Disable SSH version1 in ACS Express 5.0
Hi,
Does anybody knows if it is possible to disable SSH v1 in ACS express installed in ADE 1010?
Appreciate anybody's feedback
Thanks.
NetMaint
Hi,
This was required by our client to disable SSH v1 after the infosec audit.
Can this be done? I tried digging but can't find any info. If this can't be done at least provide me some link so I can feedback to our client.
Appreciate your reply.
Regards, NetMaint
Similar Messages
-
ACS Express integration with Active Directory
Hello,
I have ACS Express version 5.0.1 installed on Cisco ADE; I'm trying to get it integreated with an Active Directory without sucess.
I did packet captures on the ASA that is in between and I can see communication going thru just fine. I ran a diagnostic on the ACS express and got this:
DIAGNOSTIC USING THE IP ADDRESS OF THE DOMAIN CONTROLLER:
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Tabla normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
Output of AD Domain Diagnostics:
IP Diagnostics
Local host name: he-zfm-acs-01
Local IP Address: 172.31.67.10
Not found in DNS!Make sure it is in Reverse Lookup Zone.
FQDN host name:he-zfm-acs-01.clarocr.americamovil.ca1
Domain Diagnostics:
Domain: 172.24.2.93
Subnet site:
WARNING! Unable to locate computer's subnet site in Active Directory.
Ask your Active Directory administrator to add this computer's subnet
to the appropriate site.
DNS query for: _ldap._tcp.172.24.2.93
Found no SRV records!
Computer Account Diagnostics
Not joined to any domain
AD Agent Process Status: Not joined to any domain
DIAGNOSTIC USING THE AD REALM:
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Tabla normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0cm 5.4pt 0cm 5.4pt;
mso-para-margin:0cm;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
Output of AD Domain Diagnostics:
IP Diagnostics
Local host name: he-zfm-acs-01
Local IP Address: 172.31.67.10
FQDN host name:he-zfm-acs-02.clarocr.americamovil.ca1
Domain Diagnostics:
Domain: CLAROCR.AMERICAMOVIL.CA1
Subnet site: TELECOM
DNS query for: _ldap._tcp.CLAROCR.AMERICAMOVIL.CA1
Found SRV records:
rom-pro-dc-03.clarocr.americamovil.ca1:389
Testing Active Directory connectivity:
Domain Controller: rom-pro-dc-03.clarocr.americamovil.ca1
ldap: 389/tcp - good
ldap: 389/udp - good
smb: 445/tcp - good
kdc: 88/tcp - good
kpasswd: 464/tcp - good
ntp: 123/udp - good
Domain Controller: rom-pro-dc-03.clarocr.americamovil.ca1:389
Domain controller type: Windows 2003
Domain Name: CLAROCR.AMERICAMOVIL.CA1
isGlobalCatalogReady: TRUE
domainFunctionality:
forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
Forest Name: AMERICAMOVIL.CA1
DNS query for: _gc._tcp.AMERICAMOVIL.CA1
Testing Active Directory connectivity:
Global Catalog: rom-des-dc-01.desa1sv.americamovil.ca1
gc: 3268/tcp - timeout
No TCP LDAP response, giving up on rom-des-dc-01.desa1sv.americamovil.ca1
Global Catalog: rom-amv-dc-02.americamovil.ca1
gc: 3268/tcp - good
Global Catalog: rom-tlc-dc-01.telecom.americamovil.ca1
gc: 3268/tcp - good
Global Catalog: rom-pro-dc-03.clarocr.americamovil.ca1
gc: 3268/tcp - good
Global Catalog: rom-tlc-dc-02.telecom.americamovil.ca1
gc: 3268/tcp - good
Global Catalog: rom-amv-dc-01.americamovil.ca1
gc: 3268/tcp - good
Domain Controller: rom-amv-dc-02.americamovil.ca1:3268
Domain controller type: Windows 2003
Domain Name: AMERICAMOVIL.CA1
isGlobalCatalogReady: TRUE
domainFunctionality:
forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
Domain Controller: rom-tlc-dc-01.telecom.americamovil.ca1:3268
Domain controller type: Windows 2003
Domain Name: TELECOM.AMERICAMOVIL.CA1
isGlobalCatalogReady: TRUE
domainFunctionality:
forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
Domain Controller: rom-pro-dc-03.clarocr.americamovil.ca1:3268
Domain controller type: Windows 2003
Domain Name: CLAROCR.AMERICAMOVIL.CA1
isGlobalCatalogReady: TRUE
domainFunctionality:
forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
Domain Controller: rom-tlc-dc-02.telecom.americamovil.ca1:3268
Domain controller type: Windows 2003
Domain Name: TELECOM.AMERICAMOVIL.CA1
isGlobalCatalogReady: TRUE
domainFunctionality:
forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
Domain Controller: rom-amv-dc-01.americamovil.ca1:3268
Domain controller type: Windows 2003
Domain Name: AMERICAMOVIL.CA1
isGlobalCatalogReady: TRUE
domainFunctionality:
forestFunctionality: 0 = (DS_BEHAVIOR_WIN2000)
domainControllerFunctionality: 2 = (DS_BEHAVIOR_WIN2003)
Forest Name: AMERICAMOVIL.CA1
Computer Account Diagnostics
Not joined to any domain
AD Agent Process Status: Not joined to any domainDennis,
TIme in sync on the ACS and AD servers?
