Checking Computer AND User Account against AD without TLS

Similar Messages

• Check for Updates and User Account Control

  With Adobe Reader the 'Check for Updates' function under Help does not appear to function when 'User Account Control (UAC)' in Windows Vista is turned on.
  When UAC is turned off, the 'Check for Updates' works, and if there an update is available for Adobe Reader, it will download and install.
  Other programs that update software funtion with UAC turned on, albeit with the additional dialog boxes that UAC brings, namely the CTL/ALT/DEL and user account logon (when applicable.)
  Without updating the Adobe Reader software, users are leaving themeselves open to vulnerabilities.  Without UAC turned on, users are also leaving themselves open to certain risks.  So there appears to be a dilemma presented.
  Does anyone know if/when Adobe will be changing the 'Check for Updates' functionality so it will behave more in-line with the UAC functionality?
  Thank you in advance for your time and attention.

  With UAC enabled, I start Adobe Reader, click on Help, and there is no selection for updating.  There is nothing for me to click.  Additionally, in Edit, Preferences, Updater, "Do not download or install updates automatically" is selected, and everything on the right pane is greyed-out.
  With UAC disabled, I start Adobe Reader, click on Help, and there is a selection for 'Check for Updates.'  In Edit, Preferences, Updater, I can select the various methods of downloading/updating Adobe Reader.  The option to download the update but not install was selected, as I wanted it to be.
  Finally, I noticed that the notice from Adobe, 'Update is ready to install,' appears in the Windows tray.  And it is this point that somewhat changes the serverity of the problem, that is, while 'Check for Updates' is not available when UAC is enabled, it appears that Adobe can still be updated through the automatic download feature.  The only problem with this is that I cannot tell if the update was downloaded while UAC was enabled (probably not since the download setting says not to) or while UAC was disabled.
  In any case, it still does not appear that our clients can get their Adobe Reader software updated while UAC is enabled.  And this represents a security dilemma for us.

• Can't Change Lock Screen Background Image and User Account Picture in Windows 8.1.

  I am running Windows8.1 Single Language with windows activated. Upgraded from Window 8 to Windows 8.1.
  Lenovo Y410p.
  4th generation Intel® Core™ i7-4700MQ (2.40GHz 1600MHz 6MB) with 16GB RAM.
  NVIDIA® GeForce® GT750M 2GB .
  I tried all methods that I found on web included :
  1. http://www.askvg.com/fix-cant-change-lock-screen-background-and-user-account-picture-in-windows-8/
  2. http://answers.microsoft.com/en-us/windows/forum/windows8_1-desktop/lockscreen-issues-on-windows-81/c51f570a-7a69-4e92-8348-3ebbed778592
  3. I deleted the C:\ProgramData\Microsoft\Windows\SystemData file and folder
  4. I restored the Libraries Features.
  5. I run SFC / Scannow 3 times but get no error.
  6.  I created a new local account but the same problem shows up. (I'm using live for main account.)
  Now, Please tell me what should I do, Thanks.

  Hi,
  First of all, please run the command slmgr.vbs /dlv
  After that, check the License status if it is licensed.
  Is there any error message when you couldn't change lock background or this option just grey out?
  Roger Lu
  TechNet Community Support

• Radius 802.1x authentication with computer AND users.

  Hi !
  I don't know if what I trying to do is possible so please excuse me if this sounds silly :)
  I have a Cisco Wireless lan manager where I've configure 2 differents SSID's : COMPANY and COMPANY_mobiles.
  What I want is to create a policy to restrict the access to the COMPANY SSID to only my company laptops with authenticaded users (both groups exists in the AD).
  Therefore I created a new policy with the following conditons :
  - NAS Port Type : Wireless
  - Client IPv4 Address : <my cisco ip>
  - Called Station ID : ^AA:BB:CC:DD:EE:FF:COMPANY$
  - Users Groups : EUROPE\MY_USER_GROUP
  - Machine Groups : EUROPE\Domain Computers
  When trying to connect a notebook on windows 7 to that COMPANY ssid, I'm beeing rejected with the following error :
  User:
      Security ID:            EUROPE\HOSTNAME$
      Account Name:            host/HOSTNAME.my.server.com
      Account Domain:            EUROPE
      Fully Qualified Account Name:    EUROPE\HOSTNAME$
  Authentication Details:
      Connection Request Policy Name:    Secure Wireless Connections
      Network Policy Name:        Connections to other access servers
      Authentication Provider:        Windows
      Authentication Server:       My.radius.server.com
      Authentication Type:        EAP
      EAP Type:            -
      Account Session Identifier:        -
      Logging Results:            Accounting information was written to the local log file.
      Reason Code:            65
      Reason:                The Network Access Permission setting in the dial-in properties of the user account in Active Directory is set to Deny access to the user. To change the Network
  Access Permission setting to either Allow access or Control access through NPS Network Policy, obtain the properties of the user account in Active Directory Users and Computers, click the Dial-in tab, and change Network Access Permission.
  It therefore seems that it doesn't match my network policy and falls bacj to the default one.
  If I remove the user rule, and let the computer rule : Connection OK
  If I remove the computer rule, and let the user rule : Connection OK
  but if I put both, i can't connect :s
  Can someone help me with this issue ?
  Thanks a lot !
  Geoffrey

