FSL-02007  Unable to set access rights of services.SAPtmp

Hello everybody,
I receive this error message(in the subject) when I am trying to install the WAS640 on my Windows XP sp2.
I tried to start the installation with the "Administrator" account and I receive the same error (I saw in another post that this is a possible solution). My account also has the administrator rights.
Please help me,
Thank you very much,
Doru Sular

Hi Doru,
Check that the user that you are performing the installation with has full administration privileges and the following policy privileges:
Act as part of the operating system
Increase quotas
Replace a process level token.
Another trick can be to take ownership of the file system with the account you are using.
Regards
Daniel

Similar Messages

  • FSL-02007  Unable to set access rights of saploc.

    Hello,
    I am performing an installation of SAP ERP 6.0 EHP4 on Windows 2008 Server R2 along with MS SQL Server 2005 SP3 on a High Availability cluster.
    I have completed the MS SQL Server 2005 into the first Cluster of MSCS. Performed the moving the MSCS groups of database, SAP and Cluster groups with success.
    I created a shared file: sapmnt under the directory: E:\usr\sap for Everyone, & administrator with full access. The shared file was created as
    SAPCLUSTER\sapmnt.
    Then I started to execute the installation of Central Services Instance for ABAP (ASCS).
    I logged as DECORCENTER.administrator, executed the command sapinst SAPINST_USE_HOST=DECORSAP
    The installation has stopped after an error: 
    WARNING[E] 2010-10-25 16:59:51.285 [synxcfsexp.cpp:158]
               CSyFSExportImpl::setACL(acl)
    FSL-02007  Unable to set access rights of saploc. SetNamedSecurityInfo: This shared resource does not exist.
    Physical hostname of cluster is: SRVSAP01 y SRVSAP02
    The cluster has three group resources:
    ClusterGroup  -> hostname: CLUSTERGROUP
    ClusterSAP     -> hostname:CLUSTERSAP
    ClusterDB       -> hostname: DECCENSAP
    VIRTUAL SERVER -> hostname: DECORSAP
    Let me know what I am doing wrong with this
    Regards,
    Rodolfo
    Edited by: Rodolfo Neuhaus Wiese on Oct 25, 2010 7:26 PM

    Ivan Bronner wrote:
    Hi
    >
    > We tried the installation already with or without sapinst SAPINST_USE_HOSTNAME= "virtual hostname".
    >
    > Ivan
    Hi,
    Could you try to create "saploc" share manually and set share permissions to "Administrators, sap_localadmin" group, with full access? If you tried this before, did you face with a problem?
    You should perform this activity with the same user that you've executed SAPINST
    Best regards,
    Orkun Gedik
    Edited by: Orkun Gedik on Aug 24, 2011 11:33 AM

  • Setting access rights at component level

    I have created a component. The business wants to restrict its use to a certain group of users.
    If a user is part of that group, ONLY then the coomponent should be available in sidekick at time of page creation.
    How is setting access rights at component level being achieved?

    As Jorg stated, Group ACL settings are meant to control access at a page
    level.  As he also stated is possible to control access even further, but
    with additional effort and difficulty. But, nearly every client wants this
    done down to the component level and on a group by group basis.  So, what
    I've found, over the years that works is the following:
    - Configure the available components per template type per parsys
    - Further configure the available components at the group level
    For the custom built components, you can remove them at the group level by
    un-checking the 'read' ACL on the dialogs for the given component.  You
    don't want to un-check read for the whole component because then the users
    of that group experience random 'holes' in the content.  But, if you
    un-check 'read' for the dialogs, then the component will not display in
    Side-kick (at least on 5.4 and prior this is the case).
    The only caveat to this is the OOB components.  That is where you will run
    into a lot more difficulty.  Those should mostly be enabled/disabled at the
    design level for the entire page/parsys.
    Hope this helps.
    Todd

  • FSL-02003  Unable to set owner /sapmnt/MHS/global/security/data for 512.

