I have created a Wireless Network Policy which allows one SSID domain-PCs can connect and another one is denied. Currently I am testing it. The way I need it is the policy should be effecting to domain-computers except for certain users when they log-on to any computer.
So the policy wont update Wireless settings on domain-computers when any user from that group logs-on (and also the settings will revert back to original settings or allow all SSID networks if it was changed by the policy before).
The reason we need in this way is, we have HelpDesk officers who would need all the Wireless networks to be available be able to connect to troubleshoot any issue on any domain-PC. They have another user-ID to check if the policy is applying fine or not.
One workaround I found is by moving computer from the OU to another OU where the policy was not enforced. Then do "gpupdate /force" on the computer. After done, move it back to its original OU. This is something involves more steps and I guess there should be better way to do this, but cant figure out what it is.
If anyone has any idea, that will be appreciated. Thanks.
I just found out that this is not possible to apply computer configuration for some users. Found it in ms-tech-net-post.
Related
There are two parts to my question of "unattenedness".
The ability to connect to the remote desktop without also having to magically be at the remote site to click the generate key button.
Likewise, not having to be at the remote site to click "Continue" every 30 minutes to prevent the connection from disconnecting.
The fact that I can't seem to find a simple answer when searching the web for help (like being able to use a trusted pin), or even more complex solutions like generating certificates of trust, probably means, "it don't do that".
However, I'm hoping that the problem is that I just haven't figured out how to ask Google the right question yet. Hopefully someone here has some experience and insight into this problem.
Here's what I was doing that made it not not work:
When I downloaded and set up Chrome Remote Desktop (CRD) from the the Chrome Web Store, the chrome account I was logged in with was different on the remote and local computers (I use multiple email accounts for various tasks). This blunder meant that, even though I could change the active account from within CRD, the client and host were not actually configured with the same base Chrome account (email address). So I was being prevented from using the remote access functionality on the “Remote Access” page of the extension (app). Once I corrected that, I was then able to connect using the pin I was prompted to create during setup.
To be more specific:
I completely uninstalled CRD on one of mine boxen
From within the Chrome browser, I logged into same Chrome account as the other box
Then I went back to the Chrome Web Store and downloaded/installed CRD
Then the “Remote Access” page showed the remote computer and let me use the direct access pin
I have the gist of how to connect to a MySQL server, however my dilemma is using passwords. Here are some of the things I am looking at.
Architecture will be 1 core service which as of right now will be set up as a digest authentication service. Note: In the future I will also have it set up for kerberos authentication.
The service will have a schema it will need to be able to access in MySQL. Also the micro services will have their own schemas that they will also need to be able to access.
The database will be localhost initially but will eventually be moved (in production) to a separate server altogether.
Given the requirements above, I cannot give the services users that are restricted to localhost and have no password associated with them (nor would I want that in the event the server was hacked). So how can I have access to the database without using any plain text passwords (I don't want it stored in the code)?
Maybe I am just not understanding something here that could make my life so much easier so again I look towards the wisdom of the many here. Thanks in advance!
Some things that I should maybe mention: I plan on using go-martini as my http router, I'd like to be able to set up OAuth Provider, I will need to manage user sessions and authentication (right now not as important as I'm trying to get the core part of the service setup)
Edit: To clarify some information;
I do not have an AD, kerberos, or any other LDAP service to use and would be hard pressed to set them up at this time in a VM I use for development.
The service should not be dependent on any of those items as SSO is a much later requirement in this project.
Strictly speaking it will be deployed in environments where there are none of those available and this is non-negotiable.
I also am specifically developing the services in Go and the clients in React.
Note: I do not need someone to correct MY question. I would appreciate it if you do not change the context of my question to suite the answer you wish to give me. That is not what StackOverflow is about, it is also quite rude to do that. Thank you.
I have 2 issues going on with TFS.
We have 2 active directory roles set up for TFS and Visual Studio 2015: ADMINS and USERS. And we have one main Team Project.
We recently hired two contractors and added them to our USERS role. But what we have noticed is that on their machines, as soon as they start to edit the files, it shows as [lock, edit] where everyone else shows just [edit]. The primary difference that we know of is they have Windows 10 where the other developers are on Windows 7. I have been trying to troubleshoot this for the past week with no success. Any suggestions on what I can look at/query to find this? This isn't stopping us, but still having to workaround it.
