SCOM warning about impersonation setting in sharepoint
SharePoint 2010 SP1 using Integrated authentication (AD) - we are getting a warning from SCOM saying that
SharePoint web.config for "impersonation Mode" causes security hole.
and referencing this kb article
http://support.microsoft.com/kb/306158 - which is a generic asp.net article - not specific to sharepoint. The particular web.config that SCOM is complaining about is at path "C:\Program
Files\Common Files\Microsoft Shared\Web Server
Extensions\14\TEMPLATE\IDENTITYMODEL\TRUST\web.config" which appears to be used for authentication with "Trusted authentication providers such as adfs" (according to this blog:
http://sharepoint.muhrman.se/2012/06/14/the-users-are-impatient-help-them-if-you-can/)
I can't find anything official documentation-wise regarding this particular web.config file - but I'm assuming that that web.config needs to have impersonate="false" set to properly do that authentication method (which we don't use) - but I would
really like something official that I can point to when I tell our operations guys that I want to leave the setting as-is.
Can anyone point me to something official on the need for that setting?
Thanks
Hi,
SharePoint utilizes .NET impersonation and NET Impersonation allows an application to run under the context of the client accessing an application.
By default, the impersonate is set to false in web.config file.
With the default setting, the ASP.NET thread runs using the process token of the application worker process regardless of which combination of IIS and ASP.NET authentication is used.
If you need to access the all the resources on the local computer, then you can enable the impersonation to true which will run as the Local System account.
You can refer to the links below for more details:
http://www.codeguru.com/csharp/.net/net_general/netframeworkclasses/article.php/c19531/SharePoint-Security-and-NET-Impersonation.htm
https://msdn.microsoft.com/en-us/library/aa292118(v=vs.71).aspx
Thanks,
Victoria
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Victoria Xia
TechNet Community Support
Similar Messages
-
Warning about low disk space on drive E
Hi,
I'm running Windows 7 on a HP Pavilion Elite HPE. My main drive i s C and there is also D (Factory image) and then the HP(E: ) one which is giving the warning about low disk space. When I look at what there is in drive E there is a folder called "my name"-PC with a lot of "Backup Set" folders/files in it, and then there is a folder called WindowsImageBackup and subfolder "my name"-PC.
I know I have to clean out these folders but I ma very insecure as to what I can delete.
I'd be very thankful if you could give me some advice in this matter!
This question was solved.
View Solution.File History in Windows 7 is an extensive image backup of your drive which will steadily increase over time and needs to be cleared and suggest that you turn the feature off. It is not very efficient.
If you wish to delete this Windows Image Backup file, you should disable the automatic backup feature of Windows.
Click on Start button > Control Panel > System and Maintenance> Backup and Restore.
In the left pane, click on "Turn Off Schedule".
From there you can delete the backup files on your E drive.
I also suggest as an alternative, use Macrium Reflect Free every so often as it is more efficient and reliable. It will make a complete image back up of your entire hard drive to an external hard drive. Don't forget to create a rescue disk.
Go to this site and do a Custom Install:
http://www.macrium.com/reflectfree.aspx
I personally use the Professional Edition which gives me more flexibility and features.
Please mark my post as SOLVED if it has resolved your problem. It helps others with similar situations. -
Hi,
I have a few questions on "Warn About Changes" feature in 12i.
1. When the Warn about changes message will be thrown ?
2. In my page, im using the ViewObject (OAViewObjectImpl type) and setting its row attribute programmatically. But still not getting the Warn about Changes message as VO should be dirty in this case. How to overcome this ?
3. In my another page, im using ViewObject (extends OAPlsqlViewObjectImpl class). This triggers the Warn About Changes on setting the Row attributes programmatically. But for some of attributes, i want to suppress the message on page rendering and enable it on user action. is there any way to do it ?
4. Also if i want to throw the same type of message using JavaScript, please help me with the approach of catching the event and throwing the message.
Thanks in Advance !!!
