Xp_cmdshell with elevated privilege

Hi,
I am facing issue with XP_cmdshell after upgrading OS form Windows 2003 to 2008.Actually there was one scheuled JOb in SQL server which run WMI command to fetch disk space details from all the server in our environemnet.Command I used for this is
wmic /node:Myservername LOGICALDISK get Systemname,Caption,VolumeName,Description,FileSystem,Freespace,Size /format:csv.xsl 1>>c:\test1.txt 2>>c:\testerror.txt
It was configured in SQL Agent Jobs & it run through one proxy account which having Local admin access to all the Servers.
There was no issue till 2003 to run the Jobs.Job ran sucessfully daily basis.But problem started after upgrading Windows to 2008 & I am able to identify why this jobs failing now & but not getteing any option to resolved this.
Actually from 2008 there is term UAC(User Access Conttrol) which means there are certain task which you can not run even if you have Administrator privilege until you ran the application with "Run as Administrator".
When I ran above command with just clicking cmd.exe it fails with error 'Access Denied' but same command if we ran after clicking 'Run as Administrator',it shows the output.
This is the reason my Job is also failing with error 'Access Denied' but I am not sure how I can implement 'Run as Administrator' for elevated privilege for xp_cmdshell.
Googled suggest to run command 'runas' to open the command promt with Administrator access but I don't think it will work in this case.This is actually run the cmd with for perticular user but it also not give elevated privilage so that I can run my WMIC
command.
Any suggestion apprecaited
Rgds
Debasish Bhattacharya

You can create proxy account for doing this
http://www.mssqltips.com/sqlservertip/2143/creating-a-sql-server-proxy-account-to-run-xpcmdshell/
Please Mark This As Answer if it solved your issue
Please Vote This As Helpful if it helps to solve your issue
Visakh
My Wiki User Page
My MSDN Page
My Personal Blog
My Facebook Page

Similar Messages

Make a DSC Script resource execute with elevated privileges

Hello Everyone,
Is there a built-in way into DSC to make it execute certain resources as administrator with elevated privileges on Windows 8.1?
What's i'm trying to achieve for example is install SQL Express 2012 in a Script DSC resource, but it keeps telling me that i'm not admin with and fails. If i run the same command from command prompts ("As administrator") it succeeds.
C:\downloads\SQLEXPR_x64_ENU.exe /Action=Install /qs /IAcceptSQLServerLicenseTerms /InstanceName=sqlexpress /ROLE=AllFeatures_WithDefaults /SQLSYSADMINACCOUNTS="BUILTIN\Administrators"
A similar situation is when I want to disable Windows Firewall in a WindowsProcess resource:
powershell.exe "netsh firewall set opmode disable"
That would also blow up because i'm not admin.
I've tried to give the admin credentials to the DSC resources but it seems on windows 8.1, it's different from "Run as Administrator"
So far I've managed to achieve some of this by running it from a PSExec session to the same machine which i'm currently configuring, but this seems like a hack to me.
Please let me know if there is a way around this.
Thanks in advance!
Ivan Kosharov

Any update on this?

How to launch an application with elevated administrator account privilege from windows service even if the account has not yet logon

