I work in a lab where we have a desktop that we allow researchers to remote into and use for working with their data. There hasn't really been any policy to keep the machine clean except telling people to clean up after themselves, and after years of use we now have completely full hard drives. The machine is on a university domain, but we are a somewhat separate non-profit entity so we aren't supposed to be using the university tech support / IT help...
There are approx 30 user folders on the machine, and about 10 people who currently have remote access. My plan was to delete any user folders with a LastAccessTime before 1 year ago. User folders correspond to university IDs, and so I was able to email users and notify them (although many emails were no longer valid).
So I ran a test with a new user to see what would happen and I'm a little confused by the results. Here is what I did:
Gave RDP access to a new testuser account. Confirmed that there was no user folder for testuser under C:\Users.
Logged in with that test user, and a C:\Users\testuser folder was created
Logged in with an admin account and deleted the C:\Users\testuser folder
Logged in with the testuser account and received an error ""We can't sign into your account. This problem can often be fixed by signing out of your account and then signing back in.
If you don't sign out now, any files you create or changes you make will be lost."
I logged out an in again with testuser and received the same error. I'm wondering why initially when there was no user folder, one was created when I logged in. I assumed after I deleted the user folder, a new one would be created the next time I signed in, but apparently that's not the case?
I didn't really want to dig through all of the user folders to find data and delete it, and I don't think we need to keep all users, but I would like users to be able to remote into the machine again and have a "clean" user folder created if their old one was deleted and they still have RDP access.
Any guidance on the best way to clean up our machine is appreciated!
Related
I have tried multiple times to get this to work, but I haven't figured it out yet, so I'm asking in here, hoping that someone will be able to help me out.
I am using Atlassian's Bitbucket, Jira and Bamboo and they're all synced with an AD. At the moment I am using my AD user to retrieve all the other users. It works, but it's not optimal, as the password expires every three months, and I have to change the LDAP user login info on all three applications. We have ordered a Service User, where the password doesn't expire, but the problem is that the Service User is in another group.
The picture below shows how the AD is set up. My Service User is in a group called Special Users. I would like to use this user as the login user in the settings. This way I would never have to think about changing password, when my AD password expires.
I would then like to retrieve all the users from the "Normal Users" group.
Let me know if more information is needed.
Thanks.
You could also add multiple user directories pointing to different parts of your Active Directory.
Jira has an internal Crowd out of the box.
You may let Jira connect to User directory and let all other application use Jira for authintication.
This would save time by only updating your LDAP password every 3 months on 1 application and reflected on all 3 applications
I have a Microsoft Teams free account that I created under an earlier organization name that I now wish to change. This is because my second Teams site undesirably reveals that it exists under the original organization name of my first Teams site.
Now, inviting users to my second Teams site inadvertently discloses to them that I also run the first Teams site. It comes up during certain Microsoft authentication screens. I don't want them to see that; it's distracting. Although both are non-profits, one organization has nothing to do with the other. A new user entering my second Teams site by invitation may feel confused when, upon initial entry, they're presented with my first organization's name.
I've since learned that I can indeed change my original organization name. Creating my first MS Teams site implicitly created the organization by that name within a personal Azure account that uses my credentials. It's at https://portal.azure.com, and my first Teams site shows up in there. It appears as a group within Azure Active Directory (AAD). My personal directory itself bears that initial name of my organization. The same name was automatically applied to the group representing my first Teams site.
Now, the directory itself is identified both by
the organization name, and
a corresponding subdomain name.
Both were the same, except the subdomain had no spaces embedded in it, obviously.
While I can change the directory's organization name, I don't see how to change the URL subdomain name (e.g., MySite.onmicrosoft.com) for my Teams site.
I know Microsoft Teams users aren't ever exposed to that technical subdomain information in normal everyday use anyway. However, that original name does become revealed when a new user is invited to the new Teams site. On the Android app, for example, upon initial login and setup, the new Teams user is asked to tap on the organization name. And there was my first disappointment, because it was the name of the other unrelated organization! After tapping it, users are then led to the correct Teams site that I did intend to make available to them.
That's what prompted me to want to change my organization name.
I was successful with that by changing the organization name under Properties for my directory. THis resolved the issue for the newly authenticated Android Microsoft Teams user.
However, I cannot see how to rename the subdomain itself. And that's important, because PC users at least (or those trying to enter my Teams site from a web browser) are in fact presented with a permissions prompt where that undesired subdomain name appears!