Best Regards,
Senthil.Hi,
1. When the Warn about changes message will be thrown ?
Answer: warn about changes will be thrown whenever there are changes in the Application State.
2. In my page, im using the ViewObject (OAViewObjectImpl type) and setting its row attribute programmatically. But still not getting the Warn about Changes message as VO should be dirty in this case. How to overcome this ?
Answer: Have you set the warn about changes property to "true" on the pagelayout region???
4. Also if i want to throw the same type of message using JavaScript, please help me with the approach of catching the event and throwing the message.
Answer: you can check if (vo.isdirty()) then you can throw a message.
Thanks,
Gaurav -
Warn About Changes at Main Tab Level.
Hi All,
I have 6 main tabs and in one main tab i have created a page with 6 subtabs. In one subtab i have an advanced table which contains custom Add line submit button. i set warn about changes property of AddLine button item to true, and also page layout and fields in advanced table property warn about changes to true. But if i add new line and try to click on other main tab i am not getting alert pop up message (warning message).
Can anyone tell me how to resolve this issue?
Regards,
BabuHi Babu
Handeling of warn about changes is covered in the OAF development guide under Save Model("Warn About Changes") -
I updated Itunes today to the latest version. Windows 7 64bit. None of my drivers work and get an error when itunes starts, about registry setting for reading and writing dvds and cds missing. Anyone else have the same issue. I downloaded itunes again, reinstalled still have same issue.
I'd start with the following document, with one modification. At step 12 after typing GEARAspiWDM press the Enter/Return key once prior to clicking OK. (Pressing Return adds a carriage return in the field and is important.)
iTunes for Windows: "Registry settings" warning when opening iTunes -
Warn About Changes and page flow
Hi, in dev guide, it is said:
For any single page, or first page in a navigation flow where the retainAM URL parameter value is set to Y (and the pages share the same root UI application module) as you navigate between each page, set the Warn About Changes property to True on the pageLayout region.
in other word, if pages in page flow are in the same AM, after changing am in the first page, anytime leave the following page to click the home link(oracle branding), the WarnAboutChanges msg should be alerted?
But,
Now I have two pages, using the same AM, set the two pages' property "Warn About Changes" to true.
And I want to implement this: after inputing some words, and click a sunmitButton forward to pageB(add retainAM = Y in setForwardURL in code), then in pageB don't do anything, but click home link, WarnAboutChanges message does not alert.
Could anyone help to explain this?
And how to implement the page flow warnAboutChanges?
And how root application module to set if different pages in different AMs?
PreThanks to you very much!But,
Now I have two pages, using the same AM, set the two pages' property "Warn About Changes" to true.
And I want to implement this: after inputing some words, and click a sunmitButton forward to pageB(add retainAM = Y in setForwardURL in code), then in pageB don't do anything, but click home link, WarnAboutChanges message does not alert.
Could anyone help to explain this?
I asked u previously also read dev guide properly, here it what dev guide say:
"By default, the Warn About Changes property is set to True for each of the items in this list except for the
OASubmitButtonBean whose default value is False (a ccording to the UI guidelines, the "Warn About
Changes" check should be performed for all submit button instances except for Cancel, Apply and Submit
buttons). If you want to explicitly enable the check for a submit button, set this property to True. Note that can
also set it programmatically by calling OASubmitButtonBean.setWarnAboutChanges(pageContext,
Boolean.TRUE) in processRequest()."
I hope this answers ur question.
And how to implement the page flow warnAboutChanges?
Read "Save Model ('Warn About Changes')" in dev guide :).And how root application module to set if different pages in different AMs?
You can nest differnt AMs in on AM in AM wizard.--Mukul -
Printable Page - Warn About Changes issue
Hi,
I am implementing Printable Page functionality by giving TargetFrame = _blank. And also I am setting Warn About Changes property to True. (pageLayoutRN's WarnAboutChanges is also set to True)
But after making some changes in the page and If I click the Printable Page button, the Save Model warning is not coming.
Any solution ?
