Is knowing a user's SID a security risk?

Similar Messages

• Small office (5 users) - Accounting - wanting to secure ingress/egress of docs..

  Small office (5 users) - Accounting - wanting to secure ingress/egress of docs..I haven't seen this answered for an office of this size.I have the need for a relatively cheap software package or guidelines (I'll still keep the search active) for how to block, or at least alert, of sensitive data from leaving the company.I know that I'll have challenges on:1. Blocking certain attachment types from being sent, via webmail, web site attach, email. I am sure someone's written a how-to but I'm darned if I can find it. Suggestions?
  2. Blocking certain programs from running (whitelist/blacklist) - not really wanting to be deep in their pockets every time the application is updated, so not sure if a hash list would be a good idea based on a GPO security policy, or if black/white lists are best?3. Web blocking - I'm thinking I am wanting to...
  This topic first appeared in the Spiceworks Community

  Hi guys,First, I've done a lot of searching on the weband read a few different threads on Spiceworks regarding HIPPA compliance and encrypting hard drives.Specifically these two threads:http://community.spiceworks.com/topic/596465-encryption-for-hipaa-compliancehttp://community.spiceworks.com/topic/320759-how-are-you-handling-hipaa-s-latest-data-at-rest-rulesSo I have a new client that's in the medical field. He has a server that's about two-three years old that looks as ifit was built with budget at the forefront. It's a whitebox with an Asus P8H77-v motherboard, 16 GB of ram, an i3 processor& two 1 TBSATA drives using raid 1 right off the motherboard. The roles it has: DNS/DHCP/File server/AD. Side note - eventhough it's been setup for AD none of the computers are on the domain.Their EMR software is Tracknet & the datais being stored...

• Windows 8.1 Security Risk / Not able to log off a user

  Hello Community,
  First and foremost good morning, I hope everyone is having a good morning.  I'm in dire need of a solution.  The company I work for has four (4) standalone computers with Windows 8.1
  which are located in a break room for, you guessed it, breaks!  They are not on the domain but are on a workgroup.  A former user from the company has one of these machines completely locked up.  Here's what I mean:
  When a user sits down at one of these computers they click on the account Breakroom1, Breakroom2, etc....up to 4 which lets them login.  However, somehow a user has logged in with
  an outlook account and there is absolutely no way for me to log this person out.  I can't right click anywhere and get a logoff button.  I can't right click on the red circle and get an option to log this person out.  The only options I get
  are restart, sleep, and shutdown.  I've browsed through setup to see if there were any options to kick this person off.  I'm completely stumped.  I believe this to be a security risk because no one has been able to do anything about this. 
  I'm trying veryhard not to reimage this machine.
  If anyone has any ideas I will gladly try them out and I thank everyone in advance for their time.
  Respectfully,

  Hi Ricky ,
  “somehow a user has logged in with an outlook account and there is absolutely no way for me to log this person out.”
  Do you mean someone connect the Microsoft account with the local account and then the machine is  locked now. You can`t get into the machine unless you know the Microsoft account`s password, right?
  To solve this problem ,I am afraid you have to contact the Microsoft account`s owner firstly to unlock the account. To avoid this tiresome issue in the future, I recommend you take the following steps:
  1.Log on the computer as an administrator
  2.Run the gpedit.msc and look for the following group policy and set “Users can`t add or log on with Microsoft accounts”,
  Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Block Microsoft accounts
  3.Run gpupdate /force
  4.I recommend you take this solution to the others` pcs in the Breakrooms .
  Best regards  

• Hide password and user name fields in secure form on landing page

  On a landing page I don't want the password or user name displayed in the "secure" form because I think it will keep people from downloading our e-book. It will cause what some refer to as too much friction—visitors will feel that we are asking too much of them just to download an e-book so won't do it.
  I found somewhere where the user name can be populated with the e-mail address, although I couldn't figure out where to put the code to make it work.
  Can the password fields also be auto-populated and hidden so the user can access the secure zone to download the e-book never even knowing that they had a user name and password assigned to them?
  I'd really appreciate some help here and please keep in mind that html and css is where my expertise stops so if there is a java solution I will need the code and how and where to add it.
  Many thanks for your help.
  John

