Networkd configuration permissions

I'm trying to configure networkd with a static ip.
The configuration works like intended until I move the config file to a separate partition and symlink the file to /etc/systemd/network/10-staticwire.network (same place and filename it had before moving). The error reported by the service is "Could not load configuration files: Permission denied" but the file has both read and write permissions for root and if I remove the symlink the error vanishes.
I need the file to reside on a different partition because the rootfs will be mounted as read-only and the system will require to change the ip according to a configuration file (and I'm not remounting every time the ip has to be changed, it would defeat the purpose of mounting ro). Both partitions reside within a LUKS encrypted LVM volume (I don't think this has anything to do with it but I could be wrong...).
Ideas as to what's wrong and how to solve it? My google-fu hasn't helped in this one.
EDIT: Forgot to mention this bug started with the update to systemd 215. It was working ok on 213 (maybe 214, not sure).
Last edited by gava (2014-07-10 15:10:44)

thanks for your reply
/*line of code 1*/
System.setProperty("java.protocol.handler.pkgs",
"com.sun.net.ssl.internal.www.protocol");
/*line of code 2*/
java.security.Security.addProvider(
new com.sun.net.ssl.internal.ssl.Provider());
as i said earlier , eclipse gives error when it encounters line of code 2.
i am using Jre 1.6.0_17
and jdk 1.6.0_17
now i understand you said line of code 2 is not required.
but if i run my code from command prompt , it runs(even with line of code 2 in my program)
but when i run my program from eclipse it doesnot runs.
but when i exclude line of code 2 , it runs.
the output generated by both is same.
I want to ask why this discrepancy, from command prompt it runs including line of code 2
but using eclipse it doesnot runs if i include line of code 2.

Similar Messages

  • Remote Desktop Service Manager - configure permissions for Remote Desktop Users to Send Message, Disconnect, Logoff

    Hello, dear colleagues.
    We are using Windows Server 2012 R2 as Remote Desktop Server. Also use Windows Server 2008 R2 with Remote Desktop Service Manager to control RDS user sessions (Send Message, Disconnect, Logoff, Query Info). 
    Send Message, Disconnect, Logoff options works only for users in Administrators group.
    I can't to configure permissions for Remote Desktop Users, specific user or AD group. 
    To set permissions I'm running RDS Host Configuration on Windows Server 2008 R2 and connect to Windows Server 2012 R2. Then double-click
    RDP-Tcp, Security tab, add specific user account , AD group or configure
    advanced permissions
    for Remote Desktop Users.  
    But, as I sad above, these options works only for users in Administrators group. How to make it work for Remote Desktop Users or specific user, AD group?
    Thanks.
    P.S. If move specific user from Remote Desktop Users group to Administrators group on
    Windows Server 2012 R2 - it works. 

    Hi,
    You can prevent administrators from changing the permissions for a connection by applying the
    Do not allow local administrators to customize permissions Group Policy setting. 
    This Group Policy setting is located in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security
    Apart there is one command with which you can set the permission for that check the related
    article. Additionally checkthis
    thread for more detail.
    Hope it helps!
    Thanks.
    Dharmesh Solanki
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • Jsse Configuration/Permissions?

    I am working on a project in Eclispe.
    I was trying to move my project from one workstation to another and have one issue outstanding. Although I understand the very high level meaning of this error; I don't know how to resolve it.
    Access restriction: The constructor Provider() is not accessible due to restriction on required library C:\Program Files\Java\jre6\lib\jsse.jar
    callServer.java     /eNotes/src     line 41     Java Problem
    (statement that generates the error)
    Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
    The code wokrs on my other workstation so I know it is just local configuration, but I'm not sure where to start.
    Edited by: panhandler62 on Dec 7, 2009 7:47 AM

    thanks for your reply
    /*line of code 1*/
    System.setProperty("java.protocol.handler.pkgs",
    "com.sun.net.ssl.internal.www.protocol");
    /*line of code 2*/
    java.security.Security.addProvider(
    new com.sun.net.ssl.internal.ssl.Provider());
    as i said earlier , eclipse gives error when it encounters line of code 2.
    i am using Jre 1.6.0_17
    and jdk 1.6.0_17
    now i understand you said line of code 2 is not required.
    but if i run my code from command prompt , it runs(even with line of code 2 in my program)
    but when i run my program from eclipse it doesnot runs.
    but when i exclude line of code 2 , it runs.
    the output generated by both is same.
    I want to ask why this discrepancy, from command prompt it runs including line of code 2
    but using eclipse it doesnot runs if i include line of code 2.

  • Configuration failed for Windows Server Update Services on Server 2012 R2 Essentials (Trial Version)