  Hi Geoffrey,
  I would like to know if
  EAP-TLS wireless authentication has been used since it uses user and computer certificates to authenticate wireless access clients.
  Please try to use NPS wizard to configure 802.1x wireless connection,
  and
  you will find that it
  creates new connection request policy and network policy. Network policy NAS Port type will be "Wireless -Other OR Wireless -IEEE 802.11".If
  you
  need filter by user and computer account, the log should show both authenticate user and machine account name.
  EAP-TLS-based Authenticated Wireless Access Design
  http://technet.microsoft.com/en-us/library/dd348478(WS.10).aspx
  Regards, Rick Tan

• What is the Best Way to Sync iPod nano to a new Computer and User?

  what is the best way to sync ipod to a new computer and user?
  moving from old mac to new mac - same ipod
  - currently won't add music etc. i guess because it is not associated with this new computer
  - i don't care if I dump all old contents - if necessary...
  BTW: what if it's the same username?

  No problem.
  What about when I have the same user name on both old and new computers - and right now the new computer sees/syncs the ipod just fine .... but it seems that on another day it might not allow the sync
  If it's syncing okay already, then you have nothing to worry about. Anyways, why would it change? It doesn't decide when to. It either syncs or it doesn't depending on the situations circumstances, in which your case, you have nothing to worry about because it's already syncing without issues.
  B-rock

• Is there anyway to take a downloaded app from one computer and put it on another without rebuying it. I have a macbook that I bought the new iMovie and iPhoto on, but I would rather it be on my iMac. So is there anyway I can change it?

  Is there anyway to take a downloaded app from one computer and put it on another without rebuying it. I have a macbook that I bought the new iMovie and iPhoto on, but I would rather it be on my iMac. So is there anyway I can change it? I thought that if I bought it the apps on my macbook, they would be avaliable on my imac like the mobile devices operate. The macbook has 10.6.8 cause its a older model and I think lion would slow it down. Any help??

  Just redownload it on the other computer by logging into the App Store with the same Apple ID you used to purchase it.

• If i visited a website that has been hacked by Turkis Hackers is there a security risk for my computer and online accounts?

  If i visited a websited that has been hacked by Turkis Hackers is there a security risk for my computer and online accounts?

  Try to rename the cert8.db file in the Firefox profile folder to cert8.db.old or delete the cert8.db file to remove intermediate certificates that Firefox has stored.
  If that helped to solve the problem then you can remove the renamed cert8.db.old file.
  Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previous intermediate certificates.
  Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.
  If that didn't help then remove or rename secmod.db (secmod.db.old) as well.

• One computer, two user accounts, two libraries - how to share??

  My husband and I each have an account on our Dell computer. We each have an iTunes library and would like to have the two libraries shared with each other. We've put them in the shared documents, shared music folder. We also set our preferences in each of our iTunes accounts the location of the library. My library updated to the shared account, but without any of the music purchased from his account. His library shows no music at all - it won't update to the shared file. When we open the shared music folder - all the music is there. It just doesn't come through to iTunes. Help!!!

  Hi Lou18,
  Welcome to the Apple Discussions
  If you have used iChat to enter two .mac account screen names then you have to view it as one iChat. Whichever settings one of you sets then that will be the settings the other sees.
  However if you mean you have set up two Mac User Accounts on the Mac you will need to check that she is actually opening her Mac user account and has not added her .mac details to your iChat.
  There is a possibility that you are talking about Family Accounts or a email Alias for one .mac account in which case one of you will need to use a different screen name for iChat.
  Now this new Name can be AIM or a trial .mac.com name as these will work after the 60 days is up. It is the Linked .mac accounts that do not work for iChat.
  Links and stuff
  8:01 PM Tuesday; June 19, 2007

• Disk password and user accounts

  I have a Macbook Pro (with Mavericks), and my disk is encrypted.
  When I power on my computer, I get these options:
  1. Log in with my profile/user account OR
  2. Enter the Disk Password
            followed by: log in with my profile/user account
  What I am confused about is this: How can I log into my account both with and without entering the Disk Password, and there doesn't seem to be any difference between the two? Sorry if this is a dumb question, but if my whole drive is encrypted (I only have one partition), shouldn't I be required to enter the Disk Password before I can log in with a user account?
  I created another account (non-admin) and made sure it doesn't have automatic access to the disk (in the FireVault settings). This account can also log in just fine before I enter the Disk Password, or after I enter it.
  Another weird thing that might be connected to this is that when I run the Disk Utility when my computer boots up (Cmd+R), it says my partition is encrypted + journaled, but when I run Disk Utility from within Mavericks, it says it's only journaled, NOT encrypted as well. The partition is named after my dog (I know...), so there's no confusion of the "disk1" "disk2" sort...
  Thanks in advance!!!

