Search Results

Search found 14540 results on 582 pages for 'policy management'.

Page 336/582 | < Previous Page | 332 333 334 335 336 337 338 339 340 341 342 343  | Next Page >

• SELinux vs. AppArmor vs. grsecurity

  - by Marco

  I have to set up a server that should be as secure as possible. Which security enhancement would you use and why, SELinux, AppArmor or grsecurity? Can you give me some tips, hints, pros/cons for those three? AFAIK: SELinux: most powerful but most complex AppArmor: simpler configuration / management than SELinux grsecurity: simple configuration due to auto training, more features than just access control

  Read the article

• BSD route(8) MAN page bug

  - by Farseeker

  http://www.freebsd.org/cgi/man.cgi?query=route Route is a utility used to manually manipulate the network routing tables. It normally is not needed, as a system routing table management daemon such as routed(8), should tend to this task. ... BUGS The first paragraph may have slightly exaggerated routed(8)'s abilities. Is this really a "bug", or some developer's attempt at humour?

  Read the article

• Connecting to VNC Server behind Router

  - by waiwai933

  Right now, I have a Mac behind a Time Capsule1, which is behind a router installed by my ISP. In System Preferences, I've enabled Remote Management, but the IP address it gives me is a local IP address. How can I set up either my VNC Server (my Mac) or my VNC Client to connect to each other? N.B. My Mac is running Leopard, if that makes a difference. 1 Equivalent to an Airport Extreme

  Read the article

• SCCM SP2 - Cannot Find amtopmgr.log File

  - by Achinoam

  Hi, I've installed SCCM SP2 - primary site, management point. I imported to it a vPro computer, but it's AMT status is "Unknown" instead of "Not Provisioned". I wanted to check the reason, but I can't find the file amtopmgr.log (it should be there). Why this file wasn't created? How can I solve it? (I tried to create this file manually - didn't help...) Thanks in advance!

  Read the article

• Need to setup a RADIUS server to authenticate a Windows client to a Windows server

  - by drosenblatt

  I have a server that I have technicians who need to be able to access using shared credentials. However, doing that violates our security policy (!). I need each user to be able to authenticate using their own credentials, but the server in question has to be logged in with a certain login (these two requirements are clearly diametrically opposed). I thought that this would be a great application for a RADIUS server. I know how to setup RADIUS to go from Windows -- Cisco, but I have no idea how to use RADIUS to authenticate Windows -- Windows. Can this be done? If so, how?

  Read the article

• Problems to connect Java visualVM to a EC2-instance

  - by kasten

  I'm trying to profile a AWS EC2 instance via visualVM. The instance is in a securitygroup which allows all connections and i'm runing jstatd with a grant codebase "file:${java.home}/../lib/tools.jar" { permission java.security.AllPermission; }; policy on it. When i try to connect from my local machine with visulVM nothing happens. When i use jps i get the following response $ jps -l -m -v rmi://ec2-xxx-xxx-xxx-xxx.compute-1.amazonaws.com Error communicating with remote host: Connection refused to host: xxx.xxx.xxx.xxx; nested exception is: java.net.ConnectException: Connection timed out But i can ssh into the instance and use jps locally. Has anyone a pointer in which direction i can debug further?

  Read the article

• Disable Offline Files (mobsync.exe) on Windows 7 Home

  - by Synetech

  This morning I was watching the CPU graph of a Windows 7 Home laptop and noticed that every few seconds, the CPU would spike several percent. I watched the processes and determined that it was mobsync.exe (Offline Files) that was the culprit. I tried the usual steps that Googling turns up, and clicking the Manage Offline Files link to bring up the Offline Files dialog to click Disable Synch does not work because the dialog will not display. This makes sense since everything I have read indicates that Offline Files is not even included/supported in the Home version, so I am at a loss as to why it is running at all, let alone why it is sucking up CPU cycles. (My best guess is that it was started when they pressed Win+X to access the Mobility Center.) Of course I can just kill mobsync, but it could always just come back. How/why would mobsync be running on a Home version and how can it be disabled (of course the Group Policy editor is not available on a Home version).