    Hello,
    I got the error "FSL-02003  Unable to set owner /sapmnt/MHS/global/security/data for 512" while installing SM 7.0 EhP 1 on Linux at phase "Create Secure Store". I have tried changing owner of the folder, but no change.
    Can anybody help?
    Thanks for your help
    Kris
    WARNING[E] 2009-07-24 17:54:48.617
               CJSlibModule::writeError_impl()
    FSL-02003  Unable to set owner /sapmnt/MHS/global/security/data for 512.
    TRACE      2009-07-24 17:54:48.618 [iaxxejsbas.hpp:483]
               EJS_Base::dispatchFunctionCall()
    JS Callback has thrown unknown exception. Rethrowing.
    TRACE      2009-07-24 17:54:48.699 [syuxctask.cpp:1382]
               CSyTaskImpl::start(bool)
    A child process has been started. Pid = 18576
    TRACE      2009-07-24 17:54:48.784 [syuxctask.cpp:1382]
               CSyTaskImpl::start(bool)
    A child process has been started. Pid = 18577
    ERROR      2009-07-24 17:54:48.822 [sixxcstepexecute.cpp:950]
    FCO-00011  The step createSecureStore with step key |NW_Doublestack_DB|ind|ind|ind|ind|0|0|NW_CreateDBandLoad|ind|ind|ind|ind|9|0|NW_SecureStore|ind|ind|ind|ind|8|0|createSecureStore was executed with status ERROR .

    Hi Kris,
    Have you tried to change permission of the file as logs are showing ?
    Check SAP Note 1257481 - SAP NetWeaver Inst. Based on Kernel 7.11: IBM DB2 for i which is not for your OS but similar error is described in that which is telling that by changing the permission you can proceed.
    Thanks
    Sunny

  • Unable to set access to allow wiki blog creation

    I enabled the web and web objects including wiki and blog in server admin. I set the domain myserver.domain.org under dns and enabled dns but when i try to enable it on the group level i run into issues. From the server and my mac book pro work group manager does not see the site. From my imac i can enable it but when i hit save and refresh the changes are gone... any ideas? If it helps i am running server 10.5.6 with all the latest updates and my users were imported to opendirectory from Novells nds
    Thank you
    Howard Magnes