  Hey Melophage,
  thanks for your reply!
  I encrypted the disk under Mountain Lion, then decrypted, erased, and encrypted again under Mavericks.
  The reason for this is that I had some issues with super slow startup as well as the log in screen after sleep (the cursor in the password field would be blinking for 25-30 secs without responding to the keyboard, then the screen would go black, then come on again, and I would be able to log in…). I couldn’t identify any apps or processes that were responsible for these issues.
  When I upgraded to Mavericks, the issue went away for a week or so, then came back. So, I decrypted, erased the drive, encrypted, and now have the “double” login options.

• Admin and User Accounts for Single User

  I am the only user of my iMac. According to the article I found below, I should create a User Account for myself and use that one for my daily work. Is this correct?
  "Don't use the administration account for anything other than setting up the machine and applications or changing "permanent" settings (if you want to, say, change network settings as a normal user you'll be prompted for the admin password, and since you'll do configuration changes less and less often as time progresses, this isn't a problem)."

  Aha! It would appear that this is exactly the sort of thing that using a non-admin account would normally protect you from.
  ..."yet all applications are available to me in Finder > Applications"...
  That's good news. So I wonder where the "Applications" folder has been moved to... The folder that is opened when "Finder" is activated is something that can be changed through the "Finder" > "Preferences" menu under "General". I suspect that it is either "Home" or "Documents", so that when you refer to "Finder > Applications", the path is actually either "Macintosh HD" > "Users" > "Applications", or else "Macintosh HD" > "Users" > "Documents" > "Applications".
  To put things back, it might be easier to temporarily remove any "Parental Controls" from your current account and check the "Allow user to administer this computer" check box.
  Then rename the "Macintosh HD" > "Applications" folder (the one with only "iTunes") to something else, eg "Applications-temp". After that, open a second window and drag the folder you refer to as "Finder > Applications" to where it belongs in the "Macintosh HD" window.
  Now check the versions of "iTunes.app" in the "Applications" and "Applications-temp" folder - one way to do this is to click on the iTunes icon once and change the "Finder" window to "Column View" ("View" > "As Columns", or use the keyboard shortcut ⌘3). The version number should be displayed in the "Preview" panel. Take the older version (lower version number), and throw it away. If necessary, drag the newer version into the "Macintosh HD" > "Applications" folder.
  Now, open "Macintosh HD" > "Applications" > "Utilities" > "Disk Utility.app", select your hard drive, and click the "Repair Disk Permissions" button (not the "Repair Disk" button). This might take a few minutes.
  Hopefully that will do it, and you can go back and make the account a non-admin again.
  I should mention that with some third pary apps, if they were originally installed while the "Applications" folder had been moved, they may complain if their location is changed. It might be necessary to reinstall those, although it will likely depend on a case to case basis.

• Spam & Virus check only - no user accounts

  I am trying to use one of my OS X Server boxes as a spam/virus filter only. I want it to listen on port 25 and relay to the same machine port 325 to hit another SMTP server. I have entered all of my domains and sub-domains into the virtual domains screen. I have not set up any user accounts.
  I see that I can set outgoing SMTP relaying through the GUI and it does seem to accept xxx.xxx.xxx.xxx:325 as a format - but I am not sure that this is legal. Is it? I also found in the archives that this may have to be hand written into the config file as the GUI does not enter relay values correctly. Is this still true in 10.4.4?
  How do I force all incoming mail to pass through the server and automatically send on to the outgoing SMTP. This is kind of like a backup mail server that accepts mail and relays it on when the primary comes back on line. Please point me to the config file if that is where I need to be editing.
  Dean
  Dual G5 2GHz Mac OS X (10.4.4)

  I continued work on this issue today. First, I checked and the three User account folders were present in the Users folder along with the one new account created as part of the Mac OSX Tiger A&I. For some reason, not one of these 4 was accessible from the Login screen; it acted exactly if there were no user accounts.
  Purchased and installed DiskWarrior 4 on the FW drive and rebuilt the directory of the iMac's internal drive. Ran all other tests available w/ DW. Still no joy on logging in. I should NOT have had to see the Login screen at all if the new user had been created properly.
  Punted. Copied everything I thought I would need to the external drive, then did an Erase & Install of OS X Tiger. Applied all updates, no problems logging in. Copied all the original User/username files and folders and restored a few apps.
  Finally, after much wasted time, I have all but one App running and all data files, folders, pics, music restored.
  Adobe Photoshop Elements 3.0 fails because I apparently failed to save a .plist file somewhere and now I learn too late that PE 3.0 will not install on a 10.4.x system. Sigh.

