Should i disable system accounts?
Hallo to everyone! I am trying to harden solaris 10 x86 and I read a recommendation (from CIS) to lock system accounts (bin, nuucp, smmsp, listen, gdm, webservd, nobody, noaccess, nobody4).
Why should i do that?
Isn't it risky for the proper operation of my system, to lock these accounts?
Thanks in advance
compare that list to those listed in the basic admin guide.
For better security remove the ethernet cable and any modems.
For the ultimate security remove the power cord.
alan
Similar Messages
-
GPP runs in System account even if specified that it should run i user context
The user 'xlsx' preference item in the 'USER-Microsoft-Office Group Policy object did not apply because it failed with error code '0x80070005 Access is denied.' This error was suppressed.
I have a problem with GPP that should make a program (Libreoffce or Microsoft office) the default opening option for certain file-types (.doc, xls, .ppt etc...)
But the GPP runs in system account even tho I have set the policy to "Run in user's security context"Hi Martin,
Thank for your patiences!
Here is another log of a user that I'm certain that it is a failure on
2013-07-04 08:06:04.800 Entering ProcessGroupPolicyExFolderOptions()
2013-07-04 08:06:04.800 SOFTWARE\Policies\Microsoft\Windows\Group Policy\{A3F3E39B-5D83-4940-B954-28315B82F0A8}
2013-07-04 08:06:04.801 BackgroundPriorityLevel ( 0 )
2013-07-04 08:06:04.801 DisableRSoP ( 0 )
2013-07-04 08:06:04.801 LogLevel ( 2 )
2013-07-04 08:06:04.801 Command subsystem initialized. [SUCCEEDED(S_FALSE)]
2013-07-04 08:06:04.818 Background priority set to 0 (Idle).
2013-07-04 08:06:04.819 ----- Parameters
2013-07-04 08:06:04.819 CSE GUID : {A3F3E39B-5D83-4940-B954-28315B82F0A8}
2013-07-04 08:06:04.819 Flags : ( ) GPO_INFO_FLAG_MACHINE - Apply machine policy rather than user policy
2013-07-04 08:06:04.819 ( X ) GPO_INFO_FLAG_BACKGROUND - Background refresh of policy (ok to do slow stuff)
2013-07-04 08:06:04.819 ( ) GPO_INFO_FLAG_SLOWLINK - Policy is being applied across a slow link
2013-07-04 08:06:04.819 ( ) GPO_INFO_FLAG_VERBOSE - Verbose output to the eventlog
2013-07-04 08:06:04.819 ( X ) GPO_INFO_FLAG_NOCHANGES - No changes were detected to the Group Policy Objects
2013-07-04 08:06:04.819 ( ) GPO_INFO_FLAG_LINKTRANSITION - A change in link speed was detected between previous policy application and current policy application
2013-07-04 08:06:04.819 ( ) GPO_INFO_FLAG_LOGRSOP_TRANSITION - A change in RSoP logging was detected between the application of the previous policy and the application of the current policy.
2013-07-04 08:06:04.819 ( ) GPO_INFO_FLAG_FORCED_REFRESH - Forced Refresh is being applied. redo policies.
2013-07-04 08:06:04.820 ( ) GPO_INFO_FLAG_SAFEMODE_BOOT - windows safe mode boot flag
2013-07-04 08:06:04.820 ( ) GPO_INFO_FLAG_ASYNC_FOREGROUND - Asynchronous foreground refresh of policy
2013-07-04 08:06:04.820 Abort Flag : Yes (0x003967d0)
2013-07-04 08:06:04.820 HKey Root : Yes (0x000015e0)
2013-07-04 08:06:04.820 Deleted GPO List : No
2013-07-04 08:06:04.820 Changed GPO List : Yes
2013-07-04 08:06:04.820 Asynchronous Processing : Yes
2013-07-04 08:06:04.820 Status Callback : No (0x00000000)
2013-07-04 08:06:04.821 WMI namespace : No (0x00000000)
2013-07-04 08:06:04.821 RSoP Status : Yes (0x068ced48)
2013-07-04 08:06:04.821 Planning Mode Site : (none)
2013-07-04 08:06:04.821 Computer Target : No (0x00000000)
2013-07-04 08:06:04.821 User Target : No (0x00000000)
2013-07-04 08:06:04.821 Calculated list relevance. [SUCCEEDED(S_FALSE)]
2013-07-04 08:06:04.822 ----- Changed - 0
2013-07-04 08:06:04.822 Options : ( ) GPO_FLAG_DISABLE - This GPO is disabled.
2013-07-04 08:06:04.822 ( ) GPO_FLAG_FORCE - Do not override the settings in this GPO with settings in a subsequent GPO.
