I am getting a "fail to update user" when executing a "gpupdate /force". The computer updates fine. I think the issue has to do with the computer is logged on as userX. I am running a cmd window with "runas /user:userY" I will answer the inevitable question "why" at the end of the post. The meat of the question, is this (runas /user:userY can failed is expected) correct? If so can I get around it.
The computer has to autolog on with a domain user that has administrative privileges, users are prevented from access to any from of disk "explorer" including IE. Long story, just trust me. I been able to hand all needed cloud applications by using .net webbrowser. Now we want to go with a 3rd party cloud application. For the .net browser to work, I would have to expand .net browser to basically be another IE and I don't want to reinvent the wheel. For various reasons, I don't want to lock down IE for the always logged on userX admin, so we had this idea of creating a userY and filtering a "RestrictIE" GPO on it. So there would be a script (.bat) that would be from the .net launched with a runas command. The problem appears that since the userY is never logged on, it is never updated.
I think it could be solution :
psexec.exe -u [user] -p [password] gpupdate.exe /force
if profile doesn't exists it will be created.
Related
I am developing an application with GTK+-2.0. I need to access /dev/mmcblk0 device but it needs super user priviliges. It is not user friendly to login as su in terminal and run the program.
I want to create a prompt window and ask for super user password and run the program with super user priviliges. GParted is a program which runs in that way and I want a smilar opening procedure.
How can I achive that? How can I get super user privilidges in program?
Regards
You could check the gksu page on live gnome, or if you want to use the policy kit framework you can google for sample programs (e.g. like this one).
Another way, more straightforward, would require the creation of a group (which would allow users to access /dev/mmcblk0) and ask root to add specific allowed users to this group.
I have an windows application (WPF) in which we are running on each login, however when the user first logs into a new PC the application will need to do some specific tasks, but only on the users first login and never on subsequent times.
Is there a way in .Net 3.5 to query wether the user has logged in before (ie some kind of login count)?
Failing any native support I will create a txt file in the users registry however I wanted to know if there is a native way of achieving this first.
We use redirected folders so the user may have already logged into a PC on our network these special events should only occur when the user hasnt logged in onto the PC and Windows has had to create a new profile for the user on the PC.
If I am not clearly explaining what I am seeking, please dont hesiate in letting me know.
Matt
Failing any native support I will create a txt file in the users registry however I wanted to know if there is a native way of achieving this first.
I'd recommend going with this option. Don't try to detect it, just create your own state on first run.
I suggest this, not because it is technically impossible to achieve the functionality you describe, but because it is a better user experience. It provides an easy way to re-do the action without having to recreate the user.
... a txt file in the users registry ...
I'm not sure what this means. You can create text files under the user's profile directory, and you can insert string values in the registry (but not files of any sort).
As for the particular mechanism, I suggest you consider:
An App.Config value. Clearing out the value is easier to support or batch-script than a registry value, and makes the user less scared that their machine will explode if you have to tell them to edit the settings. Users are scared of the registry.
A sentinel text file under the user profile directory. Wiping out the file is super-easy to support and batch-script. Instead of editing a text file, they can just delete one. But this makes it so you have multiple config mechanisms, so multiple points of failure. I'd only do this if I were using the App.Config for additional settings in the program and thought the user wouldn't be technical enough to hand edit it.
The windows registry. Remote registry access might be easier than remote file access, if you're having to do remote troubleshooting. It also might be easier to mess with via group policy, in case this is an intranet app and you need to force a re-run on all machines in your org.
I'd carefully consider my options and which is most likely to ease support (be understandable by my users) before committing to one. I'd also consider the remote-troubleshooting/remote reset scenario.
This may not be what you're looking for but I'm hoping it will help you anyway.. I do not know from the top of my head how to do this in WPF but I do know you can use an "unattend.xml" file and the FirstLogonCommands to execute a script or application on first logon. I have used this for Windows 7, it may not apply to XP.