Here is the case:
OS environment: Windows 7
There are two user accounts in my system, standard user "S" and administrator account "A", and there is a windows service running with "Local System" privilege.
Now i logged-in with account "S", and i want to launch an application with elevated administrator account "A" from that service program, so here is the code snippet:
int LaunchAppWithElevatedPrivilege (
LPTSTR lpszUsername, // client to log on
LPTSTR lpszDomain, // domain of client's account
LPTSTR lpszPassword, // client's password
LPTSTR lpCommandLine // command line to execute e.g. L"C:\\windows\\regedit.exe"
DWORD dwExitCode = 0;
HANDLE hToken = NULL;
HANDLE hFullToken = NULL;
HANDLE hPrimaryFullToken = NULL;
HANDLE lsa = NULL;
BOOL bResult = FALSE;
LUID luid;
MSV1_0_INTERACTIVE_PROFILE* profile = NULL;
DWORD err;
PTOKEN_GROUPS LocalGroups = NULL;
DWORD dwLength = 0;
DWORD dwSessionId = 0;
LPVOID pEnv = NULL;
DWORD dwCreationFlags = 0;
PROCESS_INFORMATION pi = {0};
STARTUPINFO si = {0};
__try
if (!LogonUser( lpszUsername,
lpszDomain,
lpszPassword,
LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT,
&hToken))
LOG_FAILED(L"GetTokenInformation failed!");
__leave;
if( !GetTokenInformation(hToken, (TOKEN_INFORMATION_CLASS)19, (VOID*)&hFullToken,
sizeof(HANDLE), &dwLength))
LOG_FAILED(L"GetTokenInformation failed!");
__leave;
if(!DuplicateTokenEx(hFullToken, MAXIMUM_ALLOWED, NULL,
SecurityIdentification, TokenPrimary, &hPrimaryFullToken))
LOG_FAILED(L"DuplicateTokenEx failed!");
__leave;
DWORD dwSessionId = 0;
WTS_SESSION_INFO* sessionInfo = NULL;
DWORD ndSessionInfoCount;
bResult = WTSEnumerateSessions(WTS_CURRENT_SERVER_HANDLE, 0, 1, &sessionInfo, &ndSessionInfoCount);
if (!bResult)
dwSessionId = WTSGetActiveConsoleSessionId();
else
for(unsigned int i=0; i<ndSessionInfoCount; i++)
if( sessionInfo[i].State == WTSActive )
dwSessionId = sessionInfo[i].SessionId;
if(0 == dwSessionId)
LOG_FAILED(L"Get active session id failed!");
__leave;
if(!SetTokenInformation(hPrimaryFullToken, TokenSessionId, &dwSessionId, sizeof(DWORD)))
LOG_FAILED(L"SetTokenInformation failed!");
__leave;
if(CreateEnvironmentBlock(&pEnv, hPrimaryFullToken, FALSE))
dwCreationFlags |= CREATE_UNICODE_ENVIRONMENT;
else
pEnv=NULL;
if (! ImpersonateLoggedOnUser(hPrimaryFullToken) )
LOG_FAILED(L"ImpersonateLoggedOnUser failed!");
__leave;
si.cb= sizeof(STARTUPINFO);
si.lpDesktop = L"winsta0\\default";
bResult = CreateProcessAsUser(
hPrimaryFullToken, // client's access token
NULL, // file to execute
lpCommandLine, // command line
NULL, // pointer to process SECURITY_ATTRIBUTES
NULL, // pointer to thread SECURITY_ATTRIBUTES
FALSE, // handles are not inheritable
dwCreationFlags, // creation flags
pEnv, // pointer to new environment block
NULL, // name of current directory
&si, // pointer to STARTUPINFO structure
&pi // receives information about new process
RevertToSelf();
if (bResult && pi.hProcess != INVALID_HANDLE_VALUE)
WaitForSingleObject(pi.hProcess, INFINITE);
GetExitCodeProcess(pi.hProcess, &dwExitCode);
else
LOG_FAILED(L"CreateProcessAsUser failed!");
__finally
if (pi.hProcess != INVALID_HANDLE_VALUE)
CloseHandle(pi.hProcess);
if (pi.hThread != INVALID_HANDLE_VALUE)
CloseHandle(pi.hThread);
if(LocalGroups)
LocalFree(LocalGroups);
if(pEnv)
DestroyEnvironmentBlock(pEnv);
if(hToken)
CloseHandle(hToken);
if(hFullToken)
CloseHandle(hFullToken);
if(hPrimaryFullToken)
CloseHandle(hPrimaryFullToken);
return dwExitCode;
I passed in username and password of account "A" to method "LaunchAppWithElevatedPrivilege", and also the application i want to launch, e.g. "C:\windows\regedit.exe", but when i run the service program, i found it do launch
"regedit.exe" with elevated account "A", but the content of regedit.exe is pure back. screenshot as below:
Can anyone help me on this?

You code is not dealing with the DACL access to Winsta0\Default. Only the LocalSystem account will have full access and the interactively logged on user which is why regedit is not displaying properly. You'll need to grant access to your user.
You also need to deal with UAC since that code is going to give you a non-elevated token via LogonUser(). You need to get the full token via a call to GetTokenInformation() + TokenLinkedToken.
thanks
Frank K [MSFT]
Follow us on Twitter, www.twitter.com/WindowsSDK.

