I am aware that using GPO we are able to disable the reveal password feature using the below option:
Computer Configuration\Administrative Templates\Windows Components\Credential User Interface
"Do not display the password reveal button" Select "Enabled" option.
I want to know if anyone has managed to do this using python.
According to your description, I think you can try to use python to add the corresponding registry key to achieve this requirement. It actually achieves the same effect as setting a group policy.
You could refer to Windows registry access, and add the registry key PasswordRevealEnabled under this path: HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Edge.When the PasswordRevealEnabled value is set to 1, it is enabled, and 0 is disabled. Also note that this policy only affects the browser password reveal button, it doesn't affect websites' custom reveal buttons.
Related
I have an Azure VM Windows 10 that is set to automatically launch and automatically shutdown on a specific schedule. This works fine, but as an aside was painfully hard to set up.
The VM is set to run tasks on a schedule through Windows Task Scheduler, however it appears that the user actually needs to be logged in for some of these tasks to run. Other solutions attempted to run the tasks whether the user is logged in or not do not work (for various reasons).
So, I would like to automatically login to the VM with my account each time the VM loads up. Is this possible and if so, how do you set this up?
Thanks!
Auto admin logon to the VM during start-up can be done by changing couple of registry setting. Refer to https://support.microsoft.com/en-us/help/324737/how-to-turn-on-automatic-logon-in-windows:
To use Registry Editor to turn on automatic logon, follow these steps:
Click Start, and then click Run.
In the Open box, type Regedit.exe, and then press Enter.
Locate the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon subkey in the registry.
Double-click the DefaultUserName entry, type your user name, and
then click OK.
Double-click the DefaultPassword entry, type your password, and then
click OK.
If the DefaultPassword value does not exist, it must be added. To
add the value, follow these steps:
-On the Edit menu, click New, and then point to String Value.
-Type DefaultPassword, and then press Enter.
-Double-click DefaultPassword.
-In the Edit String dialog, type your password and then click OK.
On the Edit menu, click New, and then point to String Value.
Type AutoAdminLogon, and then press Enter.
Double-click AutoAdminLogon.
In the Edit String dialog box, type 1 and then click OK.
If you have joined the computer to a domain, you should add the
DefaultDomainName value, and the data for the value should be set
as the fully qualified domain name (FQDN) of the domain, for
example contoso.com..
Exit Registry Editor.
Click Start, click Shutdown, and then type a reason in the Comment
text box.
Click OK to turn off your computer.
Restart your computer. You can now log on automatically.
This is a downloadable solution called Autologon provided by Microsoft that I found and implemented. It works just fine.
The details and download are available via this link:
https://learn.microsoft.com/en-us/sysinternals/downloads/autologon
Autologon enables you to easily configure Windows’ built-in autologon mechanism. Instead of waiting for a user to enter their name and password, Windows uses the credentials you enter with Autologon, which are encrypted in the Registry, to log on the specified user automatically.
[!WARNING] Although the password is encrypted in the registry as an LSA secret, a user with administrative rights can easily retrieve and decrypt it. (For more information see Protecting the Automatic Logon Password )
Autologon is easy enough to use. Just run autologon.exe, fill in the dialog, and hit Enable. The next time the system starts, Windows will try to use the entered credentials to log on the user at the console. Note that Autologon does not verify the submitted credentials, nor does it verify that the specified user account is allowed to log on to the computer.
To turn off auto-logon, hit Disable. Also, if the shift key is held down before the system performs an autologon, the autologon will be disabled for that logon. You can also pass the username, domain and password as command-line arguments:
autologon user domain password
Note: When Exchange Activesync password restrictions are in place, Windows will not process the autologon configuration.
In this GitLab docs https://docs.gitlab.com/ee/administration/housekeeping.html it has been mentioned that:
You can change how often this happens or turn it off:
On the top bar, select Menu > Admin. On the left sidebar, select Settings > Repository.