    Hi,
    I'm trying to setup the WSUS on the Server 2012 R2 Essentials (Trial Version) but with no luck. Below are the logs generated. Hopefully someone can guide me on this. Thanks.
    2014-10-15 12:23:06  Postinstall started
    2014-10-15 12:23:06  Detected role services: Api, UI, WidDatabase, Services
    2014-10-15 12:23:06  Start: LoadSettingsFromXml
    2014-10-15 12:23:06  Start: GetConfigValue with filename=UpdateServices-Services.xml item=ContentLocal
    2014-10-15 12:23:06  Value is true
    2014-10-15 12:23:06  End: GetConfigValue
    2014-10-15 12:23:06  Start: GetConfigValue with filename=UpdateServices-Services.xml item=ContentDirectory
    2014-10-15 12:23:06  Value is C:\WSUS
    2014-10-15 12:23:06  End: GetConfigValue
    2014-10-15 12:23:06  Content directory is C:\WSUS
    2014-10-15 12:23:06  Database roleservice is not installed
    2014-10-15 12:23:06  End: LoadSettingsFromXml
    Post install is starting
    2014-10-15 12:23:06  Start: Run
    2014-10-15 12:23:06  Fetching WsusAdministratorsSid from registry store
    2014-10-15 12:23:06  Value is S-1-5-21-308464661-3380577483-199018475-1000
    2014-10-15 12:23:06  Fetching WsusReportersSid from registry store
    2014-10-15 12:23:06  Value is S-1-5-21-308464661-3380577483-199018475-1001
    2014-10-15 12:23:19  Configuring content directory...
    2014-10-15 12:23:19  Configuring groups...
    2014-10-15 12:23:19  Starting group configuration for WSUS Administrators...
    2014-10-15 12:23:19  Found group in regsitry, attempting to use it...
    2014-10-15 12:23:22  Writing group to registry...
    2014-10-15 12:23:22  Finished group creation
    2014-10-15 12:23:22  Starting group configuration for WSUS Reporters...
    2014-10-15 12:23:22  Found group in regsitry, attempting to use it...
    2014-10-15 12:23:22  Writing group to registry...
    2014-10-15 12:23:22  Finished group creation
    2014-10-15 12:23:22  Configuring permissions...
    2014-10-15 12:23:22  Fetching content directory...
    2014-10-15 12:23:22  Fetching ContentDir from registry store
    2014-10-15 12:23:22  Value is C:\WSUS
    2014-10-15 12:23:22  Fetching group SIDs...
    2014-10-15 12:23:22  Fetching WsusAdministratorsSid from registry store
    2014-10-15 12:23:22  Value is S-1-5-21-308464661-3380577483-199018475-1000
    2014-10-15 12:23:22  Fetching WsusReportersSid from registry store
    2014-10-15 12:23:22  Value is S-1-5-21-308464661-3380577483-199018475-1001
    2014-10-15 12:23:22  Creating group principals...
    2014-10-15 12:23:22  Granting directory permissions...
    2014-10-15 12:23:23  Granting permissions on content directory...
    2014-10-15 12:23:23  Granting registry permissions...
    2014-10-15 12:23:23  Granting registry permissions...
    2014-10-15 12:23:23  Granting registry permissions...
    2014-10-15 12:23:23  Configuring shares...
    2014-10-15 12:23:23  Configuring network shares...
    2014-10-15 12:23:23  Fetching content directory...
    2014-10-15 12:23:23  Fetching ContentDir from registry store
    2014-10-15 12:23:23  Value is C:\WSUS
    2014-10-15 12:23:23  Fetching WSUS admin SID...
    2014-10-15 12:23:23  Fetching WsusAdministratorsSid from registry store
    2014-10-15 12:23:23  Value is S-1-5-21-308464661-3380577483-199018475-1000
    2014-10-15 12:23:23  Content directory is local, creating content shares...
    2014-10-15 12:23:25  Creating share "UpdateServicesPackages" with path "C:\WSUS\UpdateServicesPackages" and description "A network share to be used by client systems for collecting all software packages (usually applications) published
    on this WSUS system."
    2014-10-15 12:23:25  Creating share...
    2014-10-15 12:23:25  Share successfully created
    2014-10-15 12:23:25  Creating share "WsusContent" with path "C:\WSUS\WsusContent" and description "A network share to be used by Local Publishing to place published content on this WSUS system."
    2014-10-15 12:23:26  Creating share...
    2014-10-15 12:23:26  Share successfully created
    2014-10-15 12:23:26  Creating share "WSUSTemp" with path "C:\Program Files\Update Services\LogFiles\WSUSTemp" and description "A network share used by Local Publishing from a Remote WSUS Console Instance."
    2014-10-15 12:23:27  Creating share...
    2014-10-15 12:23:27  Share successfully created
    2014-10-15 12:23:27  Finished creating content shares
    2014-10-15 12:23:27  Stopping service WSUSService
    2014-10-15 12:23:27  Stopping service W3SVC
    2014-10-15 12:23:27  Configuring WID database...
    2014-10-15 12:23:27  Configuring the database...
    2014-10-15 12:23:27  Establishing DB connection...
    2014-10-15 12:23:27  Checking to see if database exists...
    2014-10-15 12:23:28  Database exists
    2014-10-15 12:23:28  Switching database to single user mode...
    2014-10-15 12:23:32  Loading install type query...
    2014-10-15 12:23:32  DECLARE @currentDBVersion       int
    DECLARE @scriptMajorVersion     int = (9600)
    DECLARE @scriptMinorVersion     int = (16384)
    DECLARE @databaseMajorVersion   int 
    DECLARE @databaseMinorVersion   int 
    DECLARE @databaseBuildNumber    nvarchar(10)
    IF NOT EXISTS(SELECT * FROM sys.databases WHERE name='SUSDB')
    BEGIN
        SELECT 1
    END
    ELSE
    BEGIN
        SET @currentDBVersion = (SELECT SchemaVersion FROM SUSDB.dbo.tbSchemaVersion WHERE ComponentName = 'CoreDB')
        SET @databaseBuildNumber = (SELECT BuildNumber FROM SUSDB.dbo.tbSchemaVersion WHERE ComponentName = 'CoreDB')
        DECLARE @delimiterPosition INT = CHARINDEX('.', @databaseBuildNumber)
        IF (@delimiterPosition = 0)
        BEGIN
            RAISERROR('Invalid schema version number', 16, 1) with nowait
            return 
        END 
        SET @databaseMajorVersion = SUBSTRING(@databaseBuildNumber, 1, @delimiterPosition - 1)
        SET @databaseMinorVersion = SUBSTRING(@databaseBuildNumber, (@delimiterPosition + 1), (10 - @delimiterPosition))
        IF @currentDBVersion < 926
        BEGIN
            SELECT 3
        END
        ELSE
        BEGIN
            IF (@scriptMajorVersion > @databaseMajorVersion OR
               (@scriptMajorVersion = @databaseMajorVersion AND @scriptMinorVersion > @databaseMinorVersion))
            BEGIN
                SELECT 2
            END
            ELSE IF (@scriptMajorVersion = @databaseMajorVersion AND
                     @scriptMinorVersion = @databaseMinorVersion)
            BEGIN
                SELECT 0
            END
            ELSE
            BEGIN
                SELECT 4
            END
        END
    END
    2014-10-15 12:23:32  Install type is: Reinstall
    2014-10-15 12:23:32  Creating logins...
    2014-10-15 12:23:32  Fetching account info for S-1-5-20
    2014-10-15 12:23:32  Found principal
    2014-10-15 12:23:32  Found account
    2014-10-15 12:23:32  Got binary SID
    2014-10-15 12:23:35  Fetching WsusAdministratorsSid from registry store
    2014-10-15 12:23:35  Value is S-1-5-21-308464661-3380577483-199018475-1000
    2014-10-15 12:23:35  Fetching account info for S-1-5-21-308464661-3380577483-199018475-1000
    2014-10-15 12:23:35  Found principal
    2014-10-15 12:23:35  Found account
    2014-10-15 12:23:35  Got binary SID
    2014-10-15 12:23:35  Setting content location...
    2014-10-15 12:23:35  Fetching ContentDir from registry store
    2014-10-15 12:23:35  Value is C:\WSUS
    2014-10-15 12:23:40  Swtching DB to multi-user mode......
    2014-10-15 12:23:47  Finished setting multi-user mode
    2014-10-15 12:23:47  Writing DB settings to registry...
    2014-10-15 12:23:47  Marking PostInstall done for UpdateServices-WidDatabase in the registry...
    2014-10-15 12:23:47  Starting service W3SVC
    2014-10-15 12:23:47  Configuring IIS...
    2014-10-15 12:23:47  Start: ConfigureWebsite
    2014-10-15 12:23:51  System.Runtime.InteropServices.COMException (0x80070003): The system cannot find the path specified.
       at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail)
       at System.DirectoryServices.DirectoryEntry.Bind()
       at System.DirectoryServices.DirectoryEntry.get_AdsObject()
       at System.DirectoryServices.PropertyValueCollection.PopulateList()
       at System.DirectoryServices.PropertyValueCollection..ctor(DirectoryEntry entry, String propertyName)
       at System.DirectoryServices.PropertyCollection.get_Item(String propertyName)
       at Microsoft.UpdateServices.Administration.UseCustomWebSite..ctor()
       at Microsoft.UpdateServices.Administration.PostInstall.ConfigureWebsite(Int32 portNumber)
       at Microsoft.UpdateServices.Administration.PostInstall.Run()
       at Microsoft.UpdateServices.Administration.PostInstall.Execute(String[] arguments)
    Fatal Error: The system cannot find the path specified.