My 'run with administrative privileges' script no longer works - help

Hey all. I have an applescript that shuts down the computer that I made a while back. I pulled it out today to use it and it no longer works. Here's part of the code I'm having trouble with:
do shell script ¬
"sudo shutdown -h now" password "myadminpassword" with administrator privileges
On old machines this worked great, I would just put the admin password where myadminpassword is and it would work perfectly. Now though, I run it on my machine and I get the prompt to enter my admin username and password before it will shutdown.
Now this is going on a remote install so I need it to work. Any ideas? The machine is running snow leopard, but it seems to still work on an old leopard macbook pro.

Well, for one, do not use sudo in do shell script.
The whole 'with administrator privileges' part takes care of elevating your privileges. sudo has no place in do shell script.
Don't know if that's your issue, but it's the first thing I'd fix.
If that doesn't help, are you running the script as your admin user?
Nowhere in your script are you defining the username to run the command as, therefore it will attempt to run as the current user who may not be the same as your admin user, nor have the same password. You might need to include the username:
do shell script "shutdown -h now" user name "admin" password "myadminpassword" with administrator privileges

Can a user with Contribute privileges invoke SPFolder.SubFolders.Add(folder) Sharepoint 2010 API in a Webservice?

We have a Webservice deployed on a Sharepoint 2010 deployment with a method as follows:
public static string ensureParentFolder(SPWeb parentSite, string destinationUrl)
destinationUrl = parentSite.GetFile(destinationUrl).Url;
int index = destinationUrl.LastIndexOf("/");
string parentFolderUrl = string.Empty;
if (index > -1)
parentFolderUrl = destinationUrl.Substring(0, index);
SPFolder parentFolder
= parentSite.GetFolder(parentFolderUrl);
if (!parentFolder.Exists)
SPFolder currentFolder = parentSite.RootFolder;
foreach (string folder in parentFolderUrl.Split('/'))
try
currentFolder = currentFolder.SubFolders.Add(folder);
catch (Exception ex)
FINEOSLogger.Medium(LoggerCategory.FINEOSToSharePointDMS, "User could not create SP folder so elevating permissions");
SPSecurity.RunWithElevatedPrivileges(delegate()
currentFolder = currentFolder.SubFolders.Add(folder);
return parentFolderUrl;
When invoked by a User with only Contribute rights the SubFolders.Add( ) call appears to fail and the
SPSecurity.RunWithElevatedPrivileges
code is invoked, which also fails.
1. So the first question is should you be able to invoke SubFolders.Add() with only Contribute? It works with Design privileges for the Customer. You can add folders on the Sharepoint website as a Contribute user so why not on the API.
Customer raising this as a security concern.
2. Also why would the
SPSecurity.RunWithElevatedPrivileges
part fail, is the syntax incorrect for Sharepoint 2010? We migrated this code from Sharepoint 2007 project.
The error I get when I try run the code as a Contribute user is
com.fineos.ta.dms.external.DMSException: The exception [A SharePoint error occured "An Error occured in SharePoint". For user "FINEOS\bryces" uploading the file "Ru Ext_1501.txt", with title "Ru Ext_1501.txt", to the SharePoint Library "FINEOSDocumentLibrary/2015/02/23/13/18".] was caused by the exception [A SharePoint error occured "An Error occured in SharePoint". For user "FINEOS\bryces" uploading the file "Ru Ext_1501.txt", with title "Ru Ext_1501.txt", to the SharePoint Library "FINEOSDocumentLibrary/2015/02/23/13/18".]., Ta Exception info,Exception Class=class com.fineos.ta.dms.external.DMSException,Root cause ID=10,Root cause host=IEL163,Localized message=A SharePoint error occured "An Error occured in SharePoint". For user "FINEOS\bryces" uploading the file "Ru Ext_1501.txt", with title "Ru Ext_1501.txt", to the SharePoint Library "FINEOSDocumentLibrary/2015/02/23/13/18"
at com.fineos.integration.dms.internal.thirdparty.GenericDMS.add(GenericDMS.java:149)
at com.fineos.frontoffice.documentmanager.DocumentManager.saveToThirdPartyDMS(DocumentManager.java:280)
at com.fineos.frontoffice.documentmanager.fileupload.UploadDocumentWidget.save(UploadDocumentWidget.java:401)
at org.apache.jsp.sharedpages.documentmanager.fileupload.uploaddocumentpage_jsp._jspService(uploaddocumentpage_jsp.java:77)
Caused by: com.fineos.integration.dms.external.services.SharePointDmsException: A SharePoint error occured "An Error occured in SharePoint". For user "FINEOS\bryces" uploading the file "Ru Ext_1501.txt", with title "Ru Ext_1501.txt", to the SharePoint Library "FINEOSDocumentLibrary/2015/02/23/13/18".
at com.fineos.integration.dms.external.services.GenericDMSClient.uploadDocument(GenericDMSClient.java:139)
at com.fineos.integration.dms.internal.thirdparty.GenericDMS.add(GenericDMS.java:132)
... 88 more
Caused by: org.apache.axis2.AxisFault: Error_occured_sharepoint [Message Details = An Exception occurred in SharePoint; System.UnauthorizedAccessException: <nativehr>0x80070005</nativehr><nativestack></nativestack>Access denied.
at Microsoft.SharePoint.Library.SPRequest.AddOrDeleteUrl(String bstrUrl, String bstrDirName, Boolean bAdd, UInt32 dwDeleteOp, Int32 iUserId, Guid& pgDeleteTransactionId)
at Microsoft.SharePoint.SPFolderCollection.AddInternal(String strUrl, Int32 userId)
at FINEOSIntegration.FINEOSToSharePointDMS.SharePointDMSUtilities.<>c__DisplayClass9.<ensureParentFolder>b__5()
at Microsoft.SharePoint.SPSecurity.<>c__DisplayClass4.<RunWithElevatedPrivileges>b__2()
at Microsoft.SharePoint.Utilities.SecurityContext.RunAsProcess(CodeToRunElevated secureCode)
at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(WaitCallback secureCode, Object param)
at Microsoft.SharePoint.SPSecurity.RunWithElevatedPrivileges(CodeToRunElevated secureCode)
at FINEOSIntegration.FINEOSToSharePointDMS.SharePointDMSUtilities.ensureParentFolder(SPWeb parentSite, String destinationUrl)
at FINEOSIntegration.FINEOSToSharePointDMS.FINEOSToSharePointDMS.uploadDocument(String UserName, String FolderPath, String Filename, Byte[] File, DocumentProperties DocumentProperties, Boolean NotifyFINEOS, Boolean NotifyFINEOSSpecified, Boolean OverwriteIfExists, Boolean OverwriteIfExistsSpecified, String& DMSDocType)]
at org.apache.axis2.util.Utils.getInboundFaultFromMessageContext(Utils.java:512)
at org.apache.axis2.description.OutInAxisOperationClient.handleResponse(OutInAxisOperation.java:370)
at org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:416)
at org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:228)
at org.apache.axis2.client.OperationClient.execute(OperationClient.java:163)
at com.fineos.frontoffice.thirdpartydms.operationtypes.ThirdPartyDmsServicesStub.uploadDocument(ThirdPartyDmsServicesStub.java:761)
at com.fineos.integration.dms.external.services.GenericDMSClient.uploadDocument(GenericDMSClient.java:119)
... 89 more
Note that the user SPWeb being passed into the method is from an impersonated user, don't know if that matters.
So the webservice payload contains the id of the user who wants to do the Sharepoint work while the webservice is invoked by anonymous or some other service user. We then impersonate the user specified in the webservice payload like follows and use
that web SPWeb from then on in the webservice methods:
userToImpersonate = currentWeb.AllUsers[user];
site = new SPSite(fileUrl, userToImpersonate.UserToken);
web = site.OpenWeb();
Any help appreciated.
Thanks,
Ruairi.

