OVM3 Repository : Take Ownership problem on NFS

Hey,
Could you post the steps to do this on NFS?
I'm in that situation at the moment.
Cheers,

919402 wrote:
Could you post the steps to do this on NFS?
I'm in that situation at the moment.Just remove the NFS file server completely from your UI (you'll have to unpresent it first), then edit the .ovsrepo file in the root of the NFS exports that contain your repositories. Once you've replaced the old OVS_REPO_MGR_UUID value with the new one (which can be found in Help -> About in the Manager), add the NFS File Server back in the UI and rediscover the exports. The repositories will now be seen as owned by the new Manager UUID.

Similar Messages

  • Solved - How to take ownership and change permissions for blocked files and folders in Powershell

    Hello,
    I was trying to take ownership & fix permissions on Home Folder/My Documents structures, I ran into the common problem in PowerShell where Set-Acl & Get-Acl return access denied errors. The error occurs because the Administrators have been removed from
    file permissions and do not have ownership of the files,folders/directories. (Assuming all other permissions like SeTakeOwnershipPrivilege have been enabled.
    I was not able to find any information about someone successfully using native PS to resolve the issue.  As I was able to solve the issues surrounding Get-Acl & Set-Acl, I wanted to share the result for those still looking for an answer.
    Question: How do you use only Powershell take ownership and reset permissions for files or folders you do not have permissions or ownership of?
    Problem: 
    Using the default function calls to the object fail for a folder that the administrative account does not have permissions or file ownership. You get the following error for Get-Acl:
    PS C:\> Get-Acl -path F:\testpath\locked
    Get-Acl : Attempted to perform an unauthorized operation.
    + get-acl <<<< -path F:\testpath\locked
    + CategoryInfo : NotSpecified: (:) [Get-Acl], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.GetAclCommand
    If you create a new ACL and attempt to apply it using Set-Acl, you get:
    PS C:\> Set-Acl -path F:\testpath\locked -AclObject $DirAcl
    Set-Acl : Attempted to perform an unauthorized operation.
    At line:1 char:8
    + Set-Acl <<<< -path "F:\testpath\locked" -AclObject $DirAcl
    + CategoryInfo : PermissionDenied: (F:\testpath\locked:String) [Set-Acl], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.SetAclCommand
    Use of other functions like .GetAccessControl will result in a similar error: "Attempted to perform an unauthorized operation."
    How do you replace owner on all subcontainers and objects in Powershell with resorting to external applications like takeown, icacls, Windows Explorer GUI, etc.?
    Tony

