Quantcast
Channel: Active Directory Rights Management Service(On premise) forum
Viewing all 1025 articles
Browse latest View live

Domain Admin Rights

August 13, 2013, 8:51 pm
$
0
0

Hi 

I am a IT Tech for some schools and we need to have some teachers have Domain Admin Rights but that comes with so much power and things in the past have happened were teachers with these rights when and got in stuff they should not have. We have tried making them just a member of the Administrators Group but they did not give them enough rights to install updates/software and create user accounts. To get to the point is there a way of creating a domain group that is only allowed to create users and make them members of other groups and be able to install software and updates and ect.

Thanks! This is in a way urgent.

Search

Cannot access ADRMS Cluster management console locally

August 15, 2013, 3:20 am
$
0
0

Im getting a warning when trying to connect ADRMS management console. I can get in when using "Remote Computer" option -> it finds the correct url.

Certificate is valid for sure.

Cluster name is "rms.domain.com" but here it is trying to connect with the computer name. IIS site for ADRMS is configured to use SSL port:443 only and in the certificate there is only the rms.domain.com mensioned. IIS default site(port:80) is disabled.

What shoud I do next? Using the "connect to remote computer" I can't modify some options like SCP if Im not connected locally. Everything else is working as expected.

Net Use Drive Mapping - Password guessing lockout policy

August 20, 2013, 8:23 am
$
0
0

Trying to find out if there is a policy or way that I can lockout an account, if the account being used, is under a password guessing attack - using Net Use Drive mapping.

Example: $net = new-object -ComObject WScript.Network $net.MapNetworkDrive("u:", "\server\share", $false, "domain\user", "password")

So if the password is wrong, say 10-15 times, will it lockout, such as like a Ctrl + Alt + Del windows login would lockout? (With a Lockout Policy enabled)

Thanks for any help!

Windows Defender

August 20, 2013, 12:27 pm
$
0
0
How can I get windows defender to work on my computer? I got this message: "This operation returned because the timeout period expired. Code: 0x800705b4

[AD RMS] How to verify rights ViewRights, EditRights, Forward, Reply, ReplyAll

August 21, 2013, 8:01 pm
$
0
0

Hi all,

In my AD RMS environment, userA granted userB with rights (such as View, Edit, Print, Full Control, Allow Macros, etc) and I can verify rights for userB by View Permission in Office or by action Open, Edit, Save. How can I verify userB has right: ViewRights, EditRights and rights for mail: Reply, ReplyAll, Forward?

Thanks.

Duda Permisos y Herencias en Server 2011 Small Business

August 22, 2013, 5:13 am
$
0
0

Buenas tardes.

Actualmente soy el encargado en la administración de un Servidor 2011 Small Business que tiene creado un dominio, servidor DHCP y demás.

Recientemente me han pedido que asigne determinados permisos a determinados usuarios por, temas de seguridad, en las carpetas de cada uno de ellos.

El problema está en que a pesar de marcar las opciones de herencia en la carpeta principal, estos permisos no se aplican a todos los subcontenedores y archivos de dicha carpeta, es decir.

- Le aplico control total al grupo Administradores en, por ejemplo, la "Carpeta Principal", que a su vez tiene dentro 3 carpetas "A", "B" y "C". Y cada una de ellas tiene subcarpetas y ficheros.

Cuando aplico los permisos a la Principal, se aplican en todas las subcarpetas menos en algunas donde me da "Acceso Denegado".

Para solucionar esto, tengo que dirigirme a dicha subcarpeta, tomar posesión de ella como administrador y a continuación le asigno permisos heredados de la principal y a su vez se los aplico a las subcarpetas.

Mi problema es que esto me ocurre en muchísimas carpetas dentro del servidor ocasionando que los usuarios que deberían tener permiso no puedan acceder y que incluso no se realicen las copias de seguridad de dichos elementos por "falta de permisos".

Mi pregunta es, ¿hay alguna forma de tomar posesión de todas las carpetas y subcarpetas y a continuación asignar permisos y herencias sin necesidad de ir una por una?

Muchas gracias por vuestro tiempo.