    2014-10-15 12:23:47  Start: ConfigureWebsite
    2014-10-15 12:23:51  System.Runtime.InteropServices.COMException (0x80070003): The system cannot find the path specified.
    Looks like it failed trying to setup the website.
    2014-10-15 12:23:27  Configuring WID database...
    2014-10-15 12:23:27  Configuring the database...
    2014-10-15 12:23:27  Establishing DB connection...
    2014-10-15 12:23:27  Checking to see if database exists...
    2014-10-15 12:23:28  Database exists
    This also looks like its a RE-installation of WSUS.
    Any chance the "WSUS Administration" v-root is already present and did not get deleted after the last uninstallation?
    Lawrence Garvin, M.S., MCSA, MCITP:EA, MCDBA
    SolarWinds Head Geek
    Microsoft MVP - Software Packaging, Deployment & Servicing (2005-2014)
    My MVP Profile: http://mvp.microsoft.com/en-us/mvp/Lawrence%20R%20Garvin-32101
    http://www.solarwinds.com/gotmicrosoft
    The views expressed on this post are mine and do not necessarily reflect the views of SolarWinds.

  • Permit Group to logoff and shadow users (2012 R2)

    Hello everyone,
    I'm looking for a way to grant users permission to shadow und logoff RDS user sessions.
    To do this I first need to get the user's session host und unified session id:
    $Session = Get-RDUserSession -ConnectionBroker $ConnectionBroker -CollectionName "MyCollection" -ErrorAction Stop | Where {$_.UserName -eq $CommonName}
    After that I can use the information to either logoff or shadow the user.
    For shadowing:
    mstsc /v:$HostServer /shadow:$SessionId /control
    For LogOff:
    Invoke-RDUserLogoff -Force -HostServer $Session.HostServer -UnifiedSessionID $Session.UnifiedSessionId -ErrorAction Stop
    My problem:
    To run these commands the user needs admin privileges, which is not what you want for a first level supporter.
    My question:
    Is there a way to allow a group/user to retrieve the session ID's from the Connection Broker and Logoff/Shadow without granting them admin privileges?
    In case there is no way to grant those specific permissions, what are the permissions the user requires on which machines (broker, hosts?)?

    Hi,
    Thank you for posting in Windows Server Forum.
    You can use provide access to shadow session to normal user other than administrator. To allow non-administrators permissions to shadow you can use the following command which is also applicable for Windows Server 2008 R2 
    wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSPermissionsSetting WHERE (TerminalName="RDP-Tcp") CALL AddAccount "domain\group",2
    More information:
    RDS 2012 Configure Permissions for Remote Desktop Services
    Connections
    Hope it helps!
    Thanks.
    Dharmesh Solanki

  • Could permissions cause startup problems?

    Based on some strings I found about problems with permissions that some have had when upgrading to leopard, I'm suspecting permissions are the cause of my computer's not recongnizing my primary drive on startup.
    I had been fiddling with permissions of several users on the computer, trying to set up an itunes library in the shared folder that all could access. I'm running tiger but some folks in this discussion area seem to be the ones knowledgeable about permissions.
    Now I can only boot up from my secondary drive (which has panther installed) or from my tiger dvd. The main drive shows up as a startup choice in both places, but it doesn't work. I repaired permissions with DU but no help. The main drive does NOT show up as a choice when I do a restart / hold option key.
    Is it possible that some change I made to permissions settings has caused this? If so, can someone tell me what I would do to set them right? The main drive shows up on my secondary's desktop, and the contents are completely accessible that way.
    Also, I already did a re-install of tiger, but retaining the settings -- not a clean install. That changed nothing. (really really don't want to start from scratch with a clean install, but if I must...) The main drive itself, in terms of hardware, seems to be fine according to both the DU and diskwarrior.