    Hello,
    Last, here is the script I used to reset permissions on the "My Documents" tree structure that admins did not have access to:
    Example:  Powershell script to parse a directory of User-owned "My Document" redirection folders and reset permissions.
    #Script to Reset MyDocuments Folder permissions
    $domainName = ([ADSI]'').name
    Import-Module "PSCX" -ErrorAction Stop
    Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeRestorePrivilege", $true) #Necessary to set Owner Permissions
    Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeBackupPrivilege", $true) #Necessary to bypass Traverse Checking
    #Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeSecurityPrivilege", $true) #Optional if you want to manage auditing (SACL) on the objects
    Set-Privilege (new-object Pscx.Interop.TokenPrivilege "SeTakeOwnershipPrivilege", $true) #Necessary to override FilePermissions & take Ownership
    $Directorypath = "F:\Userpath" #locked user folders exist under here
    $LockedDirs = Get-ChildItem $Directorypath -force #get all of the locked directories.
    Foreach ($Locked in $LockedDirs) {
    Write-Host "Resetting Permissions for "$Locked.Fullname
    #######Take Ownership of the root directory
    $blankdirAcl = New-Object System.Security.AccessControl.DirectorySecurity
    $blankdirAcl.SetOwner([System.Security.Principal.NTAccount]'BUILTIN\Administrators')
    $Locked.SetAccessControl($blankdirAcl)
    ###################### Setup & apply correct folder permissions to the root user folder
    #Using recommendation from Ned Pyle's Ask Directory Services blog:
    #Automatic creation of user folders for home, roaming profile and redirected folders.
    $inherit = [system.security.accesscontrol.InheritanceFlags]"ContainerInherit, ObjectInherit"
    $propagation = [system.security.accesscontrol.PropagationFlags]"None"
    $fullrights = [System.Security.AccessControl.FileSystemRights]"FullControl"
    $allowrights = [System.Security.AccessControl.AccessControlType]"Allow"
    $DirACL = New-Object System.Security.AccessControl.DirectorySecurity
    #Administrators: Full Control
    $DirACL.AddAccessRule((new-object System.Security.AccessControl.FileSystemAccessRule("BUILTIN\Administrators",$fullrights, $inherit, $propagation, "Allow")))
    #System: Full Control
    $DirACL.AddAccessRule((new-object System.Security.AccessControl.FileSystemAccessRule("NT AUTHORITY\SYSTEM",$fullrights, $inherit, $propagation, "Allow")))
    #Creator Owner: Full Control
    $DirACL.AddAccessRule((new-object System.Security.AccessControl.FileSystemAccessRule("CREATOR OWNER",$fullrights, $inherit, $propagation, "Allow")))
    #Useraccount: Full Control (ideally I would error check the existance of the user account in AD)
    #$DirACL.AddAccessRule((new-object System.Security.AccessControl.FileSystemAccessRule("$domainName\$Locked.name",$fullrights, $inherit, $propagation, "Allow")))
    $DirACL.AddAccessRule((new-object System.Security.AccessControl.FileSystemAccessRule("$domainName\$Locked",$fullrights, $inherit, $propagation, "Allow")))
    #Remove Inheritance from the root user folder
    $DirACL.SetAccessRuleProtection($True, $False) #SetAccessRuleProtection(block inheritance?, copy parent ACLs?)
    #Set permissions on User Directory
    Set-Acl -aclObject $DirACL -path $Locked.Fullname
    Write-Host "commencer" -NoNewLine
    ##############Restore admin access & then restore file/folder inheritance on all subitems
    #create a template ACL with inheritance re-enabled; this will be stamped on each subitem to re-establish the file structure with inherited ACLs only.
    #$NewOwner = New-Object System.Security.Principal.NTAccount("$domainName","$Locked.name") #ideally I would error check this.
    $NewOwner = New-Object System.Security.Principal.NTAccount("$domainName","$Locked") #ideally I would error check this.
    $subFileACL = New-Object System.Security.AccessControl.FileSecurity
    $subDirACL = New-Object System.Security.AccessControl.DirectorySecurity
    $subFileACL.SetOwner($NewOwner)
    $subDirACL.SetOwner($NewOwner)
    ######## Enable inheritance ($False) and not copy of parent ACLs ($False)
    $subFileACL.SetAccessRuleProtection($False, $False) #SetAccessRuleProtection(block inheritance?, copy parent ACLs?)
    $subDirACL.SetAccessRuleProtection($False, $False) #SetAccessRuleProtection(block inheritance?, copy parent ACLs?)
    #####loop through subitems
    $subdirs = Get-ChildItem -path $Locked.Fullname -force -recurse #force is necessary to get hidden files/folders
    foreach ($subitem in $subdirs) {
    #take ownership to insure ability to change permissions
    #Then set desired ACL
    if ($subitem.Attributes -match "Directory") {
    # New, blank Directory ACL with only Owner set
    $blankdirAcl = New-Object System.Security.AccessControl.DirectorySecurity
    $blankdirAcl.SetOwner([System.Security.Principal.NTAccount]'BUILTIN\Administrators')
    #Use SetAccessControl to reset Owner; Set-Acl will not work.
    $subitem.SetAccessControl($blankdirAcl)
    #At this point, Administrators have the ability to change the directory permissions
    Set-Acl -aclObject $subDirACL -path $subitem.Fullname -ErrorAction Stop
    } Else {
    # New, blank File ACL with only Owner set
    $blankfileAcl = New-Object System.Security.AccessControl.FileSecurity
    $blankfileAcl.SetOwner([System.Security.Principal.NTAccount]'BUILTIN\Administrators')
    #Use SetAccessControl to reset Owner; Set-Acl will not work.
    $subitem.SetAccessControl($blankfileAcl)
    #At this point, Administrators have the ability to change the file permissions
    Set-Acl -aclObject $subFileACL -path $subitem.Fullname -ErrorAction Stop
    Write-Host "." -NoNewline
    Write-Host "fin."
    Write-Host "Script Complete."
    I hope you find this useful.
    Thank you,
    Tony
    Final Thought: There are great non-PS tools like
    Set-Acl and takeown which are external to PS & can also do the job wonderfully.  It may be much simpler to call those tools than recreate the wheel in pure
    code.  Feel free to use whatever best suits your time, scope & cost.

  • How do I take ownership of a hard drive build in windows but installed as an additional disk in my new Mac Pro?

    How do I take ownership of a hard drive build in windows but installed as an additional disk in my new Mac Pro?
    I bought a Mac and have various HDDs, some Portable some SATA, I can right to them and dont seem to be able to take ownership of them, is this to do with the format or Security seting I can't find?
    Any help would be great; thanks.
    Stephen

    Thanks Kaz-K, this was what I assumed it to be.  I have started to move the stuf over to a 4GB internal drive, once done and verified, I will reformat the drive and move it back, blooming nusience.
    Cheers.
    Stephen