Un saludo, Juan.

windows 7 admin permissions issue

August 22, 2013, 4:38 am
$
0
0
I have about 300 users and a handful of them are having permissions issue. Essentially what happens is they have the rights to go past an administrative prompt but do not have permissions to change anything after that locally. When I right click and run as administrator I cannot put in my info because it is taking theirs, but they are not admins so they cannot make changes. If I log into the admin profile I can make changes as needed. 
Any ideas?

RMS system clock has been tampered on the machine

August 22, 2013, 11:54 pm
$
0
0
I'm testing RMS functionality in a lab environment. I changed the system clock in the client host in order to test the RMS expire function, which works. But after that, I find all the RMS protected documents can't be opened and I can't create new RMS protected document with the error "system clock has been tampered on the machine. Reset it and try again later." even after I change the system clock back. Now, I'm not sure what I can do to restore it to the previous state. 
Search

Alternate access mapping and IRM in SharePoint 2010

May 11, 2013, 6:45 am
$
0
0
Dear All, 

We have an issue with RMS with SharePoint

Please find it below

The following scenario is happening when we open a document from IRM enabled Library


Iteration 1( While creating a web application if we provide public url as same as machine name (eg:sharepoint))

http://sharepoint:123456 is your central admin

http://sharepoint:654321 is your site collection

Its working fine



Iteration 2 ( While creating a web application if we provide public url as other than machine name (eg:mossservername))

http://sharepoint:123456 is your central admin

http://mossservername:654321 is your site collection


we are facing the following issue when we open a document from IRM enabled Library

When I tried to open Excel I got following error
Microsoft Office Excel cannot access the file 'http://mossservername:654321 /Documents/Filename.xlsx'. There are several possible reasons:
 
·         The file name or path does not exist.
·         The file is being used by another program.
·         The workbook you are trying to save has the same name as a currently open workbook.
 
When I tried to open Word , I got following error
Microsoft Office Word:
"http://mossservername:654321 /Documents/Filename.doc" does not exist.Check your spelling or try another path


If We done following things in Alternate Access Mappings its working fine 

Default URL : http://mossservername:654321
Extranet URL : http://sharepoint:654321

we need to make rms working on http://mossservername:654321 rather than extranet url
Please help us to sort it out

Thanks in Advance
Scorpion

Sharepoint 2013 AP Farm with NLB Use IRM

August 23, 2013, 2:53 am
$
0
0

Two AP Server With NLB

  sharepoint AP server 1 192.168.5.27

  sharepoint AP server 2 192.168.5.28

  sharepoint AP NLB 192.168.5.230     Name:sps.domain.com

  RMS Server 192.168.1.240

I request IRM from Host:【sharepoint AP server 1】, RMS is work

but

If it use NLB Name (https://sps.domain.com/)  to request IRM, the SPSWeb display

IRM failed

/IRM/aaaa.xlsx

You try to download the file can not be protected. You may need to contact the library manager to help solve the problem.  (translate from chinese...)

Users and Roles in NAV2013

August 24, 2013, 1:58 pm
$
0
0
How do I set up Users and Roles in NAV2013? In the old versions I was doing in Tools and Security on the toolbar, but now there are not exist in DEV environment.

RMS-protected Excel cannot run VBA code to protect/unprotect a cell or worksheet

August 28, 2013, 1:58 pm
$
0
0

Hi, I am developing a custom Excel application. I have applied AD RMS to my Excel app.

My question is: without giving full RMS permissions, is there a way to allow an RMS-protected to run VBA code that changes a cell or worksheet's protections?

The application works with data with dynamic dimensions, so I'd like to be able to adjust the cells that are protected, then apply worksheet protections. Currently, after RMS is applied, the VBA throws an error when locking/unlocking a cell or protecting/unprotecting a worksheet.

Thanks!

Import list in active directory 2008

August 29, 2013, 10:51 am
$
0
0

I have a list of people with some cell phone numbers

Some of the people are in the AD as existing users

Some of the people are not in the AD

Is there a way to import does people so that if they exist they will modify the users in the AD and if NOT they will create a new contact in the AD????

Thanks for your help

BigToeMtl


Migrating Windows RMS to AD RMS- problem exporting Software CSP Key...

February 10, 2011, 2:20 pm
$
0
0

I have something of a quandry here, and I could use some assistance.