I've got a winforms app that I developed to do batch processing on tens of thousands of students, now we're trying to run it nightly as a scheduled task.
I personally find it useful to be able to login to the box and see how it's processing by looking at the GUI, though the standard way it to convert it into a commandline app.(which radically limits the amount of screen realestae I can use for loggin messages)
Can I run the app as a schedueld task, the IT Guy whos scheduling says it's not running because it's a winform app. Are there any tricks needed to get it to run well, or am I forced to rewrite it as a commandline app with it's 80 char width limit.
Basicaly I just echo the log file to the screen in realtime to make debugging issues easier. So the gui is output only.
Its' running as the currently loggedin user, but the issue is that it does not run if the user is not currently logged in on the box,so when we leave for the night it fails to run.
Thanks,
Eric-
You need to make sure it is running as the currently logged in account. If it runs as 'system' I don't think it will show up correctly.
I have one of these myself... and despise it. It only exists because I haven't had a chance to rewrite it into a proper service. Don't forget there are more ways to log than just outputting to the console. ;)
I have a page on an intraweb (that I didn't create) which allows a user to specify a .txt file and then it writes the results of a SQL stored procedure to the file using StreamWriter.
It apparently stopped working for some of my workstations several months ago, so I can't trace it to any specific changes (However, I know the code itself didn't change).
If I access & use the page on the server (where the wwwroot and applicable database are located), it successfully writes the .txt, whether I specified a local file or on a workstation on the network. Users on some workstations,though, are no longer able to write to a file.
(It is also not just writing a blank file. The "Date Modified" remains unchanged.)
The problem seems to be machine-related rather than user-related, as I can login as the same user on different workstations with different results.
I still think it may have something to do with permissions, so I created a .txt on a problem workstation with every possible account having full permissions, but no luck. Permissions on the database, stored procedure, and folder destination seem correct.
Any suggestions welcome, Thanks.
You mean to tell us that the page completes with success, your calls to StreamWriter all succeed, and yet in the end there is no file? I find that really hard to digest. A much more likely hypothesis is that the page fails and exception is thrown. Such an exception would be logged normally in the system event log.
From the description of your symptoms the issue could be a constrained delegation scenario: the page is impersonating the IE user and it cannot flow the credentials to whe accessing the network resource.
It turned out to be the IE security setting "Include local directory when uploading files to a server". This setting is disabled by default.
The working PCs had the setting enabled for some reason. Adding the site as a "Trusted Site" also enables the setting, achieving the same result.
Anyone use the timer feature of RichCopy? I have a job that works fine when I manually start the job. However, when I schedule the job and click run, the app appears to be waiting for the scheduled time to elapse yet never fires. Interesting enough when I stop the job the copy starts.
Anyone have any experience with using RichCopy timer?
IanB
Try created a batch file with command line options. Then use windows scheduler to launch the batch.
OMBG (Bill Gates) You need to read and get security policy and the respect it has to place on a hierarchy of upstream objects and credentials. Well that's the MS answer and attitude...
The reality is if you are working with server OSs you need to understand their security & policy frameworks, and how to debug them :). If your process loses the necessary file permissions or rights (2 different things) you should ask: "Hot damn, why didn't I fix that in the config/setup". People that blast the vendor/project (or even ####&$! MS) are just blinding themselves to the solution/s.
In most cases this kind of issue is due to Windows' AD removing the rights of a Local administrator User to run a scheduled task. It is a common security setting in corporate networks (implemented with glee by Domain Admins to upset developers) though it is really a default setting these days. It happens because the machine updates against an upstream policy (after you've scheduled a task) and decides that all of a sudden it won't trust you to run it (even though previously it let you set it up). In a perfect world it wouldn't let you set it up in the first place, but that isn't the way policy applies in Windows... (####&$! MS). LOL
Wow it only took 5 months to get an answer! (but here they are for the next person at least!)