  • NFS4: Problem mounting NFS mount onto a Solaris 10 Client

    Hi,
    I am having problems mounting NFS mount point from a Linux-Server onto a Solaris 10 Client.
    In the following
    =My server IP ..*.120
    =Client IP ..*.100
    Commands run on Client:
    ==================
    # mount -o vers=3 -F nfs 172.25.30.120:/scratch/pvfs2 /scratch/pvfs2
    nfs mount: 172.25.30.120: : RPC: Rpcbind failure - RPC: Unable to receive
    nfs mount: retrying: /scratch/pvfs2
    nfs mount: 172.25.30.120: : RPC: Rpcbind failure - RPC: Unable to receive
    nfs mount: 172.25.30.120: : RPC: Rpcbind failure - RPC: Unable to receive
    # mount -o vers=4 -F nfs 172.25.30.120:/scratch/pvfs2 /scratch/pvfs2
    nfs mount: 172.25.30.120:/scratch/pvfs2: No such file or directory
    # rpcinfo -p
    program vers proto port service
    100000 4 tcp 111 rpcbind
    100000 3 tcp 111 rpcbind
    100000 2 tcp 111 rpcbind
    100000 4 udp 111 rpcbind
    100000 3 udp 111 rpcbind
    100000 2 udp 111 rpcbind
    1073741824 1 tcp 36084
    100024 1 udp 42835 status
    100024 1 tcp 36086 status
    100133 1 udp 42835
    100133 1 tcp 36086
    100001 2 udp 42836 rstatd
    100001 3 udp 42836 rstatd
    100001 4 udp 42836 rstatd
    100002 2 tcp 36087 rusersd
    100002 3 tcp 36087 rusersd
    100002 2 udp 42838 rusersd
    100002 3 udp 42838 rusersd
    100011 1 udp 42840 rquotad
    100021 1 udp 4045 nlockmgr
    100021 2 udp 4045 nlockmgr
    100021 3 udp 4045 nlockmgr
    100021 4 udp 4045 nlockmgr
    100021 1 tcp 4045 nlockmgr
    100021 2 tcp 4045 nlockmgr
    100021 3 tcp 4045 nlockmgr
    100021 4 tcp 4045 nlockmgr
    # showmount -e 172.25.30.120 (Server)
    showmount: 172.25.30.120: RPC: Rpcbind failure - RPC: Unable to receive
    Commands OnServer:
    ================
    program vers proto port
    100000 2 tcp 111 portmapper
    100000 2 udp 111 portmapper
    100021 1 tcp 49927 nlockmgr
    100021 3 tcp 49927 nlockmgr
    100021 4 tcp 49927 nlockmgr
    100021 1 udp 32772 nlockmgr
    100021 3 udp 32772 nlockmgr
    100021 4 udp 32772 nlockmgr
    100011 1 udp 796 rquotad
    100011 2 udp 796 rquotad
    100011 1 tcp 799 rquotad
    100011 2 tcp 799 rquotad
    100003 2 udp 2049 nfs
    100003 3 udp 2049 nfs
    100003 4 udp 2049 nfs
    100003 2 tcp 2049 nfs
    100003 3 tcp 2049 nfs
    100003 4 tcp 2049 nfs
    100005 1 udp 809 mountd
    100005 1 tcp 812 mountd
    100005 2 udp 809 mountd
    100005 2 tcp 812 mountd
    100005 3 udp 809 mountd
    100005 3 tcp 812 mountd
    100024 1 udp 854 status
    100024 1 tcp 857 status
    # showmount -e 172.25.30.120
    Export list for 172.25.30.120:
    /scratch/nfs 172.25.30.100,172.25.24.0/4
    /scratch/pvfs2 172.25.30.100,172.25.24.0/4
    Thank you, ~al