  Read the article

• Must I have Exchange to use Blackberry Enterprise Server Express?

  - by John Spaz

  In the past I've setup BES (not express) for a company that just wanted their users on the corporate network, they didn't care for email or any other enterprise feature, they just wanted to push a policy that the phones internet should be routed through the corporate network. I want to setup BES Express now for a customer that also just wants the phones on his network but wherever I look, it says that BES Express requires Exchange. Is there a way to install BES Express without Exchange and without a AD Domain? Basically what the customer wants to accomplish is to be able to filter and log the internet access on the phones.

  Read the article

• How do I prevent rpmbuild form injecting requirements into RPM package?

  - by Basilevs

  I'm creating an RPM package from native Python 2.5 one. Out corporate policy is to use python2.4 by default, so I'm adding a string Requires: python25 to a .spec file. When I look at created RPM file though, i see the following dependencies: rpm -qR -p ZSI-2.1_a1-py25.noarch.rpm /usr/bin/python2.5 python(abi) = 2.5 python25 rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 Dependency added by me is present, but other dependencies are also here. I'm unable to provide python(abi) = 2.5 dependency, because of dumb python25 package generated by our IT department where provides tag is incorrect. How do I remove automatically added dependencies from generated RPM?

  Read the article

• SMTP server setup on windows xp, IIS

  - by .mahesh

  I have my domain registered with godaddy. I want to send newsletter to my customers (around 5000). But there is limit to send number of emails per day. Can i setup SMTP server on my home PC (windows XP) for sending these mails. Is there any "open source"/Free newsletter management application (build on ASP.NET, so that i can customize it if needed) which track bounce emails and other analytics. Any issue which i have to take care.

  Read the article

• Help me exorcise my demon possessed logon script

  - by Detritus Maximus

  I have a user logon script that copies a file over to a subfolder of the current user's profile path: Script (only showing the line that isn't working): copy /Y c:\records\javasettings_Windows_x86.xml "%USERPROFILE%\Application Data\OpenOffice.org\3\user\config">>c:\records\OOo3%USERNAME%.txt 2>&1 To diagnose why it wasn't working, I did a somelogfile.log parameter on the group policy script and found that what the above command is translating to is this: C:\WINDOWS>copy /Y c:\records\javasettings_Windows_x86.xml "C:\Documents and Settings\test2\Application Data\OpenOffice.org\3\user\config" 1>>c:\records\OOo3test2.txt 2>&1 So the question is, how do I get rid of (exorcise) the " 1" in that line? Update 1: So the reason the script wasn't working was that the creator didn't have any permissions on the directory. I fixed the permissions, and now the file works but! I still have the " 1" showing on all the logs and would like to know why.

  Read the article

• choosing the right RAID level

  - by student

  Recently, we bought a "HP-DL380 G6 Server" with 6 146GB (SCSI)HDD for our colleague course management application and website with 10000 daily visitors. we want to choose the best RAID level. how can we choose the right RAID level ? what is the best RAID level for our application ?

  Read the article

• choosing the right RAID level

  - by student

  Recently, we bought a "HP-DL380 G6 Server" with 6 146GB (SCSI)HDD for our colleague course management application and website with 10000 daily visitors. we want to choose the best RAID level. how can we choose the right RAID level ? what is the best RAID level for our application ?

  Read the article

• Metro Apps on Win 8 aren't working with static ip behind auth proxy

  - by Kamal

  In Windows 8 Professional, Metro Apps and Windows Update do not work on static IP settings behind authenticated proxy server. They work on DHCP on the same proxy settings. (We have DHCP for wifi and static IP for LAN, both using the same proxy server). IE, Chrome and other desktop apps work nicely on both. Metro apps worked on an auth proxy (DHCP only), when I changed their proxy settings from the 'edit group policy' option. (StartSettingsEdit Group PolicyComputer ConfigurationAdministrative TemplatesNetwork IsolationInternet Proxy for Apps) Can this be fixed?

