Allow a TFS 210 User to Change Their Password - passwords

We work with a group of contractors that need access to our TFS 2010 server. I've got Active Directory running for our office, so every user has an AD account. Is there a way the TFS users can change their passwords through TFS? I've changed passwords before by having users RDP into computers and changing their account information there, but I'd rather not give the contractors RDP access (they just don't need it).
I tried selecting "user mush change password at next login", but TFS seems not to respond to that.
The only login vehicle the contractors use is TFS.
Thanks

That's correct, TFS doesn't provide a mechanism to change passwords. Your users will need to use some integration to Active Directory to change their password. It needn't necessarily be through an RDP session, as long as they can hit Active Directory's LDAP server, you should be able to allow this.
IIS ships with a tool called IISADMPWD that lets users change their password over the web.
In addition, you can build your own tool to change the password, like other people have done in PowerShell or perl. In addition, there appear to be various commercial tools to enable this.

Related

Change TFSService password

We would like to change the password for our TFSService account. This is the domain account that was used install TFS and has several Windows services running under it.
I did review the link below on changing the TFS service password. Is it as simple as updating the password in Active Directory and then using the TFS administration console to update the account password? Are both steps above required? Are there any additional tasks required?
https://learn.microsoft.com/en-us/tfs/server/admin/change-service-account-password
thanks
Yes, it should just be that.
As with any production environment, there may things in your setup strangers on the internet are not aware of, so it would be best to test this process on a non-production copy if possible first.
Although I know setting up a non-production copy of TFS will end up probably end up running on a different domain.

Protect VPS,WHM,cPanel

Please guys help me, I want prevent my old developer from access to my VPS,WHM and cPanel what I should do. I don't want to lose my work.
I saw there is password for Virtuozzo Power Panel, WHM and cPanel there is my thing i need to change it.
like how I know if he have SSH access or not. or any recovery can he recover the passwords
If you have given Password, SSH and FTP access to your developer you can consider doing the following:
Change your WHM's root password
Change all of your cPanel accounts' passwords (or those that your
developer had access to, if he had access to the whole WHM - you
might want to change all passwords)
Make sure there aren't any authorized SSH keys for the root user.
This can be seen through WHM's interface, docs here
Make sure there aren't any authized SSH keys for any cPanel user as
well. This can be done through each cPanel account's SSH Access
tool
Check all cPanel accounts for unauthorized FTP accounts.
You can also take a look at the cron jobs that are running as well.
Ultimatively you should also consider looking for any backdoors that
might be present in the scripts that your developer was working on.

Can SSMS use Azure Keyvault

Is it possible to get SQL Server Management studio to use Azure Keyvault to get the connection parameters (server and credentials)?
I've created a key vault, added username and password secrets, now I'd like SSMS to go and get those values so the user never knows them.
I fear the short answer is no but there might be a better way of doing this than using a KeyVault.
I think the solution would be to add the user to the database as an Azure Active Directory user. There are instructions here Add Azure Active Directory User to Azure SQL Database
Go to the SQL server, select Active Directory Admin in the Settings
section
Click Set Admin and choose a user (I'm assuming you if you're setting
all of this up)
Click Save. I forgot this bit first time round.
Now you can sign in to the database with Azure Active Directory -
Password or Azure Active Directory - Universal with MFA
Right click on System Databases/master and create a new query
Run CREATE USER [a.name#example.com] FROM EXTERNAL PROVIDER;
And the user will be added to the database. I'm assuming that you'll still need to set permissions and the like but I think this would give you a simpler solution with more control over what people can do.
Your users might find Azure Data Studio even easier.
https://learn.microsoft.com/en-us/sql/azure-data-studio/download-azure-data-studio?view=sql-server-ver15
This has an Azure section where you can log in with your Azure credentials. Once signed in you can at least discover resources on your Azure subscription and if your account has been granted access as above it's then possible to run queries without any further authentication.

Granular access control for MediaWiki with LDAP

My company has a MediaWiki setup which we are looking to make [partially] client accessible. Ideally each client would be able to see only their own page. Our wiki requires the user to be logged into view or edit, and we have the LDAP plugin (This one, specifically) so we can use our Active Directory credentials.
I see this question has come up before a few years ago, but I didn't see an question dealing with LDAP in particular. Can we manage a specific AD account if we give clients one on our domain for this purpose? Alternatively, is there a way to give clients a login directly into the wiki (sort of like logging locally into the computer, instead of the domain), that we could control the access rights of?
For reference: we are on MediaWiki version 1.19.1, PHP version 5.3.15, MySQL version 5.0.96-winx64, and the installation is running on Windows Server 2008 R2 x64 (IIS 7.5).
Thanks very much for the help!
You can use local accounts in addition to the LDAP accounts to log users in. You have to set $wgLDAPUseLocal to true in your LocalSettings.php. Basically, it adds another option to the domain drop down box on the login form that says "local". Users that want to log in with a local wiki account use that. I would also disable account creation on the wiki and create accounts manually for your clients.
Regardless of whether you use local accounts or AD accounts, for page-level access control, you would have to use one of these extensions. Extension:AccessControl seems to be a popular one.

Application/User Settings with Roaming Profiles

Hi Guys any help would be much appreciated.
We have an application that’s installed at several locations but we are having an issue at one particular site. In short the application settings (My.) are not being saved after a reboot. The application is build in VB.Net v3.5 Framework and we are not experiencing any issues elsewhere.
This particular site is using roaming profiles and the network administrator ensures us that the correct permissions are applied to the user account(s) and all application data is being saved to the server. I’ve asked the network admin to check for the existence of the user settings file user.config in the Application Data directory and he says it doesn’t exist.
In our application we store the connection string to the database in the application settings under the user scope. If no connection string is present or if one is present and a connection to the database cannot be made then a form is shown asking the user for the database credentials. Each morning when the users boot the machine and opens the application for the first time they are asked for these credentials but if they close the application and restart it they are not asked for them. This indicates to us that the settings are being saved but once the pc is rebooted and the application is opened for the first time they are asked for the database credentials. This seems like the settings are not persisting after a reboot.
Any thoughts/feedback would be much appreciated.
I'm wondering if it's Code Access Security preventing the file from being written?
If the sysadmin at trouble site has implemented group policy folder redirection, the user's local/roaming profile could be getting stored on a network fileshare. Code Access Security is fairly picky about letting code read/write to/from network resources.
I'm sorry that I don't have more details than this, and I didn't find any sure-fire hits on google, but searching for "code access security", "fulltrust" and any network/fileshare keywords you can think of may get you farther.