    I also tried to run Snoop on the client and wireshark on Server and following is what I see:
    One Server: Upon issuing mount command on client:
    # tshark -i eth1
    Running as user "root" and group "root". This could be dangerous.
    Capturing on eth1
    0.000000 Cisco_3d:68:10 -> Spanning-tree-(for-bridges)_00 STP Conf. Root = 32770/00:0a:b8:3d:68:00 Cost = 0 Port = 0x8010
    0.205570 172.25.30.100 -> 172.25.30.120 Portmap V2 GETPORT Call MOUNT(100005) V:3 UDP
    0.205586 172.25.30.120 -> 172.25.30.100 ICMP Destination unreachable (Port unreachable)
    0.207863 172.25.30.100 -> 172.25.30.120 Portmap V2 GETPORT Call MOUNT(100005) V:3 UDP
    0.207869 172.25.30.120 -> 172.25.30.100 ICMP Destination unreachable (Port unreachable)
    2.005314 Cisco_3d:68:10 -> Spanning-tree-(for-bridges)_00 STP Conf. Root = 32770/00:0a:b8:3d:68:00 Cost = 0 Port = 0x8010
    4.011005 Cisco_3d:68:10 -> Spanning-tree-(for-bridges)_00 STP Conf. Root = 32770/00:0a:b8:3d:68:00 Cost = 0 Port = 0x8010
    5.206109 Dell_70:ad:29 -> SunMicro_70:ff:17 ARP Who has 172.25.30.100? Tell 172.25.30.120
    5.206277 SunMicro_70:ff:17 -> Dell_70:ad:29 ARP 172.25.30.100 is at 00:14:4f:70:ff:17
    5.216157 172.25.30.100 -> 172.25.30.120 Portmap V2 GETPORT Call MOUNT(100005) V:3 UDP
    5.216170 172.25.30.120 -> 172.25.30.100 ICMP Destination unreachable (Port unreachable)
    On Clinet Upon issuing mount command on client:
    # snoop -d bge1
    Using device /dev/bge1 (promiscuous mode)
    ? -> * ETHER Type=9000 (Loopback), size = 60 bytes
    ? -> (multicast) ETHER Type=0000 (LLC/802.3), size = 52 bytes
    ? -> (multicast) ETHER Type=0000 (LLC/802.3), size = 52 bytes
    ? -> (multicast) ETHER Type=0000 (LLC/802.3), size = 52 bytes
    atlas-pvfs2 -> pvfs2-io-0-3 PORTMAP C GETPORT prog=100005 (MOUNT) vers=3 proto=UDP
    pvfs2-io-0-3 -> atlas-pvfs2 ICMP Destination unreachable (UDP port 111 unreachable)
    atlas-pvfs2 -> pvfs2-io-0-3 PORTMAP C GETPORT prog=100005 (MOUNT) vers=3 proto=UDP
    pvfs2-io-0-3 -> atlas-pvfs2 ICMP Destination unreachable (UDP port 111 unreachable)
    ? -> (multicast) ETHER Type=0000 (LLC/802.3), size = 52 bytes
    ? -> (multicast) ETHER Type=0000 (LLC/802.3), size = 52 bytes
    ? -> * ETHER Type=9000 (Loopback), size = 60 bytes
    ? -> (multicast) ETHER Type=0000 (LLC/802.3), size = 52 bytes
    pvfs2-io-0-3 -> * ARP C Who is 172.25.30.100, atlas-pvfs2 ?
    atlas-pvfs2 -> pvfs2-io-0-3 ARP R 172.25.30.100, atlas-pvfs2 is 0:14:4f:70:ff:17
    atlas-pvfs2 -> pvfs2-io-0-3 PORTMAP C GETPORT prog=100005 (MOUNT) vers=3 proto=UDP
    pvfs2-io-0-3 -> atlas-pvfs2 ICMP Destination unreachable (UDP port 111 unreachable)
    Also I see the following on Client:
    # rpcinfo -p pvfs2-io-0-3
    rpcinfo: can't contact portmapper: RPC: Rpcbind failure - RPC: Failed (unspecified error)
    When I try the above rpcinfo command on Client and Server Snoop And wireshark(ethereal) outputs are as follows:
    Client # snoop -d bge1
    Using device /dev/bge1 (promiscuous mode)
    ? -> (multicast) ETHER Type=0000 (LLC/802.3), size = 52 bytes
    ? -> (multicast) ETHER Type=0000 (LLC/802.3), size = 52 bytes
    atlas-pvfs2 -> pvfs2-io-0-3 TCP D=111 S=872 Syn Seq=2065245538 Len=0 Win=49640 Options=<mss 1460,nop,wscale 0,nop,nop,sackOK>
    pvfs2-io-0-3 -> atlas-pvfs2 ICMP Destination unreachable (TCP port 111 unreachable)
    ? -> (multicast) ETHER Type=0000 (LLC/802.3), size = 52 bytes
    ? -> (multicast) ETHER Type=0000 (LLC/802.3), size = 52 bytes
    ? -> (multicast) ETHER Type=2004 (Unknown), size = 48 bytes
    ? -> (multicast) ETHER Type=0003 (LLC/802.3), size = 90 bytes
    ? -> (multicast) ETHER Type=0000 (LLC/802.3), size = 52 bytes
    ? -> * ETHER Type=9000 (Loopback), size = 60 bytes
    pvfs2-io-0-3 -> * ARP C Who is 172.25.30.100, atlas-pvfs2 ?
    atlas-pvfs2 -> pvfs2-io-0-3 ARP R 172.25.30.100, atlas-pvfs2 is 0:14:4f:70:ff:17
    ? -> (multicast) ETHER Type=0000 (LLC/802.3), size = 52 bytes
    ? -> (multicast) ETHER Type=0000 (LLC/802.3), size = 52 bytes
    ? -> (multicast) ETHER Type=0000 (LLC/802.3), size = 52 bytes
    atlas-pvfs2 -> pvfs2-io-0-3 TCP D=111 S=874 Syn Seq=2068043912 Len=0 Win=49640 Options=<mss 1460,nop,wscale 0,nop,nop,sackOK>
    pvfs2-io-0-3 -> atlas-pvfs2 ICMP Destination unreachable (TCP port 111 unreachable)
    ? -> (multicast) ETHER Type=0000 (LLC/802.3), size = 52 bytes
    ? -> (multicast) ETHER Type=0000 (LLC/802.3), size = 52 bytes
    ? -> * ETHER Type=9000 (Loopback), size = 60 bytes
    Server # tshark -i eth1
    Running as user "root" and group "root". This could be dangerous.
    Capturing on eth1
    0.000000 Cisco_3d:68:10 -> Spanning-tree-(for-bridges)_00 STP Conf. Root = 32770/00:0a:b8:3d:68:00 Cost = 0 Port = 0x8010
    0.313739 Cisco_3d:68:10 -> CDP/VTP/DTP/PAgP/UDLD CDP Device ID: MILEVA Port ID: GigabitEthernet1/0/16
    2.006422 Cisco_3d:68:10 -> Spanning-tree-(for-bridges)_00 STP Conf. Root = 32770/00:0a:b8:3d:68:00 Cost = 0 Port = 0x8010
    3.483733 172.25.30.100 -> 172.25.30.120 TCP 865 > sunrpc [SYN] Seq=0 Win=49640 Len=0 MSS=1460 WS=0
    3.483752 172.25.30.120 -> 172.25.30.100 ICMP Destination unreachable (Port unreachable)
    4.009741 Cisco_3d:68:10 -> Spanning-tree-(for-bridges)_00 STP Conf. Root = 32770/00:0a:b8:3d:68:00 Cost = 0 Port = 0x8010
    6.014524 Cisco_3d:68:10 -> Spanning-tree-(for-bridges)_00 STP Conf. Root = 32770/00:0a:b8:3d:68:00 Cost = 0 Port = 0x8010
    6.551356 Cisco_3d:68:10 -> Cisco_3d:68:10 LOOP Reply
    8.019386 Cisco_3d:68:10 -> Spanning-tree-(for-bridges)_00 STP Conf. Root = 32770/00:0a:b8:3d:68:00 Cost = 0 Port = 0x8010
    8.484344 Dell_70:ad:29 -> SunMicro_70:ff:17 ARP Who has 172.25.30.100? Tell 172.25.30.120
    8.484569 SunMicro_70:ff:17 -> Dell_70:ad:29 ARP 172.25.30.100 is at 00:14:4f:70:ff:17
    10.024411 Cisco_3d:68:10 -> Spanning-tree-(for-bridges)_00 STP Conf. Root = 32770/00:0a:b8:3d:68:00 Cost = 0 Port = 0x8010
    12.030956 Cisco_3d:68:10 -> Spanning-tree-(for-bridges)_00 STP Conf. Root = 32770/00:0a:b8:3d:68:00 Cost = 0 Port = 0x8010
    12.901333 Cisco_3d:68:10 -> CDP/VTP/DTP/PAgP/UDLD DTP Dynamic Trunking Protocol
    12.901421 Cisco_3d:68:10 -> CDP/VTP/DTP/PAgP/UDLD DTP Dynamic Trunking Protocol
    ^[[A 14.034193 Cisco_3d:68:10 -> Spanning-tree-(for-bridges)_00 STP Conf. Root = 32770/00:0a:b8:3d:68:00  Cost = 0  Port = 0x8010
    15.691119 172.25.30.100 -> 172.25.30.120 TCP 866 > sunrpc [SYN] Seq=0 Win=49640 Len=0 MSS=1460 WS=0
    15.691138 172.25.30.120 -> 172.25.30.100 ICMP Destination unreachable (Port unreachable)
    16.038944 Cisco_3d:68:10 -> Spanning-tree-(for-bridges)_00 STP Conf. Root = 32770/00:0a:b8:3d:68:00 Cost = 0 Port = 0x8010
    16.550760 Cisco_3d:68:10 -> Cisco_3d:68:10 LOOP Reply
    18.043886 Cisco_3d:68:10 -> Spanning-tree-(for-bridges)_00 STP Conf. Root = 32770/00:0a:b8:3d:68:00 Cost = 0 Port = 0x8010
    20.050243 Cisco_3d:68:10 -> Spanning-tree-(for-bridges)_00 STP Conf. Root = 32770/00:0a:b8:3d:68:00 Cost = 0 Port = 0x8010
    21.487689 172.25.30.100 -> 172.25.30.120 TCP 867 > sunrpc [SYN] Seq=0 Win=49640 Len=0 MSS=1460 WS=0
    21.487700 172.25.30.120 -> 172.25.30.100 ICMP Destination unreachable (Port unreachable)
    22.053784 Cisco_3d:68:10 -> Spanning-tree-(for-bridges)_00 STP Conf. Root = 32770/00:0a:b8:3d:68:00 Cost = 0 Port = 0x8010
    24.058680 Cisco_3d:68:10 -> Spanning-tree-(for-bridges)_00 STP Conf. Root = 32770/00:0a:b8:3d:68:00 Cost = 0 Port = 0x8010
    26.063406 Cisco_3d:68:10 -> Spanning-tree-(for-bridges)_00 STP Conf. Root = 32770/00:0a:b8:3d:68:00 Cost = 0 Port = 0x8010
    26.558307 Cisco_3d:68:10 -> Cisco_3d:68:10 LOOP Reply
    ~thank you for any help you can provide!!!