Faisal -
Disable SSH root login in RAC system
Hi Alll,
We have a oracle 11.2.7 RAC in Linux. As statement, SA will disable ssh root log and Nagios will monitor each nodes in RAC system.
As I know, Nagios only apply DH key for SSH. But Oracle RAC apply two type of SSH key for ssh_equivelancy in Oracle CRS.
Dees any experts have experience for oracle RAC and database when disable root SSH log in Linux system?
Thanks very much!
JInSecurity is not based on the number of keys one needs - but on the quality of the locks.Partially agree. But just like in real world one lock is not enough even superb. Why cars have imobilisers, defendlocks etc.? Why there is fence in front of some shop's door? It's very common to have two locks on front door. It's much harder (at least it takes much time) to break two locks than break just one. And the time matters. Back to IT security. Disabled root account is one of best practices and is reasonable because you can't 100% assure that your administrator is using strong password everytime. He might just forgot to change password after installation. He might set weak password just for "temporary" reason. You can of course force the password complexity but of course one you have the system installed.
So can passwords. Deep packet inspection can occur unknowingly. Perhaps we still talking about SSH, don't we?
The user may be targeted using social engineering, instead of targeting the actual computer system.It's much harder to get two passwords than just one even by using social engineering.
The question is whether such a server is exposed to an unsecured or public network. And one would manage the risks differently on such a server than one for example in a private network, protected by a reverse proxy in the DMZ, that in turn provides access from a public network.OK, so we've got another locks here ;-)
So if that user is compromised, so can root as that user can gain root access. I do not see this as better security. It is merely obfuscating security.Which user acccount? Do you know name of that account? Because I know the name of your's. ;-) So you need to find correct account name, get password for that account and also get the password for root account whilst I need to get password for root account only.
Yes, partially agree with "obfuscation security" term. But in fact this is not for first time when obfuscation is used in security and neither for last time.
But you can't consider "PermitRootLogin no" and "wheel" group as an obfuscation.
Using encryption keys (public & private) is one answer to having to share and keep secrets. No, this is also not 100% safe, but I prefer it over having to know, remember and on occasion, share secrets (passwords).How well is your local machine secured? Are you using strong password? Do have all accounts strong password on your local machine? Is your local machine up to date for known sec. bugs (I don't mean zero days)? Is your local machine in separated VLAN or anybody from LAN can access your machine? Because if there are at least two "No" answers then how much time it will take for some skilled part-time worker (in your company) to break into your computer, steal the keys or even worse use your local machine to access the server?
Don't get me wrong. I am not against encryption keys. Of course I am using it but in combination with other security restrictions which come from "best practices". And to disable direct root access is one of those practices. Even NSA (and other security institutions) suggest to do that (see page #37): www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf Also security auditors check for disabled direct access to privileged accounts.
I understand this as good enough proof that disabling of direct access to privileged accounts rises security.
Another good reason is right here:
Install
In other words, if any user has possibility to login as root, he uses "root" as default account which is another well known bad practice. -
Disable ipv6 in solaris 11 express (2010.11)
Is there a way to disable ipv6 in Solaris 11 Express?
I can unlplumb inet6 interfaces but it created again after reboot.
# ifconfig v1 inet6 unplumb
# ifconfig lo0 inet6 unplumb
# ipadm show-if
IFNAME STATE CURRENT PERSISTENT
lo0 ok -m-v------4- ---
v1 ok bm--------4- -46
Is there a way to get that change persistent?
And what is there right way to get rid of ndpd daemon?
Whenever I disable svc:/network/routing/ndp:default it gets back online by 'routeadm -u' after reboot.I know how to create addresses. I have no problem with ip4.
Addresses created and persistent across reboot.
The only problem that there is also bunch of ipv6 interfaces brought up at reboot and NDP daemon.