    I'm pretty sure i have a duplicate an not a clone, on my external drive, and yes thank goodness I've got those copies of all my files in case things go way bad.
    Ok, to recap and update: Computer has a primary drive running tiger, a secondary drive running panther and a tiger installation disk in the tray. I lost the ability to boot up the primary, and I think there is a strong chance it has something to do with permissions settings gone awry. I was messing with user permissions while trying to set up a common itunes library for multiple users before the problem started. (I respect you feel that's unlikely Kappy, you're probably right, but if it's possible... I want to know if there's an option that avoids losing my settings.)
    Under a normal restart, the computer chooses the install disk. Both drives show up in the install disk's startup utility. I can choose the secondary and startup to it. (and the primary shows up on the desktop.) When I choose the primary as the startup, no go -- it starts up to the install disk.
    I used DU to repair persmissions on the primary drive, and also ran DU's repair disk, and Diskwarrior. The tests indicated the drive is just fine, but none of that helped a bit. I reset the p-ram and the nvram -- no help. The primary also shows up when I open the startup system pref on the secondary, but choosing it does not work -- restarting still boots to the install disk. The primary does NOT show up as an option when I do a restart / option key.
    I did an archive and install from the tiger disk, retaining my settings (so the system updates are now gone) -- no help, still won't boot. I really really want to avoid an archive and install choosing to delete settings. There are several users on there, and it would take a lot of time and trouble to put humpty together again.
    Here is something I found in discussions, could this help me? --
    Get the Mac to set up an additional administrative account. You can then change your old account. I've tried this in 10.4.10 without problems.
    This was Posted by: JoseAranda at September 9, 2006 3:48 AM
    OK, restart your computer, hold down Command-s and type in the following:
    /sbin/fsck -y Enter
    /sbin/mount -uaw Enter
    rm /var/db/.applesetupdone Enter
    # The rm command is the remove command which deletes the file.
    # Robert: I'd rename the file via: mv /var/db/.applesetupdone /var/db/.applesetupdone.old
    reboot Enter
    Once you've done that the computer reboots and it's like the first time you used the machine. Your old accounts are all safe. From there you just change all other account passwords in the account preferences!!
    end of posted by: JoseAranda
    http://www.askdavetaylor.com/howdo_i_reset_my_mac_os_x_admin_rootpassword.html
    You will need to scroll down to see this post. Search for applesetupdone
    --Could creating an additional admin account, (which would have properly configured permissions,) make the drive bootable again? I'm not an advanced computer person, not much experience working in the terminal or open firmware, but I can follow directions. If I followed the above advice to create an additional admin account, how would I know if I was creating it on the primary or the secondary drive? I notice there is a terminal utility on the tiger disk, coud I type in the commands there?
    Or if the above is unlikely to help, is there something else I could do through the terminal that could repair or reset any user/ admin / persmission settings on the drive that might be causing its unbootability?

  • Permissions in a mixed environment

    I'm providing support for a mixed operating environment with users using both OS X Lion and Windows Vista/7 in a small network environment (~5 devices).  We recently installed a Mac Mini Server running OS X Lion Server, which has been configured to serve as a file server, along with running Parallels to provide some server support for applications (ie: ACT) where the business does not yet have a Mac-based solution. While I primarily deal with Windows workstations/servers, I've been tasked with helping get the Mac Mini Server configured.
    I'm having difficulty properly configuring permissions for a network-wide shared folder - the network users call it "The Box" - where the users save documents intended to be shared with the other network users.  The OS X clients connect to the shared folder via AFP, and are able to browse to the shared folder via Finder.  The Windows clients connect to the shared folder via SMB, mapping a drive using \\ip-address\sharename .  Each user has their own network credentials to connect to the server and access this shared folder, and all belong to the same security group.
    The issue I'm having difficulty resolving pertains to file permissions.  When a user saves a document to "The Box", the other network users are unable to open the document.  An administrator is required to go in and adjust the unix permissions to allow the other network users to access a document once it has been placed in "The Box," which is reducing the amount of time the administrator in question can spend on regular business tasks.  I have gone into the Server app and attempted adjusting permissions on the share and its propagation there, but that did not appear to be the fix required (or was configured incorrectly).  Searching the web for solutions return results that applied to older versions of OS X Server, leaving me under-informed on the correct configuration required.
    How should this be set up so that documents saved to the "The Box" share on the server have the necessary permissions for all users in the network to have read/write access to any current and future files saved in this location?

    Set up a new group called "Workers" or something like that and put in the Users into that group. Now go to Server.app and assign the Group to your share ADDITIONALLY (not by changing the group you see in the Posix permissions) by hit the "+" sign. Give READ & WRITE to the group. The go to Server > Hardware > Storage and propagate the permissons to the included files & folders.
    That should clear you problems by setting up and additional read & write permission by ACL, which is not overwritten, when a user saves a document to "The Box".

  • Editing security settings in Dcom Configuration

    Hi
    Is there a way I can edit dcom Configuration objects via powershell
    I have to change an object in:
    Component services->Computers->This computer->Dcom-Configuration->{objectname}
    I haven't found much on this... 
    any help will be severely appreciated!
    Kindest regards, Martin

    DCOMPerm is just for changing permissions (ACLs). The authentication level setting appears to be a simple REG_DWORD value called "AuthenticationLevel" which exists under the class's HKEY_CLASSES_ROOT\AppID\{GUID} key. The data for this
    value corresponds to these
    Authentication Level Constants.
    "Configuration Permissions" appears to just correspond to the registry permissions on the HKEY_CLASSES_ROOT\AppID\{GUID} key for each class.  Those are easier to deal with in PowerShell (which is good, because DcomPerm.exe doesn't cover that
    part.)  For example:
    # Some random GUID from the AppID key on my computer
    $keyPath = 'Registry::HKEY_CLASSES_ROOT\AppID\{EE487F98-D1F7-49DD-965D-BFEBAFACBD66}'
    $acl = Get-Acl -Path $keyPath
    $everyone = New-Object System.Security.Principal.SecurityIdentifier(
    [System.Security.Principal.WellKnownSidType]::WorldSid,
    $null
    $rule = New-Object System.Security.AccessControl.RegistryAccessRule(
    $everyone,
    [System.Security.AccessControl.RegistryRights]::FullControl,
    [System.Security.AccessControl.AccessControlType]::Allow
    $acl.AddAccessRule($rule)
    Set-Acl -AclObject $acl -Path $keyPath

  • File sharing permissions for AD Domain Admins?

