We have a scenario where a secure agent is installed on an ms server environment with a specific Informatica cloud user.
Now we would like to change the user which is being used by the secure agent. What would be the procedure to change username and password to another Informatica cloud user. Are there any precautions to assure like visibility and rights?
I have doubts about your question, but from what I understand you want to change the agent owner, right?
To change the owner of the secure agent
for windows:
Change user agent secure - for windows
for linux:
Change user agent secure - for linux
Or in the last case you can delete the secure agent folder and perform a new installation.
Related
we have a Windows EC2 instance created. We have a need to remote desktop into the instance occasionally to execute a PowerShell script that updates Microsoft's Power BI Gateway. This is all implemented in a sandbox environment. We're looking at steps/actions to implement in a production environment. From research, I have found that we need to have a different key pair for each user. I think this makes sense. But, the logistics of implementing this is beyond my knowledge. I have some basic questions that perhaps can help steer me in the right direction:
How do I generate a key pair for each user? Where would these be maintained? How do I assign the key pair by user? Do I need to create a new user in the IAM console?
Is there a way to rotate the key pairs?
An instance can only have a single key pair associated with it at a time. Does this mean that after each use, I should detach my key pair and the next user needs to attach their key pair? This all seems very manual.
This is the first I've had to deal with virtual servers and security management of said server. But, it seems that AWS would offer a service that automates this process?
Thank you.
Use AWS Systems Manager Run Command to automate common admin tasks across your EC2 instances.
When a Windows Amazon EC2 instance is launched, a random Administrator password is generated.
This password is then encrypted using the keypair selected when the instance is launched. You can access it via "Get Windows Password", and supplying the keypair.
Once you login, you are welcome to change the Administrator password or connect the instance to Active Directory.
You can also create additional Windows logins for your other users.
So, your choice is to either "share" a login for whoever needs to run the script, or give them each their own Windows login and their own password.
I also like #jarmod's idea of using the Systems Manager Run Command to execute a script without logging in!
I'm working on a GCP project for a client of mine. I need the ability to give my client access to the GCP Console for the project. For example, if my client is traveling and he wants to access his database via MySQL Workbench then he'll need to update the SQL Connections Public IP list with the public ip address for whatever wifi network he's currently connected to. He could contact me to do that for him, but I would rather give him the ability to do this independently, since I'll eventually be turning the system over to him anyway.
So how can I add my client to my GCP account? Essentially, I want my client to be able to log into GCP and see everything that I see when I log into GCP as the owner of the account. I don't want to give my client my GCP login credentials since I may need to create other GCP projects for other clients with those credentials.
For being connected on GCP, your customer need to have a Google account (GMail, GSuite, or something else compliant).
If it hadn't, it can create an account for free in seconds, or it can reuse an existing not Google email to create an account with this email as login and the password of his choice:
Go to https://accounts.google.com/
Select create account
Select Use my current email address instead
Then, as narayansharma said, go to IAM page and add this email to your project. I absolutely don't recommend you to grant to your customer the owner role, because he will be able to do all (create big VM, open any firewall rules, delete resources,...), but select only the roles that you want to grant to him. If you aren't sure, ask here what is the correct role for your customer usage, and we will be able to help you
Note: For a connection to Cloud SQL, instead of allowing external IP to reach your database, I recommend you to use Cloud SQL proxy.
You can easily give permission to your client via IAM.
Please follow the given instructions.
Go to IAM https://console.cloud.google.com/iam-admin/iam and check with your project is correct or not.
Click on the add button from the page. It will open a pop-up, enter your client email address on the new member field.
Select project owner roles from roles field.
Click on save
After save your client can access your project via his personal email.
I hope it will help you.
When I am trying to retrieve password for one EC2 instance from key pair, I am getting the below error, please help me how to retrieve the password.
Password is not available.
This instance was launched from a custom AMI, or the default password has changed. A password cannot be retrieved for this instance. If you have forgotten your password, you can reset it using the Amazon EC2 configuration service.
You have several options to change the password so that you can regain access to your Windows instance. This third method is now the recommended method - using AWS Systems Manager. Note: AWS Systems Manager can take a bit of time to understand. Once you do, you will have many new powerful commands.
Run a command to change the Windows password. This document will show you how to use Instance User Data. You will want to run a Windows command net user Administrator newpassword. Setup the script and then reboot the instance. The command runs on reboot.
Resetting the Windows Administrator Password Using EC2Launch
Reset Passwords and SSH Keys on Amazon EC2 Instances
we would keep our user base in WSO2IS internal repository and we would like to provision users to an Active Directory ldap following our workflow, like Midpoint Evolveum or Apache Syncope do.
The use case is this: we have a new user, mr. Foo.
He has a role in the company:
external user: he is added to WSO2IS and he can access webmail (webmail server uses some protocol to communicate to WSO2IS)
internal user: he is added to WSO2IS, then WSO2IS provisions Foo to the company Active Directory.
Is it possible with WSO2 Identity Server?
Thanks,
Mario
WSO2 IS has rule based provisioning, where you can define rules to which User Store a user can be provisioned.
What you need to do is to set an attribute on the new user, which signifies the user is internal or external, after execution of your workflow. Then this attribute can be evaluated at XACML level to do the selective provisioning.
Following links might help.
Rule Based Provisioning
Workflow Management
I want to deploy a C++ application that will run in enterprises where users have low privileges on their machines, so they can't run as admin or do tasks that require admin privileges.
The service I want can be run as Local Service, which is a low privilege account in Windows, so how can I , programmaticaly, let my application which is run with the context of the low privilege user start a Windows service that can be run as Local Service?
Will it require impersonation, and will the low privileged users be able to temporarily impersonate the Local Service account to run the service?
I heard that even if the specific service can be run as Local Service, I would still not be able to start it without admin powers because the Service Control Manager (SCM) would still require admin privileges?
EDIT: I should note that the service is installed by default in Windows (smart card service), I just want to start it.
This is simply not possible; standard users don't have the necessary privileges to do this. By default, only members of the Administrators and Power Users group can start, stop, and pause services.
This is a problem best solved by group policies, rather than by software. Ask about that on Server Fault.
As you'll require administrator privileges to install this service either way, you could install a second auto-start service which has the single purpose of accepting requests from your application to start/stop the real service.