For now I found workaround:
1. make lo0 controlled by ipadm:
# ipadm delete-if lo0
# ipadm create-if lo0
# ipadm create-addr -T static -a 127.0.0.1/8 lo0/v4
2. Remove lines with "_family=26" from /etc/ipadm/ipadm.conf
3. reboot.
That's all I wanted.
# ipadm show-if
IFNAME STATE CURRENT PERSISTENT
lo0 ok -m-v------4- -4-
v1 ok bm--------4- -4-
# routeadm -u
# routeadm | grep ndp
disabled svc:/network/routing/ndp:default
If anyone know how to do the same without editing ipadm.conf please tell. -
ACS Express radius authentication AD authorization
I work at a University and for some reason we have multiple systems for authentication and authorization. That being said I am trying to use radius to do authentication and AD for authorization for VPNs. I have the radius authentication working against our radius server. I have my ACS express setup to join the AD domain and everything looks good there. I setup the AD server as a radius object in AAA server groups on my ASA. Then I add the server below in the servers in selected groups window. I put all the info in there and when I hit test I click authorization and put in the username that I know is in the domain group I have associated with this on the ACS. The test fails and with authorization failed with invalid password. When I look at the logs on the ACS I see
01/06/2011 20:14:26 acsxp/server Warning Server 0 AD Agent Plain Text Authentication Failed for user: username@domain
01/06/2011 20:14:26 acsxp/server Warning Server 0 Authentication for user username failed for reason = 0
01/06/2011 20:14:26 acsxp/server Error Protocol 0 Request from 172.20.5.2: User username rejected . by RemoteServer: AD (InvalidPassword).
Username and domain are correct I just edited them for posting. It seems like it is trying to authenticate rather than authorize. All I want it to do is say yes the user is in this group or no the user is not in this group? You can't even fill in the password when testing authorization? Maybe I have something setup wrong on the ACS side but when I look at AD under users and identity stores, it says it is joined to the domain. When I do AD domain diagnostics under troubleshooting everything looks good. I have the ASA I am testing from defined as a device and in the ASA device group. Under access services in Radius access services I have one service that I setup that connects to the AD and it found the group so I know it is connecting. Any idea what I am doing wrong or where to look?
Any help would be GREATLY appreciated!
Thanks
JoeHi Joe,
We could take a deeper look at what is happening through some logs and debugs:
1. On ACS Express, under
Reports & Troubleshooting > Troubleshooting > Server Logs
please set the Express Server Trace Level to 5 and the Web Server Trace Level to 4.
Also, for the Log Level under OS Logging, please set its value to "Debug".
If previous old logs are not essential to you, you may also wanna delete all the log files first, so that we capture logs for the last day only.
2. On the ASA, please enable the following debugs
debug aaa authentication
debug aaa authorization
debug radius
3. Then please first recreate a successful authentication attempt, and then recreate the authorization test issue with the same user account for which you tested the successful authentication.
4. After the issue is recreated, please attach the debugs from the ASA and following files from the ACS Server Logs:
acsxp_adagent.log
acsxp_agent_server.log
acsxp_mcd.log
acsxp_server.log
acsxp_server_trace.log
Regards,
Fede
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it. -
ACS Express 5.0 - "unique authentication" what does it mean?
Hi to all,
the ACS Express 5.0 datasheet states: "Cisco ACS Express supports a maximum of 50 AAA clients and 350 unique user logins in a 24-hour period"
It's clear what's the meaning of the max 50 AAA clients...in fact what is not clear is regarding the max 350 uniques user authentication.
If I use 802.1 IBNS with PEAP-MSCHAP to do machine authenticaion each machine authentication will count as a unique logon...isn'it? What happens if there are Laptop assigned to sales which spent a lot of time out of the office???
Each time these laptops reconnect to the network wil count as an extra logon or and increase the logon counter of one or since this laptop is already authenticated on the morning t won't count as an extra unique logon...
My question is related to the fact that I have a customer who wanto to introduce IBNS-802.1X but have "only" 20-25 AAA clients and max. 200 users (where about 100 are laptop)...and using ACS 5.0 in a redundant way will be too expensive...
Thanks for a reply
OmarThe ACS Express 5.0 Appliance is designed for a maximum of 350 users. This limit does not apply to the number of logins.
Cisco Secure Access Control Server Express 5.0 QA
http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps5698/ps6767/ps8543/ps8724/prod_qas0900aecd806d3a4d.html
Q. How is Cisco Secure ACS Express positioned in comparison to Cisco Secure ACS for Windows (ACS Windows) and Cisco Secure ACS Solution Engine (ACS SE)?