2013-07-04 08:06:04.822 Options (raw) : 0x00000000
2013-07-04 08:06:04.822 Version : 2293795 (0x00230023)
2013-07-04 08:06:04.822 GPC : LDAP://CN=User,cn={A357D87E-6F4D-4762-9F9A-6B5D3BE436F7},cn=policies,cn=system,DC=domain,DC=net
2013-07-04 08:06:04.822 GPT : \\domain.net\sysvol\domain.net\Policies\{A357D87E-6F4D-4762-9F9A-6B5D3BE436F7}\User
2013-07-04 08:06:04.822 GPO Name : {A357D87E-6F4D-4762-9F9A-6B5D3BE436F7}
2013-07-04 08:06:04.822 GPO Link : ( ) GPLinkUnknown - No link information is available.
2013-07-04 08:06:04.823 ( ) GPLinkMachine - The GPO is linked to a computer (local or remote).
2013-07-04 08:06:04.823 ( ) GPLinkSite - The GPO is linked to a site.
2013-07-04 08:06:04.823 ( ) GPLinkDomain - The GPO is linked to a domain.
2013-07-04 08:06:04.823 ( X ) GPLinkOrganizationalUnit - The GPO is linked to an organizational unit.
2013-07-04 08:06:04.823 ( ) GP Link Error
2013-07-04 08:06:04.823 lParam : 0x00000000
2013-07-04 08:06:04.823 Prev GPO : No
2013-07-04 08:06:04.823 Next GPO : Yes
2013-07-04 08:06:04.823 Extensions : [{00000000-0000-0000-0000-000000000000}{2EA1A81B-48E5-45E9-8BB7-A6E3AC170006}{3BFAE46A-7F3A-467B-8CEA-6AA34DC71F53}{BEE07A6A-EC9F-4659-B8C9-0B1937907C83}{CF848D48-888D-4F45-B530-6A201E62A605}][{25537BA6-77A8-11D2-9B6C-0000F8080861}{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F73-3407-48AE-BA88-E8213C6761F1}][{5794DAFD-BE60-433F-88A2-1A31939AC01F}{2EA1A81B-48E5-45E9-8BB7-A6E3AC170006}][{A2E30F80-D7DE-11D2-BBDE-00C04F86AE3B}{FC715823-C5FB-11D1-9EEF-00A0C90347FF}][{A3F3E39B-5D83-4940-B954-28315B82F0A8}{3BFAE46A-7F3A-467B-8CEA-6AA34DC71F53}][{B087BE9D-ED37-454F-AF9C-04291E351182}{BEE07A6A-EC9F-4659-B8C9-0B1937907C83}][{E4F48E54-F38D-4884-BFB9-D4D2E5729C18}{CF848D48-888D-4F45-B530-6A201E62A605}]
2013-07-04 08:06:04.823 lParam2 : 0x33d71cd8
2013-07-04 08:06:04.824 Link : LDAP://OU=ou,DC=domain,DC=net
2013-07-04 08:06:04.827 RunOnce value created [SUCCEEDED(S_FALSE)]
2013-07-04 08:06:04.830 Read GPE XML data file (1124 bytes total).
2013-07-04 08:06:04.831 RunOnce value created [SUCCEEDED(S_FALSE)]
2013-07-04 08:06:04.831 Starting filter [AND FilterCollection].
2013-07-04 08:06:04.831 Starting filter [AND NOT FilterOs].
2013-07-04 08:06:04.832 Starting filter [AND NOT FilterOs].
2013-07-04 08:06:04.832 Starting filter [AND NOT FilterOs].
2013-07-04 08:06:04.833 RunOnce value created [SUCCEEDED(S_FALSE)]
2013-07-04 08:06:04.841 ----- Changed - 1
2013-07-04 08:06:04.841 Options : ( ) GPO_FLAG_DISABLE - This GPO is disabled.
2013-07-04 08:06:04.841 ( ) GPO_FLAG_FORCE - Do not override the settings in this GPO with settings in a subsequent GPO.
2013-07-04 08:06:04.842 Options (raw) : 0x00000000
2013-07-04 08:06:04.842 Version : 12517567 (0x00bf00bf)
2013-07-04 08:06:04.842 GPC : LDAP://CN=User,cn={F45570D0-E3E9-4C02-B471-11E5708EC6F8},cn=policies,cn=system,DC=domain,DC=net
2013-07-04 08:06:04.842 GPT : \\domain.net\SysVol\domain.net\Policies\{F45570D0-E3E9-4C02-B471-11E5708EC6F8}\User
2013-07-04 08:06:04.842 GPO Display Name : USER-Microsoft-Office
2013-07-04 08:06:04.842 GPO Name : {F45570D0-E3E9-4C02-B471-11E5708EC6F8}
2013-07-04 08:06:04.842 GPO Link : ( ) GPLinkUnknown - No link information is available.
2013-07-04 08:06:04.842 ( ) GPLinkMachine - The GPO is linked to a computer (local or remote).