 

I am going through the steps to migrate and upgrade our existing Windows RMS installation to a new server running AD RMS. I am going through the checklist on TechNet and I am having problems exporting our software-based CSP to an xml file per step 6 of the checklist. When I view the table that contains the Key Container name, the field is listed as <NULL>, and I'm unable to use the command prompt tool to export the private key.

I get the same error message "The RSA key container was not found." if I enter "<NULL>", "", or "[machinename]_rms" as the container name. 

If I try to export the container through the admin interface, I get this error (link opens new window) I'd love to copy-paste it, but the dialog won't let me resize or select the error text. :(

Is there another way of exporting the  key container or the private key in a format suitable for importing into the new cluster member, or a way to determine the key container's name in a manner that the aspnet_regiis.exe program can access?

 

Thanks in advance for any assistance.

AD RMS Report error: Timeout expired

September 1, 2013, 5:08 am
$
0
0

I have AD RMS on Windows 2008 R2, it worked properly for two years.
I didn’t change any parameters, but now I can't generate any reports, the error is:
"The following error occurred while obtaining data from Microsoft SQL database:
Time out expired. The timeout period elapsed prior to completion of the operation or server is not responding."

However AD RMS is working and handing certificates upon request. There are logs in the AD RMS SQL database(dbo.ServiceRequest and  dbo.Certificate are growing)

Configuration:
AD RMS cluster: 2 x (2 CPU + 4 GB RAM)
SQL Cluster on VMware: 4 CPU and 16GB for each node
 Total ADRMS SQL DB size < 40GB
DRMS_Login_xxx
 dbo.ServiceRequest ServiceReuiestID >  16M records
 dbo.Certificate  RequestID > 9M records

How to troubleshoot this case ?

Search

Join an Existing Cluster for AD RMS for High Availablility

September 1, 2013, 12:37 pm
$
0
0

Hi,

Join Server an Existing AD RMS is failed.

we have configured Single AD RMS Root Cluster with SQL Always On DB . Now we are planned to add additional Server to an Existing AD RMS Server failed.

Architecture is OS all Server : Windows Server 2008 R2 SP1 , DB on SQL Server 2012 SP1 Always On Configured.

One Hotfix is installed in all RMS Server for support SQL 2012.

When we are try Adding RMS using Roles & Features its failed , we can go up to select the Database server and instance name but try to select DB we are getting error msg.

then tried install AD RMS using Powershell Command after read one article in TechNet.

http://social.technet.microsoft.com/wiki/contents/articles/16573.deploying-ad-rms-in-windows-server-2008-r2-sp1-with-sql-server-2012.aspx

Here we could not able to find the Key Container Name in DB , Null value is there in the DB when checking.

also not understand how & where need to import Exported TPD file (XML file from existing RMS Console) in New Server.

Thanks in Advance.

Thanks & Regards, Kesa_Kara

Domain Admin Rights

August 13, 2013, 8:51 pm
$
0
0

Hi 

I am a IT Tech for some schools and we need to have some teachers have Domain Admin Rights but that comes with so much power and things in the past have happened were teachers with these rights when and got in stuff they should not have. We have tried making them just a member of the Administrators Group but they did not give them enough rights to install updates/software and create user accounts. To get to the point is there a way of creating a domain group that is only allowed to create users and make them members of other groups and be able to install software and updates and ect.

Thanks! This is in a way urgent.

Customize GINA Login

September 3, 2013, 11:13 pm
$
0
0

Hi I am new to GINa but i would like to know if we can customize GINA in such a way that after Ctrl+alt+del there should be two options say user login and Help. And when user clicks on help it redirects user to a web page. 

thanks in advance!! :)

\m/

does Outlook standard version support RMS?

September 4, 2013, 2:46 am
$
0
0
I want to know if Outlook Standard version support RMS? I heard it need Office Pro to create RMS-protected documents. But what about email protection? Can I use Outlook Standard version to creat RMS-protected email?

Frank Peng

SC SDSET LOCKED SERVICE FOR ADMINS

September 5, 2013, 3:42 am
$
0
0

I have messed up my service, locked it for admins, is there any way to restore rights.

I have added - changed rights for user like this:

sc \\myserver sdset myService D:(A;;RPWP;;;S-1-5-21-...non admin user SID)

but that user also cant see the service.

I have vmware clone of that server for backup. Is there some way to restore that service for admins?

Please HELP.

THNKS:



Viewing all 1025 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>