A. ...Cisco Secure ACS Express is well suited for deployments that need an access control solution for fewer than 350 users and 50 devices. This product is intended to serve small to medium-sized businesses, retail sites and enterprise branch offices where customers need an easy-to-use GUI yet require a comprehensive but simple feature set and a lower price point to address their specific deployment needs.
For a detailed feature set, please refer to the Cisco Secure ACS Express data sheet at http://www.cisco.com/go/acsexp.... -
ACS express v5.0.1 fail to join AD
hi,
i try to integrate my ADE 1010 appliances running on ACS express v5.0.1.1 to my DC running on window 2008 server enterprise edition SP2.
as i fill in the info at domain configuration and test the connection, it's succeed. but once try to save and join it's failed to join the domain.
log extract from acsxp_adagent :
PMOACS AD-SCRIPTS: INFO AD script executed from IP: 10.169.2.100 script: /cgi/adjoindomain.pl/cgi/adjoindomain.pl args: DM=jpmosp.xxx.yy&UN=administrator&CN=OU%3DACS&PDC=jpmosp.xxx.yy&PW=******
PMOACS AD-SCRIPTS: INFO AD join container used: OU=ACS
PMOACS AD-SCRIPTS: INFO AD join Preferred Domain Server used: jpmosp.xxx.yy
PMOACS AD-SCRIPTS: INFO AD join container used: OU=ACS
PMOACS AD-SCRIPTS: INFO AD join Preferred Domain Server used: jpmosp.xxx.yy
PMOACS AD-SCRIPTS: INFO AD join command used: /opt/CSCOacsxp/adagent/bin/adjoin -u "administrator" -p "******" -z NULL --noconf "jpmosp.xxx.yy" -s "jpmosp.xxx.yy"
PMOACS AD-SCRIPTS: CRITICAL Unknown status returned from adjoin
PMOACS AD-SCRIPTS: WARN --- BEGIN FILE LOG FOR /opt/CSCOacsxp/temp/adjoindata.8870 ---
PMOACS AD-SCRIPTS: WARN Cannot resolve computer name "pmoacs" in DNS or /etc/hosts
PMOACS AD-SCRIPTS: WARN Please edit /etc/hosts or your DNS server to set your hostname correctly
PMOACS AD-SCRIPTS: WARN or use --name option to override this check.
what i did on my window 2008 server:
1. log in as the administrator, create a container name "acs", and inside of it create a computer name as "pmoacs"
2. appliance clock is tally with AD-DC server, no time skew problem.
what i did on my Cisco ADE 1010:
1. initial setup only.
thank you
NHi,
This is the relevant error message:
"WARN Cannot resolve computer name "pmoacs" in DNS or /etc/hosts"
Please make sure you have the acs hostname configured on the DNS server.
The ACS must be able to resolve its own hostname, otherwise this will fail.
HTH,
Tiago
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it. -
Unknown CA failure on ACS express
Hi forumers
i try to let user access to the network authenticate using ACS express, then map to the AD server.
somehow i get the error from the authentication report is FAILURE REASON: UNKNOWN CA
i try and use self-singed certificate, then download the certificate, open and copy the CSR and paste to my CA server.
I'm using Window's advance certificate request "submit a certificate request by using a based 64-encoded CMC or PKCS#10 files..." this option.
somehow i got this error message. (see attachment)
Question1: is it the right way to do CSR to window CA server? am i doing it right?
Question2: if i am wrong, any guide for a proper way doing certificate installation for ACS express in order talk to AD server?
thanks
NoelHi,
Actually you do not need to have a signed certificate on the ACS Express to be able to join the AD...
However, if you still want to do it, then can you please send me the CSR? I can take a look and see if everything is ok...
HTH,
Tiago
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it. -
ACS Express 5.0 vs ACS 5.0
What's the difference between the two?
- Cisco Secure ACS Express 5.0
- Cisco Secure Access Control System 5.0ACS Express 5.0
http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps5698/ps6767/ps8543/ps8724/product_data_sheet0900aecd806d3b78.html
ACS 5
http://cisco.com/en/US/prod/collateral/netmgtsw/ps5698/ps6767/ps9911/ps9915/product_bulletin_c25-504495.html -
hello, I'd like to know how to disable ssh agent since I don't use it. It's a kde dependancy so it cannot be removed. So is there a way to make it not start on boot?