But when I open Menu but there is no Admin button. How can I add Admin button into Menu and also use it? Is it free to access using Admin option?
The admin menu is restricted to GitLab administrators. If you do not see an Admin button, this most likely means you are not a GitLab Administrator. If you are using gitlab.com, this is the case for pretty much all gitlab.com users.
If you are an admin, in modern versions of GitLab you should see the button at the bottom of the dropdown:
In older versions, the admin button is directly in the top bar.
If you are an admin on a self-hosted GitLab instance, you can also attempt to access the admin area directory directly at the path /admin. If you are logged in and get a 404, it means you are not an admin (or your instance has admin mode setting enabled).
Note that this documentation is under the "Administration" section, meaning this is intended for (self-managed) administrators only. The docs could probably also be updated to make this more clear:
Administrators can change how often this happens or turn it off:
I know this looks like a dumb question, but I just found out that, last month, something terrible happened to my GitLab instance: someone signed up on it and became admin himself, without my invitation, as I was the only administrator. So he wiped off every internal and/or private project inside of it, groups too (and I don't even know whether he had stolen all of them before erasing or not, I'm worried because they were proprietary code). How did it happen? Does this have anything to do with, since the version was CE-13.3.0? If so, would version upgrading be enough to be safer, or should I make some particular configurations, such as disabling sign up page?
It is best to follow "GitLab instance: security best practices", which does include indeed:
Ensure open sign-up is disabled on your instance.
Open registration is disabled by default on self-managed instances with GitLab 13.6 and above installed.
If new sign-up is enabled and your instance is open to the internet, anyone can sign up and access data.
Administrators who would like to further restrict access on their instance can follow our documentation on how to configure user access.
Regarding the CVE mentioned, follow also "Action needed by self-managed customers in response to CVE-2021-22205", in your case: "CVE-2021-22205: How to determine if a self-managed instance has been impacted" (unless the log events have been wiped out as well).
i have a shared access application, i created an accde file for 32-bit machine, when user open the application he/she getting a security warning
is there any way to disable this message from appearing to the users
thank you
You have to set their computer to be a trusted source. In order to get around this issue, you will need to create a Digital Certificate. Digital Certificates are good only on the computer they are created on, so if this database will be used on multiple computers then each one will have to create a Digital Certificate.
To do this, you will need to perform the following tasks:
Click on Start -> All Programs -> Microsoft Office -> Microsoft
Office Tools -> Digital Certificate For VBA Projects (If you don’t
have this, you will need to contact your IT Dept.)
Enter a Certificate Name. Make it obvious like MyProgramName and Click OK
Open the Access database which contains the security warning you want to bypass
Go into the Design View of any Module
Click on Tools -> Digital Signature
Choose your Digital Certificate you created in Step 2
Save and close the database
Re-Open the database. You will now be prompted with a different Security Warning that states the file has been digitally signed.
Check off the “Always trust files from this publisher…” box and click the Open button
All subsequent times you enter this database, you will not be prompted with a security warning.
Note - I wrote the above for our company based on Office 2003. If you're using a more recent version, the instructions may vary somewhat.
other way is following:
click on file and then options
click on trust center and then trust center settings on the right
then click on trusted locations and add new location
browse for the location and save.
that's it.. done.. now no more warnings..
That is a standard warning to indicate the file you are opening has web links and macros.
If you trust the file, just say OK or “Allow”
You can control if this message is displayed: Office button > Excel Options button > Trust Center > Trust Center Settings button (I have no idea why they have this extra button, DUMB DESIGN! )
More Information can be found here
I have an Access database that processes other Access databases. I get OP's error when connecting to one of the other Access databases. To fix the issues, I opened the other Access database and clicked Enabled Content. Then, the Access database is trusted and OP's error doesn't occur when connecting to that Access database from another Access database.