    here is the log entry for my error:
    ] [notice] caught SIGTERM, shutting down
    [Fri Nov 21 09:11:30 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Fri Nov 21 09:13:27 2008] [notice] Graceful restart requested, doing restart
    [Fri Nov 21 09:13:27 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Fri Nov 21 09:14:45 2008] [notice] Graceful restart requested, doing restart
    [Fri Nov 21 09:14:45 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Fri Nov 21 09:15:42 2008] [notice] Graceful restart requested, doing restart
    [Fri Nov 21 09:15:43 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Fri Nov 21 09:15:55 2008] [notice] Graceful restart requested, doing restart
    [Fri Nov 21 09:15:55 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Fri Nov 21 09:19:22 2008] [notice] Graceful restart requested, doing restart
    [Fri Nov 21 09:19:22 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Fri Nov 21 09:19:34 2008] [notice] Graceful restart requested, doing restart
    [Fri Nov 21 09:19:34 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Fri Nov 21 09:19:45 2008] [notice] caught SIGTERM, shutting down
    [Fri Nov 21 09:19:51 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Fri Nov 21 09:22:10 2008] [notice] caught SIGTERM, shutting down
    [Fri Nov 21 09:22:11 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Fri Nov 21 09:22:58 2008] [notice] caught SIGTERM, shutting down
    [Fri Nov 21 09:22:59 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Fri Nov 21 09:23:11 2008] [notice] Graceful restart requested, doing restart
    [Fri Nov 21 09:23:11 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Fri Nov 21 09:26:47 2008] [notice] Graceful restart requested, doing restart
    [Fri Nov 21 09:26:47 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Fri Nov 21 09:31:05 2008] [notice] caught SIGTERM, shutting down
    [Fri Nov 21 09:31:54 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Fri Nov 21 11:14:38 2008] [notice] Graceful restart requested, doing restart
    [Fri Nov 21 11:14:39 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Fri Nov 21 11:14:50 2008] [notice] Graceful restart requested, doing restart
    [Fri Nov 21 11:14:50 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Fri Nov 21 11:19:07 2008] [notice] caught SIGTERM, shutting down
    [Fri Nov 21 11:20:34 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Fri Nov 21 12:45:35 2008] [notice] Graceful restart requested, doing restart
    [Fri Nov 21 12:45:35 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Mon Nov 24 07:04:54 2008] [notice] Graceful restart requested, doing restart
    [Mon Nov 24 07:04:54 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Mon Nov 24 07:04:59 2008] [notice] caught SIGTERM, shutting down
    [Mon Nov 24 07:05:05 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Mon Nov 24 07:10:06 2008] [notice] Graceful restart requested, doing restart
    [Mon Nov 24 07:10:06 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Mon Nov 24 07:11:05 2008] [notice] Graceful restart requested, doing restart
    [Mon Nov 24 07:11:05 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Mon Nov 24 07:11:24 2008] [notice] caught SIGTERM, shutting down
    [Mon Nov 24 07:12:14 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Mon Nov 24 07:12:28 2008] [notice] Graceful restart requested, doing restart
    [Mon Nov 24 07:12:28 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Mon Nov 24 10:43:04 2008] [notice] caught SIGTERM, shutting down
    [Mon Nov 24 10:43:29 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Mon Nov 24 10:44:22 2008] [notice] Graceful restart requested, doing restart
    [Mon Nov 24 10:44:22 2008] [error] (9)Bad file descriptor: aprpollsetpoll: (listen)
    [Mon Nov 24 10:44:22 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Mon Nov 24 10:48:01 2008] [notice] Graceful restart requested, doing restart
    [Mon Nov 24 10:48:01 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Mon Nov 24 10:48:13 2008] [notice] caught SIGTERM, shutting down
    [Mon Nov 24 10:48:20 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Mon Nov 24 10:50:36 2008] [notice] Graceful restart requested, doing restart
    [Mon Nov 24 10:50:36 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Mon Nov 24 11:10:32 2008] [notice] Graceful restart requested, doing restart
    [Mon Nov 24 11:10:33 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Mon Nov 24 11:10:45 2008] [notice] caught SIGTERM, shutting down
    [Mon Nov 24 11:10:50 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Mon Nov 24 11:13:56 2008] [notice] Graceful restart requested, doing restart
    [Mon Nov 24 11:13:56 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Wed Nov 26 14:40:15 2008] [notice] Graceful restart requested, doing restart
    [Wed Nov 26 14:40:15 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 configured -- resuming normal operations
    [Wed Nov 26 14:47:33 2008] [notice] Graceful restart requested, doing restart
    [Wed Nov 26 14:47:34 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 SVN/1.4.4 configured -- resuming normal operations
    [Wed Dec 03 07:49:17 2008] [notice] Graceful restart requested, doing restart
    [Wed Dec 03 07:49:18 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 SVN/1.4.4 configured -- resuming normal operations
    [Wed Dec 03 07:49:23 2008] [notice] Graceful restart requested, doing restart
    [Wed Dec 03 07:49:23 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 SVN/1.4.4 configured -- resuming normal operations
    [Wed Dec 03 07:51:09 2008] [notice] caught SIGTERM, shutting down
    [Wed Dec 03 07:51:15 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 SVN/1.4.4 configured -- resuming normal operations
    [Tue Dec 16 08:05:07 2008] [notice] Graceful restart requested, doing restart
    [Tue Dec 16 08:05:08 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 SVN/1.4.4 configured -- resuming normal operations
    [Tue Dec 16 08:07:20 2008] [notice] caught SIGTERM, shutting down
    [Tue Dec 16 08:07:42 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 SVN/1.4.4 configured -- resuming normal operations
    [Tue Dec 16 08:23:46 2008] [notice] Graceful restart requested, doing restart
    [Tue Dec 16 08:23:47 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 SVN/1.4.4 configured -- resuming normal operations
    [Tue Dec 16 08:25:19 2008] [notice] caught SIGTERM, shutting down
    [Tue Dec 16 08:39:29 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 SVN/1.4.4 configured -- resuming normal operations
    [Tue Dec 16 08:41:15 2008] [notice] Graceful restart requested, doing restart
    [Tue Dec 16 08:41:15 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 SVN/1.4.4 configured -- resuming normal operations
    [Tue Dec 16 08:42:02 2008] [notice] Graceful restart requested, doing restart
    [Tue Dec 16 08:42:02 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 SVN/1.4.4 configured -- resuming normal operations
    [Tue Dec 16 08:42:06 2008] [notice] Graceful restart requested, doing restart
    [Tue Dec 16 08:42:07 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 SVN/1.4.4 configured -- resuming normal operations
    [Tue Dec 16 08:42:21 2008] [notice] Graceful restart requested, doing restart
    [Tue Dec 16 08:42:21 2008] [notice] Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7l DAV/2 PHP/5.2.6 SVN/1.4.4 configured -- resuming normal operations
    [Tue Dec 16 08:42:46 2008] [error] [client 10.81.101.204] File does not exist: /Library/WebServer/Documents/users, referer: http://pmsdxserve01.pmsd.org/
    [Tue Dec 16 08:42:48 2008] [error] [client 10.81.101.204] File does not exist: /Library/WebServer/Documents/users, referer: http://pmsdxserve01.pmsd.org/groups/
    [Tue Dec 16 08:42:54 2008] [error] [client 10.81.101.204] File does not exist: /Library/WebServer/Documents/users, referer: http://pmsdxserve01.pmsd.org/groups/
    [Tue Dec 16 09:27:59 2008] [error] [client 10.81.101.204] File does not exist: /Library/WebServer/Documents/users, referer: http://pmsdxserve01.pmsd.org/groups/

