I'm logged in with the Perforce viewer client on my MacBook Pro, and I keep getting this popup that says:
You don't have permission to execute the "P4 change -o" command
This happens ever 5 minutes or so. How do I turn this off?
The P4V client program will run certain commands as needed. It is possible that your workspace specification could have something mapped in it that you do not have sufficient permissions to run this command on. You can see what permissions are required for certain commands in the Server Administrator's Guide: http://www.perforce.com/perforce/doc.current/manuals/p4sag/chapter.protections.html#DB5-35217 (the change command requires "open" access level).
You may wish to check with your server administrator to check what you do have access to and look at the client workspace mapping to see if there might be something mapped there that your user does not have sufficient permission to access.
Related
I am using the Limited edition and in my installer I have a custom action where I open a cmd.exe and passing a batch file for executing.
The cmd is executing but its not in the elevated permission. I need to execute this in elevated permission since my batch file has operations which needs admin privilege.
I tried many options and the screen shots attached describes what I have done.
Let me know if this is possible with Limited Edition. I am installing in windows 10 machine.
the whole "Elevetad privilege" thing changed a lot during the lasts years.
if I were you, I'd put the schema to version 500 (the last one)
you'll might wan't to double check that your batch file is correctly found, as properties in system context can be unavailable. (use /k so the cmd prompt will not close and you'll be able to see the result of your batch file.)
also if the UAC is disabled on the client machine the user won't have the right to elevate your installer so setting the Require Administrative privilege won't change anything.
in order to be sure, you'll might wan't to use a install condition validating the Privileged property.
When working on a project that uses IIS (not IIS Express) for local development, what permissions are actually required under window 8? I don't want to run as admin all the time...the first error message I get when running using the Local User Account (LUA) was about Metabase (probably a misnomer, as changing the permissions on that gave the same error message until the config files in inetsrv/config were also available). Now it builds, but then gives an error message "Unable to start debugging on web server. IIS does not list a web site that matches the launched URL".
The blog https://blogs.msdn.microsoft.com/jaredpar/2005/02/04/myth-creating-web-applications-with-visual-studio-requires-admin-privileges/ while old, at least hints that it should be possible to manually give myself (or a group that I create) the right permissions. Just need to figure out what those permissions are...
To run VS against IIS you need to run VS elevated (the process needs admin permissions).
From a non-admin account you could run VS "As Administrator", you will also need to do this with the tools necessary to configure IIS.
However I've never tried that, rather I run with a non-elevated admin account so any file changes from within an elevated VS are fully accessible to non-elevated processes.
Additional: note, VS really only needs the Debug Any Process privilege, but giving that one privilege gives the ability to gain all others (with some effort) going through the work to limit the VS process to just that one difference seems pointless.
I'm trying to programmatically copy major folders from C: to E:, for the purpose of automatically backing these folders up. It seems to me, as Administrator, I should have full access like root does on Linux, especially for only reading files.
This makes no sense to me. I'm logged in as Administrator, I run powershell as administrator, and I even went to the Control Panel and moved the UAC slider thing all the way down.
So why am I getting access/permissions errors when trying to copy C:\Users or 'C:\Program Files'?
This will get migrated hopefully, but the answer is that Windows is not like Linux. The Administrator account is not like the root account. It does not, by default, have various rights unless you do the equivalent of a sudo, which is to run the prompt at an elevated rights. Right click on your powershell prompt and choose Run as Administrator.
Dragging the UAC slider down does not turn off UAC, it just turns off the UAC warnings when something wants elevation.
I am having a huge problem with the eventlog on my server. Right let me first of all explain the setup.
I have a domain setup with 2 computers
One computer is running IIS the other is a workstation. The IIS is running Win2k3 the workstation Win XP.
The IIS computer is hosting a website which uses Windows Impersonation and tries to log an entry to the eventlog for a custom log file called MyApp and a custom event source MySource
I have a domain user called MyUser who is just a member of Domain Users.
Single Sign On is working 100% because I can write out the logged in user to the page fine.
When I visit the IIS page from the workstation I get one of the following messages (sometimes I get the first sometimes the second)
1) The handle is invalid
2) Cannot open log for source 'MySource'. You may not have write access.