Ideally, a user with Contribute permissions should be able to add folders. Not sure what is the issue there. But I can see that SPSecurity.RunWithElevatedPrivileges is not written properly. You must create a new SPSite object inside the delegate
because SPSite objects created outside do not have Full Control even when referenced inside the delegate. Use the using keyword to ensure that the object is disposed in the delegate. Example:
SPSecurity.RunWithElevatedPrivileges(delegate()
using (SPSite site = new SPSite(web.Site.ID))
// implementation details omitted
});See this for more information about SPSecurity.RunWithElevatedPrivilegeshttps://msdn.microsoft.com/en-us/library/microsoft.sharepoint.spsecurity.runwithelevatedprivileges%28v=office.12%29.aspx?f=255&MSPPError=-2147217396
Blog | SharePoint Learnings CodePlex Tools |
Export Version History To Excel |
Autocomplete Lookup Field

How to create full new user with all privileges

how to create full new user with all privileges?
and how to delete existing users?
Thanks in advance..

Common solution is probably to use sudo for privilege elevation, wiki should help

How can you run a command with elevated rights on a remote server with invoke-command ?

I am trying to run a script on a remote server with invoke-command. The script is starting and is running fine, but the problem is that it should be running with elevated rights on the remote server. On the server where I start the invoke-command, my account has the necessary rights.
The server were I launch the invoke-command is a W2K8 R2. The remote box is a W2K3 with powershell v2.0 installed.
When I launch the script on the remote-box from the command line, I don't get the access denied's.
Is there a way to do this ?
Thanks in advance