  • Unable to set up Flickr Publish Services in LR4.1

    I have tried on numerous occasions and end with the same result.  After I finish setting up the parameters in the Flickr Publish Services form I receive the "Lightroom needs your permission to upload images to Flickr"   I click on the "Authorize" button and then I'm taken to my account within Flickr.  Once i click on the "OK, I'll authorize it" button, I'm taken to:  http://lightroom://com.adobe.lightroom.export.flickr/#?oauth_token=72157630835444112-9ff8c 3faeafcb667&oauth_verifier=84249d3a8099d4dd,  where I get another pop up window that says "This web page cannot be displayed"
    No matter what I do I cannot get the publish service to work.  I had no issues with Lightroom 3.6 using the same procedure.  What has changed, or what am I missing?  Please help.  Thanks in advance.

    Hi
    You will need to have different configuration in each service.bat file as the SVCNAME must be unique across multiple instances, for example:
    JBoss Server 1 service.bat config:
    set SVCNAME=CCP_RC
    set SVCDISP=CCP - RequestCenter
    set SVCDESC=JBoss instance for RequestCenter
    JBoss Server 2 service.bat config:
    set SVCNAME=CCP_SL
    set SVCDISP=CCP - ServiceLink
    set SVCDESC=JBoss instance for ServiceLink

  • I install IDES 4.7 in VMware, Why "unable to set time for file...."

    system     Windows2003
    database   Oracle 9
    disk space : C(50G)D(80G)E(40G)
    "Copying file C:/DOCUME1/ADMINI1/LOCALS~1/Temp/SAPinst/bootstrap_keydb.1.xml to: C:/SAPinst ORACLE SAPINST.
    INFO 2014-01-26 16:22:47
    Copying file C:/DOCUME1/ADMINI1/LOCALS~1/Temp/SAPinst/bootstrap_keydb.xml to: C:/SAPinst ORACLE SAPINST.
    INFO 2014-01-26 16:22:47
    Copying file C:/DOCUME1/ADMINI1/LOCALS~1/Temp/SAPinst/CONTROL.DTD to: C:/SAPinst ORACLE SAPINST.
    ERROR 2014-01-26 16:22:47
    FSL-02010  Unable to set time for file C:/SAPinst ORACLE SAPINST/CONTROL.DTD.
    ERROR 2014-01-26 16:22:47
    FJS-00012  Error when executing script."
    who can help me ..please.....

    Hello Matthew,
    You should also change your temp directory to something woth no spaces, something like C:\temp.
    Sapisnt sometimes has problems with the spaces in the temp path, and the Universal Installer nearly always
    has a problem with this.
    Regards,
    David

  • Bpf - package access rights

    Dear Xperts,
    i have created a bpf templete say bpf1 & created instance say my process.
    there are 5 companies for consolidation,for specific user say user1 i have given right of comapny xyz only.
    bpf runs correctly by showing only company xyz in bpf web main menu for user1.
    problem is when i run a package,in criteria selection box requiring to select entity,time,category etc details for running package,it shows all 5 company in entity selection box. so user1 is in position to run package for other company for which it does not have right.
    so can anyone tell me how to greyout entity selection box so that user1 can run only company xyz or is there any way i can set access rights while running package in criteria selection box.also i m working on nw 7.5 version
    thanks
    kashyap.

    Dear Raju,
    i have given secondry admin rights to user1 with bpf excution tasks .
    i was able to allow access to this user only to one company by mentioning his domain name in owner property of entity dimension.
    do i need to make any further changes?
    thanks
    kashyap.