SenthilKumar JI guess then it explains the issue. Save model gets invoked only on the following scenario:
# Selecting a tab, horizontal navigation or side navigation menu entry
# Selecting a global button (implies retainAM=N)
# Selecting a breadcrumb link.
# Selecting a link with URL parameter retainAM=Y and the Warn About Changes property set to True (note that this applies only to declaratively defined links; this does not apply to menu links)
# Selecting an image which does not post your changes. For example, selecting an LOV icon or a long tip window will not trigger the save model warning. However, if the user selects on an image that navigates to Yahoo, for example, the warning is displayed.
# Selecting a link that performs a form submit and has the Warn About Changes property set to True.
--Shiv -
RBAC or Mailbox impersonation setting
We use a product from Sherpa Software called Archive Attender to archive message content off to a different server and leave a stub in the message that allows the user to retrieve that content. I have a user called Super that is a member of the domain
admins group that is setup to access the users mailbox when the archive policy is being processed and perform the duties of extracting the message contents and creating the message stub.
The process has been working without any issues up to about a week ago when I started to receive an error “ERROR: Unable to open the MAPI store”. On the server that runs this process Outlook 2010 is installed and I can send and receive messages so
I doubt it is a corrupt mapi file. If in Exchange I right click on a mailbox and run the Manage Full Access Permissions” for that mailbox and add the user Super the archive process works. The only side effect that I see is in the Outlook Client
I also see that users mailbox listed.
My question is can I assign the user Super to a RBAC role that allows read / write access to all messages in all users mailboxes or should I be looking at some form of mailbox impersonation setting for the user.How to configure Exchange Impersonation to enable a service account to impersonate all other users in an organization:
New-ManagementRoleAssignment -Name <impersonationAssigmentName> -Role applicationImpersonation -User <serviceAccount>
http://www.3cx.com/blog/docs/how-to-create-impersonated-user/
Cheers,
Gulab Prasad
Technology Consultant
Blog:
http://www.exchangeranger.com Twitter:
LinkedIn:
Check out CodeTwo’s tools for Exchange admins
Note: Posts are provided “AS IS” without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose. -
Warning about improper connections contains no "I understand the risks" options, I can't proceed
I installing Thunderbird on Windows 8.1. I am trying to add 3 accounts. When adding the second account Thunderbird warned about insecure transmission of password. I clicked the "I understand the risks". No problem. When I tried to add my third account, I received the warning again only this time there was no "I understand the risks" option. I can't click 'Done', If I change the setting TB can't find the servers. I am stuck and unable to add my last account.
I have TB installed on my laptop running Windows 7 and had no problems. I am using the same settings as in my version of TB on my laptop. The version of TB is 24.4 on both machines. Of course, the version of TB was younger when I installed on the laptop.
Thanks, in advance, for any advice.
Bill HaltemanI'm stuck too, and don't know what to do.
I am running windows 7.
There is excellent documentation of this problem here - https://bugzilla.mozilla.org/show_bug.cgi?id=812750
Problematically, the warning directs me t FAQ, but when I do a search what I find is that everyone is having the same problem.
Further, my existing accounts now show Connection security - None and Authentication as Password, transmitted insecurely. I suspect I am lucky that my existing accounts still work. -
So my airport extreme recently had some nat/dns issue and in the airport utility displayed a warning about it and to correct it. I wasn't sure what to do so i pressed the resolve icon and now my guest network is not working.
Anytime you change networking hardware, it is always a good idea to perform a complete power recycle of your networking components.
I would recommend that you do the following as a minimum:
Power-down the modem, AirPort base station, and computer(s).
Disconnect the AirPort base station from the Internet broadband modem.
While all of the devices are powered-down, perform a "factory default" reset on the base station. This will get it back to its "out-of-the-box" configuration and make setting it up much easier, especially if you use the "Assist me" process within the AirPort Utility. (ref: Resetting an AirPort Base Station or Time Capsule)
After the base station resets, go ahead and power it back down.
Reconnect the AirPort base station to the Internet broadband modem. For the Extreme and Time Capsule, be sure to connect the cable to the base station's WAN (circle-of-dots) port.