    I've binded Mavericks to a Windows network with Active Directory, turned on File Sharing under System Preferences > Sharing, and added the Domain Admins group; how can I configure permissions so that the Domain Admins can read and write to and from all files and folders on the MAC HD without affecting other user's permissions?
    If I "apply to enclosed items..." the Domain Admins' Read & Write permissions from the root volume then Everyone (gets unintentionally propagated) can access all files!
    Ideally, the Domain Admins need the same permissions as the root administrator even after a new user has logged onto the MAC and had their Home Folders created in the future; In other words I need them to be able to access files and folders for all accounts past, present and future, but all other user's access must stay the same. Does that make sense?
    Is this even possible with AD binding? Would having a MAC OSX Server/Open Directory facilitate this better?
    Any help would be much appreciated!

    I tried adding the Domain Admins to the wheel group, but that never helped either. Also the "apply to enclose items" only seems to work for the entire share (left side)--not individual users or groups (right sde).

  • Read/write permissions for company blog

    Hi there - 
    I'm in the process of creating a blog for my company and need to set up specific permissions for each group involved. I've read through a lot of the help topics on the site, but I can't find the answer I'm looking for.
    What I want to do is set it up so that the users in one group (lets call them Group B) can read/edit their posts, but before the posts are actually published to the live website, they need to be approved by an admin (Group A). Is there a way to do this in
    SharePoint? A lot of the higher-ups in my company are extremely concerned about posts not being reviewed before they are published, even though only a handful of people would have access to the site in the first place.
    If I missed something, I'm sorry! Thanks in advance for your help.
    Erin

    Hi Erin,
    Have you looked at the TechNet article on 'Create a Blog'?
    Here is the Link -->http://office.microsoft.com/en-us/sharepoint-foundation-help/create-a-blog-HA010378201.aspx
    Also, here is a link to configure permissions for a blog -->http://office.microsoft.com/en-us/windows-sharepoint-services-help/configure-permissions-for-a-blog-HA010021567.aspx
    Let us know if you have any questions
    Daniel Christian (MCTS)

  • Configure My sites sharePoint

    Hello,
      I have read about how to configure My Sites SharePoint from "http://technet.microsoft.com/en-us/library/ee624362.aspx"
    I have read the following section : 
    Perform these additional steps to configure permissions for users to create team sites from their My Sites to use site feeds
    In the Policy group, click Permission Policy.
    On Manage Permission Policy Levels dialog box, click Add Permission Policy Level.
    Type a name for the permission policy.
    Under Permissions, in Site Permissions, select the Grant option for Create Subsites - Create subsites such
    as team sites, Meeting Workspace sites, and Document Workspace sites.
    Click Save.
    In the Policy group, click User Policy.
    On Policy for Web Application dialog box, click Add Users.
    On Add Users, in Zones select (All Zones), then click Next.
    In Choose Users, enter the user names of the users that you want to create team sites from their My Site to use site feeds. If all users can create team sites from their
    My Site to use site feeds, click the Browse icon. In Select People and Groups, click All Users, then click Everyone. Click Add, and then click OK.
    In the Choose Permissions section, select the name of the Permission Policy created previously.
    Click Finish, and then click OK.
    I have configure My sites in SharePoint . And I didnot  configure the previous step .
    Then I log in by a user . Then he created a personal site . Then He can create a sub site under it .
        So what is the previous section for ?
    ASk

    By default all authenticated users have the ability to create personal sites for my sites. Did you perform the step to allow self-service site creation? Also, instead of configuring the create subsites permission using user policy I usually control this
    at the User Profile Service Level. There is a link in the UPS called Manage User Permissions and you can specify 3 permission levels for all users (Or put different AD Groups/Users here):
    From:
    http://technet.microsoft.com/en-us/library/cc262500(v=office.15)
    Create Personal Site   This permission enables users to create a personal site to store their documents, newsfeed, and followed content.
    Follow People and Edit Profile   This permission enables users to follow people from their My Site and to edit their personal profile.
    Use Tags and Notes   This permission enables users to use the Tags and Notes feature from SharePoint Server 2010. The Tags and Notes feature is provided primarily for upgrade purposes so that users can continue to access the
    tags and notes they created in the earlier version of SharePoint Server. However, you might also use this permission to enable users to leave notes on documents in SharePoint Server 2013.
    Regards,
    Andrew J Billings
    Portal Systems Engineer//MCSA,MCSE
    Blog:
    http://www.andrewjbillings.com 
    Twitter:
      LinkedIn:

  • OD Groups and Perms not updating?

    I have a file server (to be used by about 60 people) that connects to an OD master for account info.
    When changing a users group on the OD Master (which affects which shares are available), the change doesn't seem to propagate to the file server right away and can take a random amount of time to make it through.
    Shouldn't this type of thing be instant, or is it just how it works?
    Is there a way to force an update or to speed the update up? Sometimes it doesn't happen at all until i share or unshare something, which doesn't always work either.
    I suppose I could set up a replica on the file server itself, but the apple manuals usually allude to specializing services to max out performance.