  • Access Right for Minimum stock level

    Hi all,
    I would like to know if there is a way to set access right to enalbe or disable user from modify the minimum stock level in the item master data.
    Thank you.
    Regards

    I would like to know if there is a way to set access right to enalbe or disable user from modify the minimum stock level in the item master data.
    as I have said, you can use SP_TN to disable some certain users to modify the minimum inventory level value. here is an example:
    IF @transaction_type IN ('A', 'U') AND
    @Object_type = '4'
    begin
    if exists (SELECT distinct t0.docentry FROM oitm T0 INNER JOIN oUSR T1 ON T1.internal_k
    = t0.usersign
    WHERE isnull(t0.minlevel,'') <> '0' and t1.user_code = 'manager')
    begin
    select @Error = 10, @error_message = 'Min level can not be updated by user manager'
    end
    end
    but I also said that you can use SDK code i.e. SAP B1 addon to disable the users to modify the minimum inventory level field. It is more complicated because you need to use programming language e.g. VB.Net to do that. The programming language will use the B1 DI API as project reference.
    You must have SDK development license to develop such addon.
    JimM

  • Firewall in set access mode let "allow incoming connections" without me

    I have set up my firewall to allow incoming connections for a file sharing client under "Set Access for specific services and applications", and I noticed that Skype, iChatagent, and Safari all included themselves to be set under allow as well a week later. I did not enter this in manually. How did this occur?

    I am quite befuddled by the 10.5 firewall. Maybe I'm thinking too much, but I've read all the documents I could get a hold of, and I still find it confusing and often conflicting in the specifics.
    For starters, there is the cryptic remark of ""Mac OS X normally determines which programs are allowed incoming connections. Select this option if you want to allow or block incoming connections for specific program." Presumedly the "option" it is referring to is the "Set access for specific services..." option, which implies that the "normally determines" circumstance refers to the first two options. But, "Allow all incoming connections" supposedly allows everything, and "Allow only essential services" supposedly blocks everything (except for two or three things). Where in either of these cases would OS X be "determining" anything, and if it does, what criteria is it using?
    The next thing I don't understand: when the option is set to "Set access for specific services", which applications does OS X explicitly ask permissions for? It seems that it since the firewall is only blocking incoming connections, it should only ask for applications that look like they want to accept incoming connections (i.e., server applications). But for me, it asks for permission for applications like Cyberduck (ftp app), and Microsoft Word 2004. In addition, the poster above mentioned Safari made it onto the list. To me, neither Cyberduck nor Safari should matter, since they are both purely client applications that only receive incoming data when it is requested by them, no? And what business does Word have in wanting to accept incoming connections? (maybe this is a question for Microsoft, not Apple).
    Well, I have a list of other questions about half a page long, but if anyone can help with those two, it would be a big help.

  • Concerned About "Set Access" Firewall SettingOption

    So I realized I couldn't use some of the cooler apps from iTunes because of my firewall setting in Security. Mainly 1 Password and the handy Remote apps. SO, I enabled the "Set access for specific services and applications" under firewall settings in Security and now my apps work fine. Is this as secure as the "Allow only essential services" option? I'm having trouble understanding the verbiage of what this option does for you? If an application is listed and "Allow incoming connections" is enabled, am I prone to hacks?

    After you remove it, it will ask for permission again the next time you use it.
    Here is a some, mostly accurate info on Leo's firewall. Anyway it will familiarize you with the basics:
    http://securosis.com/2007/11/01/investigating-the-leopard-firewall/
    since 10.5.2 Apple improved the firewall's behavior somewhat and made it more secure.
    If it is still being contrary,
    (this usually works)
    Here’s what you do:
    First, open System Preferences and click on “Security”.
    Now follow these steps:
    1. Make sure “Set access for specific services and applications” is selected.
    2. Select the top application in the list.
    3. Click the “-” button to delete it. Repeat until there are no applications in the list.
    4. Select “Allow all incoming connections”.
    5. Re-select “Set access for specific services and applications”, and quit.
    From now on, you should be asked once and only once whether you want an app to accept incoming connections… and the iApplications may well not bother you at all.
    (By the way, if you had specifically selected some applications where you wanted to block incoming connections, you’ll want to do add them to the list again.)
    Kj

  • I am unable to see, access, or navigate to, the far right side of iTunes 11.3.1.2 home screen on Dell Inspiron 3000 Windows 8.1 w/64-bit Pentium Processor.

    I am unable to see, access, or navigate to, the far right side of iTunes 11.3.1.2 home screen on Dell Inspiron 3000 Windows 8.1 w/64-bit Pentium Processor.

