I am working on a WiX setup that installs a windows service.
During the installation the user can be specified, with whose credentials the service should run. The setup may need to give this user the right to start or stop the service.
This seems to work so far.
But I would like to test this in more detail.
Like this:
check that the user does not have the right to start a service.
run setup
check if the user has the right to start a service now
remove the user's right to start a service again (to be able to test again if needed)
For this I would need a way to see if the user has the right to start a service, and the ability to revoke the right to start the service again.
Is that possible?
Does this have anything to do with GPOs, or am I barking up the wrong tree?
I have already searched for Powershell commands on the subject, but so far have not found anything that would have helped me.
Related
I have installed the TeamCity server on my infrastructure. I was e.g. able to silently configure the external database and some other stuff through the TeamCity configuration files. Now, when I start TeamCity, I am facing the "TeamCity First Start" web page, where I can choose if I want to restore my system from a backup or if I want to proceed with a First Start.
I would like to automate that installation as much as possible. Is there a reliable way, e.g. through the TeamCity API, to trigger the action underlying the "Proceed" button of that web page, other than writing a bot that browses the web page and clicks the button? I found no such thing in the API documentation, but I might have missed something.
I think something like this could be called on the server host:
curl -X POST http://localhost:8111/mnt/do/goNewInstallation
but I don't know what data to post and how to get the necessary authentication to be allowed to run that command. Indeed, running the above command yields the following error:
The session is not authenticated. Access denied.
At that time, the super user authentication token has not yet been displayed to the server log file.
I am using the docker image setup described here: https://www.azerothcore.org/acore-docker/
I was able to get the server up and running and work great for myself on my machine. I'm able to login and play. I set the client to look to localhost for it's target. Worked great.
I wanted my wife and daughter to be able to login as well. I successfully created their accounts, installed the clients, and they are able to login to my server (i.e. the password check is successful).
However, when the see the realm list, and make a selection, they are immediately redirected to the realm list select screen again.
I've found this topic (How to resolve sticking in "Realm Selection"?), which looks like it might help me resolve the issue, but I can't figure out how to open the mysql connection to the right database.
Can anyone help me work through this with a bit more details, please?
Thanks!
As custom action of a WiX-based installer (MS Windows 7), I need to check out some files from a StarTeam server. stcmd seems to provide all functionality and I am able to perform the checkout with UID and password provided via parameter -p.
Since the installer is run by different users, I obviously need a mechanism to inquire the StarTeam login credentials at run-time instead of hard-coding UID/pw.
I was browsing the StarTeam manual but was not able to figure out if the StarTeam programs provide a solution to that problem. Any suggestions?
Sorry, this just doesn't make sense to me. Typically you include files from source control in the MSI at build time not install time. What does install time buy you other then complexity? Now application runtime would make sense to me. You could create and install an application that prompts the user for creds and then periodically polls star team for updated files. (Windows service, scheduled task, logon autorun...)
Couldn't you could prompt your users for the login information during the install and then pass them to the stcmd.exe?
Meh, the solution is trivial. When using an empty password, stcmd automatically asks for the password. Example:
stcmd connect username:#hostname:portnumber
Using the stateful commands is recommended since the credentials are stored internally for all subsequent commands.
This message appears every time I try to save the data to the DB.
Failed to update database because the database is read only
Note: This error comes only when the application is installed to C drive.
Front End: VB.NET
Back End:SQL Server
Is there any way to overcome this issue?
Or any way to restrict the user from installing the application on C drive?
I would check the file system privileges. I suppose you talk about an SQL server file database. You receive the message because the account trying to access your file database does not have the file system permissions to do so.
In order to confirm my suggestion, you allow everyone to access the specific directory with full permissions.
Then, you have to check what is the account trying to do the actual access. Probably it's a system account (user ASPNET or NETWORK SERVICE). You have to give the respective permissions to the specific account.
Then, restart IIS.
If you want to do this for a distributed stand-alone application. Then these permissions would have to change on each machine where the program would be installed. In order to avoid putting users in such a fuss, the setup program should do it. I am not an expert on setup programs, but even the simplest ones would give you the option to do it, after asking the system adminstrator's approval. I suppose you could build a custom action during the setup program which would change the specific folder's permissions, perhaps by using xcacls.exe.
Hope I helped!
I have various projects being built and tested periodically on a Hudson server, but I don't want every employee in the company to see published artifacts for every project.
Project-based matrix security seemed at first the key, but after many tests I find that granting overall read permissions is mandatory if you want users to be able to read anything in the hudson server.
So, in the end read permissions are binary: either you grant global read permission or you block everything, am I right?
Haven't it tested with the newest release, but I use the matrix setup. I gave Anonymous the overall read. This way they can see the login screen when they type {{http://servername:port/}} but does not give them access to the jobs. In the jobs themselves I configured the users that should actually see the job. Works like a charm.
UPDATE:
Meanwhile I found out that you can use authenticated instead of Anonymous. This enabled access to Hudson/Jenkins through the links in the Build failed messages. Now everyone gets the logon dialog and after signing in, they are right away at the job run of interest.
After trying to do something similar to you with Hudson's authorization settings, I came to the same conclusion you did.