Power-up the modem; wait at least 10-15 minutes to allow it adequate time to initialize.
Power-up the AirPort base station; wait at least 5-10 minutes. Note: The AirPort's status light may continue to flash amber after it has intialized. That is because, there may be some additional configuration items necessary, like setting up wireless security, before the overall setup is completed to get a green status.
Power-up your computer(s).
In this basic configuration, the AirPort base station will broadcast an unsecured wireless network with a Network Name (SSID) of Apple Network NNNNNN. Network clients, connected to the base station either by wire or wireless, should now be able to access the Internet through the ISP's modem. Once Internet connectivity has been verified, you can use the AirPort Utility to configure the base station for wireless security and any other desired options. Please post back your results. -
After Effects warning: couldn't set Quicktime video output display mode
After Effects warning: couldn't set Quicktime video output display mode
I'm getting this error when exporting video from after effects. I also get it when the program starts up. I'm using Windows XP. Cannot find anything about a fix anywhere. Does anyone know how to fix this?Thanks for your reply. I profess ignorance regarding the GDI only mode and have no idea how to access that. Can you give me a little more info on that?
I am using an ATI Radeon HD 3850. I have two monitors on that card, Monitor one is a Trinitron HP 1130 CRT.(set to 1280x1024 16bit) The other is DVI wide screen Ilo 26 inch monitor. (1024x768 at 32 bit)
I have a BlackMagic Design DECKLINK standard definition broadcast card which outputs component video to a sony broadcast Beta deck. 480ix720 standard video.
The machine has a gigabyte motherboard. Intel Core 2 quad cpu 2.66 ghz
2.50 gb ram reported (4gigs installed)
These hasn't been a major issue as I can still output AVI uncompressed but it is annoying.
John -
Problem with internet. When i open System preferences, Network, message drops down: 'your network settings have been changed by another application'. I click OK, but it dropps the message again and again, preventing me to do anything about the setting.
A Fix for "Your network preferences have been changed by another application" Error
In the Library/Preferences/SystemConfiguration/ folder delete the following:
com.apple.airport.preferences.plist
NetworkInterfaces.plist
preferences.plist
com.apple.nat.plist
You will have to re-configure all your network settings since deleting.
(10.4.10)
Use Software Update to update your OS to last version of Tiger. Install all the other updates that goes along w/it. -
Can I stop Windows 7 from warning about security on every linked PDF?
I am working on a project for which I have created one central document (an index) and 120 linked documents. Each document, on every page, has links to the next alphabetical document and back to the central index. This project will be distributed on disc to people with unknown computer platforms.
I am a Mac user, and this works well on my iMac using Adobe Reader. It also works on my ancient Windows XP machine. A tech friend has looked the project over, and he says that on Windows 7 (used by more than half of computer users), every time a document links to a new document, Windows 7 throws up a warning about PDF security hazards. With a large number of documents to open, this could be tiresome.
Is there a way to stop Windows 7 from warning about security on every linked PDF?
This tech person recommends joining all the PDFs into one file (around 50 MB by his estimate), which would require relinking every current link.
Acrobat offers to do the same with its Portfolio, but I'm not fond of the graphic styles offered, and I worry that one large file might be a challenge for older machines.
Any suggestions?Can you get a screen shot of this error message or at least the exact wording? I suspect the error message is being displayed by Reader/Acrobat and not Windows.
-
In about:config, the values I changed to for the preference name browser.gesture.swipe.left was Browser:PrevTab and for browser.gesture.swipe.right was Browser:NextTab.
I have the latest synaptics touch pad on my laptop and it supports three touch swipe on windows pcs and on firefox. The about:config setting seem to be specific for MACs and so does not responds to windows changes.Hi,
I suggest you try the steps in this thread for test:
Disable Suggested Sites does not work.
http://answers.microsoft.com/en-us/ie/forum/ie9-windows_7/disable-suggested-sites-does-not-work/4ba064b1-1c6e-43f1-939e-2db1d335b2ef
Regards,
Vincent Wang
TechNet Community Support -
How to create a Document Set in SharePoint 2013 using JavaScript Client Side Object Model (JSOM)?
