Awhile back our Windows server 2008 Domain Controller crashed. It was restored by an outside IT company, but they did not restore everything they should have like roaming profiles.
Clients still have the the Roaming folder in USERNAME\App Data directory. If I fill in the profile field for the user in the active directory information on the server will the Roaming profile be pulled back to the server or will the Roaming folder be overwritten with a blank roaming profile?
My experience Roaming profiles is that if the shared profile folder is non-existent or empty, on the second logoff after setting the roaming folder path in AD the local user profile will be copied over to the server.
So yes your profiles should be pushed to the server and the folder should be automatically created if you mass edit user properties in the AD user and computers. Just make sure to use %username% and also end the path with a \. I've seen some problems with paths without trailing backslash since there are now 2 version or the roaming profile folder - one for XP and one for Vista and up.
Related
This is a bit general question.
I have a Windows application writted on VB (or whatever language) that has a login system. This app use computers registry to save and retrieve last login used, so the next time the user run the application it only needs to type his password. This works just fine.
Now one client wants to install my app in his server instead of clients computers and make all the pcs access the system via Remote desktop. No problem here.
My problem comes with the login system, because if i use the registry to save last login user, it will be only one (the server registry) so I always get last login user independet of wich pc access the system.
So my question is: How can I set a default user for each client PCs? I could use my database instead of the registry to save an retrieve last login user, but for then I'll need to know the PC name behind the remote desktop, and I don't know if thats even possible... Any ideas?
Thanks!
Note regardless duplicated post:
My question is different from the above mention. I don't need to get user name from terminal server. I just need a way to save and retrieve some data on the registry for each terminal service user or client PC.
In helping out a friend with a few questions for CS, I came across one that I had no prior experience with and was hoping someone would be able to clarify the difference between NTFS and File Share for me.
To help, the question we faced was:
A folder storing a faculty member’s personal documents are set as a share to which everyone has full access. The only person with NTFS permissions on the folder is said faculty member. Can everyone else access the documents?
I appreciate any clarification you can provide. I'd love your help in learning about this!
Short answer: No.
In Windows each file and directory has an ACL controlling access to it.
Each file share also has an ACL controlling access to the share.
When you access a remote file through a share you are doing so using the credentials used to login to the local computer. (You can connect using different credentials by entering a username/password when connecting).
The remote computer tests the supplied credentials against the ACL on the share.
Once you are past that, then every file you attempt to access on the remote machine through this connection will be checked using your credentials against the ACL on the file and the share. This allows a file share to offer more restricted access to some files than if the same user were attempt to access them locally. (So you could share files as read-only, even if the ACLs on the files themselves would allow that user write access).
If the file share is of a FAT file system then the only ACL checking that is done is against the file share itself because FAT doesn't support ACLs.
When computer are not in a domain and all user accounts are local user accounts then permissions are maybe not what you expect. Unlike Unix/linux, it is generally not possible to create the same user account (uid) on two computers because Windows basically uses a GUID for the UID (a big random number). So when you attempt to look at file owner or ACL information on remote files, since those files are all owned by local accounts on the remote computer, to your local computer those UID will not be recognized (See dir/q from the command line).
Windows can be setup to make non-domain file sharing a little easier. It can be set so that when you attempt to access the remote file share, as long as the remote computer has an account with the same username and password as the local computer, then the connection is allowed -- and you are logged into the remote computer using the remote computer users account.
For reference, see information on NTLM, SMB and NETBIOS.
I am developing a site for a client who has not decided on their domain name yet. I set up an account on a web server via WHM but have not pointed any domain names to it.
All was going well until I used a plugin (TinyMCE) to try and browse files on the server - it wouldnt work so I had a look at its script files and realised their permissions are set to not executable (644). I tired to change it to executable (755) but I get an error in my FTP clients console:
550 Could not change perms on file.js: Operation not permitted
Could this be because I am accessing the server not through a specific FTP account and so the server has locked down the files?
EG: I am using the servers IP address to access files with my FTP rather then something like:
ftp.mysite.com
Any advice on this would be great! Thanks
Yes, There is an issues with the FTP account permission. You will have to login your server with the main cPanel account user name and password OR you can chnage your file permission through cPanel >> File manager
I'm assuming some sort of security constraint, but if I have access to all folders on a PC, why allow some folders and not others.
What is the criteria for a folder being a valid backup / restore / attach folder?
Any advice appreciated!
Is not you who must have access, but the SQL Server service account. The engine must be able to attach the file after a restart when you are not logged in, so it cannot use your credentials, it must use its own credentials.
A valid backup/attach folder is one on which the SQLServerMSSQLUser$ComputerName$InstanceName user has full control. The Setup creates a set of folders that are correctly configured, see Setting Up Windows Service Accounts:
Instid\MSSQL\backup Full control
Instid\MSSQL\binn Read, Execute
Instid\MSSQL\data Full control
Instid\MSSQL\FTData Full control
Instid\MSSQL\Install Read, Execute
Instid\MSSQL\Log Full control
Instid\MSSQL\Repldata Full control
100\shared Read, Execute
Instid\MSSQL\Template Data (SQL Server Express only) Read
It matters less what folders you have access to than what folders SQL Server has (or should have) access to. Folders in private locations on the drive (like in a user's home directory) aren't necessarily accessible by the user that SQL Server runs as.
Hi Guys any help would be much appreciated.
We have an application that’s installed at several locations but we are having an issue at one particular site. In short the application settings (My.) are not being saved after a reboot. The application is build in VB.Net v3.5 Framework and we are not experiencing any issues elsewhere.
This particular site is using roaming profiles and the network administrator ensures us that the correct permissions are applied to the user account(s) and all application data is being saved to the server. I’ve asked the network admin to check for the existence of the user settings file user.config in the Application Data directory and he says it doesn’t exist.
In our application we store the connection string to the database in the application settings under the user scope. If no connection string is present or if one is present and a connection to the database cannot be made then a form is shown asking the user for the database credentials. Each morning when the users boot the machine and opens the application for the first time they are asked for these credentials but if they close the application and restart it they are not asked for them. This indicates to us that the settings are being saved but once the pc is rebooted and the application is opened for the first time they are asked for the database credentials. This seems like the settings are not persisting after a reboot.
Any thoughts/feedback would be much appreciated.
I'm wondering if it's Code Access Security preventing the file from being written?
If the sysadmin at trouble site has implemented group policy folder redirection, the user's local/roaming profile could be getting stored on a network fileshare. Code Access Security is fairly picky about letting code read/write to/from network resources.
I'm sorry that I don't have more details than this, and I didn't find any sure-fire hits on google, but searching for "code access security", "fulltrust" and any network/fileshare keywords you can think of may get you farther.