Sysadmin responsibility without security access

Similar Messages

• Accessing blobs in private container without Shared Access Secret key

  Is there any way to access blobs in private blob container without Shared Access Secret key ? i mean any User / Role based security or domain level security i.e only our domain should be able to access blobs in private container etc.
  Actually i don't want to append SAS key after each blob url to access it, i want my container to be private and also i want to access each blob in that container without SAS key
  any way currently available or planned in future release ?

  Hi Yazeem,
  > That main page loads sucessfully but the js, css, xml files which this page accesses are unable to load because SAS key is not appended to their URL automatically.
  If the main page is served by a http handler and the js, css, xml files are linked using relative address, these files will also be served by the http handler too. For example, if the http handler serves a page in address
  http://xxx.cloudapp.net/blobproxy/index.html and the page links to a script file using tag
  <script src="myscript.js"></script>, actually the browser will use address
  http://xxx.cloudapp.net/blobproxy/myscript.js to access the script file. So the solution is to create a http handler to serve all requests to address
  http://xxx.cloudapp.netb/blobproxy/*.
  For test purpose, I made this sample. Please add a class file BlobProxy.cs to your web role project:
  using System;
  using System.Web;
  using Microsoft.WindowsAzure.StorageClient;
  using Microsoft.WindowsAzure;
  namespace WebApplication2
  public class BlobProxy : IHttpHandler
  // Please replace this with your blob container name.
  const string blobContainerName = "files";
  public bool IsReusable
  get { return false; }
  public void ProcessRequest(HttpContext context)
  // Get the file name.
  string fileName = context.Request.Path.Replace("/blobproxy/", string.Empty);
  // Get the blob from blob storage.
  var storageAccount = CloudStorageAccount.DevelopmentStorageAccount;
  var blobStorage = storageAccount.CreateCloudBlobClient();
  string blobAddress = blobContainerName + "/" + fileName;
  CloudBlob blob = blobStorage.GetBlobReference(blobAddress);
  // Read blob content to response.
  context.Response.Clear();
  try
  blob.FetchAttributes();
  context.Response.ContentType = blob.Properties.ContentType;
  blob.DownloadToStream(context.Response.OutputStream);
  catch (Exception ex)
  context.Response.Write(ex.ToString());
  context.Response.End();
  Then please add this http handler to web.config file:
  <configuration>
  <system.webServer>
  <handlers>
  <add name="BlobProxy" verb="*" path="/blobproxy/*" type="WebApplication2.BlobProxy"/>
  </handlers>
  </system.webServer>
  </configuration>
  Before running the project, please replace blobContainerName with your own blob container that contains both html and related files. Then start debugging the Azure service project and then you can use the following address to access the page:
  http://127.0.0.1:[port number]/blobproxy/[page name]
  I above sample does not work for you, please let me know.
  Thanks.
  Wengchao Zeng
  Please mark the replies as answers if they help or unmark if not.
  If you have any feedback about my replies, please contact
  [email protected].
  Microsoft One Code Framework

• Providing un-secured access to a web report.

  Hello Experts,
  We have been sending out 'Load Status' emails on a daily basis for various BW loads. Recently we discontinued this process and set up a report based on one of the statistics cube. We got out the link for this web-report to all the users in our daily load status distribution list.
  The problem now is that when you click on the link, it pops out a window asking for the log-on information to our production system. But it looks like a few of the users do not have access to the production system and are hence unable to access this web-report.
  Is there any way to allow un-secured access to this particular web-report to all users i.e.without a screen asking for log-on information?Is it possible to set up a generic user id for this report that allows all the users to access this report without actually giving them access to our production system?
  Thanks
  Arvind

  Arvind,
  What is your BI system version ?
  if it is 3.x - then the URL will have a link to your server followed by a Question mark "?" and then some parameters.
  The value till the ? mark is the Web service for the same - you can make this Anonymous in SICF but then this would mean that all queries can be accessed through this URL ...
  else create an RFC enabled function module based on RRW3_Query_View_data and then use this for your query and expose the same as a web service and make it anonymous ... or have a BSP page to do the same....