Then mid morning one of these contractors was trying to edit some Shared Datasets. And now he keeps getting "Access to path [filepath] is denied" but so far it looks to only be happening on *.rsd and *.rds. He was able to create a Dataset, commit it to TFS. But then is unable to edit it. But he can then delete and commit the deletion to TFS. This is completely stopping him for working on these, so this is more of an issue currently.
I saw a post about checking the local file properties to see if it is read only. We did try to change the readonly setting. The file updated but it won't show in TFS Pending Changes or allow him to Undo the change. We currently have 3 solution with a ssrs project. He gets the same issue in all. I had another developer who is in the USERS role validate that she can edit.
Any suggestions on how I can trouble shoot these items is appreciated.
For the [lock, edit] issue, if the user select lock type (e.g Check in- ... Check Out-...) when Check Out for Edit... then it will show as [lock, edit].
For the "Access to path [filepath] is denied" issue, seems it's related to permission settings on your local machine or AD. So, please check if the user has the correct permission to access the the shared path/files. For the specific files, make sure they are not read-only.
To troubleshoot that, just try below things:
Try the contractor's account on other clients, (e.g on Windows 7) to
check if it has the same issue.
Try move the user from USERS role, then add the user separately
in TFS and give the corresponding permissions, then check if it has
the same issue.
Check Security and Version Control settings and make sure no
restrics.
I’ve got a small problem. We’re using the ”Folder Redirection” feature (as a GPO) in windows server 2008R2 and that’s working as expected for all the users. It’s configured to ”Grant the user exclusive rights to documents”, for security reason. We don’t want to give every administrator right to look into other people’s home folder. As an example, a user (let’s call the user for User1) gets the following ACLs on the folder on the server:
CREATOR OWNER (group)
SYSTEM (group)
User1 (account)
This is as expected and no problem there. But now to the problem, when an administrator gets her/his home folder configured by windows, it’s getting:
CREATOR OWNER (group)
SYSTEM (group)
Administrators (group)
As a result all administrators can access each other’s home folders without a problem and this we would like to prevent. I've like to get the administrators own account as the owner of the folder, like it is with all normal users.
An administrator in our environment is a member of a group called “ADMIN” which got “Enterprise Admins” and a few other things in it.
Do anyone have the same problem? I’ve be grateful for any tips and tricks.
After some more digging, I’ve come across the problem. Our problem lies within an application that we use (own crafted application that communicate with AD). So this wouldn’t be a problem for anyone else, hopefully.
We have an access database on a file share that has permissions for everyone in the department to access. The problem i am having is that when multiple users try accessing the database at the same time they are unable to do this. One user can open the database fine but when another user tries to simultaneously, they double click the file icon, get an hour glass for a split second and nothing happens after. We are using Server 2003 as our domain controller. All permissions have been verified on both a domain level and in the access database under tools-options-advanced and setting relevent permissions to shared and no locks. Do you know what could be causing this issue with a "dead link" when user try to open the file simulateneously?
Any help is greatly appreciated.
Thanks.
Ignore the naysayers - Access is perfectly fine for a small number of users. Either you have the default Access settings to open dbs exclusive which will lock out other users or there is some weird network problem.
EDIT
- noticed you already have default shared access
- is record-level locking on?
- also try giving user full control of the shared network folder (Access needs read/write/create/delete to be able to create and delete the ldb file)
This issue occasionally happens to Access databases for almost no apparent reason. Of the suggested responses by Microsoft, you are already doing the second (opening from within Access) but I believe the first provides somewhat of the answer you are looking for.
In the target of the shortcut, include
the path of MSAccess.exe
According to Microsoft Help and Support
When you say share permissions, do the users have full permissions? Full permissions are needed because the share file (.ldb) must be created and deleted.
I am just recently experiencing the same issues, only one person can open the database. We only have 3 people accessing the same database through shorcuts on our desktop.
Now according to Microsoft we need to include the database path in our shortcut, I will tried that. They acknowledge this problem.
MS Access is not worth the trouble in a multi-user setup.
Your time is better spent converting the database over to a server-based RDBMS such as SQL server while you still have hair.
Believe me, you will have to do it sooner or later anyway! Sorry for the bad news.