    I suppose I could set up a replica on the file server itself, but the apple manuals usually allude to specializing services to max out performance.
    That is because Apple wants to sell hardware. Realistically, an Xserve can handle the load of 60 concurrent AFP connections (not 60 network home folders). Running both AFP and OD on a single box is not going to kill it. There are many deployments that have one Xserve and they run 10 or more services on one box. Not everyone can afford separation of services.
    Additionally, if you have an OD Master, you probably should be running an OD Replica. Just for the safety net that it provides. For example, having you users, groups, passwords, and policy automatically replicating is a nice warm and fuzzy. Plus, if you have a problem with the OD Master, you environment can still function.
    That being said, configuring as connected to directory system is generally a good solution to avoid the extra services of directory services. Normally, this is a live lookup and no local storage is needed. Where are you not seeing the updates? In Server Admin when configuring permissions? What if you use dscl to browse the parent domain? Do you see the new groups, users, etc?
    If this were a replica, the duration of time in which a sync occurs can be set. But in a connected to role, the lookups should be dynamic and this instant.
    Hope this helps

  • Trying to setup systemd user instance

    Hi guys!
    For the past few days I have been trying to setup systemd to run a user instance (user is 'hans'). Sadly, I have been unable to find a lot of detail in doing this, so much of my work has been trial and error. Just recently I learned about the [email protected] and also about loginctl enable-linger. However to what degree they are related to setting up a user instance, I do not know. I set the user 'hans' to 'linger' using the loginctl enable-linger hans command, however I think I might have misunderstood the significance of the command in relation to what I am trying to do.
    What I want to for user 'hans' to have his own service file, i.e. irssi.service, and start/stop/enable/disable/etc that service independently of the system. I realize that I could use sudo and configure it to only allow certain commands, and more than that have individual 'system' services for each user, i.e. hansirssi.service, janeirssi.service, joeirssi.service, etc., but I don't want to have to do that unless there is no other option.
    So Question 1:
    Is it possible to setup up systemd user instances as I envision it? Or have I misunderstood something?
    My system:
    [root@ru ~]# uname -a
    Linux ru 3.5.4-1-ARCH #1 SMP PREEMPT Sat Sep 15 08:12:04 CEST 2012 x86_64 GNU/Linux
    The system is installed in a Proxmox virtual machine with a virtio virtual HDD and standard setup. It is a headless system. I have a complete systemd conversion as per the wiki plus polkit 0.107-2 for use with 'loginctl'.
    I tried:
    [root@ru ~]$ systemctl enable [email protected]
    The unit files have no [Install] section. They are not meant to be enabled using systemctl.
    [root@ru ~]$ systemctl start [email protected]
    [root@ru ~]# systemctl status [email protected]
    [email protected] - User Manager for hans
    Loaded: loaded (/usr/lib/systemd/system/[email protected]; static)
    Active: active (running) since Fri, 21 Sep 2012 18:33:07 +0100; 42min ago
    Main PID: 23189 (systemd)
    Status: "Startup finished in 822us."
    CGroup: name=systemd:/user/hans/shared
    â 23190 (sd-pam)
    â systemd-23189
    â 23189 /usr/lib/systemd/systemd --user
    And on the user account hans I confirm that the service is running:
    [hans@ru ~]$ systemctl status [email protected]
    [email protected] - User Manager for hans
    Loaded: loaded (/usr/lib/systemd/system/[email protected]; static)
    Active: active (running) since Fri, 21 Sep 2012 18:33:07 +0100; 13s ago
    Main PID: 23189 (systemd)
    Status: "Startup finished in 822us."
    CGroup: name=systemd:/user/hans/shared
    â 23190 (sd-pam)
    â systemd-23189
    â 23189 /usr/lib/systemd/systemd --user
    But in regard to actually starting/stopping/enabling a user specific service, I keep getting this error:
    [hans@ru ~]$ systemctl start dummyservice.service
    Failed to issue method call: Access denied
    and when I try by accessing the 'user' instance, I get the following error:
    [hans@ru ~]$ systemctl --user
    Failed to get D-Bus connection: Unable to autolaunch a dbus-daemon without a $DISPLAY for X11
    The thing is that dbus is running:
    [root@ru ~]# systemctl status dbus
    dbus.service - D-Bus System Message Bus
    Loaded: loaded (/usr/lib/systemd/system/dbus.service; static)
    Active: active (running) since Thu, 20 Sep 2012 18:19:18 +0100; 24h ago
    Main PID: 248 (dbus-daemon)
    CGroup: name=systemd:/system/dbus.service
    â 248 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
    Sep 21 18:12:40 ru dbus-daemon[248]: dbus[248]: [system] Successfully activated service 'org.freedesktop.PolicyKit1'
    Sep 21 18:12:40 ru dbus[248]: [system] Successfully activated service 'org.freedesktop.PolicyKit1'
    Sep 21 18:17:50 ru dbus-daemon[248]: dbus[248]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.26" (uid.../init ")
    Sep 21 18:17:50 ru dbus[248]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.26" (uid=1000 pid=23167 c...n/init ")
    Sep 21 18:32:46 ru dbus-daemon[248]: dbus[248]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.31" (uid.../init ")
    Sep 21 18:32:46 ru dbus[248]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.31" (uid=1000 pid=23185 c...n/init ")
    Sep 21 18:35:45 ru dbus-daemon[248]: dbus[248]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.34" (uid.../init ")
    Sep 21 18:35:45 ru dbus[248]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.34" (uid=1000 pid=23195 c...n/init ")
    Sep 21 18:36:06 ru dbus-daemon[248]: dbus[248]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.35" (uid.../init ")
    Sep 21 18:36:06 ru dbus[248]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.35" (uid=1000 pid=23197 c...n/init ")
    Here is the full output from 'journalctl':
    Sep 21 18:17:50 ru dbus-daemon[248]: dbus[248]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.26" (uid=1000 pid=23167 comm="systemctl enable [email protected] ") interface="org.freedesktop.systemd1.Manager" member="EnableUnitFiles" error name="(unset)" requested_reply="0" destination="org.freedesktop.systemd1" (uid=0 pid=1 comm="/sbin/init ")
    Sep 21 18:17:50 ru dbus[248]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.26" (uid=1000 pid=23167 comm="systemctl enable [email protected] ") interface="org.freedesktop.systemd1.Manager" member="EnableUnitFiles" error name="(unset)" requested_reply="0" destination="org.freedesktop.systemd1" (uid=0 pid=1 comm="/sbin/init ")
    Sep 21 18:32:46 ru dbus-daemon[248]: dbus[248]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.31" (uid=1000 pid=23185 comm="systemctl start [email protected] ") interface="org.freedesktop.systemd1.Manager" member="StartUnit" error name="(unset)" requested_reply="0" destination="org.freedesktop.systemd1" (uid=0 pid=1 comm="/sbin/init ")
    Sep 21 18:32:46 ru dbus[248]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.31" (uid=1000 pid=23185 comm="systemctl start [email protected] ") interface="org.freedesktop.systemd1.Manager" member="StartUnit" error name="(unset)" requested_reply="0" destination="org.freedesktop.systemd1" (uid=0 pid=1 comm="/sbin/init ")
    Sep 21 18:33:07 ru systemd[23189]: Failed to open private bus connection: Failed to connect to socket /run/user/hans/dbus/user_bus_socket: No such file or directory
    Sep 21 18:35:45 ru dbus-daemon[248]: dbus[248]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.34" (uid=1000 pid=23195 comm="systemctl start userservice ") interface="org.freedesktop.systemd1.Manager" member="StartUnit" error name="(unset)" requested_reply="0" destination="org.freedesktop.systemd1" (uid=0 pid=1 comm="/sbin/init ")
    Sep 21 18:35:45 ru dbus[248]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.34" (uid=1000 pid=23195 comm="systemctl start userservice ") interface="org.freedesktop.systemd1.Manager" member="StartUnit" error name="(unset)" requested_reply="0" destination="org.freedesktop.systemd1" (uid=0 pid=1 comm="/sbin/init ")
    Sep 21 18:36:06 ru dbus-daemon[248]: dbus[248]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.35" (uid=1000 pid=23197 comm="systemctl start userservice.service ") interface="org.freedesktop.systemd1.Manager" member="StartUnit" error name="(unset)" requested_reply="0" destination="org.freedesktop.systemd1" (uid=0 pid=1 comm="/sbin/init ")
    Sep 21 18:36:06 ru dbus[248]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.35" (uid=1000 pid=23197 comm="systemctl start userservice.service ") interface="org.freedesktop.systemd1.Manager" member="StartUnit" error name="(unset)" requested_reply="0" destination="org.freedesktop.systemd1" (uid=0 pid=1 comm="/sbin/init ")
    Question 2:
    Why would dbus reject the 'messages', is there something I need to configure (permissions,...?) in order to get this to work?
    I suspect that it is my lacking knowledge to blame for this problem, which is why I have sought help here.
    EDIT#1:
    I forgot to show you what 'loginctl' was doing:
    [root@ru ~]# loginctl user-status hans
    hans (1000)
    Since: Thu, 20 Sep 2012 18:19:18 +0100; 24h ago
    State: lingering
    CGroup: name=systemd:/user/hans
    â shared
    â 23190 (sd-pam)
    â systemd-23189
    â 23189 /usr/lib/systemd/systemd --user
    Last edited by sunite (2012-09-21 18:17:35)

