I am using windows server 2012 and i have created multiple workspaces and attached these workspaces to Active Directory (AD Connector). Now I want to disable copy paste in these workspaces.
I try to disable clipboard redirection from
edit group policy->Administrative Template->Windows Component --> Remote Desktop Sessions->Device and Resource Redirection ->Donot Allow Clipboard redirection(enable it)
but this is not working in workspaces, kindly tell me is it possible to disable copy paste from active directory in workspaces, if yes then kindly share resources
Related
I have an workspace in AWS workspace with a lot of configuration files, installed software and files with templates, shell scripts and code, so it's fully configured.
My problem is that when I try to create an image, I lost everything but the installed software. So anybody knows how can I create a backup of my AWS workspace to avoid to have to configure the desktop in terrible case where my images and my workspaces was accidentally removed?
Thanks.
As per the official docs,
A custom image contains only the OS, software, and settings for the WorkSpace. A custom bundle is a combination of both that custom image and the hardware from which a WorkSpace can be launched.
Seems like the image does not carry forward the personal settings like set wallpaper or any browser settings. I experienced this myself.
However, if you are worried about losing whatever configurations you have done if workspace becomes unhealthy, then you can use Rebuild or Restore option.
By default aws takes auto snapshots of root & user volumes of your workspace every 12 hrs.
You can read more bout this here
in terrible case where my images and my workspaces was accidentally removed
If your workspace is deleted/ terminated, no data can be retrieved.
I have few queries related to Amazon Workspace.
Q1) I am building a .net website from where I want to access the Amazon Workspace. What could be a better way to do so? Is it possible that I create a webpage in my website and from there I can access the Workspace desktop in an iFrame or something? or is there any API support for same?
Q2) Can we set some startup program in Amazon Workspace which initiates any application for eg: photoshop, whenever the Workspace is started?
I think you're missing the point of Amazon Workspaces - they are a virtual desktop solution (loosely similar to Citrix), which provides a Windows 7 or Windows 10 'Desktop Experience' running on top of Microsoft Windows Server 2008 and 2012 respectively.
So, to answer your questions:
Q1) I am building a .net website from where I want to access the
Amazon Workspace. What could be a better way to do so? Is it possible
that I create a webpage in my website and from there I can access the
Workspace desktop in an iFrame or something? or is there any API
support for same?
You don't want to embed a Workspace instance inside of a web-page, either as an iFrame or by using some other magic. It is probably possible, but you will need to jump through many, many burning hoops of death to achieve it.
If you want to access a web-page that you are building from the Workspace instance, treat Workspaces as just any other desktop and use Internet Explorer, Firefox, Chrome, Opera etc. to access the site.
If you are looking at how to access Workspace Instances, AWS have desktop clients for all major Operating Systems, as web-based version (not to be confused with the web-page that you personally are writing); alternatively, Workspaces can be accessed from physical PCoIP Zero-Client devices. Take a look at https://clients.amazonworkspaces.com/ for the full list.
Q2) Can we set some startup program in Amazon Workspace which
initiates any application for eg: photoshop, whenever the Workspace is
started?
Yes you can, configure a Group Policy Object in your underlying Workspaces Directory to start an application on logon.
However, if you are going to run something intensive such as Photoshop, I would recommend either the Performance or Graphics Bundles - see https://aws.amazon.com/workspaces/details/ for more information.
I am trying to install SIM version 13 rev 1404021 using Administrative priveleges
When i click on Grant button it give me error that " you dont have neccessary permission set".
Also i have given full permission to Network Service,IUSR, IIS_USR and network to the folder
C:\Inetpub\wwwroot
Kindly let me know whate else permission need to be given inorder to run sitecore instance manager succesfully.
It may be caused by bug in SIM that doesn't get actual SQL Server user account (LocalService or custom) and thinks that it is always NetworkService. So work around is to switch your SQL Server service from using LocalService or custom account to NetworkService.
Same context with Alen's answer, but in windows 10.
Use 'Local System account' and tick the 'Allow service to interact with desktop'.
Then, restart the service.
At this point, you don't need to reopen the SIM installation window. You can just click the Grant button and it would work.
Well, for me the issue was that the database user didn't have the dbcreator role so the wizard couldn't create databases in SQL Server.
Open SQL Server Management Studio
Expand Security > Logins
Double-click on the user to open the properties dialog
In Server Roles, check the dbcreator role
Press OK and enjoy
Source: http://sitecoreblog.patrickperrone.com/2015/04/a-simple-error.html
When you downloaded the SIM zip file from Marketplace, did you click "Properties" on the zip file and click the "Unblock" button before unzipping and running it?
I've found in the past that forgetting this step can be the cause of odd security related errors with applications.
I ran across a similar issue I had, but for me root issue was that the wwwroot folder was on a VM/Parallels and that folder was marked "compress" and "archive"
unset that for wwwroot and child items, and then SIM proceeded correctly.
I am getting the following error:
The cause of this exception was:
java.io.FileNotFoundException:
//server/c$/folder1/folder2/folder3/folder4/folder5/login.cfm
(Access is denied).
When doing this:
<cffile action="copy"
destination="#copyto#\#apfold#\#applic#\#files#"
source="#path#\#apfold#\#applic#\#files#">
If I try to write to C:\folder1\folder2\folder3\folder4\folder5\login.cfm, it works fine. The problem with doing it this way is that this is a script for developers to be able to manually sync files to their application folder. We have multiple servers for each instance that is randomly picked by BigIP. So just writing to the C:\ drive would only copy the file to the server the developer is currently accessing. So if the developer were to close out the browser and go right back in to make sure their changes worked, if they happen to get sent to a different server, they won't see their change.