• Access to SCCM Reporting service without Console access.

  Hi,
  Is there any way to give a AD Group or a user rights to run reports without giving access to open the sccm console?
  Regards,
  B

  It seems like this guides is not valid because the user can run the reports but not able to see any data. This is discussed in posts also. We need to remove the Access to the console, run reports and also see data.
  Exactly what rights did you give you security role?
  Garth Jones | My blogs: Enhansoft and
  Old Blog site | Twitter:
  @GarthMJ

• Movie not loaded without internet access

  We have developed a flash movie to industry showing production data for a machine. Clients running this flash movie in a web browser. Some of these clients have internet access and others do not.
  The clients have access to intrernet shows flash movie without problems.
  The clients without internet access just shows a black box with the text note loeaded movie.
  The customer does not want to connect these clients to intenet but would consider opening specific ports or websites if necessary.
  What is it that requires flash player from internet to download flash movies?
  Flash movie connects to a server over XML socket to exchange production data. Serve respond to requests for policy-file-request with <cross-domain-policy> <allow-access-from domain='*' to-ports='*'/> </ cross-domain-policy> \ 0th
  It does not matter which version of the flash player or internet explorer that we use. We have tested many different varieties.
  Hoping for help!

  What errors are you getting when connecting to the server? There's several events you should be listening for, e.g. Event.CONNECT, Event.CLOSE, DataEvent.DATA, IOErrorEvent.IO_ERROR, SecurityErrorEvent.SECURITY_ERROR, etc..
  One of those should be giving you some useful information about the connection status.
  What sandbox are you using? Here's some info on setting the sandbox to essentially Administrator level so the SWF is allowed to connect to all resource types via a config file:
  http://help.adobe.com/en_US/ActionScript/3.0_ProgrammingAS3/WS5b3ccc516d4fbf351e63e3d118a9 b90204-7c95.html
  If not running AIR (which removes the need for that config) you're going to want your SWF to have access to local filesystem and networking without restriction. You should check what Security.sandboxType is set to. If the config file is successful (or you use the SWF settings menu to add the SWF as trusted) it should report Security.LOCAL_TRUSTED. If it's AIR it will report Security.APPLICATION. Then you know the SWF has permission to access network.
  Outside that the events returned from the socket connect should let you know if the problem lies on the server. I'm assuming you're already running a Security.allowDomain("*"). I don't know if this pertains to LAN IP ranges however, that'd be a good question. It falls in WAN in the 192.168.x.x and 10.0.0.x ranges.

• Juniper Secure Access Pass Through Proxy?

  Has anyone tried to enable external access to Filr via a Juniper Secure Access Pass Through Proxy?
  Cheers
  David

  djbrightman,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://www.novell.com/support and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.novell.com)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://forums.novell.com/faq.php
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Forums Team
  http://forums.novell.com

• HT201304 It would be tremendously helpful to be able to access, set restrictions, and make changes from the parents device to all devices under the same iTunes account, so that I could make changes to my kids devices without physical access.

  Please help!
  It would be tremendously helpful to be able to access, set restrictions, and make changes from the parents device, to all devices under the same iTunes account, so that I could make changes to my kids devices without physical access.
  I understand that I can set up a different Apple ID for the kids devices, or take physical control of the device and make the changes myself. However, my teenage son is technically savvy enough to have a job in Silicon Valley, as are most young people these days. However, in order to access his devices the current way, I first have to bypass the four digit pass code. This starts a fight of why I need in the device and continues to escalate. The argument that I am the parent will gain access but the fight is simply exhausting, and quite frankly shouldn't have to happen at all. He is not yet an adult, he did not pay for his iPad or iPhone and I, as a parent, should have not only have the right to change options at will, and from anywhere, but look at history or current activity when I feel like it.
  I currently have the settings where app and in-app purchases require my password to be put in, and he must come to me to type it in, but I need more control and would like, and should be able to access any of our six devices and make individual changes simply by logging in to my account, with my password.
  If I can see all my devices on the "Lost My iPhone" app, this technology should be easy to make happen.
  C'mon parents! I have a pretty good kid, given all things that they can get into, but I am not stupid. For everything I see has been done, there is much more I haven't seen. I want my children to be kept safe and be able to know what they are looking at or listening to. We parents are the only ones who know our beliefs and what our kids can handle and when.
  Thanks for any support or information that I may be missing in order to fulfill my request.

