I have created a Windows Server 12 VM on Azure platform. And I created Ftp server on IIS server in the VM. The Ftp server is publically accessible using all users accounts. Currently I have only admin user account. I am trying to create couple of more user accounts & Ftp servers and assign each user to specific Ftp server.
I tried to create user account via Control Panel\All Control Panel Items\Administrative Tools->Local Users and Group->New User, but it does not allow me to progress. It just throws unknown error.
Any idea over how shall I create new user account so that it can be publically used for Ftp service authentication?
I finally managed to create new user from Control Panel\All Control Panel Items\Administrative Tools->Local Users and Group->New User.
The unknown error was thrown because of password was not strong and entered invalid chars in Description, Full name textboxes. The error message from Win Server did not help at all.
Related
The site I need to configure on our IIS server (on Win 2019) uses a certificate to communicate with an external service.
The certificate is present in the certificates plugin in category personal and trusted.
It also uses a intermediate certificate.
The correct application pool has full permission on the certificate in /personal. Also the "network service" user.
The private certificate isn't exportable.
The SSL connection works when the application pool is configured with identity "LocalSystem" but it doesn't work with "ApplicationPoolIdentity".
Changing the "Load user profile" of the application pool from false to true doesn't change anything.
The site uses libraries written for it and is only used within the company.
Is using "LocalSystem" the only solution when using libraries?
You can try different user account in Application pool identity.
Built-in user account
Select this option to use one of the predefined security accounts. Then select one of the following accounts:
LocalSystem - The Local System account has all user rights, and it is
part of the Administrators group on the Web server. Whenever
possible, avoid using the Local System account because it presents a
serious security risk for your Web server.
LocalService - The Local Service account is a member of the Users
group and has the same user rights as the Network Service account,
but limited to the local computer. Use this account when the worker
process in your application pool does not require access outside the
Web server on which it runs.
NetworkService - By default, the Network Service account is selected.
It is a member of the Users group and has user rights that are
required to run applications. It can interact throughout an Active
Directory-based network by using the computer account's credentials.
This account provides the most security against an attack that might
try to take over the Web server.
ApplicationPoolIdentity - Starting with IIS 7, application pools can
be ran as the "ApplicationPoolIdentity" account instead of the
"NetworkService" account. This is a dedicated pseudo user account for
the working process of an application pool and is the recommended
pool identity.
Custom user account
Select this option to configure a custom user account for the application pool identity.
Custom user account
Select this option to configure a custom user account for the application pool identity.
Installed user account
You can configure an installed User Account under which you want the worker process to run.
Property-based user
You can dynamically choose a username and a password under which you want the worker process to run, by using references to Windows Installer properties. By using this option you can choose the way the password is selected:
Password property
The password is stored inside a property.
Predefined password
By selecting this option you can define you own password.
Note: If you use a custom identity, make sure that the user account you specify is a member of the IIS_IUSRS group on the Web server so that the account has proper access to resources. Additionally, when you use Windows and Kerberos authentication in your environment, you might need to register a Service Principle Name (SPN) with the domain controller (DC).
Currently, I am a server admin on an Azure SQL server. When I create an azure function app and connect to a database (on the server) I have to specify a sql connection string from the app. The connection string will use my username and password.
I want to change this so that the server admin is an active directory group (development group or something). Microsoft support told me I can not set a password to an active directory group. How do I create the connection string without a password? Or do I have to create an office 365 account with a development identity so I can set a development user and development password?
In Sql server management (ssms), the server admin is listed under the security directory. I have been using the server admin username and password to connect to the database from azure function apps.
Now I created a user called Development on ssms like this:
USE CompanyDatabase
CREATE LOGIN Development
WITH PASSWORD = 'password';
GO
I tried using the development login as parameters in my connection string and got this error:
Exception has been thrown by the target of an invocation. .Net SqlClient Data Provider: The server principal "Development" is not able to access the database
You have only created a LOGIN so far with the command that you mentioned.
Next step is to create the USER which will use this login and then assign some permissions to that user. I have given an example with db_datawriter, but you can choose something different like db_datareader or db_owner etc.