  Read the article

• How to force a "do you really want to shutdown?" dialog in Windows 7?

  - by Vokuhila-Oliba

  Sometimes I want to choose "Logout current user", but then I hit "Shutdown" by accident. Nearly everywhere else Windows 7 is asking "do you really want to do this? Yes/No" - but that's not the case when I hit the "Shutdown" button. Windows 7 shuts down immediately without giving me the chance to correct my mistake. So I am wondering - why does Windows shut down immediately without asking "really do that?" in this case? Is there a way to change this behavior? For example, could I force Windows to display a dialog asking "Do you really want to shutdown?"? I tried to change this behavior with the policy editor. It seems to be very easy to completely remove the Shutdown button from the Start menu, but I couldn't find an entry to turn on such a Yes/No dialog.

  Read the article

• ISC DHCP - Force clients to get a new IP address, instead of the being re-issued their previous lease's IP

  - by kce

  We are in the middle of a migration of our DHCP and DNS services from a Debian-based server to a Windows Server 2008 R2 implementation. The Debian server is running isc-dhcpd-V3.1.1. All of workstations are configured to have fixed-addresses between .3 and .40 (the motivation behind that choice is mostly management/political much like here). DHCP leases are given out in the range of .100 to .175. Statically configured servers live in the .200 block and above (which is mostly empty). When we move to the Windows platform, management/political considerations require me to move the IP ranges around again. We would like to keep .1 - .10 reserved for network appliances, switches, and other infrastructure. .200 will remain designated for servers. The addressing space in between should be available to clients and IPs should be dynamically allocated (Edit: instead of automatic as originally mentioned) by the server. My Address Pool on the Windows Server looks like this: 192.168.0.1 192.168.0.254 (Address range for distribution) 192.168.0.1 192.168.0.10 (IP addresses excluded from distribution) 192.168.0.200 192.168.0.254 (IP addresses excluded from distribution) Currently, we have all of our clients still on the .3 - .40 range, and a few machines still active in the .100 - .175 (although there are lots devices that are powered off that still have expired leases with IPs from that range). Since the lease "database" isn't shared between the old and new DHCP server how can I prevent clients from receiving a lease with an IP address that is currently being held by client with a non-expired lease from the old DHCP server? If I just expand the range on the Debian DHCP server to be 192.168.0.10 - 192.168.0.199 is there a way to force clients to not re-use their old IP address when they send their DHCPDISCOVER? Can I make the Windows DHCP server be authoritiative like the ISC implementation? The dhcpd.conf from the Debian server: ddns-update-style none; authoritative; default-lease-time 43200; #12 hours max-lease-time 86400; #24 hours subnet 192.168.0.0 netmask 255.255.255.0 { option routers 192.168.0.1; option subnet-mask 255.255.255.0; option broadcast-address 192.168.0.255; range 192.168.0.100 192.168.0.175; } host workstation-1 { hardware ethernet 00:11:22:33:44:55; fixed-address 192.168.0.3; } ... and so on until 192.168.0.40

  Read the article

• Terminal server for Linux

  - by Hubert Kario

  What are the features of graphical terminal servers and technologies available for Linux? is it open source/free how well does it scale management (?) what's the network usage, susceptibility to latency support for session pause/resume what client platforms does it support support for sound (playback and record) directory/local disk sharing local printing other cons/pros This question is supposed to be a community wiki for comparison between the different technologies, but it looks like I don't have enough points to make questions into wikis(?)