  • When using iPhoto to buy photo books, is Apple going to take ownership of my photographic material?

    Hi,
    I like iPhoto for its features and ease of use; however, I'm unclear on its privacy policy.
    When using iPhoto to buy photo books, is Apple going to take ownership of my photographic material?
    Can Apple use my pictures to advertise Apple products or services?
    I've asked these questions twice to the apple privacy postmaster, but they only reply with a boiler plate of links to get further support or they simply ignore my email. Should I assume the worse?
    I like iPhoto, but I'm not going to use it if I don't know that my privacy is satisfactorily safeguarded.
    Thank you for any insight
    Gabriele

    No and No. You retain all rights.

  • Take Ownership of this item link

    Hi
    In catalog manager, in item properties, there is a link "Take Ownership of this item" which changes the owner of an object as the current user. However, eventhough I limit it only to Presentation Server Administrators group through privileges setup, each user still sees this link and be able to use it. What can I do to prevent users seeing this link, except the setting in privileges.
    Thanks a lot.

    Catalog Manager is a powerful tool - it should only be made available to report developers / administrators that need to use it. Most users should not have access to the tool - in fact the only access for most people should be through their web browser into Dashboards/Answers etc.
    If used in 'offline mode' then you have access to any item in the catalog, 'on-line' access should restrict to you to the items that you have permission on.
    I suggest that you review the catalog manager section of the Presentation Services Administration guide and particularly note the need to take backups before you make changes as there is no 'undo' available!

  • File permission and ownership problem

    I am trying to resolve some file permission and ownership problems that are left over from using Migration Assistant to set up my iMac from an older iMac. In a terminal session when I use the ls -l command I'm getting a file/directory owner of 504. Sometimes the group is admin and sometimes the group is also 504. I think this is because the owner of the file on the old computer is not present in the new one but I want to be sure before I just change the owner and group.

