I came across a fun problem today. Basically, we have thousands of subscriptions setup under a few users to dump a report into a directory on a monthly basis. One of these users was moved to a different role/department, and her credentials no longer have access to the folder where they were being dumped. So, I think the easiest solution would be to switch all of her subscriptions over to one of the other users who still has access to the folders.
I already know how to update the Owner. What I need to know is how to change the credential username. It is one of the pieces of the ExtensionSettings in the Subscription table, but it appears to be encrypted. I already have a script that will update the credential password based on the credential username, so I would think there would be a way to update the credential username based on the owner.
I was able to get this taken care of by writing a powershell script that works with the actual ExtensionSettings objects. It's ugly, so I'm not going to post it in fear that someone would inadvertently crash their BI in using it.
Related
I've downloaded the starter pack and performed all steps as mentioned in the tutorial. I can create accounts but if I log out and want to sign in again I always get the error invalid username or password. Can anyone share any pointers as debugging this is nearly impossible.
I've created several accounts already just to be sure the password was ok.
I've created the keycontainers
I've created the two applications that are needed in the custom policies (web app and native)
I've updated the extension file with the correct id's
yeah if you dont get your client IDS correct you cant log in and then it constantly reports as invalid credentials.
Double check that you are writing the object ids correctly.
On our intranet, I want to provide a website that certain employees can access. The work they do on the site will be recorded and tagged with their user-name for identification if the need should arise. Of course users have already logged in to their workstation and they have supplied credentials to our Active Directory.
Rather than maintain an additional set of user logins and passwords for the website, and forcing users to enter this second set of credentials, I am wondering if they can just be silently authenticated when they pull up the site? Somehow the webpage would have to find out their Active Directory user name as known on their workstation. (I see no reason it would need their password.) And then, for their work, the website can store their actions tagged with their user name.
So: I'd log in to my workstation as "Mark" in domain "ONU-AD". I'd pull up the webpage "resolveticket.php". That page would not challenge me for credentials, but it can access my username and store that with my various actions.
NOTE: I have seen some questions and answers here that were more specific. But my initial question is general: is there a piece of tech that can help with this? What is it? (for example, should I try to do this with Java?) Many similar questions are about ways to get this information in a server-side script. But I am simply wanting the webpage sitting on the client computer to be able to get the user name and perhaps place it in an input (type="hidden") on a web form.
I have little problem. In my application users are auth via Azure AD and his user profil is in DocumentDB.
When Administrator delete user profile I need to force log out the deleted user.
How to do it? Delete action deleting ad and documentdb entry.
Based on the description, you want to sign-out the users after the administrator delete the users profile from documentDB.
If I understood correctly, it is more likely building a real time application that nofify the specific client when the delete action is performed. I am trying to explain it using a figure below:
And for building the real time application, we can use the SignalR. And you can refer more detail about it from links here.
And another solution for prevent the deleted users to access the proteced resrouces, you can check it before the users access the resources.
I'm trying to secure an MS Access 2003 mdb using the workgroup security. I've got most of it set up (using a new MDW etc), but I can't stop people creating new tables in the database, if they've got access to open it. Am I missing something?
None of the accounts have any permissions allowed, I'm doing it all through groups.
Users only have Open\Run access to the database, no access to <New Tables/Queries> and only "Read Data" access on all the other tables, including the MSys* tables.
Any thoughts or am I trying to do the impossible?
--Update--
I've tried using the wizard as suggested, but that still leaves me with the same problem. I created a blank database & ran the wizard on it. Assigned 2 users, Me & User, and removed all access to the standard groups. I added Me into the Admin group & User to the Read Only group.
Not using the MDW denies access, as expected. Logging in as Me allows full access (Design things, add data, delete data, etc), logging in as User will allow read data inexisting tables, but not add data or design them (as expected), but it will still allow creation of a new table, which User will then have full access to add, delete etc.
So, over a year after posting this question, I have another go at solving it, but his time with success!
I came across the Microsoft Accesss Permissions Explorer and this showed that the standard ways of securing the database, both manually and using the wizard still give the Users group explicit Create permsissions on the Tabes Container. This same software also allows the revoking of said permissions, so now I can have a fully secured database, where any user can access the mdb without using a special MDB, but they are only able to access and edit the data I want them to.
Can your users use the runtime version of msAccess? They will not have the ability to create any new Access object, such as table, query, form, etc.
And runtime version is free, so you'll also spare on licences!
I have to import a lot of old data into SharePoint. In this data, I need to create a lot of users who are no longer in AD. Does anyone have any idea how to do that?
Cheers
The options I can come up with:
Recreate the users in Active Directory and disable the accounts
Attribute the files to a generic account
Tie into a SQL database for user accounts in addition to Active Directory
On a sidenote, I've seen it to be a best practice to never delete users from Active Directory due to issues like these. Instead, just disable the accounts and move them to an out of the way OU.
I don't think this is possible as you are really trying to create orphaned users. Better just revert these users to the System Account - that is what I did when I last migrated a SharePoint 2003 farm to MOSS 2007.
You can use CSVDE to import a comma separated file, or dsadd command to add each user. See this link for details.