  This article just might point you in the right direction: http://kb.worldsecuresystems.com/853/cpsid_85381.html

• I know the user name and password but forgot the secret question

  I know the user name and password but forgot the secret question

  Check the AppleCare number for your country here:
  http://support.apple.com/kb/HE57
  Call them up, and let them know you would like to be transferred to the Account Security Team.@

• Error while logging in with user DB2 SID

  Hello,
  We have SAP ECC 6.0 EHP 5 on AIX and DB2.
  Every time we try to login with user db2<SID>,with the command "su - db2<SID>, It gives the following error.
  Setenv : Syntax error
  I have checked the environment variables for DB2 user as well.
  I do not have any clue where to look for this error. Please help.
  Regards,
  Amit

  Hello,
  Setenv : Syntax error
  Can you please check all profiles ? I doubt, somewhere you used "Setenv" instead of all small letters "setenv"
  Otherwise, its difficult to say anything without knowing the contents of the profiles.
  Regards.
  Rajesh Narkhede

• SQL Developer Standard user and SID

  Good Morning!
  I installed the sql developer, but I don't know how connect, what the standard user and SID?
  Thanks
  Fernando

  The default user and SID are SYS and ORCL, but I doubt you have a database.
  http://www.thatjeffsmith.com/archive/2012/12/i-have-oracle-sql-developer-installed-now-what/

• Problem migrating user account SID

  Problem migrating user account SID
  I’m trying to migrate user accounts SID from a Windows 2003 domain to a Windows 2008 domain using the command line admt.exe. There is a trust between the 2 domains and I’m able to migrate a user account using admt 3.1 wizard including SID. The wizard asks me for a user account in the source domain with administrative right for the SID migration.  In the wizard I use the same credentials as my current session. This works fine!!
  But, when I’m using the command line “admt user” in an administrative cmd box i’m not prompted for any credentials in the source domain.  My current credentials have the proper right in the source domain so that should not be any problem but admt is not able to migrate the user SID and gives the following error:
  ERR2:7615 SID History cannot be updated for xxxxx. You must be an administrator in the source domain
  Any ideas ??

  I to am seeing this error - running on a Target DC.
  Command line: admt group /O: GroupOption2.txt /F: test.txt /TO:corporate/Groups
  Option File:
  [Migration]
  SourceDomain=Source.com
  TargetDomain=corp.target.com
  PasswordOption=Copy
  PasswordServer=blade3.source.com
  ConflictOptions=MERGE
  [User]
  MigrateSIDs=Yes
  [Group]
  MigrateSIDs=Yes
  UpdatePreviouslyMigratedObjects=Yes
  FixGroupMembership=Yes
  MigrateMembers=No
  UpdateUserRights=YES
  [Security]
  TranslationOption=Add
  Error from the logs:
  2010-02-15 11:47:14 ERR2:7615 SID History cannot be updated for test group deleteme. You must be an administrator in the source domain.
  The account I am logged in to the target DC is a member of the Administrators group on both domains and of the Domain Admins on the source.
  Any ideas? Searching (with Bing and that other one) only turns up two relevant hits, this thread and a win2000 tech net article.
  Extra info:
  Source: Windows 2003 (OS) - Windows 2000 native functional levels (domain and forest)
  Target: Windows 2008 (OS) - Windows 2003 functional
  Sorry for the retarded formatting.