You can create a registry key that will add the directory as a trusted location and will not show the warning anymore. What's nice about this method is that you can easily automate this to happen on the computers where you deploy your app. See method #2 or #3 in this blog: http://www.accessrepairnrecovery.com/blog/fix-microsoft-access-security-notice
And in case the blogs ever gets removed, here is the important bits:
[HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Access\Security\Trusted Locations\Location20] “Path”=”C:\Database\”
“Description”=”My Database location”
Explanation about the key:
– The number “14.0” is the version of MS Office. You can change the numbers that represent the version you are executing.
– The “Location20” is a unique name that you assign. 20 can be any number that is not previously used. Other programs include default MS Access wizards, already have used other numbers. But if you want to make more than one path as trusted location, then each location must end up with different number.
– The “C:\Database\” is the physical path that you want to set to be as Trusted Location. You can place any path that you choose here.
By copy and pasting the above coding into a text file and save it with a name such as RemoveSecurityWarning.reg, you can then run the file into your PC’s registry just by making double click on the file.
The best way is to add the location of the document or the document itself to the Trusted Locations in Registry (if you use only Access runtime on client machines, there is no way to add it through the Office application, like you would do in Excel).
Here is the answer:
Adding Trusted Location to Access Run Time
You would need to create a new Location key and add the necessary Path (and Description) strings inside with the appropriate location of your file. This way the nag dialog will be gone and you won't need to worry about certificates.
Shared may mean it is located on a network share. It is not advisable to add a network location to the Trusted locations and you would need to set the additional flag AllowNetworkLocations to 1. I would advise you to copy the Access modules to the user computers, which would also make things better with the speed I believe.
If anybody else have this problem, it happened to me, with a shared file on a network environment, and the simplest solution was to install Microsoft Office service pack 2, even better is having automatic updates for Office turned on. You can find it here.
On the "My site" feature of Sharepoint there is a "memberships" Web part that shows the distribution list that the user is a member of.
This is picking up several groups that we would rather not be shown e.g. some that have been set up for administrative purposes only.
Is there any way to control which groups are shown; ideally this would be using another AD group and setting that only members of this group are shown.
I'm fairly sure this won't be possible without a custom web part that is deployed instead of the official part. The reason the Exchange solution doesn't work is because it's going the wrong way (from group to member instead of member to group).
To deploy it you can look at feature stapling... you would need to update the existing sites as well.
This is not an easy answer. I don't believe there is an easy answer.
The best solution would be to set a Deny Access Right for the distribution lists in Active Directory; follow these steps:
1) Open Active Directory Users & Computers as an admin (any user with access to creating groups and modify distribution list security settings).
2) Go to the View menu and make sure that there's a check-box next to Advanced Features.
Create a new security group in Active Directory (call it HideFromSharePoint or something) and add the SharePoint Content Access account (in my case DOMAIN\sa_spcontent) to that group (has to match the account used in step 4).
3) For all of the distribution lists that you don't want to show up in SharePoint do the following:
3a) Open the distribution list and select the Security tab (Advanced Features must be checked for this tab to be shown).
3b) Click on Add and type in the name of the security group that you created in step 3 (HideFromSharePoint); click Check Names and click Ok.
3c) Under Permissions for HideFromSharePoint; check the Deny box next to Read (it's set to Allow by default) and click Ok and Ok again at the prompt.
You've just denied any members of the HideFromSharePoint group read access to the distribution list.
4) Go to SharePoint Central Administration; SharedServices1; User Profiles and Properties; Configure Profile Import and under Specify Account enter the credentials of the account that you added to the HideFromSharePoint-group in step 3. (For some reason if you leave this to using the Default Content Access account SharePoint will use some other account to access Active Directory and thereby being allowed access to the distribution lists. You could experiment with adding other SharePoint service accounts to the HideFromSharePoint group but I think it's safer to specify an account explicitly so that you know which account is accessing AD and importing the data.) Also make sure the "Import Connection" for your Active Directory is set to "Use Default Account" (thereby "inheriting" the account used for Profile Imports).