    The following should give you an indication->
    id -un 504
    or you could try->
    dscl . list /Users UniqueID | grep 504  && echo "User exists" || echo "User does not exist"

  • I need to take ownership of an external drive with NTFS file system from my previous laptop?

    I have an external drive that was previously associated with my PC laptop that was stolen.
    I wish to take ownership of folders.
    Can anyone help me with this.

    Use a third party tool to allow your computer to use ntfs formatted drives.
    Or, just copy the folder/files to your computer then use them. OSx can read ntfs drives so copy will work. After you copy the files to your computer, format the drive for OSx then use the drive with your computer with read/write functionality.

  • How do I NOT take ownership of comments made by others?

    In shared, online reviews that I initiate (Send for Shared Review), I sometimes unknowingly take ownership of others' comments- this is not desired for me (as initiator, or for any participants making their own comments).  Sometimes I take over everyone's comments, other times I don't, even with the Adobe settings are the same (see #1).  I DO need to add my own comments during the review, but want to prevent taking ownership of others in the online review.
    Should I UNcheck the Review Preference box for:  Show "On Behalf Of" text...when user takes ownership of comments"?  I've always had it checked (seems to be a default), but I don't always take ownership- perhaps related to the sequence of steps (#2)?
    Is there a proper Save/Publish or Publish/Save sequence that governs when you do/don't take ownership?  Does saving a draft and publishing later make me (or anyone else) take ownership of comments?
    Does it make any difference with 'taking ownership' when I "Send for Shared Review" if I place my name in the "To" versus "cc" list?
    Our team has really liked the shared online Adobe reviews and use it a fair amount, but this question has yet to be solved- please help!

    Jay del Rosario wrote:
    >
    > How do I troubleshoot installation/distribution of a LabVIEW .exe
    > which processes data using Matlab when it works on some computers but
    > not others?
    Poke around zone.ni.com and
    http://digital.natinst.com/public.nsf/$$Search/ .
    Good luck, Mark

  • Problems enabling nfs client and server

    I just re-build a solaris 11.1x86 on a x4640 SunFire
    Have problems enabling nfs
    First i typed the following command:
    # svcs network/nfs/server
    disable
    Second I typed the following command:
    #svcadm enable network/nfs/server
    # svcs network/nfs/server
    offline
    did this 3 or 4 times without success...
    any ideas?
    I holding production here! Please help!!

    Let's rule out the easier stuff first...
    Do you have something shared?
    I think you need to have something shared before you can enable the nfs server service.
    Or, if you share something, the service is started automatically. See below.
    Thanks, Cindy
    # svcs -a | grep nfs
    disabled Feb_26 svc:/network/nfs/client:default
    disabled Feb_26 svc:/network/nfs/server:default
    disabled Feb_26 svc:/network/nfs/rquota:default
    # svcadm enable svc:/network/nfs/server:default
    # svcs | grep nfs
    disabled 13:51:52 svc:/network/nfs/server:default
    # zfs set share.nfs=on rpool/cindy
    # share
    rpool_cindy /rpool/cindy nfs sec=sys,rw
    # svcs | grep nfs
    online Feb_26 svc:/network/nfs/fedfs-client:default
    online Feb_27 svc:/network/nfs/status:default
    online Feb_27 svc:/network/nfs/cbd:default
    online Feb_27 svc:/network/nfs/mapid:default
    online Feb_27 svc:/network/nfs/nlockmgr:default
    online 13:52:35 svc:/network/nfs/rquota:default
    online 13:52:35 svc:/network/nfs/server:default

  • Take ownership of a registry key, and change permissions

    Hello,
    I am writing a powershell script to configure a W2008-R2 Server. In one of the steps, I need to take ownership of an existing registry key, and then give full control permissions to the administrators.
    I have done this:
    $acl = Get-Acl $key
    $me = [System.Security.Principal.NTAccount]"$env:userdomain\$env:username"
    $acl.SetOwner($me)
    $person = [System.Security.Principal.NTAccount]"Administrators"
    $access = [System.Security.AccessControl.RegistryRights]"FullControl"
    $inheritance = [System.Security.AccessControl.InheritanceFlags]"None"
    $propagation = [System.Security.AccessControl.PropagationFlags]"None"
    $type = [System.Security.AccessControl.AccessControlType]"Allow"
    $rule = New-Object System.Security.AccessControl.RegistryAccessRule($person,$access,$inheritance,$propagation,$type)
    $acl.AddAccessRule($rule)
    Set-Acl $key $acl
    But it fails in "set-acl" command, with the message "Set-Acl : Requested registry access is not allowed."
    Any ideas of how to do this? or if it is even possible?
    Thank you!