Is there a way to rename the subdomain?
POSTSCRIPT - Guess what? I can create new directories in AAD alongside my original one! What if I move my Teams group from the unrelated directory to a new one I create? Would that be safe? Will my Teams site still be functional?
To answer your edit. a teams organization is associated with a specific azure active directory, even if you have a second directory, i don't believe there is any way to "move" things across. you would have to create everything from scratch.
to answer your general question, you would probably have to create a new directory as you described, then create a new teams, replicate the information, remove all the users from the old teams. and remove them from the original directory. then invite them to the newly created one.
The reason for this is, if you invite someone, you are essentially adding their email / login to your azure tenant. of they have been invited to multiple teams tenants. then when they log into teams there is functionality for them to switch between all the directories that they are a guest of. so they will be able to see it. the only way to remove that is to delete the guest users from azure ad.
Please help me architect the following case in Laravel:
Every instance of the Laravel app (ex. a company) will have a single username (super-user) who can control the sub-users. The super-user will log into the app once to allow the sub-users to log in and out many times throughout the day. The sub-users won't be able to access the app at all without the super-user logging in.
Example: A POS system that the manager logs into once a day. It doesn't log itself out all throughout the day. The cashiers simply tap in their password to gain access and it auto-logs out after 5 mins. There's a single system in the store so the cashiers have to keep switching on and off. The cashier wont be able to use the POS at all if the manager does not log in.
Im new to Laravel. I know I need multiple guards but how do I access auth so that it doesn't keep directing me to the super-user? Im thinking of using the default laravel authentication for the superuser. But what about the other users?
Any help or pointers in the right direction is highly appreciated!
Thanks!
Laravel cannot persist multiple authenticated users at once but you don't necessarily need that for this system, in fact you may be able to design a more robust system without it.
Defining the problem (rather than a solution) we'd say something like, "The system must allow for a manager to enable and disable the POS for cashiers so that they are only able to access it when authorised".
A system that achieves that goal can be built with a single Laravel authentication system, using different roles (manager, cashier) and the associated permissions. This is (fortunately) very straightforward with Laravel.
The user flow would be along the lines of:
A cashier visits the POS terminal
The cashier clicks "log in"
The cashier enters their identifying details
The system finds the user, identifies that they're a cashier, then checks if cashiers are allowed to log in
If yes, the cashier is logged in and able to access the POS functionality
If no, the cashier log in is rejected with an error
The manager flow would be along the lines of:
A manager visits the POS terminal
The manager clicks "log in"
The manager enters their identifying details
The system accepts their log in and sends them to the management dashboard
The management dashboard would be where the manager could control other users (create and manage cashiers (edit, delete, audit)) and set the system status as activated for cashiers, this would be protected with policies.
At the start of business the manager would log in to the POS and activate it for cashiers by setting the "active" flag to true, then the manager would log out. Through the day any cashier could log in and use it. At the end of the day the manager would log in and deactivate the POS for cashiers.
An added benefit of this system is that you could allow managers to also be cashiers so if they needed to use the POS during the day they would not need a separate account. A users manager status could be a simple is_manager database column. You could additionally implement programmatic scheduled POS availability, i.e: "allow log in from cashiers between 9am and 5pm".
Laravel is a great choice for this project as it provides everything you need out of the box, let me know if you have any other questions about your implementation :-)
I'm needing to set up a batch script that shuts down a computer if nobody has logged into it within the past 7 days.
I'm seeing lots of examples for finding the last login date of a specific user account, but am unable to find anything for last login date of ANY user account. If possible, I'd like it to also filter out things like automated deployments (such as PDQ Deploy), and only look at the last time a user account fully logged in.
Any ideas?
Thanks!
I have some users that have had no problems at all in the past. All of a sudden they can't log in anymore. Nothing has changed in the OUs in Active Directory. All other users can log in, no problem. It's just these two. The only thing I can see is in the 'field_data_ldap_user_current_dn' table their 'ldap_user_current_dn_value' got set to null. I manually set this in the db back to the correct dn, but this didn't help. How can I get these users their access back?
Edit:
Whenever cron gets run these two users get their DNs nullified.
I don't know if there is another solution, but I had to delete the users account and assign their content to anonymous. Then they logged in using LDAP credentials and the account was created successfully. Then I just had to assign their content back to them.