The script that I want to run is to install the windows updates. I get an access denied on the download of the updates.
When I execute the script on an W2K8 box, (not remotely) and I run it with non-elevated rights, I get the same error.
The script is running fine when it is launched on W2K3 box locally with a domain account that has local admin rights, or on a W2K8 R2 server with a domain account that has local admin rights, but with elevated rights.
Thanks in advance for your help.
#=== start script ====
param($installOption="TESTINSTALL",$rebootOption="NOREBOOT")
Function Show-Help
Write-Host ""
Write-Host "SCRIPT: $scriptName <installOption> <RebootOption>"
Write-Host ""
Write-Host "DESCRIPTION: Installatie van WSUS updates op de lokale server"
Write-Host ""
Write-Host "PARAMETERS"
Write-Host " -installOption <[INSTALL|TESTINSTALL]>"
Write-Host " -rebootOption <[REBOOT|NOREBOOT|REBOOT_IF_UPDATED]>"
Write-Host ""
Write-Host "EXAMPLE:"
Write-Host "$ScriptName -installOption INSTALL -rebootOption REBOOT_IF_UPDATED"
Write-Host "$ScriptNAme INSTALL NOREBOOT"
Write-Host ""
Write-Host "Indien beide parameter weggelaten worden zijn de defaultwaarden :"
Write-Host " installOption=TESTINSTALL "
Write-Host " RebootOption=NOREBOOT"
Write-Host ""
Exit
#Include alle globale variablen
$CEIF_WIN_PATH = (get-content env:CEIF_WIN_PATH)
$includeFile=$CEIF_WIN_PATH + "\Scripts\include_win.ps1"
. $includeFile
#initialiseer error count
$errcnt=0
$scriptName=$MyInvocation.MyCommand.Name
#argumenten controleren
$arrInstallOption= "TESTINSTALL", "INSTALL" # Mandatory variable with predefined values
If (!($arrInstallOption –contains $installOption)){ Show-Help }
$arrRebootOption = "REBOOT", "NOREBOOT","REBOOT_IF_UPDATED" # Mandatory variable with predefined values
If (!($arrRebootOption –contains $rebootOption)){ Show-Help }
#Logfile opbouwen
$logfile = get-logfileName($MyInvocation.MyCommand.Name)
Log-scriptStart $MyInvocation.MyCommand.Name $logfile
function Get-WIAStatusValue($value)
switch -exact ($value)
0 {"NotStarted"}
1 {"InProgress"}
2 {"Succeeded"}
3 {"SucceededWithErrors"}
4 {"Failed"}
5 {"Aborted"}
function boot-server()
if ($installOption -eq "TESTINSTALL")
logger "TESTINSTALL : - Reboot local Server" $logfile
else
logger " - Reboot local Server" $logfile
$thisServer = gwmi win32_operatingsystem
$thisServer.psbase.Scope.Options.EnablePrivileges = $true
$thisServer.Reboot()
$logmsg="Install option = " + $installOption + ", RebootOption = $rebootOption"
logger "$logmsg" $logfile
logger "" $logfile
logger " - Creating WU COM object" $logfile
$UpdateSession = New-Object -ComObject Microsoft.Update.Session
$UpdateSearcher = $UpdateSession.CreateUpdateSearcher()
logger " - Searching for Updates" $logfile
$SearchResult = $UpdateSearcher.Search("IsAssigned=1 and IsHidden=0 and IsInstalled=0")
logger " - Found [$($SearchResult.Updates.count)] Updates to Download and install" $logfile
$Updates=$($SearchResult.Updates.count)
logger "" $logfile
foreach($Update in $SearchResult.Updates)
if ($Update.EulaAccepted -eq 0)
$Update.AcceptEula()
# Add Update to Collection
$UpdatesCollection = New-Object -ComObject Microsoft.Update.UpdateColl
$UpdatesCollection.Add($Update) | out-null
if ($installOption -eq "TESTINSTALL")
else
# Download
logger " + Downloading Update $($Update.Title)" $logfile
$UpdatesDownloader = $UpdateSession.CreateUpdateDownloader()
$UpdatesDownloader.Updates = $UpdatesCollection
$DownloadResult = $UpdatesDownloader.Download()
$Message = " - Download {0}" -f (Get-WIAStatusValue $DownloadResult.ResultCode)
if ($DownloadResult.ResultCode -eq 4 )
{ $errcnt = 1 }
logger $message $logfile
# Install
logger " - Installing Update" $logfile
$UpdatesInstaller = $UpdateSession.CreateUpdateInstaller()
$UpdatesInstaller.Updates = $UpdatesCollection
