six demon bag
Wind, fire, all that kind of thing!
Recent versions of Solr allow restricting access via authentication and authorization plugins, for instance the basic authentication plugin. The documentation shows an example
security.json that you can upload into Zookeeper (assuming that you're running SolrCloud).
Posted 22:15 [permalink]
Recently I noticed that I was no longer able to delete scheduled tasks on my Windows 7 test box, even though I created them myself. Deletion attempts failed with the following error:
The user account does not have permission to delete this task.
Deleting my own tasks works fine in a vanilla install of Windows 7 SP1, so the issue must have been introduced by some update along the way. I had to modify the permissions on
C:\Windows\System32\Tasks to get it to work again:
icacls "C:\Windows\System32\Tasks" /grant "Authenticated Users":(RD)
Granting "list folder/read data" on the folder itself was sufficient, since the task files are owned by the user creating them and the
CREATOR OWNER principal has full access to subfolders and files.
Posted 19:51 [permalink]
On one of my servers a query for DB2 backups in TSM (
db2adutl query full db DBNAME) failed with the following error:
Error: Initialize environment failed with TSM return code 106
dsmrc.h return code 106 indicates a permission problem:
#define DSM_RC_ACCESS_DENIED 106 /* denied due to improper permission */
which was weird, since the user in question is a member of the DB2ADMNS group that is supposed to have all required permissions.
Posted 23:39 [permalink]
Sometimes you run into a situation where you need to determine the permissions on some directory tree. Be it to document or clean up permissions on the subdirectories of a share, to troubleshoot permission issues due to deleted accounts or groups, or whatever. Manually analyzing permissions is quite tedious, even when using standard tools like
xcacls. The output of
XCACLS.vbs isn't any better, but since it's a script, I considered modifying it to suit my needs … until I took an actual look at the script. I abondoned the thought afterwards.
Posted 20:14 [permalink]
I've been working on a project where I needed to migrate (clone actually, in order to maintain a fallback scenario) virtual machines from external (standalone) Hyper-V hosts to a Hyper-V cluster. The external hypervisors were not members of the same domain as the cluster nodes. The networks were separated by a firewall. A trust relationship between the domains was not desired.
System Center Virtual Machine Manager 2012 (SCVMM) supports this scenario, but there are several steps that must be performed to prepare for the migration.
Posted 20:03 [permalink]
A great deal of Windows software requires to be run with administrative or at least power user privileges for no good reason. That's a Bad Thing™, because it enables any user to compromise the system. Most of this software can, however, be talked into running with a normal user's privileges. The problem is usually that the program attempts to write temporary data, configuration data and other stuff like that to places a normal user can't write to. In this article I will describe the procedure I usually apply when having to deal with reluctant software.
Posted 11:27 [permalink]
Dual-booting Windows 9x and Windows 2000
(Windows 2000 installed first)
Let's say you would like to install Windows 9x and Windows 2000 on the same computer and make the system dual-boot. What would be the right order to install the operating systems?
Microsoft suggests to install Windows 9x first and Windows 2000 afterwards. Although this is the easy way I suggest not to do so. The procedure will install the bootloader on the Windows 9x partition where it cannot be protected by NTFS ACLs (the FAT filesystems do not support permissions). Maybe you have heard that installing Windows 9x first was the only possibility to dual-boot Windows 9x and 2000. Rest assured that's nothing but an urban legend. It is possible, although not as simple as the other way.
Posted 12:49 [permalink]