the search to only one OU

- by NirPes

Ive got this cmdlet and I'd like to limit the results to only one OU: Get-ADUser -Filter {(Enabled -eq $false)} | ? { ($_.distinguishedname -notlike '*Disabled Users*') } Now Ive tried to use -searchbase "ou=FirstOU,dc=domain,dc=com" But if I use -SearchBase I get this error: Where-Object : A parameter cannot be found that matches parameter name 'searchb ase'. At line:1 char:114 + Get-ADUser -Filter {(Enabled -eq $false)} | ? { ($_.distinguishedname -notli ke '*Disabled Users*') } -searchbase <<<< "ou=FirstOU,dc=domain,dc=com" + CategoryInfo : InvalidArgument: (:) [Where-Object], ParameterBi ndingException + FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.PowerShell.Comm ands.WhereObjectCommand What Im trying to do is to get all the disabled users from a specific OU, BUT, there is an OU INSIDE that FirstOU that I want to exclude: the "Disabled Users" OU. as you might have guessed I want to find disabled users in a specific OU that are not in the "Disabled Users" OU inside that OU. my structure: Forest FirstOU Users,groups,etc... Disabled Users OU

Read the article
Can I backup my IMAP Gmail account locally using only Alpine?

- by BasicObject

I recently discovered cli email clients and have fallen in love with their speed and simplicity. After playing around with mutt and alpine I decided I favor alpine. I am a Gmail IMAP user and have many years of emails that I'd like to store locally. Is there a more or less convenient way to retain IMAP functionality and backup only the emails that haven't been backed up already on a weekly basis? I have alpine setup with my Gmail with IMAP and it's working great. I'm just wondering if there is a way to make an offline backup or "archive" locally on my computer while retaining the multi device access that IMAP offers. I apologize if this has been asked before, I did search for it and did not find my answer. Thank you for reading.

Read the article
How to fix this error 'cvs [checkout aborted]: no such tag r20120711' on php eclipse helios?

- by Manu-dra-kru

I am using php eclipse helios for debugging php code and using CVS as repositiry. Under CVS repository there are 3 - head branch version and head conatins the repository of server. Under head again I have 3 bms cvsroot news4u To create a new branch I used to click on news4u and select a option 'add to branch list'. But accidently I selected 'Tag as version' with name r20120711 and after that I have created a branch by same name. Now if check out is taken, it gets check out partially and gets failed and if tried to commit the resource, it says, 'no tag is found by that name'. How to fix this.

Read the article
How to display password policy information for a user (Ubuntu)?

- by C.W.Holeman II

Ubuntu Documentation Ubuntu 9.04 Ubuntu Server Guide Security User Management states that there is a default minimum password length for Ubuntu: By default, Ubuntu requires a minimum password length of 4 characters Is there a command for displaying the current password policies for a user (such as the chage command displays the password expiration information for a specific user)? > sudo chage -l SomeUserName Last password change : May 13, 2010 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7 This is rather than examining various places that control the policy and interpreting them since this process could contain errors. A command that reports the composed policy would be used to check the policy setting steps.

Read the article
Windows 7: Use VirtualStore technology as user for own benefit?

- by mfn

I've researched a bit and came to the understanding that VirtualStore is part of the new UAC feature in Vista/W7 which is the file system part of the transparent data redirection and redirects write access to folders like program files to C:\User\<username>\AppData\Local\VirtualStore\ in lack of applications respecting the LUA principles. Now I'm interested if that kind of transparent redirection can also be used as a power to the user. Here's an example which comes to my mind: I install any kind of software to e.g. D:\Whatever\ThisAndThisApp\ and I set up things that, after initial installation, any write access to this folder is transparently redirected to e.g. D:\MyOwnVirtualStore\Whatever\ThisAndThisApp\file_only_writable_here.txt. Is this thinking too far or can I actually use that power of VirtualStore as a user on Windows 7? I'm using the Professional version of that matters.

Read the article
Granting access to authzTo attribute

- by bemace

I'm trying to grant certain accounts auth access to their authzTo attribute in order to allow proxied authorization. I tried adding this ldif: dn: olcDatabase={-1}frontend,cn=config changetype: modify add: olcAccess olcAccess: {1}to authzTo by dn.children="ou=Special Accounts,dc=example,dc=com" auth - using the command ldapadd -f perm.ldif -D "cn=admin,cn=config" -W but got this error: modifying entry "olcDatabase={-1}frontend,cn=config" ldap_modify: Other (e.g., implementation specific) error (80) additional info: <olcAccess> handler exited with 1 using verbose output and turning up the debug level haven't given me any more clues. Can anyone see what I'm doing wrong?

Read the article

< Previous Page | 283 284 285 286 287 288 289 290 291 292 293 294 | Next Page >