2013-07-04 08:06:04.842 ( ) GPLinkSite - The GPO is linked to a site.
2013-07-04 08:06:04.842 ( ) GPLinkDomain - The GPO is linked to a domain.
2013-07-04 08:06:04.843 ( X ) GPLinkOrganizationalUnit - The GPO is linked to an organizational unit.
2013-07-04 08:06:04.843 ( ) GP Link Error
2013-07-04 08:06:04.843 lParam : 0x00000000
2013-07-04 08:06:04.843 Prev GPO : Yes
2013-07-04 08:06:04.843 Next GPO : No
2013-07-04 08:06:04.843 Extensions : [{00000000-0000-0000-0000-000000000000}{3BFAE46A-7F3A-467B-8CEA-6AA34DC71F53}{CEFFA6E2-E3BD-421B-852C-6F6A79A59BC1}][{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{D02B1F73-3407-48AE-BA88-E8213C6761F1}][{A3F3E39B-5D83-4940-B954-28315B82F0A8}{3BFAE46A-7F3A-467B-8CEA-6AA34DC71F53}][{C418DD9D-0D14-4EFB-8FBF-CFE535C8FAC7}{CEFFA6E2-E3BD-421B-852C-6F6A79A59BC1}]
2013-07-04 08:06:04.843 lParam2 : 0x382b2bc8
2013-07-04 08:06:04.843 Link : LDAP://OU=ou,DC=domain,DC=net
2013-07-04 08:06:04.847 RunOnce value created [SUCCEEDED(S_FALSE)]
2013-07-04 08:06:04.851 Read GPE XML data file (4376 bytes total).
2013-07-04 08:06:04.852 RunOnce value created [SUCCEEDED(S_FALSE)]
2013-07-04 08:06:04.853 RunOnce value created [SUCCEEDED(S_FALSE)]
2013-07-04 08:06:04.857 RunOnce value created [SUCCEEDED(S_FALSE)]
2013-07-04 08:06:04.861 RunOnce value created [SUCCEEDED(S_FALSE)]
2013-07-04 08:06:04.864 RunOnce value created [SUCCEEDED(S_FALSE)]
2013-07-04 08:06:04.868 RunOnce value created [SUCCEEDED(S_FALSE)]
2013-07-04 08:06:04.872 RunOnce value created [SUCCEEDED(S_FALSE)]
2013-07-04 08:06:04.876 RunOnce value created [SUCCEEDED(S_FALSE)]
2013-07-04 08:06:04.880 RunOnce value created [SUCCEEDED(S_FALSE)]
2013-07-04 08:06:04.884 Properties handled. [ hr = 0x80070005 "Access is denied." ]
2013-07-04 08:06:04.887 Error suppressed. [ hr = 0x80070005 "Access is denied." ]
2013-07-04 08:06:04.888 RunOnce value created [SUCCEEDED(S_FALSE)]
2013-07-04 08:06:04.892 RunOnce value created [SUCCEEDED(S_FALSE)]
2013-07-04 08:06:04.896 RunOnce value created [SUCCEEDED(S_FALSE)]
2013-07-04 08:06:04.899 RunOnce value created [SUCCEEDED(S_FALSE)]
2013-07-04 08:06:04.909 Completed get next GPO. [SUCCEEDED(S_FALSE)]
2013-07-04 08:06:04.909 Completed get GPO list. [SUCCEEDED(S_FALSE)]
2013-07-04 08:06:04.927 Leaving ProcessGroupPolicyExFolderOptions() returned 0x00000000 -
I had a MobileMe account before... after upgrading to iOS 5, should I keep my account info under iCloud (settings) AND under mail, contacts and calendars (in Settings as well) or only keep the info under the new iCloud setting section?
That's not the correct port. It should be 993 for incoming.
If you signed into iCloud from the System Preferences, it should automatically create the iCloud account for you in Mail. Sounds like it is an account you already had set up for MMe in Mail.
Open Mail preferences, open the Accounts tab, disable that account in the advanced pane.
Open Sys Prefs, open the iCloud tab, and sign out of iCloud. Then sign back in and see if a new iCloud account is automatically created. -
Disable AD account with access policy
Hi all,
how can I disable AD account with access policy (or create AD account in disabled state)
Regards,
VladimirDewan.Rajiv wrote:
Access Polcies are just for triggering provisioning. You can custom AD connector or write your own to create user in disabled state using JNDI.Hi Dewan,
I have to create a simple demo system, and I need a solution which is not too weird (that means use as little of disparate technologies as possible).
I have two connected systems:
1. HR system, which is a trusted source for user and organizational data.
2. AD system, which is my provision destination.
I want to comply to the following requirements:
1. When a user is created in HR system, a new OIM account shall be created, and a new AD account shall or shall not (depending on HR data) be created in AD in disabled state
2. When a user is marked as dismissed in HR system, the AD account if exists, shall be disabled and moved to some special place in AD tree.