• Hi, I don't know how to find a specific security patch to apply to my Oracle database version to fix a vulnerability

  Hi, I don't know how to find a specific security patch to apply to my Oracle database version 11.2.0.2.0 (on windows server 2003 32 bits) to fix the following vulnerability:
  Risk: High
  Application: oracle_tnslsnr
  Port: 1521
  Protocol: tcp
  Synopsis:
  It is possible to register with a remote Oracle TNS listener.
  Description:
  The remote Oracle TNS listener allows service registration from a remote host. An attacker can exploit this issue to divert data from a
  legitimate database server or client to an attacker-specified system.
  Successful exploits will allow the attacker to manipulate database instances, potentially facilitating man-in-the-middle, sessionhijacking,
  or denial of service attacks on a legitimate database server.
  Solution:
  Apply the work-around in Oracle's advisory.
  Thank you for your help

  2835604 wrote:
  Hi, I don't know how to find a specific security patch to apply to my Oracle database version 11.2.0.2.0 (on windows server 2003 32 bits) to fix the following vulnerability:
  Risk: High
  Application: oracle_tnslsnr
  Port: 1521
  Protocol: tcp
  Synopsis:
  It is possible to register with a remote Oracle TNS listener.
  Description:
  The remote Oracle TNS listener allows service registration from a remote host. An attacker can exploit this issue to divert data from a
  legitimate database server or client to an attacker-specified system.
  Successful exploits will allow the attacker to manipulate database instances, potentially facilitating man-in-the-middle, sessionhijacking,
  or denial of service attacks on a legitimate database server.
  Solution:
  Apply the work-around in Oracle's advisory.
  Thank you for your help
  that sounds like the "tns poison" vulnerability.  CVE 2012-1675 - Oracle Security Alert CVE-2012-1675
  See MOS note 134083.1  and 1453883.1

• How to find out users who have answered security questions

  Is there any report where we can find out users who have answered security questions.
  Please reply back to this.

  This might help you:
  Define a task template, reference the UserQuestionReport task definition:
    <TaskDefinitionRef>
      <ObjectRef type='TaskDefinition' id='#ID#TaskDefinition:UserQuestionReport' name='User Question Report' displayName='UI_REPTS_XML_USER_QUESTION_TITLE'/>
    </TaskDefinitionRef>Define desired variables
        <Attribute name='attrListField'>
          <List>
            <String>accountId</String>
            <String>policy</String>
            <String>loginInterface</String>
            <String>questions</String>
          </List>
        </Attribute>
        <Attribute name='attrMapField'>
          <Map>
            <MapEntry key='accountId' value='UI_REPTS_XML_REPORT_ATTR_ACCOUNTID'/>
            <MapEntry key='loginInterface' value='UI_ATTR_LOGIN_INTERFACE'/>
            <MapEntry key='policy' value='UI_SERVICEMODIFY_JSP_ACCOUNTPOLICY'/>
            <MapEntry key='questions' value='UI_ATTR_MIN_QUESTION_UNANSWERED'/>
          </Map>
        </Attribute>and the rest of the task template for a report definition.
  Hth
  Edited by: nickoarg on Feb 5, 2009 1:57 PM

• How can know which user accessing specific form in ERP application

  Hi,
  In our organization we have ERP application that is developed based on Orace forms and reports 10g.
  My question is how can i know which user accessing specific form in ERP application based on their login.
  Please do the needful.
  Regards,
  M. Satish

  What I infer from your statements now, significantly different from your OP, is that you do not have any logging mechanism and now want to introduce logging with minimum effort.
  If that is the case you can add the logging code in your Menu(s), before the CALL_FORM/NEW_FORM. Fewer object(s) to modify, but roughly the same lines of code get added.
  Regards,

• I have a Mac late 06 with lion and what to know what is the best protection/security software to get, Mc Fee or Norton or...

  I have a Mac late 06 with lion and want to know what is the best protection/security to get, Mc Fee, or Norton,or...

  None of the above.
  Norton in particular is anathema.
  You have Apple's Xprotect system built-in. malware definitions are updated at each Security Update.
  If you feel the need for belt & braces, ClamXAV is the (free) tool of choice.
  Your best security is still the stuff between your ears. Don't click on pop-up links telling you need a new codec or (especially) Flash Player. Use your common sense and you'll stay ahead of the industry.

• How to know whether User is Buyer or not?