    I just went through the install process, read through the user-session-units doc, I was finally able to get the user instance working, no Dbus errors . However I decided to make sure and run 'dbus-monitor' within the user 'hans' and I got the following error message:
    Failed to open private bus connection: Failed to connect to socket /run/user/1000/dbus/user_bus_socket: No such file or directory
    I checked and there is no such file, however I checked the dbus.socket:
    [root@ru user]# cat /usr/lib/systemd/user/dbus.socket
    [Unit]
    Description=D-Bus System Message Bus Socket
    [Socket]
    ListenStream=%t/dbus/user_bus_socket
    And dbus.service:
    [root@ru user]# dbus-monitor
    Failed to open connection to session bus: Unable to autolaunch a dbus-daemon without a $DISPLAY for X11
    [root@ru user]# cat /usr/lib/systemd/user/dbus.service
    [Unit]
    Description=D-Bus System Message Bus
    Requires=dbus.socket
    [Service]
    ExecStart=/usr/bin/dbus-daemon --session --address=systemd: --nofork --systemd-activation
    ExecReload=/usr/bin/dbus-send --print-reply --session --type=method_call --dest=org.freedesktop.DBus / org.freedesktop.DBus.ReloadConfig
    and as far as I can tell everything see alright there.
    EDIT#1:
    I just restarted the system to see if my symlink worked for the user-session service. It did, sort of, however the following error occured during boot:
    Sep 21 22:15:14 ru systemd[307]: Failed to open private bus connection: Failed to connect to socket /run/user/1000/dbus/user_bus_socket: No such file or directory
    Last edited by sunite (2012-09-21 21:22:11)

  • Error "424 Object Required" when opening journal report using HFM 11.1.2.1

    Hi experts,
    I've installed EPM 11.1.2.1 along with Hyperion Financial Management and Financial Reporting on an virtual machine (OS is windows server 2008),
    when I logon to workspace and tried to open an journal report in HFM-Format, appears error message as follows:
    An error has occurred. Please contact your administrator
    Error Number:424
    Error Description: Object required
    Error Source: Microsoft VBScript runtime error
    Page On which Error Occurred:../reports/CheckStatus.asp
    I've checked oracle support and found article ID 967025.1 describing almost the same issue of mine,
    but the suggested solution was to add workspace and HFM web server to trusted site. (I'm using IE9)
    I did so as well as other recommended browser settings but still the error remains.
    The article said the solution was applied to Version 9.2.0.0 to 11.1.1.3, so I'm not sure if version 11.1.2.1 has other causes or solutions.
    Could experts provide any ideas?

