We have app data folder redirection group policy in place. We are moving back to local appdata which is currently redirected to network share. Also, the option to move the contents to new location in gpo is enabled. On many occasions the policy is failing due to content move with several reasons (256 character limit, permission issues, etc).
My question is lets say hypothetically disabling the move content to new location in GPO is not an option here. I am changing the registry HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders AppData to %userprofile%\AppData\Roaming on user’s laptop, getting the user to reboot the machine. After that, when user logs in, the GPO will now check the registry which is already set to local, it will not move the contents and successfully complete the policy. I have tested and it works.
This may not be right way of doing it, will there be any issues using this method going forward in terms of user’s app data location ?
Related
I have a two webservers, on each webserver in the C:\inetpub\logs\LogFiles I have created a symbolic link to the other servers log file folders, so essentially I can be logged in to one of the webservers and see the logs on both servers in one place. This works perfectly.
I am building a webpage to make the log files available via a webpage, the code simply goes to the C:\inetpub\logs\LogFiles directory and lists the files in each sub folder, i.e. W3SVC1 (the local folder) and webserver2-w3svc1 (the remote log folder).
For the local folders it works fine, but I am getting the "access denied" error when trying to call Directory.GetFiles on the symlinkd folder. I suspect this is some sort of permissions error, but I tried giving the symlinkd folder full permissions to "everyone" but I still get the same error.
Is this something to do with the fact that when I created the symlinkd I had to enter the username and password of the webserver2, and these credentials cannot be accessed/used by IIS when trying to get access to the folder?
Is there anything I can do allow IIS to access the contents of this symlinkd folder?
I don't think you need to use a symlink, you can create a virtual directory mapping to that directory in IIS, just map it to the target path. In IIS, right click on the website and select Add Virtual Directory.
For more information, please refer to this official document.
After much experimentation, the only way to do this is as follows:
Create a new user on the computer.
Run the AppPool in IIS under this new users' identity as opposed to the default IUSR account.
Give the folder you are sharing permissions to this user AND 'share' this folder with the new user.
I am trying to set up user profiles on a rhel 8 system for all users authenticated through a windows domain controller. I have set up the user accounts and configured the rhel 8 box as necessary for the user to login and display its credentials using sssd.conf. My issue begins with how to configure the user profiles without having to interact with the system every time.
The first of the two ways I would like to set up the user profiles is configuring gnome-tweaks. I would like to have the applications menu present and hold the classification banner at the top. I see how to modify these setting opening up gnome-tweaks on each user. I would like to somehow script and save these configurations so that when a new user logs in they all display the same menu items.
This brings me to my second issue. I created a script and added it to /etc/profile.d to copy files and create a folder so that my application menus looks the way I want after the gnome-tweaks changes. However, I'm running into an issue where the script only executes as root. So when root logs in, the script runs fine, the files get copies. When I log in as a different authenticated user, the script doesn't run. Could this have something to do with local vs domain accounts?
The file location I am coping to is the .local/share/applications folder and making a new folder in .config called menus and copying a file there as well. I created a script to do all of this, and I know it works when executed manually as a user, I need assistance on how to automate this executing for every new user.
I created the GPO and wanted to copy files to another computer.
(Computer Configuration > Preferences > Windows setting >Files)
The file is located on the server and shared.
The folder security permission details.
Action: Update
Source File: \\servername\test\copyfile.txt
Destination File: C:\test\copyfile.txt
Expected the file is copied,but there no file is copied.
The log is shown successful.
I searched this issue on Google and tried to follow their solutions but it still doesn't work.
Do domain computers (because you are using a computer configuration) have access to read that share? If the share is set to only allow user accounts, then the computer object can't read your file.
I have a website hosted on IIS and I created a virtual directory ("pictures") which physical path is "C:/mydir/mysubdir". Inside "mysubdir" there are many sub-directories (for example: "123", "456" and so on ) containing images that are shown on the website with a regular html tag.
Until now everything is working fine and images are shown, the problem occurs when the back-end application hosted on Tomcat installed on windows server and connected to IIS goes to create new sub-directory under the physical path, the images inside the new folder are not shown due to an Unauthorized access 401, the work around I'm doing is set share permission all the times the user is creating new sub-directories via webapp but you can understand that is not possible do this all the time, this must work alone.
I already set all read/write permission to the Administrator account, even shared the parent folder and set the inheritance but is not working.
The owner of the folder is different if create from tomcat (LOCAL USER instead of Administrator) and I don't know if this could be a problem.
Please help me to find a solution.
Thanks in advance.
You could try the below steps to resolve the issue:
1)select your folder under which the new subfolder is creating by another user.
2)Right-click on the target folder/file and select Properties.
3)Security → Advanced.
4)click on the add and add user application pool identity(IIS AppPool\ (eg: IIS AppPool\smartcrypt)), iis_iusrs, and iusr.
5)by clicking on show advance permission set full control. and in applies to make sure it set to this folder, subfolders, and files.
6)click on and apply the setting.
7)in application pool identity set one of these network services, local system or application pool identity.
I have to edit a website on local server. I use Windows Server 2012 and IIS. When I try to save a modified file I only get "access denied" error. Do I need to shut down the server before making changes and then restarting it or am I missing permissions for example in the wwwroot folder for IIS_IUSRS?
I have never used WS2012 or IIS before.
You cannot edit files directly in the wwwroot. You need to copy the file/folder out of inetpub to make your edits then paste it back into the wwwroot. This is by design I am afraid.
I was able to do edits directly in the wwwroot files by creating a local user account for myself on the server and giving it FULL access (I am also in the Administrators group - but that was not enough to make it work), then setting the user full access on the SHARE I use to get to the server (via UNC path). Allows edits directly to my live site.