• Email name and user account pictures keep changing

  My wife and I share contacts and calendars using my iCloud account. She syncs her notes and reminders using her iCloud account. This seems to work fine, but a problem has arisen that I suspect is related to this setup that I don't know how to resolve. When I send an email from my iCloud account it now has a from address of "my wife's name <[email protected]>" instead of "my name <[email protected]>". Also the account login picture for my Mac's user account has been replaced with hers. The latter I can reset (I don't know how to fix the former) but eventually the problem seems to recur.  I'm not sure if this is related but our contacts list identifies my address book card with the "this is me" tag.

  #1 I am 99.5% sure (but only 99.5% if you aren't a gambling man) that when you delete a user's account using the accounts preferences all their stuff gets put into a "deleted users" folder in the users directory on the computer, so it is still all there until you trash that folder. Their account is gone but their files are still around.
  #2 I don't actually have an "applications" folder in my account, there is just one at the main directory level, so I don't think each user necessarily has one by default. However, each user has a bunch of preferences so when I start an application it comes up with my preferences. Another user will have the application come up with their preferences. That's not to say I couldn't have an application in my account area, but I could in theory have an application tucked away in any folder or subfolder and not readily identifiable as such. Any applications not in the general applications folder usually won't be accessable to other users so unless you're logging as that old user you may not even know about applications there.

• Administrator account AND user account neccesary?

  I recently read in some posts that you should have an administrator account setup up on your mac but then also have a user account for yourself to use. Can anyone better explain this to me and tell me why I should do this? Right now I am the only one using the computer and there is only one account set up and it is the admin account.
  Thanks

  Depending on how often you take your pB on the road determines it for me.
  Portables are more likely to be stolen than desktops, and if there is sensitive info on it, ssn's for example, I prefer to have that protected or hidden in an upper level account.
  That way, if you use a second account for normal, mundane stuff, if it is heisted, the crooks would not have access to top secret stuff.
  JMTCW

• SBS2008 Disk failure. Files and user accounts disappeared

  Am just on a client site that suffered a power outage at the weekend (Cyclone Lusi). They have SBS2008 and a RAID1 array (two disks). One of the disks has failed, but it also appears that the server believes it is one month prior! I created a user account
  on the 24th February and it is no longer there.
  Also, the last backup that the system is aware of is from 18th February. I have mounted the vhd file containing all the backups, and the files are available as recently as last Thursday (13th Mar). In 15 years of system support i have never encountered anything
  as weird as this, i'm wondering if anyone else has come across this and if so how they managed to get the system returned to a "normal" state.
  TIA
  Neill

  Hi,
  Any update?
  Just checking in to see if the suggestions were helpful. Please let us know if you would like further assistance.
  Best Regards,
  Andy Qi
  TechNet Subscriber Support
  If you are
  TechNet Subscription user and have any feedback on our support quality, please send your feedback
  here.
  Andy Qi
  TechNet Community Support

• Difference Between Service Account and User Account

  What is the Difference Between Service Account and User Account

  Hello Mohit,
  Basically there are two types of approches which you should understand.
  In many environments, administrators prefer to simply create a domain user account and assign appropriate privileges to it. Then this user account is used in order to start a specific service on a computer.
  In that case there is really no difference between a user account and the so called service accounts. Since this service account is simply a domain user, all the task related to managing the domain users apply to it. For example you
  should keep the password up to date manually. Some environment move step forward and assign
  Deny Logon Locally of this type of service account in order to enhance the security.
  The second concept is Managed Service Accounts. There are plenty of differences between a Managed Service Account and a User Account.
  The Display Icon is different from a view perspective.
  The type of object is different. 
  Managed service accounts password management is automatic.
  You can not create Managed Service Accounts using GUI. They are only created using Powershell.
  You can refer to link below for more inormation:
  Service Accounts Step-by-Step Guide
  Regards.
  Mahdi Tehrani   |  
    |  
  www.mahditehrani.ir
  Please click on Propose As Answer or to mark this post as
  and helpful for other people.
  This posting is provided AS-IS with no warranties, and confers no rights.
  How to query members of 'Local Administrators' group in all computers?