3. Same rules shall apply if the OIM account is created or marked as "Dismissed" manually by OIM administrator.
I use OIM reconciliation to get source data and it is no problem for me to create any reconciliation event I need.
I was considering creating Group->Access Policy->Resource chains, but Access Policy allows only to manage AD attributes, not account enable status.
Or should I add some unmapped pseudo-attribute to AD connector and a task which will enable/disable AD account based on the value of this attribute?
What other options do I have?
Regards,
Vladimir -
Apple disabled my account and disallowed my credit card!
I'm so angry at Apple now that I don't know where to begin. There were unauthorized in app purchases from my account and I contacted a Apple asking for a refund. They first refused blaming me or someone else in my household did the purchases. I wrote back that no one but me knew the itunes password. I got a reply that they would make an exception in my case and refund me and for that I'm happy. But they also said this: "To prevent further purchasing, I have disabled your account and have disallowed your Credit card from being used on the iTunes Store.". Now its not even possible to install free apps on my iphone since I only get a message that my account is disabled. I contacted them again asking how I could get my account back and credit card enabled again. They said that there was nothing they could do, I had to make a phone call to their support to get help. Should I call them? I'm scared they will be just as bad and unhelpful as the mail support. I just want this solved as fast as possible, actually I regret asking for a refund. If I knew this would happen I would rather have paid the unauthorized purchase than have go through this ****.
I really need to get my account back since I have done lots of earlier purchases that I don't want to lose.After talking to Apple support over phone, they have now enabled my account, but he couldn't do anything about the disallowed credit card. He said that I should contact Apple again by mail to get my credit card unbanned, so that's what I did. This is part of the reply I got from them:
"-----, Apple takes the security of your account very seriously as you had earlier reported for unauthorized activity on your credit card, so it has been prevented from being used on the iTunes Store.
If you have not done so already, please ask your card issuer to cancel the card and provide a replacement card with a new number."
I never said there were any unauthorized activity on my credit card, there was absolutely no need for them to ban it in the first place. Now they refuse to unban it and suggest that I should get a new credit card (I only have one)? I will not do that, if you do not unban my credit card you lost me as a customer and I will never buy anything from Apple again.
How can I convince Apple to unban my credit card? What should I do? I can't believe how bad support I got by e-mail from Apple. The person I talked to over phone was very nice and helpful, but the e-mail support is really horrible. -
So, I'm having some problems getting a logon script to work. I need a way to deploy the agent that we use via login/startup scripts and what I have works fine if the user has admin rights, or if UAC is disabled. I've tried to convert the .exe
to an .msi to make it easier, but the .msi never works and it's only distributed as an .exe. We deploy this to different clients, I can't disable UAC in their environment unless they specifically tell us to. Can anyone think of a way around this?
I've been searching for days and I'm just lost. If we could execute the file as the system account, or connect to shares using a startup script instead of logon, that would be perfect. Basically what it does is check to see if the process for the
agent is running (agentmon.exe) so we don't attempt to install it if it is already installed, if it's not, then it calls on a different agent installer depending on the IP address of the system (for clients that have more than one location). Here's what
I've got written that works for me in my test environment:
Const strAgent1 = "\\home.wiginton.local\SysVol\home.wiginton.local\Policies\{CD4ED3BD-0709-4E3D-A303-C9E3B0F5198D}\User\Scripts\Logon\Test-KcsSetup1.exe"
Const strAgent2 = "\\home.wiginton.local\SysVol\home.wiginton.local\Policies\{CD4ED3BD-0709-4E3D-A303-C9E3B0F5198D}\User\Scripts\Logon\Test-KcsSetup2.exe"
Const strAgent3 = "\\home.wiginton.local\SysVol\home.wiginton.local\Policies\{CD4ED3BD-0709-4E3D-A303-C9E3B0F5198D}\User\Scripts\Logon\Test-KcsSetup3.exe"
Const strFolder = "C:\Temp\"
Const Overwrite = True
dim objFSO, objNIC1, arrNIC, strIP, strMask, objShell, objWMIService
dim
'Checks for Kaseya agent process, AgentMon.exe, exits if running
Set objWMIService = GetObject ("winmgmts:")
Set proc = objWMIService.ExecQuery("select * from Win32_Process Where Name='agentmon.exe'")
If proc.count > 0 Then
WScript.Quit
End If
'Instantiate a NIC configuration object
Set objNIC1 = GetObject("winmgmts:").InstancesOf("Win32_NetworkAdapterConfiguration")
'Instantiate a shell object
Set objShell = CreateObject("wscript.shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
'Create Temp Dir if it doesn't exist
If Not objFSO.FolderExists(strFolder) Then
objFSO.CreateFolder strFolder
End If
For Each arrNIC in objNIC1
if arrNIC.IPEnabled then
StrIP = arrNIC.IPAddress(i)
strMask = arrNIC.IPSubnet(i)
Set WshNetwork = WScript.CreateObject("WScript.Network")
end if
next
Function NetworkID(Address, Mask)
Dim AddressOctets, MaskOctets, Result, N
AddressOctets = Split(Address, ".")