  Read the article

• help setting up an IPSEC vpn from my linux box

  - by robthewolf

  I have an office with a router and a remote server (Linux - Ubuntu 10.10). Both locations need to connect to a data supplier through a VPN. The VPN is an IPSEC gateway. I was able to configure my Linksys rv42 router to create a VPN connection successfully and now I need to do the same for Linux server. I have been messing around with this for too long. First I tried OpenVPN, but that is SSL and not IPSEC. Then I tried Shrew. I think I have the settings correct but I haven't been able to create the connection. It maybe that I have to use something else like a direct IPSEC config or something like that. If someone knows of a way to turn the following settings that I have been given below into a working IPSEC VPN connection I would be very grateful. Here are the settings I was given that must be used to connect to my supplier: Local destination network: 192.168.4.0/24 Local destination hosts: 192.168.4.100 Remote destination network: 192.167.40.0/24 Remote destination hosts: 192.168.40.27 VPN peering point: xxx.xxx.xxx.xxx Then they have given me the following details: IPSEC/ISAKMP Phase 1 Parameters: Authentication method: pre shared secret Diffie Hellman group: group 2 Encryption Algorithm: 3DES Lifetime in seconds:28800 Phase 2 parameters: IPSEC security: ESP Encryption algortims: 3DES Authentication algorithms: MD5 lifetime in seconds: 28800 pfs: disabled Here are the settings from my attempt to use shrew: n:version:2 n:network-ike-port:500 n:network-mtu-size:1380 n:client-addr-auto:0 n:network-frag-size:540 n:network-dpd-enable:1 n:network-notify-enable:1 n:client-banner-enable:1 n:client-dns-used:1 b:auth-mutual-psk:YjJzN2QzdDhyN2EyZDNpNG42ZzQ= n:phase1-dhgroup:2 n:phase1-keylen:0 n:phase1-life-secs:28800 n:phase1-life-kbytes:0 n:vendor-chkpt-enable:0 n:phase2-keylen:0 n:phase2-pfsgroup:-1 n:phase2-life-secs:28800 n:phase2-life-kbytes:0 n:policy-nailed:0 n:policy-list-auto:1 n:client-dns-auto:1 n:network-natt-port:4500 n:network-natt-rate:15 s:client-dns-addr:0.0.0.0 s:client-dns-suffix: s:network-host:xxx.xxx.xxx.xxx s:client-auto-mode:pull s:client-iface:virtual s:client-ip-addr:192.168.4.0 s:client-ip-mask:255.255.255.0 s:network-natt-mode:enable s:network-frag-mode:disable s:auth-method:mutual-psk s:ident-client-type:address s:ident-client-data:192.168.4.0 s:ident-server-type:address s:ident-server-data:192.168.40.0 s:phase1-exchange:aggressive s:phase1-cipher:3des s:phase1-hash:md5 s:phase2-transform:3des s:phase2-hmac:md5 s:ipcomp-transform:disabled Finally here is the debug output from the shrew log: 10/12/22 17:22:18 ii : ipc client process thread begin ... 