Since it works with writing to C:\, I know the permissions are correct. I've also copied the path out of the error message and put it in the address bar on the server and it got to the folder/file fine. What else could be stopping it from being able to access that server?
It seems that you want to access a file via UNC notation on a network folder (even if it incidentally refers to a directory on the local c:\ drive). To be able to do this, you have to change the user the ColdFusion 9 Application Server Service runs on. By default, this service runs with the user "Local System Account" which you need to change to an actual user. Have a look at the following link to find out how to do this: http://mlowell.hubpages.com/hub/Coldfusion-Programming-Accessing-a-shared-network-drive
Note that you might have to add a user with the same name as the one used for the CF 9 service to all of the file servers.
If you don't want to enable ftp on your servers another option would be to use RoboCopy to keep the servers in sync. I have had very good luck using this tool. You will need access to the cfexecute ColdFusion tag and you will need to create share(s) on your servers.
RoboCopy is an executable that comes with Windows. You can read some documentation here and here. It has some very powerful features and can be set to "mirror" the contents of directories from one server to the other. In this mode it will keep the folders identical (new files added, removed files deleted, updated files copied, etc). This is how I have used it.
Basically, you will create a share on your destination servers and give access to a specific user (can be local or domain). On your source server you will run some ColdFusion code that:
Logically maps a drive to the destination server
Runs the RoboCopy utility to copy files to the destination server
Then disconnects the mapped drive
The ColdFusion service on your source server will need access to C:\WINDOWS\system32\net.exe and C:\WINDOWS\system32\robocopy.exe. If you are using ColdFusion sandbox security you will need to add entries for these executables (on the source server only). Here are some basic code examples.
First, map to the destination server:
<cfexecute name="C:\WINDOWS\system32\net.exe"
arguments="use {share_name} {password} /user:{username}"
variable="shareLog"
timeout="30">
</cfexecute>
The {share_name} here would be something like \\server\c$. {username} and {password} should be obvious. You can specify username as \\server\username. NOTE I would suggest using a share that you create rather than the administrative share c$ but that is what you had in your example.
Next, copy the files from the source server to the destination server:
<cfexecute name="C:\WINDOWS\system32\robocopy.exe"
arguments="{source_folder} {destination_folder} [files_to_copy] [options]"
variable="robocopyLog"
timeout="60">
</cfexecute>
The {source_folder} here would be something like C:\folder1\folder2\folder3\folder4\folder5\ and the {destination_folder} would be \\server\c$\folder1\folder2\folder3\folder4\folder5\. You must begin this argument with the {share_name} from the step above followed by the desired directory path. The [files_to_copy] is a list of files or wildcard (*.*) and the [options] are RoboCopy's options. See the links that I have included for the full list of options. It is extensive. To mirror a folder structure see the /E and /PURGE options. I also typically include the /NDL and /NP options to limit the output generated. And the /XA:SH to exclude system and hidden files. And the /XO to not bother copying older files. You can exclude other files/directories specifically or by using wildcards.
Then, disconnect the mapped drive:
<cfexecute name="C:\WINDOWS\system32\net.exe"
arguments="use {share_name} /d"
variable="shareLog"
timeout="30">
</cfexecute>
Works like a charm. If you go this route and have not used RoboCopy before I would highly recommend playing around with the options/functionality using the command line first. Then once you get it working to your liking just paste those options into the code above.
I ran into a similar issue with this and it had me scratching my head as well. We are using an Active Directory along with a UNC path to SERVERSHARE/webroot. The application was working fine with the exception of using CFFILE to create a directory. We were running our CFService as a Domain account and permissions were granted onto the webroot folder (residing on the UNC Server). This same domain account was also being used to connect to the UNC path within IIS. I even went so far as to grant FULL Control on the webroot folder but still had no luck.
Ultimately what I found was causing the problem was that the Inetpub Folder (parent folder to our webroot) had sharing turned on but that sharing did not include 'Read/Write' sharing for our CFService domain account.
So while we had Sharing on Inetpub and more powerful user permissions turned on for Inetpub/webroot folder, the sharing permissions (or lack thereof) took precedence over the more granular webroot user security permissions.
Hope this helps someone else.
I need to retrieve list of users/groups who have access to perform volume maintain tasks using WMI objects on remote machine.
What I can do it explicitly is
On the Start menu, click Run. In the Open box, type secpol.msc.
Expand Local Policies.
Select the User Rights Assignment folder. The policies will be displayed in the details pane.
In the pane, double-click Perform Volume Maintenance Tasks.
In properties window, I can see user/group list who have access.
I need to get this exact list using WMI call in my C# application.
In order to get or modify the values of the windows security policy you must access the windows registry. Now to find the exact key which store the values which you are looking for you must check the Group Policy Settings Reference for Windows and Windows Server which contains a excel file with all the group policy settings and the location in the windows registry.
Password Policy, Account lockout policies are a part of secured registry settings. It cannot be read remotely until explicit permissions are given.
FYI that document doesn't actually work fully. Manually editing the values do not actually change the gp setting (still shows not set in gpedit), yet it does restrict the process you are setting. Also, if you manually set the value with gpedit while running procmon, the key it is hitting is not as listed in the document.