5) Go to SharePoint Central Administration; SharedServices1; User Profiles and Properties and click on Start full import. (You can't do an incremental import because nothing has changed for the users in terms of group membership; it's just the access rights that have changed.) After completion of the full import (click Refresh until "Import time:" says "Started full import at 11/25/2009 ##:## AM - Ended import at 11/25/2009 ##:## AM")
The distribution lists should now no longer show up under Memberships.
A couple of things to note:
You have to set the Deny Access Right explicitly and individually on all of the distribution lists that you don't want showing up in SharePoint. That's because the special AD-group "Authenticated Users" has read access to every object in the directory by default and explicit Allow Access Rights trump Deny Access Rights set (for example) at the organizational unit level.
While you could skip the step of setting up the HideFromSharePoint-group and set the Deny Access Right directory for the SharePoint Content Access account Active Directory administration best practices is to use a group when configuring security permissions. (Then you can add additional members to that group and have those denied read access too.)
You might have to wait a while (5+ minutes or so) between setting the the Deny Access Rights for the changes to replicate to all of you domain controllers. Otherwise the import might read from a domain controller where the Deny hasn't yet come into effect.
Be careful adding any other accounts to the HideFromSharePoint-group because this might break your distribution lists. For example; if Exchange can't read the groups mail won't work. As long as you just add the SharePoint Content Access Account you're safe.
Also (and this has nothing to do with SharePoint or the solution above) be aware that any user in your domain can fire up ADUC or a LDAP tool and see the members of your distribution lists that way. If you have anything "Top Secret" you need to experiment further with setting access controls in Active Directory.
I assume that your "memberships" web part is using the SharePoint people picker functionality internally.
If that's the case, then the following stsadm command should help you scope your AD lookup the way you want it:
stsadm -o setsiteuseraccountdirectorypath -path <name of OU> -url <URL name>
You could try editing the Distribution List on the Exchange Advanced tab, selecting the "Hide group from Exchange Address lists" check box.
I have not tested this but in theory it would stop the Distribution List from appearing the the list of groups.
Easy fix: add a JavaScript to the page on which those appear that targets and then hides the specific items by applying a CSS style.
I don't have an exact answer, but here's how I would think through the problem. Perhaps you have already answered some of these questions, but it might help to go through them again. I would look at the questions in the following order:
Is there an option in Active Directory to hide a group from SharePoint? (sounds like no)
Is there an option in SharePoint administration (either through stsadm or the actual administration site) to exclude certain users or groups in AD from SharePoint?
Is there a way to configure the web part to exclude certain users or groups from the web part itself?
Is the source code to the web part available such that you can compile the web part to exclude certain groups in the list?
Can you use javascript (as Josh mentioned) in conjunction with the webpart to hide the Distribution Lists from the webpart? (Here's a site with an example of how to use JavaScript to Hide SharePoint's Quick-Launch bar. Maybe that will help).
Those questions are in order from the widest scope and easiest to implement to the narrowest scope that is more difficult to implement. Obviously, you'd like to implement a solution that is easiest to implement, but perhaps you find yourself farther down in the list.
In the last two examples, the solution may appear quite complex, but you may be able to write code that references an XML file of sites to exclude. That way, if your list of Distribution Lists changes, all you have to do is edit the XML file and not edit the source code (of either the javascript or the webpart).
If there's not a simple solution, you'd have to make the painful choice of either 1) letting the problem remain or 2) implementing a hack that adds a dependency to your solution.
I think Distribution Groups that aren't security enabled don't show up in SharePoint. Have you checked AD to see if these groups are security enabled? This may be only for permissions purposes, so I could be wrong.
You will probably need to do a profile import before you see any changes.
You can turn off Distribution Lists entirely, which is what we are doing at my company. This is done by going to the Profile Services Policies in the SSP and disabling the Distribution List feature.
Now if you want to pick and choose the Distribution Lists, it's not that simple, but hopefully this will help someone.