  There are mobile device management solutions that can do this, including in Apple's OS X Server system, but most parents generally find that setting this up is more work than it's worth. If you're interested, though, there are a couple that at least purport to be free (I don't know if there are any hidden "gotchas"):
  http://www.unwireddevicelink.com/features/
  https://meraki.cisco.com/products/systems-manager
  and Apple's system:
  http://www.apple.com/osx/server/features/#profile-manager
  I don't think any, however, allow you to see current activity or browser history. iOS doesn't expose those to access from MDM solutions, to the best of my knowledge.
  Regards.

• Need to run fmsedge process without root access

  1937396
  On Linux, the fmsedge process needed to run without root access.

  I see that in the release notes
  new in this release:
  1937396
  On Linux, the fmsedge process needed to run without root access.
  However I have not found any documentaion on how to do this?
  I would love to run the fmsedge process run as non-root so tht root does not own the 1935 listening port.
  fmsedge   26837  root   19u  IPv4  4007676       TCP localhost:19350 (LISTEN)
  fmsedge   26837  root   24u  IPv4  4007679       TCP *:1935 (LISTEN)
  fmsedge   26837  root   35u  IPv4  4007717       TCP localhost:19350->localhost:59625 (ESTABLISHED)
  fmsedge   26837  root   57u  IPv4 26532589       TCP localhost:19350->localhost:58913 (ESTABLISHED)
  This appear to not be the default setup.
  Thanks in advance if anyone has tackled this!

• Is there a way to "deauthorise" computers from your apple ID without having access to those computers?

  Is there a way to "deauthorise" computers from your apple ID without having access to those computers?

  Hi there ellou86!
  I have an article here for you that can help you with this question:
  iTunes Store: About authorization and deauthorization
  http://support.apple.com/kb/HT1420
  Specifically, it seems that this is the portion of the article that is most relevant to your question:
  To deauthorize all computers associated with your Apple ID
  If you need to authorize your new computer and are unable due to already having five authorized computers, you can deauthorize all computers by doing the following:
  Click iTunes Store on the left side of iTunes.
  If you're not signed in to the store, click the Account button, then enter your account name and password.
  Click the Account button again (your Apple ID appears on the button), enter your password, and then click View Account.
  In the Account Information window, click Deauthorize All.
  Note: You may only use this feature once per year. The Deauthorize All button will not appear if you have fewer than two authorized computers. If you need assistance on using this feature, please contact iTunes Store support via email (http://www.apple.com/support/itunes/store/).
  Thanks for using the Apple Support Communities!
  Cheers,
  Braden

• HT4527 how can i transfer my purchases from one windows pc to another without having access to the pc with the music on as it is broken

  how do i transfer my purchases from one windows pc to another without having access to the pc with the music on it , as it is broken ?

  on new pc - open itunes.  sign into your account.  go to settings.  authorise the pc you are now using.  go to account in itunes store.  download purchases.  simples.

• How can I migrate data from an old MBA to a new one without having access to the screen of the old one? The screen of the old MBA is damaged !

  How can I migrate data from an old MBA to a new one without having access to the screen of the old one? The screen of the old MBA is damaged !