  Hi,
  I am developing a function module to create/update/unassign Employee Org Hierarchy. In this I have to know whether User is BUYER OR NON BUYER?.
  If user is assigned to purchase org/purchase group then he will be BUYER or else he will be NON BUYER. If once I come to know whether user is BUYER OR NOT, then I have to proceed further differently in both the cases.
  Pls help me out in this regard asap.
  Thanks & Regards,
  Nagaraju Maddi
  Message was edited by: Nagaraju Maddi

  Nagaraju
  Buyer will be having purchaser roles like SAP_BBP_STAL_PURCHASER, SAP_EC_BBP_PURCHASER, SAP_EC_BBP_ST_PURCHASER. Check the roles of the users. If you find Purchaser(standard roles) or Buyer(in case of customized roles) in their roles then he/she will be buyer.
  Similarly Non buyer user will be having Employee role like SAP_EC_BBP_EMPLOYEE.
  Hope this will help you.
  Do reward points for helpful solution.
  Regards
  Jagdish

• I don't know icloud user name&password to login iphone after update ios7

  I don't know icloud user name&password to login iphone after update ios7.
  I try to recovery apple i.d., but nothing.
  I called Thailand service support 001800 4412904.
  He advise me to goto http://expresslane.apple.com/, and send issue form to apple service.
  I wait more than a week, but no reply.
  I have purchased invoice and iphone package to confirm this phone is not stolen.
  How could I do?
  Thank you for your time to reply.

  Unfortunately, the contacting Apple's express lane is all you can do, if you had no luck to reset your password on http://iforgot.apple.com/

• Want to know about User exit in detail

  Hi ALL,
  I M NEW TO sap ABAP. I WANT TO KNOW ABOUT USER EXIT IN DETAIL. PLS DO THE NEEDFUL . If there are eny document regarding this pls mail to this id [email protected]
  thanks and regards
  Nandha

  Hi Nanda,
  Welcome to SDN,
  Userxits allow us to add our own functionality to SAP standard program
  without modifying it . These are implemented in the form of subroutines and hence are also known as FORM EXITs. The userexits are generally collected in includes and attached to the standard program by the SAP.
  User exits are used when the flow for a particular transaction has to take some other route other then the normal flow. this can be the case when you have to attach some additional functionality lik u need a customised screen, or new functionality (using a functional module). based on these things user exits can be classified as screen exits, function module exits, field exits( not used anymore). hope this gives some help on userexits.
  The naming standard of function modules for functionmodule exits is:
  EXIT_<program name><3 digit suffix>
  The call to a functionmodule exit is implemented as:
  CALL CUSTOMER.-FUNCTION <3 digit suffix>
  To find a Exit.
  Goto Transaction -- Find The Package
  SMOD >f4>Use the Package here to Find the Exits In the Package.
  Else if you Want to search by Application Area wise ,
  There is one more tab to find the Exits in the Respective Application Area.
  Implementing the Exit-- CMOD Create ProjectsAssgn your Component .
  Now Run ur Transaction to Check if it Triggers.
  Thats it..
  For More information on Exits, check these links
  http://www.sap-img.com/abap/a-short-tutorial-on-user-exits.htm
  http://www.sap-img.com/ab038.htm
  http://www.planetsap.com/userexit_main_page.htm
  http://www.sap-basis-abap.com/sapab013.htm
  http://sap.ittoolbox.com/documents/popular-q-and-a/user-exits-for-the-transaction-code-migo-3283
  These links will help you to learn more on user exits.
  http://www.sap-img.com/abap/a-short-tutorial-on-user-exits.htm
  http://help.sap.com/saphelp_nw04/helpdata/en/c8/1975cc43b111d1896f0000e8322d00/frameset.htm
  http://www.planetsap.com/userexit_main_page.htm
  http://www.allsaplinks.com/user_exit.html
  www.sap-img.com/abap/what-is-user-exits.htm
  Also please check these threads for more details about user exits.
  Re: Screen exit
  user exit and customer exit
  user exit
  1. Document on UserExits in FI/CO
  http://www.ficoexpertonline.com/downloads/User%20ExitsWPedit.doc
  2. Finding User Exits...
  http://sap.ionelburlacu.ro/abap/sap2/Other_Useful_Tips.html#Finding_User_Exits
  3. List of all User Exits...
  http://www.planetsap.com/userexit_main_page.htm