MaskOctets = Split(Mask, ".")
ReDim Result(UBound(AddressOctets))
For N = 0 To UBound(AddressOctets)
Result(N) = AddressOctets(N) And MaskOctets(N)
Next
NetworkID = Join(Result, ".")
End Function
Select Case NetworkID(strIP,strMask)
Case "192.168.0.0"
' Kaseya install commands for 192.168.0.0 subnet
objFSO.CopyFile strAgent1, strFolder, Overwrite
Wscript.Sleep 1*60*1000
objShell.run "C:\Temp\Test-KcsSetup1.exe"
Case "192.168.1.0"
' Kaseya install commands for 192.168.1.0 subnet
objFSO.CopyFile strAgent2, strFolder, Overwrite
Wscript.Sleep 1*60*1000
objShell.run "C:\Temp\Test-KcsSetup2.exe"
Case "192.168.2.0"
' Kaseya install commands for 192.168.2.0 subnet
objFSO.CopyFile strAgent3, strFolder, Overwrite
Wscript.Sleep 1*60*1000
objShell.run "C:\Temp\Test-KcsSetup3.exe"
Case Else
' Some sort of error checking. Maybe a BLAT SMTP command to send an email
End Select
Set objWMIService = Nothing
Set objNIC1 = Nothing
Set objShell = Nothing
Set WshNetwork = Nothing
Wscript.quitYou need to read the documentation carefully:
The Deploy Agents install package is created using a Configure Automatic Account Creation wizard. The wizard copies agent settings from an existing machine ID or machine ID template and generates an install package called
KcsSetup.All settings and pending agent procedures from the machine ID you copy from—except the machine ID, group ID, and organization ID—are applied to every new machine ID created with the package.
Including Credentials in Agent Install Packages
If necessary, an agent install package can be created that includes an administrator
credentialto access a customer network. Credentials are only necessary if users are installing
packages on machines and do not have administrator access to their network. The administrator credential is encrypted, never available in clear text form, and bound to the install package.
¯\_(ツ)_/¯ -
Hello,
I have a WScript File that includes an external resource (js file).
It works on one computer and it does not work on another computer.
If I run this file from a normal admin command prompt everything runs fine on both computers.
If I run this file from the Local System account using PsExec it runs fine on one of the computers and throws an error "Cannot Retrieve referenced URL" on the other computer.
The reason I want it to run from the Local System account is that it is executed from a Windows Service.
Is there some setting or some way for the IE cache to get corrupt on the Local System account or something like that?JRV,
You are by far the worst 'support' person I've ever seen. If you aren't going to be thoughtful in providing support, don't pretend. If you're going to pretend, leave your condescension on the shelf. You have provided no thoughtfulness whatsoever to his issue,
and have in no way improved the discourse. You are arrogant and condescending without exhibiting any intelligence whatsoever. I'm impressed Matt kept calm through your demeaning, counterproductive diatribes.
Matt,
First I'd check UAC settings, because I believe that can change how elevation works substantially.
Second, I would check the versions of wscript.exe on both machines, both in System32 and SysWow, and I'd check for updates bypassing WSUS to make sure there's not something silly going on there (totally a shot in the dark, catch-all theory).
Have you made any headway in the last few weeks?
-John
This is not a support forum and it is not for assistance in fixing broken configurations. It is a scripting forum. The OP proved that the issue is not the script but the environment it is running in. You should not get mad just because you are
not getting satisfaction.
¯\_(ツ)_/¯ -
Disabling User Account Control - CUBAC
Installing Cisco Unified Business Attendant Console. Documentation says that on server 2003 / sever 2008 installations, disabling of the user account control is required. It gives a procedure to do this on Server 2008.
The install I'm working on is on Server 2003. I cannot find anything like this. Googling on the subject has led me to believe that this is likely a documentation bug, as I can find no reference to Server 2003 having this feature.
Has anyone else run into this? The documentation appears to have been written by someone who speaks english as a second language, and not thoroughly vetted for correctness.Hi Clifford,
This would just be for Windows server 2008
CSCtc77367 Bug Details
CUBAC 3.1.1.5 docs need to say "disable User Account Contol" in win2008w.
It appears UAC (user account Control) a new feature found in Windows Server 2008 will block license files from being properly applied in CUBAC 3.1.1.5.
The installation and requirement docs should reflect that UAC needs to be disabled before installing CUBAC on Windows Server 2008.
Observations:
Go to webadmin, licensing
When you look at that page, you will not see any licensing info; no eval.