    Try dragging the window away from its location, resizing it, then maximizing it.  There's been a bug since iTunes 11 that doesn't always size the window correctly if set to run maximized automatically (which I've notice most particularly on dual-screen systems).

  • I set up a passcode to ensure the security of my iPhone 5 but, when I enter it on the home screen, I repeatedly receive an error message and my phone locks. Is there a way to reset the passcode when I am unable to gain access to my phone?

    I set up a passcode to ensure the security of my iPhone 5 but, when I enter it on the home screen, I repeatedly receive an error message and my phone locks. Is there a way to reset the passcode when I am unable to gain access to my phone?

    I figured that was the case, but I've used the same passcode for years and I can't seem to figure out how I managed to screw it up when I set up my phone. Without being able to access my phone for a restore, how would I accomplish this? iTunes? Thank you very much for you help!

  • Setting Item level access rights on sharepoint list item in ItemAdding event handler

    Hi ,
    I am using sharepoint 2013. I am trying to set item level access rights when a list item is added using the following code snippet,
    public override void ItemAdding(SPItemEventProperties properties)
    base.ItemAdding(properties);
    ConfigureItemSecurity(properties);
    private void ConfigureItemSecurity(SPItemEventProperties properties)
    var item=properties.ListItem;
    SPSecurity.RunWithElevatedPrivileges(delegate()
    using (SPSite site = new SPSite(properties.SiteId))
    using (SPWeb oWeb = site.OpenWeb())
    item.ParentList.BreakRoleInheritance(true);
    oWeb.AllowUnsafeUpdates = true;
    var guestRole = oWeb.RoleDefinitions.GetByType(SPRoleType.Reader);
    var editRole = oWeb.RoleDefinitions.GetByType(SPRoleType.Editor);
    SPGroup HRGroup = oWeb.SiteGroups.Cast<SPGroup>().AsQueryable().FirstOrDefault(g => g.LoginName=="HR Team");
    SPRoleAssignment groupRoleAssignment = new SPRoleAssignment(HRGroup);
    groupRoleAssignment.RoleDefinitionBindings.Add(guestRole);
    SPUserCollection users = oWeb.Users;
    SPFieldUserValueCollection hm = (SPFieldUserValueCollection)item["HiringManager"];
    SPFieldUserValueCollection pm = (SPFieldUserValueCollection)item["ProjectManager"];
    SPFieldUserValueCollection pmChiefs = (SPFieldUserValueCollection)item["ProjectManagerChief"];
    item.BreakRoleInheritance(true);
    item.RoleAssignments.Add(groupRoleAssignment);
    foreach (SPFieldUserValue staffMember in hm)
    SetRightsOnItem(item, staffMember, editRole);
    foreach (SPFieldUserValue staffMember in pm)
    SetRightsOnItem(item, staffMember, guestRole);
    foreach (SPFieldUserValue staffMember in pmChiefs)
    SetRightsOnItem(item, staffMember, guestRole);
    item.Update();
    private void SetRightsOnItem(SPListItem item, SPFieldUserValue staffMember, SPRoleDefinition role)
    SPUser employeeUser = staffMember.User;
    var userRoleAssignment = new SPRoleAssignment(employeeUser);
    userRoleAssignment.RoleDefinitionBindings.Add(role);
    item.RoleAssignments.Add(userRoleAssignment);
    Nothing is happening though... Is the event handler the right place to do this?
    thank you