    Here is the code to take ownership of a registry key.  You first need to set the SeTakeOwnership permission on your process
    The enable-privilege function is taken from a posting by Lee Holmes (http://www.leeholmes.com/blog/2010/09/24/adjusting-token-privileges-in-powershell/), but
    I've been meaning to get around to tidy it up a bit for my purposes.  Perhaps this thread is the motivation I need to do this.  I should also note that the PowerShell Community Extensions has cmdlets to work with tokens already.  
    I also never tested whether you can do the PowerShell native methods of get-acl set-acl if you set the token.  I don't have time to play with that now, but if you want to try it and let us know if it works that would be great.  The opensubkey method
    I'm using I've documented here for changing permissions when you don't have permissions: http://powertoe.wordpress.com/2010/08/28/controlling-registry-acl-permissions-with-powershell/
    function enable-privilege {
    param(
    ## The privilege to adjust. This set is taken from
    ## http://msdn.microsoft.com/en-us/library/bb530716(VS.85).aspx
    [ValidateSet(
    "SeAssignPrimaryTokenPrivilege", "SeAuditPrivilege", "SeBackupPrivilege",
    "SeChangeNotifyPrivilege", "SeCreateGlobalPrivilege", "SeCreatePagefilePrivilege",
    "SeCreatePermanentPrivilege", "SeCreateSymbolicLinkPrivilege", "SeCreateTokenPrivilege",
    "SeDebugPrivilege", "SeEnableDelegationPrivilege", "SeImpersonatePrivilege", "SeIncreaseBasePriorityPrivilege",
    "SeIncreaseQuotaPrivilege", "SeIncreaseWorkingSetPrivilege", "SeLoadDriverPrivilege",
    "SeLockMemoryPrivilege", "SeMachineAccountPrivilege", "SeManageVolumePrivilege",
    "SeProfileSingleProcessPrivilege", "SeRelabelPrivilege", "SeRemoteShutdownPrivilege",
    "SeRestorePrivilege", "SeSecurityPrivilege", "SeShutdownPrivilege", "SeSyncAgentPrivilege",
    "SeSystemEnvironmentPrivilege", "SeSystemProfilePrivilege", "SeSystemtimePrivilege",
    "SeTakeOwnershipPrivilege", "SeTcbPrivilege", "SeTimeZonePrivilege", "SeTrustedCredManAccessPrivilege",
    "SeUndockPrivilege", "SeUnsolicitedInputPrivilege")]
    $Privilege,
    ## The process on which to adjust the privilege. Defaults to the current process.
    $ProcessId = $pid,
    ## Switch to disable the privilege, rather than enable it.
    [Switch] $Disable
    ## Taken from P/Invoke.NET with minor adjustments.
    $definition = @'
    using System;
    using System.Runtime.InteropServices;
    public class AdjPriv
    [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
    internal static extern bool AdjustTokenPrivileges(IntPtr htok, bool disall,
    ref TokPriv1Luid newst, int len, IntPtr prev, IntPtr relen);
    [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
    internal static extern bool OpenProcessToken(IntPtr h, int acc, ref IntPtr phtok);
    [DllImport("advapi32.dll", SetLastError = true)]
    internal static extern bool LookupPrivilegeValue(string host, string name, ref long pluid);
    [StructLayout(LayoutKind.Sequential, Pack = 1)]
    internal struct TokPriv1Luid
    public int Count;
    public long Luid;
    public int Attr;
    internal const int SE_PRIVILEGE_ENABLED = 0x00000002;
    internal const int SE_PRIVILEGE_DISABLED = 0x00000000;
    internal const int TOKEN_QUERY = 0x00000008;
    internal const int TOKEN_ADJUST_PRIVILEGES = 0x00000020;
    public static bool EnablePrivilege(long processHandle, string privilege, bool disable)
    bool retVal;
    TokPriv1Luid tp;
    IntPtr hproc = new IntPtr(processHandle);
    IntPtr htok = IntPtr.Zero;
    retVal = OpenProcessToken(hproc, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, ref htok);
    tp.Count = 1;
    tp.Luid = 0;
    if(disable)
    tp.Attr = SE_PRIVILEGE_DISABLED;
    else
    tp.Attr = SE_PRIVILEGE_ENABLED;
    retVal = LookupPrivilegeValue(null, privilege, ref tp.Luid);
    retVal = AdjustTokenPrivileges(htok, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
    return retVal;
    $processHandle = (Get-Process -id $ProcessId).Handle
    $type = Add-Type $definition -PassThru
    $type[0]::EnablePrivilege($processHandle, $Privilege, $Disable)
    enable-privilege SeTakeOwnershipPrivilege
    $key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey("SOFTWARE\powertoe",[Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree,[System.Security.AccessControl.RegistryRights]::takeownership)
    $acl = $key.GetAccessControl()
    $me = [System.Security.Principal.NTAccount]"t-alien\tome"
    $acl.SetOwner($me)
    $key.SetAccessControl($acl)
    http://twitter.com/toenuff
    write-host ((0..56)|%{if (($_+1)%3 -eq 0){[char][int]("116111101110117102102064103109097105108046099111109"[($_-2)..$_] -join "")}}) -separator ""

  • AGPM group policy ownership problem

    Im trying to move uncontrolled policies to controlled but I get [GPMC Error] Could not take ownership of the production GPO. Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) on all of them.  Per the docs, my service account
    is a member of the "GPO Creator Owners" group and "Backup Operators" group.  I have also given full control of the container the policies are in to the service account.  I am able to create new controlled policies and deploy them, I just cant
    seem to take control of production GPOs even though it looks like the rights are there.
    Anyone have any ides?