10/12/22 17:22:18 < A : peer config add message 10/12/22 17:22:18 DB : peer added ( obj count = 1 ) 10/12/22 17:22:18 ii : local address 217.xxx.xxx.xxx selected for peer 10/12/22 17:22:18 DB : tunnel added ( obj count = 1 ) 10/12/22 17:22:18 < A : proposal config message 10/12/22 17:22:18 < A : proposal config message 10/12/22 17:22:18 < A : client config message 10/12/22 17:22:18 < A : local id '192.168.4.0' message 10/12/22 17:22:18 < A : remote id '192.168.40.0' message 10/12/22 17:22:18 < A : preshared key message 10/12/22 17:22:18 < A : peer tunnel enable message 10/12/22 17:22:18 DB : new phase1 ( ISAKMP initiator ) 10/12/22 17:22:18 DB : exchange type is aggressive 10/12/22 17:22:18 DB : 217.xxx.xxx.xxx:500 <- 206.xxx.xxx.xxx:500 10/12/22 17:22:18 DB : c1a8b31ac860995d:0000000000000000 10/12/22 17:22:18 DB : phase1 added ( obj count = 1 ) 10/12/22 17:22:18 : security association payload 10/12/22 17:22:18 : - proposal #1 payload 10/12/22 17:22:18 : -- transform #1 payload 10/12/22 17:22:18 : key exchange payload 10/12/22 17:22:18 : nonce payload 10/12/22 17:22:18 : identification payload 10/12/22 17:22:18 : vendor id payload 10/12/22 17:22:18 ii : local supports nat-t ( draft v00 ) 10/12/22 17:22:18 : vendor id payload 10/12/22 17:22:18 ii : local supports nat-t ( draft v01 ) 10/12/22 17:22:18 : vendor id payload 10/12/22 17:22:18 ii : local supports nat-t ( draft v02 ) 10/12/22 17:22:18 : vendor id payload 10/12/22 17:22:18 ii : local supports nat-t ( draft v03 ) 10/12/22 17:22:18 : vendor id payload 10/12/22 17:22:18 ii : local supports nat-t ( rfc ) 10/12/22 17:22:18 : vendor id payload 10/12/22 17:22:18 ii : local supports DPDv1 10/12/22 17:22:18 : vendor id payload 10/12/22 17:22:18 ii : local is SHREW SOFT compatible 10/12/22 17:22:18 : vendor id payload 10/12/22 17:22:18 ii : local is NETSCREEN compatible 10/12/22 17:22:18 : vendor id payload 10/12/22 17:22:18 ii : local is SIDEWINDER compatible 10/12/22 17:22:18 : vendor id payload 10/12/22 17:22:18 ii : local is CISCO UNITY compatible 10/12/22 17:22:18 = : cookies c1a8b31ac860995d:0000000000000000 10/12/22 17:22:18 = : message 00000000 10/12/22 17:22:18 - : send IKE packet 217.xxx.xxx.xxx:500 - 206.xxx.xxx.xxx:500 ( 484 bytes ) 10/12/22 17:22:18 DB : phase1 resend event scheduled ( ref count = 2 ) 10/12/22 17:22:18 ii : opened tap device tap0 10/12/22 17:22:28 - : resend 1 phase1 packet(s) 217.xxx.xxx.xxx:500 - 206.xxx.xxx.xxx:500 10/12/22 17:22:38 - : resend 1 phase1 packet(s) 217.xxx.xxx.xxx:500 - 206.xxx.xxx.xxx:500 10/12/22 17:22:48 - : resend 1 phase1 packet(s) 217.xxx.xxx.xxx:500 - 206.xxx.xxx.xxx:500 10/12/22 17:22:58 ii : resend limit exceeded for phase1 exchange 10/12/22 17:22:58 ii : phase1 removal before expire time 10/12/22 17:22:58 DB : phase1 deleted ( obj count = 0 ) 10/12/22 17:22:58 ii : closed tap device tap0 10/12/22 17:22:58 DB : tunnel stats event canceled ( ref count = 1 ) 10/12/22 17:22:58 DB : removing tunnel config references 10/12/22 17:22:58 DB : removing tunnel phase2 references 10/12/22 17:22:58 DB : removing tunnel phase1 references 10/12/22 17:22:58 DB : tunnel deleted ( obj count = 0 ) 10/12/22 17:22:58 DB : removing all peer tunnel refrences 10/12/22 17:22:58 DB : peer deleted ( obj count = 0 ) 10/12/22 17:22:58 ii : ipc client process thread exit ...