    Hi ,
    You can refer to the code working in my environment:
    using System;
    using System.Security.Permissions;
    using Microsoft.SharePoint;
    using Microsoft.SharePoint.Utilities;
    using Microsoft.SharePoint.Workflow;
    namespace ItemLevelSecurity.ItemSecurity
    /// <summary>
    /// List Item Events
    /// </summary>
    public class ItemSecurity : SPItemEventReceiver
    /// <summary>
    /// An item was added.
    /// </summary>
    public override void ItemAdded(SPItemEventProperties properties)
    SPSecurity.RunWithElevatedPrivileges(delegate()
    try
    using (SPSite oSPSite = new SPSite(properties.SiteId))
    using (SPWeb oSPWeb = oSPSite.OpenWeb(properties.RelativeWebUrl))
    //get the list item that was created
    SPListItem item = oSPWeb.Lists[properties.ListId].GetItemById(properties.ListItem.ID);
    //get the author user who created the item
    SPFieldUserValue valAuthor = new SPFieldUserValue(properties.Web, item["Created By"].ToString());
    SPUser oAuthor = valAuthor.User;
    //assign read permission to item author
    AssignPermissionsToItem(item,oAuthor,SPRoleType.Reader);
    //update the item
    item.Update();
    base.ItemAdded(properties);
    catch (Exception ex)
    properties.ErrorMessage = ex.Message; properties.Status = SPEventReceiverStatus.CancelWithError;
    properties.Cancel = true;
    public static void AssignPermissionsToItem(SPListItem item, SPPrincipal obj, SPRoleType roleType)
    if (!item.HasUniqueRoleAssignments)
    item.BreakRoleInheritance(false, true);
    SPRoleAssignment roleAssignment = new SPRoleAssignment(obj);
    SPRoleDefinition roleDefinition = item.Web.RoleDefinitions.GetByType(roleType);
    roleAssignment.RoleDefinitionBindings.Add(roleDefinition);
    item.RoleAssignments.Add(roleAssignment);
    Thanks,
    Eric
    Forum Support
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
    [email protected].
    Eric Tao
    TechNet Community Support

  • Using PowerShell to set Custom Access Rights on a Calendar Does not set Free/Busy Permissions

    We recently discovered an issue where, if you use Exchange Management Shell to configure custom access rights, the Free/Busy permissions do not get set at all (they remain as "None"):
    $temp = [Microsoft.Exchange.Management.StoreTasks.MailboxFolderAccessRight[]]("ReadItems","EditOwnedItems","DeleteOwnedItems","EditAllItems","DeleteAllItems","FolderVisible")
    Add-MailboxFolderPermission -Identity "conf-company-test:\calendar" -User "Company Calendar Management" -AccessRights $temp
    Add-MailboxFolderPermission -Identity "conf-company-test:\calendar" -User "mpinkston" -AccessRights Editor
    If you use a pre-defined "role" such as Editor given to mpinkston6 in the above example it sets the Free/Busy permission to Full Details. It would appear that using Add-MailboxFolderPermission or Set-MailboxFolderPermission is generic for folder
    objects, and doesn't explicitly set the Free/Busy permissions. In the case of the pre-defined roles either the command is doing something special/different, or the permission checks later accept pre-defined roles for determining Free/Busy permissions. No idea
    which is going on. If Free/Busy permissions can be fixed through PowerShell by some other mechanism/command, that would be great. If not, how do we go about requesting a fix/feature change in Exchange?
    http://technet.microsoft.com/en-us/library/dd298062%28v=exchg.150%29.aspx
    (Please expand Parameters and read AccessRights to get a better understanding for what I'm describing.)

    Did you try adding AvailabilityOnly or LimitedDetails in your $temp variable for Calendar folder? These would set it to "Free/Busy time, subject, location" or "Free/Busy time" respectively....
    Add-MailboxFolderPermission - http://technet.microsoft.com/en-us/library/dd298062(v=exchg.150).aspx
    The following roles apply specifically to calendar folders:
    AvailabilityOnly   View only availability data
    LimitedDetails   View availability data with subject and location
    Amit Tank | Exchange - MVP | Blog:
    exchangeshare.wordpress.com 

Maybe you are looking for

  • Can I choose which season artwork is used for display over the whole TV show?

    I have a TV show with multiple seasons and multiple album covers, but iTunes chooses one to display over the whole show list that I don't like. Is there some way to choose which season cover is displayed over my whole show, you know, WITHOUT changing

  • Tables for  bill to and ship to addresses in crm order

    Hi Experts, In which tables the bill to and ship to addresses are stored in CRM order? Thanks in Advance.

  • Popup parenting issues in multi window

    Hello folks, I have a multi-window AIR application - there is one base application window, but we currently hide that and use mx:Window for all of our application windows. The application allows you to open new windows to enable easy drag and drop be

  • Cannot access blackberry app world from icon

    i have the unlimted package which allows me access to blackberry app world, however, when i go to the icon i keep getting an error message saying blackberry app world is having trouble connecting to the server and verify network connections. my servi

  • Solution to less music volume on phones (Possible)

    Hey.. I have a Nokia 5800XM. I think the volume is very low through the earphones. I put some thought into it, and found this amazing software online. It's called mp3gain.. I don't know if this has been discussed on this forum already, but I'm only t