I’ve got a small problem. We’re using the ”Folder Redirection” feature (as a GPO) in windows server 2008R2 and that’s working as expected for all the users. It’s configured to ”Grant the user exclusive rights to documents”, for security reason. We don’t want to give every administrator right to look into other people’s home folder. As an example, a user (let’s call the user for User1) gets the following ACLs on the folder on the server:
CREATOR OWNER (group)
SYSTEM (group)
User1 (account)
This is as expected and no problem there. But now to the problem, when an administrator gets her/his home folder configured by windows, it’s getting:
CREATOR OWNER (group)
SYSTEM (group)
Administrators (group)
As a result all administrators can access each other’s home folders without a problem and this we would like to prevent. I've like to get the administrators own account as the owner of the folder, like it is with all normal users.
An administrator in our environment is a member of a group called “ADMIN” which got “Enterprise Admins” and a few other things in it.
Do anyone have the same problem? I’ve be grateful for any tips and tricks.
After some more digging, I’ve come across the problem. Our problem lies within an application that we use (own crafted application that communicate with AD). So this wouldn’t be a problem for anyone else, hopefully.
Related
I have 2 issues going on with TFS.
We have 2 active directory roles set up for TFS and Visual Studio 2015: ADMINS and USERS. And we have one main Team Project.
We recently hired two contractors and added them to our USERS role. But what we have noticed is that on their machines, as soon as they start to edit the files, it shows as [lock, edit] where everyone else shows just [edit]. The primary difference that we know of is they have Windows 10 where the other developers are on Windows 7. I have been trying to troubleshoot this for the past week with no success. Any suggestions on what I can look at/query to find this? This isn't stopping us, but still having to workaround it.
Then mid morning one of these contractors was trying to edit some Shared Datasets. And now he keeps getting "Access to path [filepath] is denied" but so far it looks to only be happening on *.rsd and *.rds. He was able to create a Dataset, commit it to TFS. But then is unable to edit it. But he can then delete and commit the deletion to TFS. This is completely stopping him for working on these, so this is more of an issue currently.
I saw a post about checking the local file properties to see if it is read only. We did try to change the readonly setting. The file updated but it won't show in TFS Pending Changes or allow him to Undo the change. We currently have 3 solution with a ssrs project. He gets the same issue in all. I had another developer who is in the USERS role validate that she can edit.
Any suggestions on how I can trouble shoot these items is appreciated.
For the [lock, edit] issue, if the user select lock type (e.g Check in- ... Check Out-...) when Check Out for Edit... then it will show as [lock, edit].
For the "Access to path [filepath] is denied" issue, seems it's related to permission settings on your local machine or AD. So, please check if the user has the correct permission to access the the shared path/files. For the specific files, make sure they are not read-only.
To troubleshoot that, just try below things:
Try the contractor's account on other clients, (e.g on Windows 7) to
check if it has the same issue.
Try move the user from USERS role, then add the user separately
in TFS and give the corresponding permissions, then check if it has
the same issue.
Check Security and Version Control settings and make sure no
restrics.
I have created a Wireless Network Policy which allows one SSID domain-PCs can connect and another one is denied. Currently I am testing it. The way I need it is the policy should be effecting to domain-computers except for certain users when they log-on to any computer.
So the policy wont update Wireless settings on domain-computers when any user from that group logs-on (and also the settings will revert back to original settings or allow all SSID networks if it was changed by the policy before).
The reason we need in this way is, we have HelpDesk officers who would need all the Wireless networks to be available be able to connect to troubleshoot any issue on any domain-PC. They have another user-ID to check if the policy is applying fine or not.
One workaround I found is by moving computer from the OU to another OU where the policy was not enforced. Then do "gpupdate /force" on the computer. After done, move it back to its original OU. This is something involves more steps and I guess there should be better way to do this, but cant figure out what it is.
If anyone has any idea, that will be appreciated. Thanks.
I just found out that this is not possible to apply computer configuration for some users. Found it in ms-tech-net-post.
I wanted to create a website that would be like a dropbox of sort, which just has files that me and my organization can access. I wanted to password protect the website, just a simple username and password. I have my own domain. I have been looking all over the web to find how to do this(I am a beginner) and found that using httaccess and htpasswd would be used to secure a website similar to what is shown here: http://www.htaccesstools.com/articles/password-protection/
But I cannot seem to get it to work. I am using the s3 bucket and putting the httaccess and htpasswd file in the same folder as the index.html file. Do you know how I would get my site to have a simple password protection(thats not seen in the source code or by typing in the html)? I am not sure if I am finding the directory correctly or not to implement this password protection correctly. Thank you for taking the time to read this and hopefully this makes sense!
Anyone else had this issue?
Amazon AWS alone won't do it. htaccess and htpasswd are also not the right tools for what you want to do.
Get yourself a cheap hosting account with a company like hostgator or godaddy or namecheap or any other that will host your web page and give you PHP and MySQL.
You cannot accomplish what you want just using javascript/jQuery. Those languages run on the browser, but you want to store your files on a server. Therefore, you need the language that controls the server - that is usually PHP. (The other popular solution is ASP, which is by Microsoft and runs on costly and complex Microsoft servers -- PHP is free and runs on (free) Linux and is therefore what ALL of the cheap web hosting companies provide. MySQL is the (free) database that is analogous to Microsoft SQL)
Next, watch a video tutorial on creating a PHP / MySQL login system, such as the ones over at:
phpAcademy (now called codecourse, apparently)
theNewBoston.com
You need to learn more about:
PHP sessions
Ajax
jQuery
MySQL (possibly)
On a basic website, you can stick your files into directories and control who can access those directories by whether or not they are logged in.