  Read the article

• How to hide a trusted domain in the logon screen?

  - by Massimo

  I need to create a bidirectional trust between two Active Directory domains. But management is worried that users will be puzzled out when seeing another domain name in the drop-down list in the Windows logon screen (many of them use Windows XP), and that help desk calls for failed logins due to having selected the wrong domain will skyrocket. Also, the two domain names are quite similar, adding to the possible user confusion. Is there any way to hide a trusted domain from the drop-down list in the Windows logon screen?

  Read the article

• Installing Windows Message Queue in Windows Server 2003

  - by Salamander2007

  How can I install Windows Message Queue that can be accessed from another computer. I've already installed MQ server, it displays correctly in Computer Management, but I was unable to connect to it from my Visual Studio Server Explorer. The error message was "Message Queueing has not been installed in this computer"

  Read the article

• Sharepoint Server 2007 generates event log entry every 5 minutes - "The SSP Timer Job Distribution L

  - by Teevus

  I get the following error logged into the Event Log every 5 minutes: The SSP Timer Job Distribution List Import Job was not run. Reason: Logon failure: the user has not been granted the requested logon type at this computer In addition, OWSTimer.exe periodically gets into a state where its consuming almost all the CPU and only killing the process or restarting the Sharepoint services fixes it (although I'm not sure if this is a related or seperate issue). I have tried the following (based on various suggestions floating around the web), all to no avail: iisreset (no affect) Added the Sharepoint and Sharepoint Search service accounts to Log on as a batch job and Log on as a service policies in the Group Policies for the domain. I went into the Local Computer Policy on the Sharepoint server and verified that those policies had actually been applied Verified that the Sharepoint and Sharepoint Search service accounts are both in the WSS_WPG group Verified in dcomcnfg that the WSS_WPG group (and indeed the Sharepoint and Sharepoint search service accounts) has local activation rights for SPSearch. Any more suggestions would be valued. Thanks

  Read the article

• What is the harm in giving developers read access to application server application event logs?

  - by Jim Anderson

  I am a developer working on an ASP.NET application. The application writes logging messages to the Windows event log - a custom application log just for this application. However, I do not have any access to testing or staging web/application servers. I thought an admin could just give me read access to this event log to help in debugging problems (currently a service that is working in dev is not working in test environment and I have no idea why) but that is against my client's (I'm a consultant) policy. I feel silly to keep asking an admin to look at the event log for me. What is the harm in giving developers read access to application server application event logs? Is there a different method of application logging that sysadmins prefer programmers use? Surely, admins don't want to be fetching logging messages for developers all the time.

  Read the article

• Sync Android with iTunes

  - by John Oxley

  I have just bought a shiny new HTC Hero. Is there any way to get it to sync with iTunes. In particular I'm looking at Podcast management. Same question targeted at the Zune http://superuser.com/questions/47136/sync-android-with-zune Update I am running windows, but I feel that Mac users would appreciate this too.

  Read the article

• How does one remove an encryption type from a kerberos principal?

  - by 84104

  I would like to remove all of the des keys from the principal below, but have no idea how to do so without someone inputting the password. kadmin: getprinc user Principal: [email protected] Expiration date: [never] Last password change: Thu May 26 08:52:51 PDT 2013 Password expiration date: [none] Maximum ticket life: 0 days 12:00:00 Maximum renewable life: 7 days 00:00:00 Last modified: Tue Jul 16 15:17:18 PDT 2013 (administrator/[email protected]) Last successful authentication: Wed Jul 24 14:40:53 PDT 2013 Last failed authentication: [never] Failed password attempts: 0 Number of keys: 8 Key: vno 3, aes256-cts-hmac-sha1-96, no salt Key: vno 3, arcfour-hmac, no salt Key: vno 3, des3-cbc-sha1, no salt Key: vno 3, des-cbc-crc, no salt Key: vno 3, des-cbc-md5, no salt Key: vno 3, des-cbc-md5, Version 5 - No Realm Key: vno 3, des-cbc-md5, Version 5 - Realm Only Key: vno 3, des-cbc-md5, AFS version 3 MKey: vno 2 Attributes: REQUIRES_PRE_AUTH Policy: [none] Also, the the kdc is using an OpenLDAP backend.

  Read the article

• decrypting AES files in an apache module?

  - by Tom H

  I have a client with a security policy compliance requirement to encrypt certain files on disk. The obvious way to do this is with Device-mapper and an AES crypto module However the current system is setup to generate individual files that are encrypted. What are my options for decrypting files on-the-fly in apache? I see that mod_ssl and mod_session_crypto do encryption/decryption or something similar but not exactly what I am after. I could imagine that a PerlSetOutputFilter would work with a suitable Perl script configured, and I also see mod_ext_filter so I could just fork a unix command and decrypt the file, but they both feel like a hack. I am kind of surprised that there is no mod_crypto available...or am I missing something obvious here? Presumably resource-wise the perl filter is the way to go?

  Read the article

< Previous Page | 332 333 334 335 336 337 338 339 340 341 342 343  | Next Page >