Is there any way we can trigger an addition of a registry key for each user that uses the application?
Right now it seems that whatever value I add somewhere in HKEY_CURRENT_USER it will only be added for the user that trigger the installation.
It is not possible to enumerate users. In a large network, there may be very many users and it may not be possible to say which of those are "local" users.
Related
I've exhausted my search on moodles site and the web-at-large.
I have a need to grant an individual (not a registered/regular user) temporary access to take a course/quiz, capture results and archive actions.
I want to manually enter said user into moodle and assign them a "guest" role so that I can then enrol them into a course and accomplish said goal.
The problem is, when I exercise this, the "guest" can view categories, courses and some other items within the site. I do not want the guest to be able to see ANYTHING but the assigned course (and their grade)...I want to "lock-it-down".
I have been through every permission to the extent of "Prohibiting" everything, however, the guest role is still able to select some items and "peak" into other categories/courses.
Moreover, I don't want them to see the same menu items either...such as Dashboard
If you can point me in the right direction or solve this problem, I will be forever grateful.
Thank you,
Mark
Manually entering said user will make her registered whatsoever, nevermind assigning her a guest role, which is, as I understand, heavily modified by you at this point (best practice here is to create your own copies of role instead of modifying existing ones).
The solution will require code modifications, since role capabilities are not covering everything. However, you may prohibit user to peek into any course(not category) by prohibiting self-enrolments, if it suits your strategy.
Is there a command (or powershell cmd) that I can run that will check a specific GPO setting exists for the domain? For example we need to check that the Guest account in Windows is disabled using GPO.
Thanks
Group Policy is flexible and can apply different settings depending on the user/computer combination, so there is no way to check every single GPO combination in an entire domain.
You can check the settings being applied to a specific user/computer combination using either Group Policy Results and Group Policy Modeling
If your GPO configuration is simple enough you could check every combination, but it's not practically possible on large/complex domains.
We are using perforce in my company and heavily rely on it. I need some suggestion for the following scenario:
Our Depot structure is something like this:
//depot
/product1
/component1
/component2
.
.
/componentN
/*.java
/*.xml
/product2
/component1
/component2
.
.
/componentN
/*.java
/*.xml
Every product has multiple components and every component consist of java or xml or some other program file. Every component has a manager/owner associated with it.
Right now, we have blocked the write permissions for every user and only when it is approved by the manager/owner after code review, we open the write permission for that user for any file/folder to check in. This process becomes a little untidy because the manager/developer have to wait for perforce admin to allow permissions (update protections table of perforce). Also, we give them a window of only 24 hrs to check in (due to agile, which i dont understand much :)), after which we are supposed to block the write access again for that user.
What I am looking for is a mechanism where perforce admins can delegate this responsibility to respective managers/owners without giving them super user or admin access and which automatically disables the write permission after 24 hrs.
Any suggestions ?
Thanks in advance.
There's nothing to do this out of the box, per se.
The closest thing I can think of is if the mainline version of these components were permissioned by a group with an owner. The owner of the group is allowed to add and remove members from the group, thus delegating the permissioning to the "gatekeeper" rather than the admins, themselves.
Let me know if you require further clarification about this.
One common solution is to build a simple tool which reads and writes the protections table, the group memberships, etc., to implement the policies that you desire.
The protections and groups data are not complex in format, and you can easily write a little bit of text-processing code that writes and re-writes these specs according to your needs.
Then install your tool on the server machine in a secure fashion, granting the tool the rights to update the protections table, and have your component administrators use the tool to manage the permissions.
For example, I've seen this done by writing a small web application, in Java or Perl for example, installing that on a web server on a secure machine, and letting the component admins operate that tool through a web interface.
All your tool has to provide is (a) a simple login/logout mechanism for your component admins (the web server may already do this for you), (b) a command that takes a user name and a folder name and grants permission, and (c) a command (or a timer) that removes that permissions subsequently.
I develop an app for iPhone / iPod Touch which has to have access to a MySQL database. I wrote a PHP API which I can call from the iPhone app.
In the database I store sensitive data which I want to encrypt. I think I will use AES_ENCRYPT. My problem is where to store the key.
It'd be great of you have any idea where to store the key to encrypt / decrypt so that it can not be seen by any other persons, e.g. hackers.
In general:
Don't keep your key in a part of the server that the web server has direct access to. For example, if your site is in /var/www/home, don't put your key in there. Put it someplace outside the web server's part of the tree.
Make sure that the permissions on the folder containing your key are correctly set. Your PHP app needs to have READ access only, NOT write or execute on that folder (and the key file).
Make sure the server itself has a good password (long, lots of random numbers, letters, and symbols).
Make sure the server is protected by a properly configured firewall, and is kept up to date with the most recent security patches.
As for trying to keep the key and the data separate -- this is a perennial problem for which there is no very good solution. The simple fact of the matter is that your application has to have access to the key. Either that means forcing everyone who's going to use the app to memorize the key -- which is likely to lead to sticky notes on monitors in plain view -- or else it has to live somewhere that the app can find it, either on the same server or another.
I have a customer that has an old non-existant application; he had a problem with the company that made the application and they won't disclose his database password. He realized that he signed a contract (back then) where it said that he was sort of "renting" the application and they had no right to disclose anything. This customer found out that he's not the only one with the same problem with that company. He's a Dentist and other dentists with the same old application experienced the same problems when trying to buy a new software and attempted to migrate their patients to the new system.
In either case, he wants to open his little firebird database, so we can at least extract some data to our SQL Servers. I have tried with the default 'masterkey' (which is, in fact, 'masterke' due to the 8 char limit) to no avail.
Now I know he could go legal and try to force the company to release his information, but I want to do it the short way. Does anybody know an app that can brute force/crack a legacy Firebird password?
Thanks.
EDIT: The legacy software is "STOMA-W", I cannot even find it on Internet. They are located in Asturias, Spain.
Firebird does not (yet) store passwords inside the database file.
With this in mind, move the database file to another server where the sysdba password is known.
Old Interbase and Firebird had hardcoded backdoor password you might want to try:
user: politically pass: correct
http://www.theregister.co.uk/2001/01/12/borland_interbase_backdoor_exposed
Provided not for the SYSDBA account, you may reset forgotten passwords for users with FlameRobin. After registering the database server on your localhost, use the Manage users... function in the context menu:
Here you get a list of users with options to delete or view/modify properties. If you click on the properties icon, you enter this dialogue where you simply enter the new password twice:
There is also IBConsole which comes packaged with the InterBase/Firebird SDK. It has similar functions.