I'm trying to user Microsoft.Win32.TaskScheduler.TaskService("ServerName", "Username", "Domain", "Password"); with a user who is a local administrator on "ServerName". I've tried calling it with a blank domain and with a period (.) and with the word "local", and also with the name of the computer but nothing seems to work.
Is it possible to do this, or is it necessary to have a domain account?
Related
I have a task to do the following:
Change machine wide config
Open the DCOM configuration tool e.g. by running "dcomcnfg" from start menu
Open the machine wide configuration by right-clicking "My Computer":
Go to the "COM Security" tab.
Edit Limits and Edit Default for all both "Access Permission" and "Launch and Activation Permissions". Add users:
"everyone", "Anonymous logon", "system", "network", "network service", "interactive" and "test"
With some permissions (Same for all users above):
First I want to add "test" user.
I know how to do manually but I want to do using power shell.
Need your kind support
Thanks
When I attempt to connect to an instance of a PostgreSQL database I've created as per the AWS "Create and Connect to a PostgreSQL Database with Amazon RDS" tutorial located here (https://aws.amazon.com/getting-started/tutorials/create-connect-postgresql-db/), I receive an error that reads:
[08001] The connection attempt failed.
java.net.SocketTimeoutException: connect timed out.
The database is set to allow incoming and outgoing traffic on all ports and from all IP addresses. I am completely at a loss as to how to get this working and have reached out to AWS Support for their input, but, as yet, all I've done is follow the directions prescribed by the AWS tutorial--to no avail.
Does anyone know what might be the issue?
Edit: I should mention that all of my, host URL, port number, database name, etc. have been entered correctly into DataGrip, so none of the above are the issue.
All right--I've figured it out.
First off, #Mark B was right--the issue was that I hadn't yet made the database itself publicly accessible via the VPC security group of which it was a member. To do this, from the database detail screen in AWS, I:
clicked (what for me was the one and only) link beneath the "VPC security groups" of the database's dashboard, which directed me to the EC2 Security Groups screen
clicked the security group link related to my database, which directed me to that group's detail page
clicked the "Edit inbound rules" button which directed me to the "Edit inbound rules" screen
clicked the "Add rule" button, which caused a table row containing the following columns: "Type", "Protocol," "Port Range," "Source," "Description - optional"
selected "PostgreSQL" for the "Type" column, which caused the values of "TCP" and "5432" to populate the "Protocol" and "Port range" columns respectively, entered my machine's IP address ("123.456.789.012/32"--no quotes and no parentheses), and left "Description - optional" blank, because, well, it's optional.
Finally, I guess I'd forgotten to explicitly name the database, and so my attempts to enter what for me was ostensibly the database's name (that is, "database-1") resulted in a connection error indicating that "database-1" does not exist. So, for the sake of ease and simply verifying my database connection, I entered "postgres" as the database name in my database client (I'm presently using DataGrip), because "postgres" is the de facto name of a postgreSQL database.
And that should work. I'm sure this is all no-brainer stuff to those more experienced with AWS, but it's new to me and presumably to many others.
Thanks again, #Mark B, for sending me down the right path.
Why does this get an access violation:
using fs := new FileStream( fullFilename, FileMode.Open, System.IO.FileAccess.Read )
when the fullfilename is like "\\52.1.1.1\d$\temp\file.bmp" and EVERYONE has access to the folder?
If the file is just "d:\temp\file.bmp", the FileStream can read it. There is something about the IP address part.
The language is Oxygene, but I'm not sure why that would make a difference. But it IS .Net. FWIW.
Guessing a lot here, but:
I guess your REST service is running in a webserver, like IIS? By default, Windows services run as the LocalService account. This "presents anonymous credentials on the network".
"EVERYONE has access to the folder", you say, but "Contrary to popular belief, anyone who is logged in anonymously—that is, they did not authenticate—will NOT be included in the EVERYONE group.".
(and why does EVERYONE have access to d$ - an administrative share, anyway?).
Your service has no access, and you need to make it pass some credentials to the share explicitly, or run in an IIS application pool as a credentialed account which can access the share.
I'm able to properly add a local user to a local group on my machine, but I can't add a local group to another local group. What is the syntax for this?
$targetGroup = [ADSI]"WinNT://$computerName/$targetGroupName,group"
$targetGroup.Add("WinNT://$computerName/$groupName")
The above results in this error:
Exception calling "Add" with "1" argument(s): "A new member could not be added to a local group because the member has the wrong account type.
I'm trying to add a local group to a local group, in Windows Server 2012.
You can nest domain groups, but local group nesting is not supported. This technet article explains in detail.
http://technet.microsoft.com/en-us/library/ee681621(v=ws.10).aspx
Have you considered listing all the users of the "subgroup" and adding them to the target group? This obviously would not create a permanent linking like a sub group would. But it would ensure each member of the "subgroup" are members of the target group at the time the script is run.
Local groups cannot be added to other local groups. This is a limitation of Windows. It's not that you don't have to right code; it just can't be done.
Reference
A local group cannot be found if it is nested inside another group on a Windows Server-based or Windows-based client
I'm setting up a solution to deploy, driven by a batch file so it's reproducible
- I've got a binding file that works but I've now added on my MSMQ adapters
- works on my local machine, but I've found I have to add a userid and password to get it to work on the actual server
- it's in the domain, my virtual dev machine is just workgroup
Is there someway to add the userid and password to the file ?
- seems unlikely as that'd have the password in clear text, but what's the solution
- I sort of think something w.r.t. SSO, but that is an area I've not been near
You can put the userid and password into any BizTalk binding that supports authentication, including MSMQ. For security, the password is not exported, you just get a mask.
The userName and password sections of the binding file are not exported unless they have been configured, so the simplest thing to do is configure a MSMQ send port with userName and password manually and export the bindings - this forces the elements containing userName and the masked password to be generated into the binding file.
What you are looking for in your binding file is the <TransportTypeData> element of your MSMQ send port. This contains all of your adapter config information as encoded data.
Within that element there is a userName and password section. The password will be masked out with asterisks. Put the password for the environment there and import the binding.
The part of the encoded data with username and password will look something like below:
<userName>YourUserName</userName&
amp;gt;<password>******</password>
For security reasons, when you export
bindings, BizTalk Server removes the
passwords for the bindings from the
file. After importing the bindings,
you must reconfigure passwords for
send ports and receive locations
before they will function. You
configure passwords in the Transport
Properties dialog box of the BizTalk
Server Administration console for the
send port or receive location. For
instructions, see How to Create a Send
Port. See also How to Create a Receive
Location.
From http://msdn.microsoft.com/en-us/library/aa558708.aspx
If you however open the biding file and scroll down to the line with the properties for the MSMQ Adapter you'll find the empty nodes. All you then have to do is to fill these out and the right values and they will be used the next time you import the binding file.
Of course you'll have to remember to redo this every time you export a new binding ...