CREATE USER [Development] FROM LOGIN [Development]
EXEC sp_addrolemember 'db_datawriter', 'Development';
Also on a side note, Azure SQL Database supports contained database user model, where you don't need to create a server level login first and then a user based on it, instead you directly create a user which is contained only in that database. There are some pros and cons to using this model. You can get more information about it here -
https://learn.microsoft.com/en-us/sql/relational-databases/security/contained-database-users-making-your-database-portable?view=sql-server-2017
I had to change the admin password as it had expired via RDP. The server was working fine after the change.
Later I disconnected the session, and started it again, now we are getting the following error message:
An authentication error has occurred.
The Local Security Authority cannot be contacted
Remote computer: **.cloudapp.net
This same error keeps coming up even after 2 server restarts. The password is defiantly correct as typing a different password gives a "Password Incorrect" error.
There is no other way for us to access this server.
I found the answer here.
Your machine should still have a local administrator account (e.g. MachineName\Administrator), in which case you can login with the administrator account. In the RDP login prompt, you'll need to put the full user account (e.g., "MachineName\Administrator" where MachineName is your computer's name, otherwise it will default to "PreviousDomainUsed\Administrator").
This happened to me with an Azure VM because the domain administrator account I was using had an expired password and the Azure VMs enforce Network Level Authentication, which prevents you from changing the password through RDP. I was able to update the password by logging into the domain controller's VM, but the VM I couldn't log into didn't receive the update because the DNS settings were incorrect. I RDP'd into the faulty VM with the local administrator account, updated the DNS settings and ran "gpupdate" in a Powershell command prompt and everything began working again.
Hope this helps.
I had same issue with local admin account and specifying user account as "machine name\Administrator" still did not work. There was only local admin account in Azure VM so I needed to solve this issue for local admin account.
I could reset password for local admin account by following step then now I can log in to Azure VM by local admin account.
Open Azure Portal web site.
Click "Virtual Machine" then click virtual machine name which issue having in the list.
Dash board for selected virtual machine is shown. Then click "Reset Password".
Following screen is displayed so specify local admin account name nand password, then click Update.
This uses the VMAccess extension to reset the built-in administrator account and reset the Remote Desktop service configuration. Learn more
Mode
You can perform a password reset, which will also reset the Remote Desktop service configuration, or choose to reset the configuration only.
Reset password
User name:
If you provide a different user name, then the built-in administrator account with be renamed. Also, the account will be enabled if it's currently disabled. (The name of local admin account is shown as default)
Password
Confirm password
here is an answer if you need it yet.
http://social.technet.microsoft.com/wiki/contents/articles/18710.troubleshoot-azure-vm-by-attaching-os-disk-to-another-azure-vm.aspx
I installed TFS on a single W7 machine with a single user (me).
After creating a collection, I am unable to access it or to administer its security: It asks me for credentials. However, since I created the collection and there is only one user, I am stuck.
I am thinking it may fail because it's a single machine without domain (and therefore uses NTLM)
Has anyone been able to use TFS on a single non domain machine?
MSDN article says that it is a bit tricky to use TFS without domain, but possible:
Local user accounts must be created on
the Team Foundation server for all
users requiring access to the server.
Local user accounts must be added to
Team Foundation Server server-level
and project-level groups so that the
users are authorized on the Team
Foundation server. When connecting
from a Team Foundation client, such as
Team Explorer, in the workgroup, the
client user account credentials must
match those of the server, or the user
will be prompted for a user name and
password for an account on the Team
Foundation Server.
We have a service account defined for anonymous access which is used for several web sites hosted on the web server. This account has access to several network resources like report server, file servers and so on.
While deploying a new web site, we used the same service account for anonymous access. IIS takes the username/password for the account and then a dialog opens for confirm password.
Accidently, we gave a wrong password in both the text boxes, the new site with wrong password is working fine but all other previously hosted sites which were using the service account, started giving the unautorized access error.
Is it possible that when we entered wrong password for the new web site, the password of the account got reset and all sites stopped functioning?
If this was IIS5.x then yes it's possible that the password update you performed did indeed change the anonymous account password.
If this was IIS6 then there are a number of pre-conditions that must be met before changing the password in IIS manager changes the password for the anonymous account. This MS knowledgebase article covers this is detail:
IIS 6.0: HOW TO: Configure IIS to Control the Anonymous Password (MS KB:332167)
In IIS7 this capability was retired.