$InstallResult = $UpdatesInstaller.Install()
$Message = " - Install {0}" -f (Get-WIAStatusValue $InstallResult.ResultCode)
if ($InstallResult.ResultCode -eq 4 )
{ $errcnt = 1 }
logger $message $logfile
logger "" $logfile
#Indien er een fout gebeurde tijdens download/installatie -> stuur mail naar windowsteam
if ( $errcnt -gt 0 )
logger " - Fout tijdens de uitvoering van script -> send mail" $logfile
$mailSubject=$MyInvocation.MyCommand.Name
$msg = new-object Net.Mail.MailMessage
$att = new-object Net.Mail.Attachment($logfile)
$smtp = new-object Net.Mail.SmtpClient($smtpServer)
$msg.From = $mailFrom
$msg.To.Add($mailTo)
$msg.Subject = $mailSubject
$msg.Body = “Meer details in attachement”
$msg.Attachments.Add($att)
$smtp.Send($msg)
#Moet de server herstart worden ?
if ($rebootOption -eq "REBOOT_IF_UPDATED" )
if ($Updates -gt 0)
#Reboot the server when updates are installed
boot-server
elseif ($rebootOption -eq "REBOOT")
#reboot the server always
boot-server
else
#Do not reboot the server
logger "Do not reboot the server" $logfile
Log-scriptEnd $MyInvocation.MyCommand.Name $logfile
exit 0

Access Denied when trying to access shared folders on the server with administrative privileges

I have problem accessing shared folder on the server machine from Windows 7 machine even if I try to access it with administrative privileges (server Administrator account). I will try now to explain better my situation.
In my company, we have small network infrastructure with one main server machine (HP ProLiant server) with Windows Server 2012 R2 installed and couple of desktop machines. The network is administrated by me.
On Windows Server we have installed and setup DHCP, DNS, Remote Access and Routing, File and Storage and Active Directory services. Desktop machines are having Windows 8.1 Pro, Windows 8.1 or Windows 7 Home Premium installed on them. In Active
Directory I have created domain, User groups and Users for employees in my company and so far, I didn't added desktop machines to the domain.
Also, I've created one folder on the server which should contain different projects data for network users and I have set access permissions and security for this folder and shared it on the network (I've added couple of users to one user group and I
gave Full control to this group over this folder). When I try to access this folder from network, I've been asked for login credentials (normally), where I just type in one of users username and password who has been given access permissions to (who is member
of group with full control over the folder). From Windows 8.1 Pro and Windows 8.1 machines I can access and work on this folder without any problems.
The problem comes with Windows 7 machines. On Windows 7 machines (I have also tried this with Windows 7 Ultimate in VMWare) I can access server, I can see its shares, but as soon I try to access folder I've created for projects, I get Access Denied message
with request for User login credentials. Whichever user account I use (even servers main Administrator account) I keep getting this message over and over and I'm unable to access it at all.
I have also tried to access the server through VPN (from local or outside) but I'm getting the same error again. Also I've tried to add these Windows 7 machines to the domain and login with domain user but the result is the same. Turned off both firewalls
(on server and desktop machines, which I know is unnecessary, but lets try it), still same case. I've tried couple more things with registry editor on desktop machines which I found on different forums and websites but still no luck. And now I don't know
what else I can do.
Does anyone knows what's the problem here, have I set something wrong, have not set something I should?