It says, no licensing info.
When we turned off UAC, the licensing page showed the eval info for 5 days.
At which point we were able to add the license
Status
Fixed
Severity
2 - severe
Last Modified
In Last Year
Product
Cisco Unified Attendant Consoles
Technology
1st Found-In
3.1(1.5)
Fixed-In
Release-Pending
Cheers!
Rob -
I have a problem with disable my account in apple store
hi i got a problem with disable my account apple store... so what should i do?
You might be able to re-enable it via this page : http://appleid.apple.com, then 'reset your password'
You might then need to log out of your account on your phone by tapping on your id in Settings > iTunes & App Store and then log back in so as to 'refresh' the account on it.
If that doesn't fix it then you might need to contact iTunes Support : http://www.apple.com/support/itunes/contact/ - click on Contact iTunes Store Support on the right-hand side of the page -
Should I disable RAID 0?
I need some advice on what to do with my present system. I will be using CS4 Prod Prem for editing HD, AVCHD, SD, etc. ...here's the issue -
I bought a custom built comp with -
Antec 902 Mid Tower ATX case
750Watt Corsair power supply w/140mm fan
2-120mm fans
ASUS P6T mobo
Core i7 920 CPU
Kingston V-Series SSD 128gb drive (for Win 7 + app's)
2- WD Caviar Black 1TB
12gb RAM (mushkin 4gbx3)
nVidia Quadro FX 1800 + Elemental Accelerator
+
I have 4 USB external drives, and one Firewire 800 drive attached as well. (Unfortunately these are 'mostly' maxed out, but I can still defrag.)
I had originally asked for the 2 WD Caviars to be set to RAID 0, but after I realized I would have no redundancy I asked for it just to be set up as two single drives. But, they kept it in RAID 0 . The RAID is controlled by the ASUS mobo. I am thinking a RAID 3, for now....eventually expanded to RAID 30 will be my best option.
I know I'll have to get more HDD's, but I need to know what would be my best option.....
1. Should I disable the RAID 0 until I can get more HDD's so I won't lose data? If so, how do I go about that....I would need to re-install Win 7 correct?
2. Or, should I just go ahead, get 2 more drives and go with a different RAID (x)?
3. If I have to get a RAID controller card for RAID 3, what's my cheapest/most reliable option? I just don't think I can swing the high end Areca cards right now.
4. If I go RAID 3, and want to expand to RAID 30, will I have to run an external RAID tower instead of internal discs?
5. If a drive goes down, how fast do I need to get the new drive in?
Lost, dazed and confused....please help!1. Should I disable the RAID 0 until I can get more HDD's so I won't
lose data? If so, how do I go about that....I would need to re-install
Win 7 correct?
Win 7 and your programs are on the SSD, so there is no need to re-install Win7. To disable the current raid0, you have to know how it was setup. Was this done in the BIOS using the ICHR10 or the Marvell chip or was it done in software under Windows? Look in the user guide in section 4.4 for instructions on how to break out the raid to individual disks.
2. Or, should I just go ahead, get 2 more drives and go with a different RAID (x)?
Getting 2 more internals is always wise, since they are a lot faster than your current USB externals and these are already pretty full. I would make sure you get the identical model as your current WD Caviar Black. Also make sure that ACPI is disabled in the BIOS, because it can disrupt reliable operation of the Caviars in a raid. BTW, I'll explain later, but consider getting 3 Caviars instead of 2.
3. If I have to get a RAID controller card for RAID 3, what's my cheapest/most reliable option? I just don't think I can swing the high end Areca cards right now.
AFAIK Areca is the only controller card to offer Raid3. Also keep in mind that buying an Areca controller card is like buying a Vinten or Sachtler tripod and fluid head. Pretty expensive, but usually they last a lifetime. Now the Areca may not last a lifetime, but can certainly last a couple of PC generations.
4. If I go RAID 3, and want to expand to RAID 30, will I have to run an external RAID tower instead of internal discs?
Not at all, if your case is large enough. For instance in my case I currently have 2 BRD burners and 17 3.5" disks. If I want I can increase that to 2 BRD burners plus 21 3.5" disks of which 15 hot-swappable.
5. If a drive goes down, how fast do I need to get the new drive in?
As I said above, I suggest you get 3 WD CB disks. You can then configure them in a 4 disk raid5 array plus 1 hot-spare. The dilemma is that AFAIK neither the ICHR10 nor the Marvell support hot-spares, so you may need an Adaptec, Areca or 3Ware controller to get hot-spare support. If you don't have the budget for an Areca controller, then in the future you may find that the more affordable Adaptec or 3Ware card (or even Hightpoint or LSI) have no further use if the time comes for a raid3 card.
