I have a ClickOnce deployed Windows Forms application that uses application settings for two key features: the database the user connects and whether they use replication services or connect to the main server. Those settings were changed for some, but not all, users after they installed the most recent update.
What can cause application settings to be changed and how can I prevent it from happening in the future? The only explanation I can come up with is that I published from a different workstation than I had in the past.
Related
I have set up 3 CentOS 7 VMs to test out the OS patch management feature that is now available in GCP. I deployed the patch manager agent and the Patch Management console reports all 3 VMs have "Important / security updates available". I then scheduled a Patch deployment job for CentOS and it ran on all 3 machines.
When I check the logs, I can see that the task began at the scheduled time and reports "No packages to update".
An hour later, the dashboard still reports: "Important / security updates available".
I have rebooted the VMs and the dashboard still has not changed and it shows 100% of the VMs requiring patching.
While I suspect that there really IS no security update available, I am not sure how we can trust the dashboard. Further, there are no hyperlinks available for more information about what these important/security updates are so how would you even know what fixes were going to be applied if there were any?
I was able to reproduce this error in my own project.
I created a VM Instance with CentOS 7, then I created a new patch development,
It is worth mentioning that I used 'Minimal and Security updates’ on the Patch Config menu:
Then I received the same message:
But I was able to fix it.
I have found the following documentation: What is included in an OS patch job?
Where it is mentioned that:
For Red Hat Enterprise Linux and Centos operating systems, you can apply all or select from the following updates:
System updates
Security updates
So I created another patch development, but in this case, I didn’t select the ‘Minimal and Security updates’ I just kept it blank, in this way its select the default value, and it applies all the updates instead of only the minimal and security updates.
And it worked.
I need to make a development version of a cakePHP app with its own db so that a developer can work on it without disturbing the current users.
I thought it would be simple, I just copied the entire director /project to /project_dev and then copied the DB "project_db" to "project_db_dev". Then I went into /project_dev/config/database.php and changed the db to "project_db_dev".
When I went to see what I had done, I saw the app was still connecting to the same db, as if I'd changed nothing. I realized that the original folder name was referenced in /app/webroot/.htaccess so do I need to find/replace all instances of that folder name?
What steps should I follow to duplicate an existing cakePHP app?
You need to setup some kind of development lifecycle.
Generally speaking the developer shouldn't be doing any development on the server. The best way to handle it is locally using a stack of some kind such as Lamp (Linux, Apache, Mysql, PHP) switch out linux with other OS's. There are multiple cloud solution to these environments to such as Koding.com
Using something like Git for version control the developer can develop locally then push the code through to the server after is being thoroughly tested locally or on a dev server or some kind.
Keeping Dev work and Live work away from each other is key.
Could do with a bit more information.
If both databases are hosted on the same server and you have permission to access them both with the same user then all you have to do is change the name of the database in your database.php
If not you will also have to update the IP and any other additional settings port etc.
If you are still having troubles email me simpsond1988#gmail.com
I've seen this problem reported by other people whereby Chrome is incredibly slow to respond on local sites hosted in IIS. This is whether I'm using localhost or a specific host file entry (like mysite.local).
Existing fixes suggest removing the IPV6 entries from the host file, but that doesn't sort it out on my machine.
I'm running windows 8.1, vs2013 and IIS 8.5.
Can anyone help - its driving me crazy!
open 'worker processes' in features view of IIS panel and see if an earlier request is holding up rest of the queue. This can occur if the previous process waits for I/O to complete for instance.
Sorry my question might be duplicate but i dint find any correct solution.So im posting this question again...
First i have deployed a DNN website with sql server authentication.Site was working fine.
Later we re installed the sql server 2008. So im trying to give windows authentication to connect the site.
In web config connectionstring:i have removed the username and password and gave Integrated security="true" .
In IIS :Site -> Authentication -> windows Authentication ->enabled and all others disabled.
once i browse the site is redirecting to DNN install Wizard
Need Help.
In SQL Server did you configure the Windows account that the application pool (in IIS) is using to have DBOwner access to the database?
Also make sure to change BOTH connection strings in the database.