Hi MeipoXu,
thanks for your response. I will first answer on your question.
Yes, the main issue is that we can see the folder when we access the server but we cannot access its contents from Windows 7 machines. I have tried on two machines, one with Windows 7 Home Premium version and the other one with Windows 7 Ultimate version
and the situation is the same.
As you recommended, I've checked Network Discovery and File and Printer Sharing and the situation is next: File and Printer Sharing is turned on all layers (Private, Public and Domain) while Network Discovery is off for all layers too. I don't know if this
is normal thing but Network Discovery cannot be turned on in Windows Server (I'm able to select Turn on Network Discovery and apply the changes, but when I get back to this settings page, I again see that it's turned off, so I assume this can't be changed
at all).
I also tried with icacls in command prompt and everything seems to be ok there regarding permissions. Share permissions are set to Full control to Everyone and Security permissions are set to Full control only for Administrators and the user group I've created
for employees in my company. The confirmation for this is that on Windows 8 machines you can access this folder without any problem and without getting any message connected with access permissions with any user account within this user group. This share is
created through File and Storage Services service in Server Manager panel.
And then something came up on my mind. I went in Server Manager to check shared folder settings in File and Storage Services and under Settings page I saw that "Encrypt data access" has been enabled (I enabled this option because I thought
I will get more security with this option). I asked my self what would happen if I disable it, tried it and now everything works ok on Windows 7 machines too. Now I assume that Windows 7 doesn't have this feature implemented or there are some
settings which needs to be set on Windows 7 machines to make this encryption thing work with Windows Server. So basically, I will let this feature off for now until I find out more about it and how to implement it to work with all operating systems.
I want to thank you once more for your kind help!

Unable to log in with sysdba privileges

Hi All,
I am not able to connect with sysdba privileges through the sql*plus on the remote machine running on Windows. It gives me the following error :
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.2.0 - 64bit Production
With the Partitioning, OLAP and Data Mining options
SQL> conn sys@inftmark as sysdba
Enter password: ******
ERROR:
ORA-01031: insufficient privileges
Warning: You are no longer connected to ORACLE.
SQL> while my initialization file has following entries:
remote_os_authent = true
remote_login_passwordfile = exclusiveMoreover, i am able to login with user "system" through sql*plus on windows.
My OS : Solaris 64 bit (database running on Solaris machin)
Database : 10.2.0.2
Any idea, what's missing ?

Yogesh,
Did you try adding a new password file? In your pfile location, try this --
1) Remove the existing password (orapw<SID>) file
2) Generate a new password file - orapwd file=orapw<SID> password=<SYS_passwd>
Try reconnecting thru the SQL*Plus client.
- Ravi

Run with user privileges but write to restricted folder

In Windows Server 2008 R2 (and in an Active Directory domain), the login and logoff scripts are run with user privileges.
Suppose that I run script1.ps1, when user1 logs in; I need that script1.ps1 is associated to user1, because it will write some informations about that user: it modifies a log file in a folder. Anyway, script1.ps1 will be run with user1 privileges.
I obviously made that file and that folder accessible (readable/writable) to user1: but I actually don't want the user to modify that log file. I would like that
only the script could do it.
Is there a way to work around this problem? Maybe should I run script1.ps1 in a different way?