With a hot-spare in a raid5 when one disk fails, you can take your time with getting a new one (although with reduced security untill replacement). If one disk fails, you will have reduced performance for less than an hour, maybe only for minutes, untill the hot-spare kicks in. You can easily take a week or even two weeks to get a replacement disk if you can live with the reduced security of not having a hot-spare available anymore.
With hot-swappable drive cages you gain easy access to all your disks, like for instance the SuperMicro CSE-M35T, http://www.newegg.com/product/product.aspx?Item=N82E16817121405
Hope this helps. -
Hi ,
I have very strange problem .Only in one site collection across the farm i am getting this error while starting OOTB workflow in list. Everywhere else it works, even another site collection within same web application. I have stopped and restarted all the
work flow feature but still same issue?
sachinErrors in ULS logs
Declarative workflows cannot automatically start if the triggering action was performed by System Account. Canceling workflow auto-start. List Id: %s, Item Id: %d, Workflow Association
Id: %s
RunWorkflow: Microsoft.SharePoint.SPException: User cannot be found.
at Microsoft.SharePoint.SPUserCollection.get_Item(String loginName)
at Microsoft.SharePoint.Workflow.SPWorkflowNoCodeSupport.LoadWorkflowBytesElevated(SPFile file, Int32 fileVer, Int32& userid, DateTime& lastModified)
at Microsoft.SharePoint.Workflow.SPWorkflowNoCodeSupport.LoadWorkflowBytesElevated(SPWeb web, Guid docLibID, Int32 fileID, Int32 fileVer, Int32& userid, DateTime&
lastModified)
at Microsoft.SharePoint.Workflow.SPWorkflowNoCodeSupport.<>c__DisplayClass1.<LoadWorkflowBytes>b__0(SPSite elevatedSite, SPWeb elevatedWeb)
at Microsoft.SharePoint.Workflow.SPWorkflowNoCodeSupport.LoadWorkflowBytes(SPWeb web, Guid docLibID, Int32 fileID, Int32 fileVer, Int32& userid)
at Microsoft.SharePoint.Workflow.SPNoCodeXomlCompiler.LoadXomlAssembly(SPWorkflowAssociation association, SPWeb web)
at Microsoft.SharePoint.Workflow.SPWinOeHostServices.LoadDeclarativeAssembly(SPWorkflowAssociation association)
at Microsoft.SharePoint.Workflow.SPWinOeHostServices.CreateInstance(SPWorkflow workflow)
at Microsoft.SharePoint.Workflow.SPWinOeEngine.RunWorkflow(SPWorkflowHostService host, SPWorkflow workflow, Collection`1 events, TimeSpan timeOut)
at Microsoft.SharePoint.Workflow.SPWorkflowManager.RunWorkflowElev(SPWorkflow workflow, Collection`1 events, SPWorkflowRunOptionsInternal runOptions)
Microsoft.SharePoint.SPException: User cannot be found.
at Microsoft.SharePoint.SPUserCollection.get_Item(String loginName)
at Microsoft.SharePoint.Workflow.SPWorkflowNoCodeSupport.LoadWorkflowBytesElevated(SPFile file, Int32 fileVer, Int32& userid, DateTime& lastModified)
at Microsoft.SharePoint.Workflow.SPWorkflowNoCodeSupport.LoadWorkflowBytesElevated(SPWeb web, Guid docLibID, Int32 fileID, Int32 fileVer, Int32& userid, DateTime&
lastModified)
at Microsoft.SharePoint.Workflow.SPWorkflowNoCodeSupport.<>c__DisplayClass1.<LoadWorkflowBytes>b__0(SPSite elevatedSite, SPWeb elevatedWeb)
at Microsoft.SharePoint.Workflow.SPWorkflowNoCodeSupport.LoadWorkflowBytes(SPWeb web, Guid docLibID, Int32 fileID, Int32 fileVer, Int32& userid)
at Microsoft.SharePoint.Workflow.SPNoCodeXomlCompiler.LoadXomlAssembly(SPWorkflowAssociation association, SPWeb web)
at Microsoft.SharePoint.Workflow.SPWinOeHostServices.LoadDeclarativeAssembly(SPWorkflowAssociation association)
at Microsoft.SharePoint.Workflow.SPWinOeHostServices.CreateInstance(SPWorkflow workflow)
at Microsoft.SharePoint.Workflow.SPWinOeEngine.RunWorkflow(SPWorkflowHostService host, SPWorkflow workflow, Collection`1 events, TimeSpan timeOut)
at Microsoft.SharePoint.Workflow.SPWorkflowManager.RunWorkflowElev(SPWorkflow workflow, Collection`1 events, SPWorkflowRunOptionsInternal runOptions)
The emailenable value is true. And it just does not work for one site collection. It should not be regarding any hot fix.
Thank you for your suggestions and time. I will dig up further.
sachin -
Hi all,
We have an attribute *"nsaccountlock"* in LDAP.