So to try and fix this I have tried all of the following:
Granted the Everyone user FullControl to C:\windows\system32\config\MyApp.evt file
Granted the everyone user FullControl to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog
In the key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\MyApp\CustomSD I appended the following string (A;;0x0002;;;AU), (the reason for this can be read here http://fgheysels.blogspot.com/2008/01/cannot-open-log-for-source-0-on-windows.html)
I am now totally out of ideas of how to fix this. Has anyone else come across this and have you tried anything else.
The error, as you seem to have found already, relates to writing to event sources or creating them. I would suggest you try the following.
You did not indicate if the event source exists in the registry or weather the .evt files ware created by the system or if you put them on the machine, so it is hard to determine at which point you are stuck.
You also did not mention if this works on some developer's machine, in which case you can compare the registries and even create the keys manually if you have to.
Have a look under ...\Eventlog if a key for your log has been created (MyApp?).
Have a look in HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\MyApp.
There should be a key called Sources. Does your source appear in here?
If these entries do not exist the error is that your user does not have permissions to create the custom log and source.
In the error message it should indicate a ThreadIdentity parameter, which should indicate which user account it is attempting to use to do this. You can also open the permissions to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog and query the "Effective Permissions" for this particular user to ensure it effectively really has full control.
Try granting full control to the entire directory C:\windows\system32\config\ and not just the .evt file as the system needs to create some additional files here as well.
Lastly you can try and enable anonymous access to the website and run it as the machine/Domain administrator user once so all the keys get created before setting it back to the way you like it. You could also try enabling impersonation in the web.config file to ensure that it is not running without a windows identity. These ones you should all be able to undo once the correct keys and files have been created.
Let us know what you find after this and we can take it further.
Well after many hrs of trying to solve this I appear to have a solution which works.
First of all I had to allow the Authenticated Users group write access to the event log. I advice you backup your registry before continuing.
Run regedit
Browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog
Open the subkey which matches the EventLog you are writing to (so I will pick Application)
On the right you will see the registry strings, locate one called CustomSD
Right click and modify it.
Append to the end (A;;0x2;;;AU) (I will explain this later)
Save the changes (I don't know if you need to reboot or not)
So that will mean Authenticated Users can write to the Application event log. I needed to apply one more change.
Open the Domain GPO or local computer GPO
Navigate to Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights > Assignments > Manage auditing and security log
Go to its Properties window
Select Define these policy settings
Add the Administrator group
Add the Authenticated Users group
Save and do a gpupdate /force for the affected computer.
That is the only way I could get it to allow my website users to write to the event log.
I mentioned in part 1 step 6 I would explain the string we added. Please see this page for more details http://support.microsoft.com/kb/323076
To debug some code, I would like to view the Windows event log of a remote machine (target is Windows2003). With mmc.exe I can add the event log for a remote machine, but only if I have sufficient permissions. For this remote machine, they do not want to give me permissions to log in remotely (or admin privileges for that matter). Is there a specific permission I can be given to view the event log and not much else?
On newer Windows versions (Windows 7, Windows Server 2008...) you can simply add the corresponding account to the built-in group Event Log Readers.
Source: Jane Lewis's Weblog on TechNet, Giving Non Administrators permission to read Event Logs Windows 2003 and Windows 2008
This source also describes an alternative if you need more fine-grained control.
(The OP asked for Windows 2003, where this method doesn't work, but as Windows Server 2003 is no longer supported, people might be interested in this method.)
For the security log, users need the privilege "Manage auditing and security log"
For the system and applciation logs you should be able to read them as just a guest unless they have set the RestrictGuestAZccess value under the following registry keys:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\System
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\Application
One Option is to get a local ID that is on the remote local admin group.
Next, from your system, map to a drive on the remote server using the new remote local ID.
Create a new MMC from the Windows Run start menu - by typing in MMC /a
Add the EventView Snap-in
When it prompts you for local or remote server - put in the Host name of the server that you mapped to.
Tip: Windows uses established secure connection - if it can. Hence the map a drive trick work VERY well.
Please Note: I use this trick with WMI query(s) - hence the query never fails do to a timeout issue.
Joshua Flanagan outlined a process to delegate rights through modifying the security descriptor of the event logs.
Please add the domain user (without admin rights) to the "Event Log Readers" group on the target server. Then, from the source server, you can use the standard user credentials to access and read the event logs on the target.
If you could enable web access to the server then you could use an eventlog viewer page that I published a while ago. This would allow the administrators to run the website with just enough permissions to see the eventlog without granting you an account to login...