Henry. You can add a subscription to a server that subscribes t event log entries on user computers. Subscribe to the logon/logoff events. Now you have a central repository of logon and logoff events.
There is no way to accomplish what you are asking to do. Any file that can be written to in logon script or during a user session can be changed by the user.
Bil is suggesting a "startup" script that runs when the user logs on and not when the computer starts. A user startup script runs as the user and not system.
Another method is to schedule a script that run at logon. This can run as system and write to a file that the user cannot change.
¯\_(ツ)_/¯

Firefox allows Java Applet with elevated permissions

I ended up with a virus on Friday when I selected "View" on an HTML attachment from the GMail web interface. The attachment started up java and proceeded to install the malware "Desktop Security 2010" and make changes to my system startup. I'm wondering how this happened and how to prevent it. My java security settings (Java Control Panel->Security->Certificates->Trusted Certificates) only lists Akamai Technologies and JavaFX as trusted certificates. Shouldn't that mean that I get prompted if any one else signs an applet that tries to run outside the sandbox? What else do I need to do to make sure that NO java applets run with elevated permissions?
I've disabled java via an add-in in the meantime, but what do I need to do to secure my browser properly?
== This happened ==
Just once or twice
== I selected "view" on a virus-infected email attachment in gmail

Хорошо. Am now able to enter Cyrillic font into my applet. HOWEVER, another issue remains: After pressing enter to process input, new window opens as expected with correct information displaying in window EXCEPT for drop-down menu bar that should display in green square of open window. http://www.lesbaileyev.com/Project/RFvstem.html I will open another suport question for this new development.

Create user with dba privileges

How do I create a user with DBA privileges in Oracle? The user should be able to create, insert, delete, truncate and other functions without any limits. Do I have to issue GRANT statements?

Hi,
I don't believe there's any way to create a user and grant privileges in one command.
First, create the user:
CREATE USER foo IDENTIFIED BY bar;Then grant the privileges. There's a pre-defined role called DBA that has all the privileges you mentioned.
GRANT dba TO foo;It's easy to write a script to do these two commands together, so you could say
@CREATE_USER foo bar dba

Firefox won't open links from Outlook when FF is started with admin privileges

OS: Windows 7 64 bit
I usually start Firefox from a toolbar (PowerPro) which runs with admin privileges. Thus Firefox starts with admin privileges too. Under this condition links in Outlook won't open in Firefox.
But if I start Firefox with normal privileges the links in Outlook works as expected.

Under Tools > Options > Advanced look to see if the "check if Firefox is default browser on startup" Check this and then restart FF. If it isn't the default it should ask if you want to make it the default. Choose yes and it should open when clicking links again.

Oracle APPS schema copy with all privileges to new schema and table space

Hi all,
Here is scenario:
I have installed e-business suite in windows 2003 server for training environment using production (prod), single node and without vision (demo).
i have to create a new table space in e:\oracle\prodmanz with similar content as in proddata and create a new schema called manz with same privileges as APPS.
Kindly advice.
Manish Kumar Chudasama
email: [email protected] cc to [email protected]
Thanks in advance guys.

Hi Khalid,
Ideally when you execute sql 'create schema <schema_name>' then the logged in user is going to default owner of the schema and you should see that under 'object privileges' of that user.
The user will have 'create any' privileges which means the user has all the privileges on that schema.
if you want to check who is owner of the schema in the system, please check 'SCHEMAS' under views in SYS.
Regards,
Venkat N.

Applying a patch with root privilege through terminal

Hey there. I need a little help.
I am beta testing a new open source media player for a friend of a friend. He added a series of codecs to be tested in a patch. He said in the email that the patch needs to be applied to the program via terminal with root privilege. Unfortunately, he never said how, and he's being slow in responding to my email.
So how do I do it? Is it just a couple of commands I type in to terminal? What are the commands?

There's absolutely no way anyone other than the author can answer that question for you.
Since you're beta testing the app it's not likely to be an app that other people have. Since patch installation is at the whim (and mercy) of the developer, each app could install patches a different way - some might just be files you need to manually copy to a specific location, others would have an install script that copies files for you while others might update the application at the binary level.
Without knowing the app, and without knowing the patch method, no one here can answer for sure.

Xp_cmdshell with elevated privilege

Similar Messages

Maybe you are looking for