I want to create a user in Active Directory with full permission (install or delete an application).
But the user need to a server to do . With this same user, I want her pc to connect to the server using Remote Desktop with permission limited (cant dowload an app, delete etc..)
It's possible ?
Hope u will help me.
Thx,
Pinki
Related
I am running a file upload process to upload files to a db. The web server and the SQL server are different machines. I am attempting to use an SQL OPENROWSET to upload an excel file, but I cannot determine how to get the file onto the other machine. Is there a way to set up a shared drive that the web server can save a file to and the SQL server can access? We have a local network set up with Active Directory.
For Example:
WebServer - Shared drive on web server under C:/inetpub/webpage/fileImport
SQLServer - Will log in with sql auth using USERID and PASSWD. Needs to access webserver shared drive.
What user do I share the drive on web server with so that the sql auth user will be able to access it when I run the OPENROWSET?
Any help will be much appreciated.
I am also trying the same thing by uploading the file in FTP and trying to access it. But i didn't get any progress from last 2 weeks.
And i had found may other alternatives like coping the files in another server and share the folder with out user name & password. then we can able to access it by giving the
\\folder\filename
If u get any other alternative plz share...
You should setup a new user that has access to the user group iis_users, and then give them security access to the file drive itself.
The same should be done to the DB server, and on the drive folder security the other user will need read/write/Modify permissions.
So it will look like:
(WebHost) ---- (Shared) ---- (DBHost)
*-------*
Well, you would setup the folder on the SQLServer.
Create a secure user on the SQL machine.
Make the folder shared (with modify rights for the secure user)
Map the Network drive on the Windows machine, using the secure user to access it.
Your main user on the SQLServer should then be able to openrowset from the local folder, whilst the IIS Server is remotely accessing it.
Using the OPENROWSET means that SQL qill access files using the service account. This account must be used to access share drive, as stated here Using SQL Credential to Open a file with OpenRowSet.
In helping out a friend with a few questions for CS, I came across one that I had no prior experience with and was hoping someone would be able to clarify the difference between NTFS and File Share for me.
To help, the question we faced was:
A folder storing a faculty member’s personal documents are set as a share to which everyone has full access. The only person with NTFS permissions on the folder is said faculty member. Can everyone else access the documents?
I appreciate any clarification you can provide. I'd love your help in learning about this!
Short answer: No.
In Windows each file and directory has an ACL controlling access to it.
Each file share also has an ACL controlling access to the share.
When you access a remote file through a share you are doing so using the credentials used to login to the local computer. (You can connect using different credentials by entering a username/password when connecting).
The remote computer tests the supplied credentials against the ACL on the share.
Once you are past that, then every file you attempt to access on the remote machine through this connection will be checked using your credentials against the ACL on the file and the share. This allows a file share to offer more restricted access to some files than if the same user were attempt to access them locally. (So you could share files as read-only, even if the ACLs on the files themselves would allow that user write access).
If the file share is of a FAT file system then the only ACL checking that is done is against the file share itself because FAT doesn't support ACLs.
When computer are not in a domain and all user accounts are local user accounts then permissions are maybe not what you expect. Unlike Unix/linux, it is generally not possible to create the same user account (uid) on two computers because Windows basically uses a GUID for the UID (a big random number). So when you attempt to look at file owner or ACL information on remote files, since those files are all owned by local accounts on the remote computer, to your local computer those UID will not be recognized (See dir/q from the command line).
Windows can be setup to make non-domain file sharing a little easier. It can be set so that when you attempt to access the remote file share, as long as the remote computer has an account with the same username and password as the local computer, then the connection is allowed -- and you are logged into the remote computer using the remote computer users account.
For reference, see information on NTLM, SMB and NETBIOS.
I just installed ssms on my local computer.
When I try to create a database or a database table it gives me an error stating that I don't have the right permissions. I tried granting permissions for this user by going to Security->Logins->myUser. But again it told me I didn't have the right permissions. I then tried adding a new login/user which gave me the same error.
What can I do to give myself the correct permissions if I installed the ssms and there are no other users except sa, which has "login with this user" disabled by default. I can't login as another user and I can't change my current user permissions. VERY CONFUSED - someone please help!
During the installation you (or somebody else) had to add an user besides the SA to login with Windows authentication. Use this user.
Your user is a simple user that does not have enough permissions.
If you are not the guy who installed the server, ask whoever installed this to set the right permission for your user.
Also please check recover-sa-password and Disaster Recovery: What to do when the SA account password is lost in SQL Server 2005
You should check that you are placing the files in a folder where the SQL Server account (not the one you are logging on as, but the service account) has rights to write.
For starters, and not to be kept in a production environment, try to make sure that the default path for placing the database files has Read/Write set to Everyone.
I am unable to get access to my Drupal 7 website as I migrate it from my dev to prod servers.
The steps I followed are :
Take a SQL dump of the database
Upload Drupal site into the www/ folder available online
Create database on website with the same name
Import the SQL dump of the dev database and recreate the tables on the live database.
Make changes to settings.php as applies
Now I am not sure what changes to settings.php as applies indicates. However, when I try and access my site at say examplesite.com , I am shown SQLSTATE[280000] Access denied for user 'siteadmin#localhost' using password: YES
siteadmin#localhost is the same guy who acts as administrator on my development website and has the same password.
SO I am not sure why the same login credentials do not work for my dev site.
I also tried the credentials I have to access the control panel of my website but they do not seem to work either
Am I missing a trick here guys?
Thanks!
Recheck your settings.php twice
If correct, check if you can have a direct access your database with these credentials (via command line or phpmyadmin for example)
I have an app that uploads documents to the server through the standard
When sent my application to the production server, I found out that they had the server load balanced. My solution to this was to place the upload directory into a network share and then create a virtual directory pointing to the share.
I have set permissions on the share and the file itself, but I keep getting "access denied" whenever I try to upload a document.
Where could I be missing permissions? Is it possible that IUSR needs to have access to the share?
Thanks.
FYI,
The answer to this solution for me was to setup temporary impersonation with a user account that had access to the share, the folder and the virtual directory.
Here's a link to the code that worked for me:
http://support.microsoft.com/kb/306158#4
I hope your site use anonymous access. Otherwise you will have a painful experience.
If it is so ( anonymous acess), then: The IUSR is a local user on the production servers and not a domain user. So it don't have access the the share. You will have to change that to a domain user ( in the site configuration and not on the application pool). And make sure that the application pool run on a network service ( this is the default ) and it should work.
Chances are that whatever your ASP.Net process is running as does not have access to the share.
So chances are you need to set up an IIS6 application pool to run as a domain user and have that domain user have access rights to the file share.
Don't forget to aspnet_regiis -ga {domainuser} so that the domain user can actually run asp.net applications.