You can determine if a visitor is "logged-in" or not by asking for a username/password and setting a session variable. Session variables are just variables that are stored on the server, rather than on a user's own computer (of course, that wouldn't work since every visitor has his own computer and your files are stored on a central server -- so that is where the security (variables) must reside, right?)
Anyway, in a weekend of video watching and trial-and-error you can probably get something cobbled together that will do what you want.
I have been wracking my brain on how to solve this issue for hours now, and I know I'm not the first one to encounter it.
I am having trouble granting anonymous users access to node content in Drupal 6.15. I have tried everything, including inserts to MySQL, checking and double-checking every permissions setting available (yes, I have enabled "Access content"), rebuilding permissions, and clearing the cache. I have disabled custom modules in hopes of clearing out a conflict but still no luck. Anonymous users get the "Access Denied" page everywhere but on a custom calendar View page.
I have tried these queries, but they are just duplicates of what is already there:
INSERT INTO users (uid, name, mail) VALUES (0, '', '');
INSERT INTO users_roles (uid, rid) VALUES (0, 1);
INSERT INTO node_access VALUES (0, 0, 'all', 1, 0, 0);
My only glimmer of hope: the Devel Module's "Access Permissions by User" display indeed shows that user:Anonymous cannot view content (SEE IMAGE). It raises a baffling question: how is it that "All users may view all nodes" while user:Anonymous simultaneously has "NO:access content" ???
This is driving me nuts. If anyone can alert me as to what I am doing wrong, I will jump up and down in excitement, and buy you a beer if you are in Seattle.
THANKS!
alt text http://seethreeblog.com/images/devel.png
This is very typical of Drupal: permissions problems. While I'm aware I'll probably be unable to offer the correct answer, maybe at least I'll trigger some revolutionary idea in you that will help you solve the problem.
While node access is a standard permission that should be on, there are others that might restrict the users. Do you have freelinking on? If so, check that the freelinking access is also on. You might want to make sure that access control modules (ACL and ones that rely on it, such as Forum Access) don't get in the way. Also, taxonomy access control can be a pain: I've had problems with Taxonomy Access Control Lite (tac_lite). Try disabling it too if you have it.
I apologise for not being able to offer anything more specific than this, but Drupal is just like that. Solving permissions issues rarely requires hacking the code.
Via Drupal: http://drupal.org/node/64114
This one did it for me:
'Did you try rebuilding permissions? Go to admin/content/node-settings and click "Rebuild permissions".'
I've had exactly the same problem since upgrading from 6.14 to 6.15. Tried only on 2 difference local OSX systems, so intrigued to find your server related problems... is PHP version related - I'm running PHP5.2 on all installs.
Rebuilt permissions table and looked at every conceivable user permission, but anon users get the same 'Please Login to Continue'. Looks like it's worth posting an issue in the Drupal issue queue.
Since I went to 6.15 I've had problems with permissions left and right. The site wasn't 100% debugged in 6.14 so I can't say logically it definitely was 6.15's fault, but my intuitions can and do say so.
I have a role I call content manager that has all the CRUD (create, read, update, delete) permissions on all content types.
To let the System Admin (user #1) edit stories I had to give it that role. Right now I'm having problems letting that role edit stories. A user with that role assigned gets 'access denied' errors.
The only other module I have that manipulates permissions is 'role delegation' so certain end users can be given access to assigning roles, but not edit roles or to assigning permissions to roles. I still have to chase down this and the possibility of a corrupt permission table. But the possibility that 6.15 is the culprit still exists.
We have an access database on a file share that has permissions for everyone in the department to access. The problem i am having is that when multiple users try accessing the database at the same time they are unable to do this. One user can open the database fine but when another user tries to simultaneously, they double click the file icon, get an hour glass for a split second and nothing happens after. We are using Server 2003 as our domain controller. All permissions have been verified on both a domain level and in the access database under tools-options-advanced and setting relevent permissions to shared and no locks. Do you know what could be causing this issue with a "dead link" when user try to open the file simulateneously?
Any help is greatly appreciated.
Thanks.
Ignore the naysayers - Access is perfectly fine for a small number of users. Either you have the default Access settings to open dbs exclusive which will lock out other users or there is some weird network problem.
EDIT
- noticed you already have default shared access
- is record-level locking on?
- also try giving user full control of the shared network folder (Access needs read/write/create/delete to be able to create and delete the ldb file)
This issue occasionally happens to Access databases for almost no apparent reason. Of the suggested responses by Microsoft, you are already doing the second (opening from within Access) but I believe the first provides somewhat of the answer you are looking for.
In the target of the shortcut, include
the path of MSAccess.exe
According to Microsoft Help and Support
When you say share permissions, do the users have full permissions? Full permissions are needed because the share file (.ldb) must be created and deleted.
I am just recently experiencing the same issues, only one person can open the database. We only have 3 people accessing the same database through shorcuts on our desktop.
Now according to Microsoft we need to include the database path in our shortcut, I will tried that. They acknowledge this problem.
MS Access is not worth the trouble in a multi-user setup.
Your time is better spent converting the database over to a server-based RDBMS such as SQL server while you still have hair.
Believe me, you will have to do it sooner or later anyway! Sorry for the bad news.