I'm looking for a Windows API or a function that I can run against a remote computer to tell if it's a domain controller or not.
I was thinking of asking the remote computer if it's a time source, but any computer can be one. All the Lsa* examples I found are if you're code is actually running on a domain controller or not.
I don't have any code because I'm not sure where to start, and I searched but didn't find anything on stack overflow.
Thanks for any help!
Related
I've written a Windows TCP (NOT IIS) server program in VB that provides the backend for an enterprise iPhone app that I have also developed. The system utilizes Apple Push Notifications, and that works fine, unless the server reboots for whatever reason.
Part of the Push Notification system is the inclusion of Apple certificates on the server. I followed the steps shown here to install the necessary certificates, and even though it's for ASP.NET applications, it works for my Windows-based server. Except, as I said, a reboot requires installing the certificates all over again.
I found this page on Server Fault that suggests adding a user to the certificate through the MMC snap-in, but that didn't work either.
Two questions: Following the steps shown on the Server Fault page, do I need to add a specific user? The only users that pop up are SYSTEM (which I tried), Administrators(ComputerName/Administrators) (also tried) and "S-1-1-5-blah, blah" (didn't try). Would there need to be a different user added to make it work?
Q2: If this won't ever work, is there a different way?
Full disclosure: This is the second time I have submitted this question, but the previous one (four months ago) was never responded to. I'm hoping someone who knows will see this.
Thanks for any advice.
AFTERTHOUGHT: The instructions I linked to above say to install the certificates to Personal/Certificates. Maybe this is wrong? This stuff is way over my head, so I don't understand the function of all the different stores.
Found the problem.
The page on Server Fault left out something. I needed to add a user that the system would recognize to the Permissions list. I added my user authentication, selected it, and after that the certificate persisted after a restart.
It is at least working on my development server. I haven't tried it yet on my production server.
Update: Works the same on the production server. Also, instead of using my user authentication, I used the IUSR authentication, meaning that it should work even after my name is removed from the active directory.
This question already has answers here:
Map a network drive to be used by a service
(13 answers)
Closed 2 years ago.
I have a glassfish service running as a non system user. Glassfish needs to access a shared drive. How do I mount the shared drive for the glassfish service. Also, I would like this to remount at restarting the server.
I've found some things online, but everything is a few years old and/or geared towards system services, so I'm hoping there's newer information out there:
This is what I started with, it's perfect, but it's geared toward system services. The drive isn't viewable to non system users:
https://support.code42.com/CrashPlan/4/Backup/Backing_Up_A_Windows_Network_Drive
This is the question that has the most answers, but most of them are for system users, though the OP seems to not be using the System User. His chosen solution involves wrapping the service, but there's the implication that it needs to be run manually at each start up.
Map a network drive to be used by a service
This person has the same issue including non system users, but everyone says it's impossible(or an extremely bad idea) except for the last comment which doesn't really give instructions:
Cannot access files on drive mapped network share from a Windows service
I'd rather not answer my own question, but no one else did and one of the links I gave did provide the correct solution:
Map a network drive to be used by a service
The accepted solution in the above question, did solve my problem. The key is to change the glassfish service xml to execute a wrapper batch file. In that wrapper batch file, map the drive. Then have the wrapper batch file call what the service xml normally points to. That solved my problem while retaining the service.
I sell Macs and i'm looking for a way for our security and to combat purchase fraud to have the machines phone home the first time they are booted up to show that machine has been in use at the clients IP address.
Now I know the client might set the computer up at a location other than their home and could spoof their IP (although the potential scammer wouldn't realise this system was in place so wouldn't be expecting to do this) but any system is better than no system.
In terms of privacy we'd put it in our privacy policy but of course we're not looking to collect any information from the user apart from their IP address and the script should delete once its connected to the internet for the first time.
How would users recommend the best way to do it? I have full access to the computers before hand and we already launch a script on first boot of user account to show a welcome and help guide - so we could add simple scripting there, but maybe a helper program which attempts until internet connection is first established, makes contact and deletes itself is best.
And of course we'd need a two pronged approach, a URL or API of some sort on our server that the computer connects to. Ideally the information to send would be the serial number and the IP address of the user, the MAC address could be useful too - as often if fraud has been committed the police will also check to see if the original MAC address of the system has connected via the ISP server logs.
I suppose the final piece of the puzzle would be that our logged data would somehow need to prove it was sent from that computer and not just generated ourselves in a database (eg we haven't just pretended its connected from their IP we've picked up from an e-mail address or something) i'm not sure if there would be any secure legal way to do this?
=============
Edit: Thinking of ways to make it legally binding in terms of presenting the information to the police or the courts I think the receiving server would need to be hosted and maintained by an independent third party whom you had a contract with and didn't allow you any write access to the information what so ever, all you could do is visit a website and pull up the data to pretend the evidence to the police.
(I seem to have been voted down because someone likes committing fraud?)
I have looked into similar solutions for macbooks in the past with little luck. One thing I have found however, if you have a web server, is to create a php page in an obscure hidden directory that will capture the ip address and send an email on access. From here you can create a page specific to each computer with MAC and serial number and set this as safari's homepage in a different tab. So every time someone attempts to access the internet you will be notified.
(This php page can be a simple blank page that just looks like a new tab, or can even display warnings such as "You are being tracked")
You could also create a python script on startup to send the information you are looking for such as ip, mac and serial number back, but again you would need another server setup as a listener.
And lastly, if possible, create a business account in icloud and use Find My Iphone/mac. This is probably the easiest if you can get away with it but unfortunately will not provide you with instant notifications.
-M
Quick question. I'm currently moving a asp.net MVC web application to the Windows Azure platform. Everything is working out okay apart from one thing.
In the application at the moment, we make use of FTP accounts for each user to import large quantities of files to our database.
I understand FTP on Azure is not as straightforward.
I've googled and found this article: Ftp on Azure
This seems to be what I need except obviously we'll need to be able to add new users with their own separate FTP account. Does anyone know of an easy workaround for this?
Thanks in advance
Did you consider running a (FTP) service that's not IIS based, and you could add users programatically? Also, how are you going to solve data sync issues when the role recycles or when you upgrade it? Make sure to backup to blob on a somewhat regular basis!
Personally, I'd mount a VHD drive (Azure Drive) which is actually hosted on blob storage, and have my FTP server point to that drive. However, make sure you only have one instance of the server (problem #1) unless you don't need higher than 99,9% reliability you can solve this by running a single instance. Step 2 is I'd implement user management in relation to that program.
It's not straightforward, and I'd advise against it though. But I understand that sometimes you have to do this. I would solve it like I described above.
I develop on my machine and use my local IIS to test the site. I was thinking it would be really useful for showing people in the office a prototype or demo if I could just IM them a URL to this instance of the site that would be available on the local network in the office. Then they could browse to it instead of having to get up and come over here. Also it would allow them to test it in their browser as an extra perk.
Has anyone done this kind of thing, how would I configure it?
Yes, if you are just using your local IIS, you should be able to hand our your IP or machine name and others could access it. Give this a try and let us know if you have any errors doing so ... please note you might have to toy around with anonymous access permissions so just keep that in mind coming out of the gate.