    I believe you might have already done with the below steps, but please reconfirm:
    1) Ensure, that both the Hyperion Workspace URL AND the HFM webservername i.e(Http://<hfmwebservername>/hfm) is added in the sites button in the Trusted sites option. under Security tab.
    2) Here is a list of Internet Explorer settings which are recommended to be set on the client machine:
    1. Configure browser to check for new version every time user visits a page
    * Open Internet Explorer
    * Go to Tools > Internet options > General
    In 'Browsing history' section select 'Every time I visit the webpage'
    * Click Ok, then Apply.
    2. Disable default pop-up blocking
    * Open Internet Explorer
    * Go to Tools > Internet options > Privacy tab
    Uncheck 'Turn on Pop-up Blocker'
    3. Add workspace URL to trusted sites
    * Open Internet Explorer
    * Go to Tools > Internet options > Security tab
    * Select Trusted sites from Select a zone to view or change security settings.
    * Type your workspace URL in form http://workspaceserver:portnumber in 'Add this website to the zone'
    * Uncheck 'Require server verification (https:) for all sites in this zone'
    * Click Add, then Close.
    * Click Ok and Apply.
    4. Minimize security setting for trusted sites
    * Open Internet Explorer
    * Go to Tools > Internet options > Security tab
    * Select Trusted Sites from select a zone to view or change security settings
    * Select custom level
    * From Reset to list select Low
    * Click Ok
    * Click Apply, then Ok
    5. Customize security settings
    * Open Internet Explorer
    * Go to Tools > Internet options > Security Tab > Custom Level
    * In 'Miscellaneous' section enable the option "Allow script-initiated windows without size or position constraints"
    * In 'ActiveX controls and plug-ins' section enable “Run ActiveX controls and plug-ins” and “Script ActiveX controls marked safe for scripting.”
    6. Enable option "Always allow session cookies".
    * Open Internet Explorer
    * Go to Tools > Internet options > Privacy Tab > Advanced > Check the "Override automatic cookie handling" and accept the first and third party cookies and check the "Always allow session cookies" option.
    7. Disable option "Enable Native XMLHTTP".
    * Open Internet Explorer
    * Go to Tools > Internet options > Advanced Tab > Uncheck the option "Enable Native XMLHTTP"
    If still facing the same issue, perform the below action plan:
    1) Give full permission to Filetransferfolder and try generating the reports.
    2) Add the Everyone user and dcom user to BIPubSystemReports.
    DCOM Config-> BIPubSystemReports-> Security tab-> add the users in Launch and Activation Permission, Access permissions and Configuration Permissions.
    Best regards.

  • Access Database (.mdb) on Windows Server 2012 R2 Essentials

    Hi guys, thanks for your time!
    SCENARIO:
    - Windows Server 2012 R2 Essentials
    - Windows 7 Ultimate Clients (3 clients)
    - VB6 application on clients using a MS Database (.mdb) hosted on the server.  
    - Clients access the database (.mdb) via a mapped network drive (K:).
    PROBLEM:
    - Microsoft Database (.mdb) on server gets corrupted frequently.
    - Clients don't "flush their changes" back to the database: database was not updated.
    WORKAROUND:
    - Database was moved from the server to one of the Windows 7 clients.
    - Application is running OK.
    CONFIGURATION:
    - Permissions are correct: network and NTFS.
    - No faulty network hardware: switch, cabling, NICs.
    - Computers and Server hardware is new.
    - UPS are used everywhere.
    SOME LINKS:
    SMB 3.0 
    - Opportunistic Locking and Read Caching on Microsoft Windows Networks.
    - Windows 7 cannot
    open the shared MS Access database if it's opened by another user
    - Initializing the
    Microsoft Jet 4.0 Database Engine Driver
    - Moved to
    Server 2012 getting Access Database Corruption
    Oplocks
    - Configuring
    opportunistic locking in Windows
    - Understanding
    offline files
    - How to
    enable and disable SMBv1, SMBv2, and SMBv3
    - Is it possible to
    monitor and log actual queries against an Access MDB?
    Now, server is useless if it is not hosting our database. Any ideas, please? Do I need to diagnose using Wireshark? Or using Sysinternals Process Monitor? I think that is a waste of time. 
    Thank you! 

    Thanks for your reply.
    Software is from a 3rd party provider. It currently supports concurrency. It was deployed on Windows XP. SQL Server would be a nice upgrade, however that is
    not an option.
    Something has changed with newer versions of Windows. That is what I am going to study in a lab I prepared with a real server and some clients.
    File-sharing databases (Microsoft JET databases) are very old technology even before I was a college student. However, I have been very busy researching this technology.
    It was made for multi-user environments. It is highly tied to file sharing services from Windows: SMB protocol.
    Windows XP, Vista, 7 and 8 use different versions of this protocol. I think that is the root of the problem. With old technology, application was running fine.
    With new technology, application is troublesome. I will check several things: JET drivers vs. ACE drivers, SMB tweaks, etc.
    UPDATE:
    Basically, there are 4 general answers to this issue:
    1) Migrate your Access Database to SQL Server Express (or another RDBMS engine).
    2) @Server: disable SMB 2.0/3.0 protocol stack by powershell command. Network speed decreases.
    3) @Clients: disable client redirector caches by using regedit.
    4) @Server: disable the leasing on the file server. 
    5) @Server: tuning Broadcom NIC parameters.
    References:
    - https://technet.microsoft.com/en-us/library/ff686200(WS.10).aspx
    - https://msdn.microsoft.com/en-us/library/windows/desktop/aa365433(v=vs.85).aspx
    - http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/Q_28482197.html
    - http://tipsntricks.sherr.co.uk/stop-smb-corrupting-files/
    - http://www.dataaccess.com/whitepapers/opportunlockingreadcaching.html
    - https://social.technet.microsoft.com/forums/windowsserver/en-US/67baa9fd-5eaf-438e-9cc4-dc1a531b9e19/disabling-oplocksmb2-vs-fileinfocachelifetime
    - https://social.technet.microsoft.com/Forums/windowsserver/en-US/7336d31b-6c24-468a-9c47-750244ae3a8c/moved-to-server-2012-getting-access-database-corruption
    - https://social.technet.microsoft.com/Forums/en-US/e9567167-22db-4b8c-9f96-a08b97d507f9/server-2012-r2-file-server-stops-responding-to-smb-connections
    - http://support2.microsoft.com/kb/2957623
    - http://support2.microsoft.com/kb/2899011
    - http://support2.microsoft.com/kb/2955164
    - https://social.technet.microsoft.com/Forums/en-US/7bd0aa5b-eb95-40a8-a56d-c6013273665c/extremely-slow-smb-network-speed-server-2012-r2?forum=winserver8gen

Maybe you are looking for