Depending on what version of IIS you are on, that account might differ. Older versions likely would use "Network Service" while newer versions might also use "Network Service" or an application pool specific account like "iis apppool\dnndev"
You'll also want to make sure that you aren't trying to assign a DOMAIN account to the database, unless of course that is what IIS is configured to use (as opposed to a local account)
We have an active directory domain (let's call it foodomain) and a domain user account (foodomain\fooAppPoolUser) used for the IIS application pool identity.
We want to run the app pool under this user account and not under Network Service or the new AppPoolIdentity as we have to access SQL server and have multiple applications on IIS (with own app pools) accessing different databases.
The problem is that I can't find a clear HOW-TO explaining, which user rights have to be set for this user account and how IIS has to be setup so that this will work.
First I got errors (unfortunately I can't remember which ones), then I added fooAppPoolUser to the local admin group (Administrators, I know, was only to test), then it worked. Now I removed the user again, restarted IIS and it still works.
So I'm confused a bit and would like to know, how the configuration/setup has to be to have it working.
Somwhere I read, that the account needs to have the "Impersonate a client after authentication" user right. That's the reason I added the account to the Admin group (the user rights assignment is blocked via group policy, but this can for sure be changed if really needed.
I hope I was clear enough what the question is and hope somebody has an answer.
It's frustrating that this information is so hard to find, since some security admins seem to enjoy the cruel and unusual punishment of changing default policy settings to thwart installing apps within IIS.
Here's what I believe you should do to enable an account to work as an ApplicationPool identity:
Run aspnet_regiis -ga DOMAIN\USER to add permissions to access the IIS Metabase. (Exactly what that means, who knows?) aspnet_regiis reference
Add the user to the IIS_IUSRS group. This may be done automatically depending on the IIS configuration setting processmodel.manualGroupMembership but easiest to add it yourself.
If security policy is using windows defaults that's about it. If the security policy is locked down you may need to enable specific user rights for the account. The ones you have by default for ApplicationPoolIdentities (which seems a good place to start but not necessarily all required):
Access this computer from the network
Adjust memory quotas for a process
Allow log on locally
Bypass traverse checking
Generate security audit details
Impersonate a client after authentication - (Often not available by default on locked-down environments)
Log on as a batch job - (Often not available by default on locked-down environments)
Log on as a service - (I'm not sure this is needed)
Replace a process level token
If you're using windows auth and Kerberos (provider=Negotiate) then depending on the URL and if kernel-mode auth is on you might need to set up an SPN. I suggest switching to NTLM if possible. Otherwise, see articles below about SPNs and find a friendly domain admin to add them for you.
Fun reading:
Default permissions and user rights for IIS 7.0, 7.5, 8.0. This is the best reference, see the user rights at the bottom.
User Rights (on Windows Server 2008, but still interesting and helpful as it's a long article you can CTRL+F to find IIS-related comments)
User Rights Assignment on Server 2008 R2+. You have to drill into each right to see what it mentions about IIS.
How To: Create a Service Account for an ASP.NET 2.0 Application - pity there's no more recent version of this article.
SPN Checklist for Kerberos on IIS7/7.5
How to use SPNs - applies to IIS6 or to 7/8 if Kernel-mode authentication is turned off.
The reason why you application worked AFTER removing Administrator rights is that your application was compiled to the Framework temp folder using the administrator rights - Your application worked after removing the administrator rights because the application was compiled. If you update your application and it requires recompilation, the app pool account will need trusts again.
First I got errors (unfortunately I can't remember which ones), then
I added fooAppPoolUser to the local admin group (Administrators, I
know, was only to test), then it worked. Now I removed the user again,
restarted IIS and it still works.
I found the following link answered a similar question I had: http://www.iis.net/learn/manage/configuring-security/application-pool-identities
Basically, ApplicationPoolIdentity is a virtual user account that still behaves like NETWORK SERVICE, but without some of the down-sides; each app pool has it's very own ApplicationPoolIdenity account created with it.
More detailed information can also be found that is also specific to IIS 7.5 Application Pool Identities.