Application installed using NSIS should accessed by all users - nsis

I have my application uses Sql server database. I have created installer installs sql server and application and also created database on that server.
I need to do
on one system multiple users should access same application by different logins.
how to do that?
sql server also installed for all users.

You need to use the AccessControl plugin to grant access:
AccessControl::GrantOnFile "$instdir\database.db" "(S-1-5-32-545)" "GenericRead + GenericWrite" ; S-1-5-32-545 is BUILTIN\Users. Access rights could also be FullAccess etc

Related

Use Azure data sync with localdb

B"H
How can I use Azure Data Sync with localdb?
Please note: I am not asking about using it with a "Local Database" as in an on-prem database. I am speaking specifically about the technology (particular Sql Server Edition) known as localdb. As in (localdb)\MSSQLLocalDB.
The issue is adding the localdb instance to SQL Data Sync Agent. The agent must be run under an entity (windows login) that has permission to run as a service. It can not be run using a windows live identity which is what the users are usually logged in as. Yet it also needs to have permissions to the database in localdb.
Use Case:
I have a central database running in Azure. With multiple users with laptops and limited internet connection, running local apps (some built in Access). Connecting directly from the apps to Azure is too slow or otherwise impractical. Therefore I install the lightweight localdb as a cache for the users data. Which will be merged using Azure Data Sync.
I am currently using a solution built directly on Microsoft Sync Framework. However there is a maintenance overhead on that solution. So I would like to migrate to the Microsoft maintained Azure Data Sync.
Thank you
B"H
Ok, it was actually a silly mistake.
You actually can run the SQL Data Sync Agent using a windows live identity. You just need to use the local user name. Which is the name of the folder for that user in the Users folder. You must also use the name of the computer in the format MyComputer\localUserName.
Once I was running the SQL Data Sync Agent under the currently logged in user - who also has access to the DB - everything else ran smoothly.

How to configure Azure AAD Connect to synch with OpenLDAP

I am trying to set up AAD Connect to synchronise our in-house LDAP user directory with the Azure AAD. Documentation says to use AAD Connect, and that while Microsoft would (of course) prefer you have Active Directory locally to link to, it should also work with an SQL or LDAP backend, though the only instructions I can find are a year out of date. In any case, we are a linux house and do not have AD internally.
Possibly I need an older version of AAD Connect (1.1.649?) but am unable to find this anywhere.
Does anyone have any instructions on how we can configure AAD Connect to work with anything but a local Active Directory?
I have seen this blog posting, but it does not match the current AD Connect software. https://blog.kloud.com.au/2017/11/03/generic-ldap-connector-for-azure-ad-connect/
There is a trick to doing this.
Install local Active Directory
Install AADConnect linking to local AD and Azure AD
When install has completed, run the ADConnect Synchronisation Service (UIShell) configuration app
This then allows you to define an LDAP connector, and remove the unnecessary local AD one
Now you need to define rules using the Synchronisation Rules Editor to trigger updates, creates or deletes
Now you need to set up profiles in the Synchronisation Service for Full Import and for Sync on each source.
This is not trivial but there is more information here: https://learn.microsoft.com/en-us/microsoft-identity-manager/reference/microsoft-identity-manager-2016-connector-genericldap
Don't run the install wizard as it only allows you to configure replication to a local AD, which is pointless as you can set up federation in this case.
An alternative, now available, is to install the AAD Domain Services object in Azure. This is, in effect, AD+ADConnect in a managed box, and will give you an LDAP endpoint to AD. You can then use LDAP replication of some sort to synchronise this with your local LDAP, or else use it directly for authnz.
Drawbacks are that is is, of course AD LDAP and has a strange structure; and the LDAP password synch only happens when the passwords are updated in AAD. And you cant extend the schema locally. However it may be enough if authentication and groups are all that is required.

Elevate corporate network write access privileges within application as required

We have customer project files on a network drive. Most users do not have write access privileges within some of the directories. I have been tasked with finding a way to allow them to create directories and files programmatically through a user front end we have developed without allowing them to manually make changes by going to the directory in windows explorer. Most of these users do not have local admin rights, nor would that change their network admin privileges.
This is in a .net programming environment.
I see numerous examples for elevating local rights, but none for elevating network rights.
Some options:
-elevate the privileges within the application.
-run an application on the/a server where the server has the necessary rights and performs the necessary task(s).
-create a windows service application that will run on the server with a listener that will receive requests and perform the necessary task(s).
The second two options would require significant hoops to jump through as my company has a very strict IM security policy. The first option would be ideal, but I am not sure it is possible. I'm not sure the second option is possible either for that matter.
Any thoughts or input would be very much appreciated.
Use Impersonation.
RE: How do you do Impersonation in .NET?
Just make sure the credentials you are using for Impersonation have rights to the folders as necessary. You can use domain or local on the file server credentials as necessary.

EF 4.1 CF + Azure: CREATE DATABASE permission denied in database 'master'

I have an ASP.NET WebForms application which uses EF 4.1 Codefirst.
Running my application the first time creates a new database, tables etc.
Everything has been working fine so far.
But after adding my application as a WebRole to an Azure Project I got an error message when I first hit the database (CREATE DATABASE permission denied in database 'master').
Obviously it makes a difference if I start my application inside the VS Development Webserver or inside the Azure Emulator.
Here is some additional information which I believe could be relevant:
The database does NOT exist when I run the application
Visual Studio 2010 run as Administrator
Trust level of my web role: Full trust
SQL Server service (MS SQL 2008 R2 Express) is up and running
The connection string in my web.config looks like this:
<add name="dbContext" connectionString="server=(local)\SQLEXPRESS;database=myDB;Integrated Security=True;MultipleActiveResultSets=True" providerName="System.Data.SqlClient" />
I also tried using a real user instead of "integrated security". And that user had all possible database roles assigned, including sysadmin, serveradmin etc.
How I can I grant the necessary permissions to my application in order to allow creating a database while running inside the Azure emulator?
Thanks so much for your help!
Azure emulator runs with the credentials of "Network Service" account. You need to add credentials for "Network Service" account on master database.

Sharepoint content database user

Somebody knows how to change the user account and authentication method sharepoint uses to connect to its content database?
It is now setup to connect using Windows Integrated Authentication but I want to change that to a local user account.
Is it even possible to do this?
Thanks in advance
SharePoint supports both types of authentication in SQL Server:
Windows authentication (the default and preferred choice) - windows credentials are used to authenticate against the SQL server. SharePoint uses IIS which runs sites in an application pool worker process. You can change the credentials for a Web application pool here:
Central Administration > Operations > Service Accounts
SQL authentication - a username/password combination is created and stored in SQL server. When you create a content database you can choose SQL authentication and then provide the username/password (which you have already created in SQL). If you want to change the auth type of an existing database, you can detach it by checking the remove option on the database settings page (it removes the database from SharePoint but does not delete the actual data). Then you can re-attach the existing database and choose a different auth type. You can manage content databases here:
Central Administration > Application Management > Content Databases
you can do it by extending webapplication
The below links will helps you
http://weblog.vb-tech.com/nick/archive/2006/06/14/1617.aspx
http://www.codeproject.com/KB/sharepoint/moss_enableforms.aspx

Resources