Hi,
The requirement is to create ""Document Sets in Bulk" using JSOM. I am using the following posts:-
http://blogs.msdn.com/b/mittals/archive/2013/04/03/how-to-create-a-document-set-in-sharepoint-2013-using-javascript-client-side-object-model-jsom.aspx
http://social.msdn.microsoft.com/Forums/sharepoint/en-US/1904cddb-850c-4425-8205-998bfaad07d7/create-document-set-using-ecma-script
But, when I am executing the code, I am getting error "Cannot read property 'DocumentSet' of undefined "..Please find
below my code. I am using Content editor web part and attached my JS file with that :-
<div>
<label>Enter the DocumentSet Name <input type="text" id="txtGetDocumentSetName" name="DocumentSetname"/> </label> </br>
<input type="button" id="btncreate" name="bcreateDocumentSet" value="Create Document Set" onclick="javascript:CreateDocumentSet()"/>
</div>
<script type="text/javascript" src="//ajax.aspnetcdn.com/ajax/jQuery/jquery-1.7.2.min.js"> </script>
<script type="text/javascript">
SP.SOD.executeFunc('sp.js','SP.ClientContext','SP.DocumentSet','SP.DocumentManagement.js',CreateDocumentSet);
// This function is called on click of the “Create Document Set” button.
var ctx;
var parentFolder;
var newDocSetName;
var docsetContentType;
function CreateDocumentSet() {
alert("In ClientContext");
var ctx = SP.ClientContext.get_current();
newDocSetName = $('#txtGetDocumentSetName').val();
var docSetContentTypeID = "0x0120D520";
alert("docSetContentTypeID:=" + docSetContentTypeID);
var web = ctx.get_web();
var list = web.get_lists().getByTitle('Current Documents');
ctx.load(list);
alert("List Loaded !!");
parentFolder = list.get_rootFolder();
ctx.load(parentFolder);
docsetContentType = web.get_contentTypes().getById(docSetContentTypeID);
ctx.load(docsetContentType);
alert("docsetContentType Loaded !!");
ctx.executeQueryAsync(onRequestSuccess, onRequestFail);
function onRequestSuccess() {
alert("In Success");
SP.DocumentSet.DocumentSet.create(ctx, parentFolder, newDocSetName, docsetContentType.get_id());
alert('Document Set creation successful');
// This function runs if the executeQueryAsync call fails.
function onRequestFail(sender, args) {
alert("Document Set creation failed" + + args.get_message());
Please help !!
Vipul JainHello,
I have already tried your solution, however in that case I get the error - "UncaughtSys.ArgumentNullException: Sys.ArgumentNullException:
Value cannot be null.Parameter name: context"...
Also, I tried removing SP.SOD.executeFunc
from my code, but no success :(
Kindly suggest !!!
Vipul Jain
Maybe you are looking for
-
MAc won't save youtube video anymore. What am I doing wrong?
I was trying to save a video from youtube as I did a 1000 times before. Now when I try, every program/site I use (KeepVid for instance), will turn the .mp4 video file in a .txt file. Basically the file name will be something like video.mp4.txt I trie
-
Next page previous page using JDBC in JSP
Hello, I wanted to know how the previous page and next page is developed when an user serches for a particular string in a web site.They are restricting the database to display only 10-25 rec per page and giving an option like next, when an user clic
-
Just purchased a MacBook Air and would like to access the LR5 that is installed on my iMac desktop
I just purchased a MacBook Air and would like to access the LR5 that is installed on my iMac desktop. How do I do tha
-
Having problem with switch statement..please help
here my question : GUI-based Pay Calculator A company pays its employees as executives (who receive a fixed weekly salary) and hourly workers (who receive a fixed hourly salary for the first 40 hours they work in a week, and 1.5 times their hourly wa
-
Anyone know the answer to this question