pacman -qli kde-agent
Name : kde-agent
Version : 20090801-2
URL : http://www.kde.org
Licenses : GPL LGPL FDL
Groups : None
Provides : None
Depends On : pinentry openssh qt
Optional Deps : None
Required By : kdepim-libkdepim kdeutils-kgpg
Conflicts With : None
Replaces : None
Installed Size : 8.00 K
Packager : Tobias Powalowski <[email protected]>
Architecture : i686
Build Date : Sat 01 Aug 2009 09:49:35 AM EDT
Install Date : Mon 14 Mar 2011 11:10:48 PM EDT
Install Reason : Installed as a dependency for another package
Install Script : No
Description : Startup and shutdown scripts for gpg-agent and ssh-agent in KDE
kde-agent /etc/
kde-agent /etc/kde/
kde-agent /etc/kde/env/
kde-agent /etc/kde/env/agent-startup.sh
kde-agent /etc/kde/shutdown/
kde-agent /etc/kde/shutdown/agent-shutdown.sh
You may be able to change some setting in /etc/kde/env/agent-startup.sh . -
Join acs express to active directory domain
i have a problem joining acs express active directory domain , both are reachable to each other in the same subnet & no firewalls between them , but when i test the connectivity it gives this error:
" required service unavailable. DNS is setup correctly , and the domain controller is reachable , however , one of the required services, such as ldap,kerberos, or global catalog service is not available. This issue may arise if there is a firewall between AD domain controller, and the ACS Express appliance"It is sounds like a bug CSCsw29387 Join AD domain, with one DC down fails. If the ACS Express is trying to join an AD domain in a multi domain controller environment and one of the domain controllers is down, the ACS Express will fail to join the domain.
-
Lock user from disabling ssh?
Our users use local accounts on each machine. Some of them like to disable ssh. Any way to lock them out of changing these preferences? They are admin accounts.
Aside from going down the route of client management, you could set up a root crontab which simply switched on SSH every hour or whatever. You may even be able to push the crontab out to the machine (as file /var/cron/tabs/root) via ARD (but I've never tried rewriting the actual crontab file - so be warned).
so line in crontab...
@hourly /sbin/service ssh start
Has to run as root (I think) rather than in user's crontab.
-david -
Hi everyone!
I had downloaded an application called ToMacs, which basically allows me to exchange files over the internet in a secure shell (SSH) . But now that I have moved some files over, is SSH sharing is left eternally enabled by the app. The problem is that the application doesn't have an option to disable this feature, and now i feel like I'm stuck with an open backdoor or something and it really bothers me.
So my question is how can I disable SSH sharing? There must be, but so far my searches have been fruitless.
Please can someone help, I would greatly appreciate it!!...See if there is anything relevent in...
/private/var/run/StartupItems
/Library/StartupItems
/System/Library/StartupItems
Aso look in in Your Accounts Pref Pane Login Items window. -
Does MARS support ACS Express 5.0?
Hi guys... Does anyone know whether MARS supports ACS Express 5.0? I tried to add the ACS Express 5.0 device but there was not this version of ACS on Reporting Applications tab of Cisco MARS.
Thanks all.MARS does not support ACS Express 5.0
Only ACS version 3.x and 4.x are supported as per the following document:
http://www.cisco.com/en/US/docs/security/security_management/cs-mars/6.0/compatibility/local_controller/dtlc60x.html#wp75381
Hope that helps. -
Hi All,
I've setup ACS Express and try to join to MS AD. connectivity passed but it says "Saved settings, but error in joining domain. Error: Timeout occured communicating with AD domain controller.
any suggestion would be very appreciated
AlexAlex,
Check for communication issues between AD and your express server. Also verify that time is not off by more than 5 minutes.
HTH,
Faisal
Maybe you are looking for
-
Solaris 8 10/00 & 01/01
Where can I find the differences between Solaris 10/00 and 01/01 Thanks
-
Why do I get duplicates notes with macbook air
I don't have #2 No option to deselect, or select Sync Notes Duplicate notes Syncing Notes both over the air and with iTunes can result in duplicate notes appearing in the Notes application. Use the following steps to resolve the issue: Connect your d
-
IBot - How to impersonate as multiple users
Experts, Below is my requirement. I would like to run an iBot when ETL finishes loading the data. This iBot should seed the cache for say 5 users.I have 2 dashboards and multiple pages within a dashboard. I know by selecting the checkbox for seeding
-
WCF, DirectoryServices namespace, and Impersonation.
I am working on a WCF service that can perform basic Active Directory operations (create users for instance). Is there a way to get WCF to work with Impersonation (believe impersonation is what I want) so each function in the code that uses Director
-
Encore CS6 Dynamic Link to Photoshop CC
This seems such an obvious question, but I have searched without request: Until two days ago I had Premiere Pro CS5, CS6 and CC installed, but I was having problems with the CC Application Manager not recognising apps as installed when they were. So