We have a requirement that if "*nsaccountlock*" is set to "*true*" then the user account must be disabled or locked in SIM as well.
If anyone has any pointers regarding the same, please post how this can be achieved.
Any pointers may be helpful.
ThanksTo do this you need to use activesync so that the changes on LDAP are detected in SIM. We are using that process today however version 6.1 seems to have an issue when nsaccountlock is not present in LDAP.
Here are some notes from version 7 document:
Set the nsAccountLock attribute
To use the nsAccountLock attribute to disable and enable accounts, configure the LDAP resource as follows:
On the Resource Parameters page, set the LDAP Activation Method field to nsaccountlock.
Set the LDAP Activation Parameter field to IDMAttribute=true. (IDMAttribute will be specified on the schema in the next step.) For example, accountLockAttr=true.
On the Account Attributes page, add the value specified in the LDAP Activation Parameter field as an Identity System User attribute. Set the Resource User attribute to nsaccountlock. The attribute must be of type string.
Set the nsAccountLock LDAP attribute on the resource to true.
Identity Manager sets nsaccountlock to true when disabling an account. It also assumes that pre-existing LDAP users that have nsaccountlock set to true are disabled. If the nsaccountlock has any value other than true (including null), the system concludes the user is enabled. -
I tried buying an album off of the iTunes Store but I didn't know the security question answers. I reached the limit for the amount of answers and now it disabled my account from buying for 8 hours but I want the album by tonight! Can anyone help?!
If you've disabled your account for 8 hours then you will need to wait until the 8 hours have completed.
When the 8 hours are up, then if you have a rescue email address (which is not the same thing as an alternate email address) on your account then you should get a reset link on your account : http://support.apple.com/kb/HT6170
If you don't have a rescue email address (you won't be able to add one until you can answer your questions) then you will have to contact Support in your country to get the questions reset.
Contacting Apple about account security : http://support.apple.com/kb/HT5699
When they've been reset (and if you don't already have a rescue email address) you can then use the steps on this page to add a rescue email address for potential future use : http://support.apple.com/kb/HT5620 -
Should I disable onboard sound when..
Should I disable the onboard audio and stuff when I install the X-Fi. I installed my X-Fi some time ago and have never had any hardware problems with it, however recently I was in the BIOS options area (F2 at the splashscreen I think) and saw the option for disable onboard audio. Will it improve my system if I do disable it or will it require a reinstall of my soundcards driver and stuff. Any response is appreciated.
Well,
You're supposed to disable it, Yes. Your system needs to know wich card you will use. May create conflict if you have both enabled. Yes, disable it.
Fremen -
How to disable system keys like alt+ctrl+delete...
Hi,
I was wondering if there is any way to disable system keys like alt+ctrl+delete and windows logo key etc... I would like it to get disabled when ever my java application is visible and I want it in pure java.
Thanks,
regards,
JayThanks for all your replies but hey I've seensome
program ( downloaded from google ) do suchthing.
What they do is some kinda image thing appearsin
the
full screen mode and do all the tasks what I'veopt
for. So, I'm confused what is being done in
those
programs.
Even if it is doable (Ctrl, Alt Delete I don't
think
will be, Windows Key should be) It will not via
Java,
but JNI. So you would be better off hunting overthe
MSDN.137256 speaks the truth. Ctrl-Alt-Delete is a
HARDWARE interrupt caught by the OS. In modern
Windows it launches a widget that can be used to
shutdown, logoff or run task manager. I have many
doubts about what the OP is saying.
All hail Sun.Indeed 3021. CAD is active even when Windows isn't. I experienced this recently, and never want to again.
All hail Sun. We love you ...
Maybe you are looking for
-
RentalMan HTML Ver 8 - Browse Sequences in WebHelp
How do I get my Browse Sequences to show up in my WebHelp output? I have added a new button to my Navigation on my WebHelp skin and I believe I linked it to my Browse Sequence file in my project folder. When I preview my skin, I see the new button,
-
How do you change the variable screen on Portal to show Key?
Hi All, I have a report on our Portal. In the variable screen, the users are asked to optionally enter Cost Centre. When they choose to select values (pressing the button on the right) the singles values which are shown are 'Text' only. I know in
-
Switching Languages & Spellchecking
Hi I recently switched to pages from Word. I work in documents in English and Spanish primarily. How can I easily switch between the two languages so that spellchecking recognizes the correct one?
-
Make WebDynpro Appliction available on Internet
Hi Experts, We have to develop a POC for our client. We need to build a small application and make it available to be accessed on internet. We have already developed a view and have created an application. When I click test, the view opens in a webpa
-
Failed: Export process terminated unexpectedly
I'm using Quicktime Pro version 7.5 and am having problems exporting, keep getting the message: failed: export process terminated unexpectedly The source files are .mov, the format (in the movie properties window) is Sorenson video 3 and I'm simply t