    Hi Dave,
    you also need to get the service account full controller over the existing GPOs:
    Full Access to existing GPOs
    http://blogs.technet.com/askds/archive/2008/12/16/agpm-least-privilege-scenario.aspx
    AGPM ensures that it has proper ownership and permissions to all controlled GPOs. However, GPOs created before implementing AGPM will not provided adequate permissions to the AGPM Service. For this reason, you'll want give the AGPM Service
    Full Control to all GPOs that exists prior to implementing AGPM.
    That should fix it.
    Gunter

  • "Floating ownership" problem on eSATA DS4600

    I have a Promise DS4600 unit that is hooked up with eSATA. Previously, I used System Preferences to move some user account home directories to this unit since some of them are just gigantic. It's worked great... until...
    ...somehow, this volume has acquired the "floating ownership" problem. The floating ownership problem is where the system shows the currently-logged on user as the owner of every file and directory inside the volume even though "ignore ownership on this volume" has been disabled for quite some time.
    Does anyone have any idea how this happened or how to fix it? I'm trying to avoid a data move/permissions rework because the amount of data is huge (3 terabytes or so) and it would be difficult. I have a feeling there is a setting stuck, but I cannot find any data on it. I know there is a post about this issue on the SuperDuper! blog, but there is no information on how to fix it. They just talk about how they worked around the issue on their application.

    I have a Promise DS4600 unit that is hooked up with eSATA. Previously, I used System Preferences to move some user account home directories to this unit since some of them are just gigantic. It's worked great... until...
    ...somehow, this volume has acquired the "floating ownership" problem. The floating ownership problem is where the system shows the currently-logged on user as the owner of every file and directory inside the volume even though "ignore ownership on this volume" has been disabled for quite some time.
    Does anyone have any idea how this happened or how to fix it? I'm trying to avoid a data move/permissions rework because the amount of data is huge (3 terabytes or so) and it would be difficult. I have a feeling there is a setting stuck, but I cannot find any data on it. I know there is a post about this issue on the SuperDuper! blog, but there is no information on how to fix it. They just talk about how they worked around the issue on their application.

  • Temporarily Take Ownership of folders to set permissions

    So I am attempting to run a script when a server builds that sets permissions on certain folders. However, the administrator group does not have access to these files. Is there a way to temporarily take ownership of these folders so I can make the permission
    changes and revert the ownership back after.  Any thoughts?
    Thanks. 

    Mekac is right; if you don't have at least 'ReadPermissions' access to the file/folder, you usually can't get the current owner. If you have the SeBackupPrivilege granted, though, you can take a look at it under the right conditions. If you want to do that
    manually, let me know, otherwise you can try the 4.0 preview version of the
    PowerShell Access Control module:
    $CurrentPath = "c:\FileOrFolderPath"
    $AddAceParams = @{
    Principal = "Administrators"
    FolderRights = "FullControl"
    <#
    Method 1 (technically a one-liner)
    #>
    Get-SecurityDescriptor $CurrentPath -PacSDOption (New-PacCommandOption -BypassAclCheck) | ForEach-Object {
    $OriginalOwner = $_.Owner
    $_ | Set-Owner -PassThru -Apply | # -Force here would suppress prompt
    Add-AccessControlEntry @AddAceParams -PassThru |
    Set-Owner -Principal $OriginalOwner -Apply # -Force here would suppress prompt
    <#
    Method 2 (Multiple lines)
    #>
    $OriginalOwner = Get-SecurityDescriptor $CurrentPath -PacSDOption (New-PacCommandOption -BypassAclCheck) | select -ExpandProperty Owner
    Set-Owner $CurrentPath #-Force
    Add-AccessControlEntry $CurrentPath @AddAceParams -PassThru |
    Set-Owner -Principal $OriginalOwner -Apply #-Force
    Both examples should do the exact same thing. The important part is the '-PacSDOption (New-PacCommandOption -BypassAclCheck)', which enables the backup privilege and opens the file/folder in a special way to allow you to look at the security descriptor even
    if you don't have permission to. You need to do that to guarantee the ability to save the current owner. If you have any questions about what's going on, please let me know.
    It's actually possible to make the permission changes using the SeRestorePrivilege without taking ownership first, but there are a lot of "gotchas". I'm still trying to figure out if I'm going to include that capability in the final version
    of the module.
    By the way, version 4.0 currently still a preview build, so some of the syntax will be different before it's finalized. One area where the previous examples will definitely fail later is with the 'New-PacCommandOption' cmdlet (it's been renamed
    to 'New-PacSdOption' in the latest unreleased build).

  • Workfow Process Management - Take Ownership issue

    Hi All,
    We are on Hyperion planning 11.1.2 and just started using Workflow process mgmt of type "Bottom Up". It is happened that one of the planning unit owners went on vacation and when the top level user (budget administrator) takes ownership of these planning units, write access is not getting transferred. All web forms cells are grayed out. Budget administrator has write access at all levels (Confirmed when looked at other scenario where it is not enabled for PM). Not sure what we are doing wrong. Can you guys throw some light...
    Thanks for your help in advance.
    Regards,
    Praveen

    Yes budget administrator is one of the reviewers.
    How to handle this situation. I tried with one of the planner (who is not part of the Process Mgmt and who have write access at all levels) to take ownership from initial owner but it is not allowed to take. Is there any way to take ownership of the planning units and submit data. Please let me know.
    Thanks,
    Praveen

Maybe you are looking for