  If your "older" MBA has a Thunderbolt port then it isn't that old. See Target Disk Mode about how it's used. Note that without a monitor you won't be able to tell from the screen when it has fully started, and if it succeeded in starting in TDM. If it did, then the hard drive should appear on the Desktop of your new computer. You can then access it to transfer your files. You can even use Migration Assistant or any backup utility to transfer data. Just don't try to transfer system files.

• I have an iphone 6 and my ex partner is able to read my text imessages remotely without having access to my phone. How is this possible and can anybody help me with this matter as it is a gross invasion of my privacy?

  Hi everybody,
  I have an iphone 6 and  my ex partner is intercepting and reading my imessage text messages remotely and without any access to my phone. Can someone shed any light on how this is possible and if so provide me with a solution to my problem as this is a gross invasion of my privacy and i seem powerless to combat this problem!

  It sounds as if your ex has your AppleID and passcode. Change the passcode.

• Link does not work for-End-of-Sale and End-of-Life Announcement for the Cisco Secure Access Control System 5.4

  Link does not work for
  End-of-Sale and End-of-Life Announcement for the Cisco Secure Access Control System 5.4
  How do we get Cisco to fix?
  see attachment

  Give it a couple of days - it looks like they just sent out the notification before the notice was published on the public page.
  Once the ACS 5.4 EoS/EoL notice is published you should see it linked from this page.

• How do I get the flash site to load an XML without security

  I made a music mp3 player but now the XML wont load and the
  music player says undefined. I changed security settings in Adobe
  Flash Player. But I dont want to have everybody who views it have
  to change settings. Is there some type of ActionScript code that
  will allow the XML to load without security problems. I have the
  XML on the same server folder as the .SWF file. The site url is :
  www.eternityfocus.com/test_flash.html

  you should use a crossdomain.xml policy file.

• Creating Historical based Security Access Type

  I am trying to create a Security Access Type for PPLJOB that will look at the Reg_Region of an employee and if the historical rows of JOB contain the reg_region, use the employee in a Data Permission for Security. I want to know if anyone has tried this before and how the SQLID for Where needed to be coded. I created a SQLID with the following statement which didn't pull any employees:
  PA.EMPLID = JOB.EMPLID AND PA.EMPL_RCD = JOB.EMPL_RCD AND JOB.EFFDT = (SELECT MAX(EFFDT) FROM PS_JOB JOB2 WHERE JOB.EMPLID = JOB2.EMPLID AND JOB.EMPL_RCD = JOB2.EMPL_RCD AND JOB2.EFFDT <= %CurrentDateIn) AND JOB.EFFSEQ = (SELECT MAX(EFFSEQ) FROM PS_JOB JOB3 WHERE JOB.EMPLID = JOB3.EMPLID AND JOB.EMPL_RCD = JOB3.EMPL_RCD AND JOB.EFFDT = JOB3.EFFDT) AND JR.EMPLID = JOB.EMPLID AND JR.EMPL_RCD = JOB.EMPL_RCD AND JR.EFFDT = JOB.EFFDT AND JR.EFFSEQ = JOB.EFFSEQ AND JOB.REG_REGION <> %Bind(SCRTY_KEY1) AND EXISTS (SELECT 'X' FROM PS_JOB JOB4 WHERE JOB.EMPLID = JOB4.EMPLID AND JOB.EMPL_RCD = JOB4.EMPL_RCD AND JOB4.EFFDT < JOB.EFFDT AND JOB4.REG_REGION = %Bind(SCRTY_KEY1))

  Thank you for the feedback Carl. Again, I am new to this, so please be patient with me. I am not sure what you mean about adding the parameter to the record selection formula. I have drug the parameter field into the report so that it will prompt for parameters before running, but I do not think that is what you are talking about. Please advise.
  To your question about the Submit Date field in the report, when I open up the report and I point at the field for Submit Date the popup shows HPD_Help_Desk.Submit_Date (DateTime). That being the case, I think the answer to your question is that the data type of the data being returned is DateTime. Thanks again for the assistance.