I installed MS Dynamics NAV from my windows admin account and It's running successfully on admin login. But when I login from another account and start NAV(2016), It shows :
you do not have access to microsoft dynamics nav .verify that you have been setup as a valid user in ms dynamics NAV.
I can't install NAV setup from my windows account as It don't have permission to install anything.
I am totally new to it, need help.
Step 1 - You will need the Windows Security ID or SSID
Open powershell and paste the below code
$objUser = New-Object System.Security.Principal.NTAccount("YourDomain\Your ID")
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
$strSID.Value
Replace YourDomain\Your ID with your Your Domain and USER ID.
Run the code and in the output, you will find the SSID.
STEP 2 - ENTER USER Details in NAVISION Database with Roles.
Open SQL Server Management Studio.
In My Case the database that i want to get access is Demo Database NAV (7-1).
Click on New Query and paste below listed command in the query window.
USE [DATABASE NAME]
DECLARE #USERSID uniqueidentifier, #WINDOWSSID nvarchar(119), #USERNAME nvarchar(50), #USERSIDTXT varchar(50)
SELECT NEWID()
SET #USERNAME = 'YourDomain\Your ID'
SET #USERSID = NEWID()
SET #USERSIDTXT = CONVERT(VARCHAR(50), #USERSID)
SET #WINDOWSSID = 'Your SSID'
INSERT INTO [dbo].[User]
([User Security ID],[User Name],[Full Name],[State],[Expiry Date], [Windows Security ID],[Change Password],[License Type],[Authentication Email])
VALUES
(#USERSID,#USERNAME,'',0,'1753-01-01 00:00:00.000',#WINDOWSSID,0,0,'')
INSERT INTO [dbo].[User Property]
([User Security ID],[Password],[Name Identifier],[Authentication Key], [WebServices Key],[WebServices Key Expiry Date],[Authentication Object ID])
VALUES
(#USERSID,'','','','','1753-01-01 00:00:00.000','')
INSERT INTO [dbo].[Access Control]([User Security ID],[Role ID],[Company Name])
VALUES
(#USERSID,'SUPER','')
GO
Replace
DATABASE NAME - with your database name
YourDomain\Your ID - with your Domain Name & User Name
Your SSID - with SSID as copied in STEP 1
The Query provide SUPER Role to user, if required you can change the Role in the Last part of the query.
Go to SQL Server Management Studio
Right click on database you are using , select new query and copy paste below syntax:
delete from [dbo].[User]
press F5 and restart. It will help you .
Quick way option with powershell, you should change some configurations.
For NAV 2016
$appUser = "XXX\XXX"; # User Name
$appUserFullName = "XXXXXxxxXX"; # FullName
$dataSource = "192.168.100.XX"; # SQL SERVER IP
$user = "sa"; # USERNAME
$pwd = "XXxxXX"; # SA Password
$database = "NAVERP"; # Database
$connectionString = "Server=$dataSource;uid=$user; pwd=$pwd;Database=$database;Integrated Security=False;";
$connection = New-Object System.Data.SqlClient.SqlConnection;
$connection.ConnectionString = $connectionString;
$objUser = New-Object System.Security.Principal.NTAccount($appUser)
$strSID = $objUser.Translate([System.Security.Principal.SecurityIdentifier])
$sqlCommandText ="
USE NAVERP
DECLARE #USERSID uniqueidentifier, #WINDOWSSID nvarchar(119), #USERNAME nvarchar(50), #USERSIDTXT varchar(50), #FullName as varchar(50)
SELECT NEWID()
SET #USERNAME = '$appUser'
set #FullName = '$appUserFullName'
SET #USERSID = NEWID()
SET #USERSIDTXT = CONVERT(VARCHAR(50), #USERSID)
SET #WINDOWSSID = '$strSID'
INSERT INTO [dbo].[User]
([User Security ID],[User Name],[Full Name],[State],[Expiry Date],[Windows Security ID], [Change Password],[License Type],[Authentication Email],[Contact Email])
VALUES
(#USERSID,#USERNAME,#FullName,0,'1753-01-01 00:00:00.000',#WINDOWSSID,0,0,'','');
INSERT INTO [dbo].[User Property]
([User Security ID],[Password],[Name Identifier],[Authentication Key], [WebServices Key],[WebServices Key Expiry Date],[Authentication Object ID])
VALUES
(#USERSID,'','','','','1753-01-01 00:00:00.000','');
INSERT INTO [dbo].[Access Control]([User Security ID],[Role ID],[Company Name],[App ID],Scope)
VALUES
(#USERSID,'SUPER','',cast(cast(0 as binary) as uniqueidentifier),0);
";
$connection.Open();
$command = $connection.CreateCommand();
$command.CommandText = $sqlCommandText;
$command.ExecuteNonQuery();
$connection.Close();
$sqlCommandText
Related
I have a PowerShell script that will create a new Oracle user. The code is correct, and the user is created as expected. My only problem is replicating Oracle's password hashing.
I'd like to have the ability to hash the password in PowerShell using the same algorithm as Oracle 10g and then insert the hashed password into Oracle using this code. IDENTIFIED BY VALUES 'NEED TO INSERT HASHED PASSWORD'.
Here's an example of a current password in the database: IDENTIFIED BY VALUES '033348433385A2DE'
I tried a few things in PowerShell but couldn't get it to work. According to my understanding, Oracle uses the username & password combination to generate the hashed value, among other things. Any advice would be greatly appreciated.
This is the code I'm currently using. It establishes an Oracle connection and then inserts the required information.
$login_newname = 'SomeName'
$query_user = CREATE USER $login_newname
IDENTIFIED BY VALUES 'NEED TO INSERT HASHED PASSWORD'
DEFAULT TABLESPACE USER_DATA
TEMPORARY TABLESPACE TEMPORARY_DATA
PROFILE DEFAULT
ACCOUNT UNLOCK"
$connectionstring = "User Id = $username;Password = $password;Data Source = $datasource"
$con = New-Object Oracle.ManagedDataAccess.Client.OracleConnection(“$connectionString”)
$con.open()
$cmd=$con.CreateCommand()
$query_user_1 = "GRANT CONNECT TO $login_newname WITH ADMIN OPTION"
$query_user_2 = "GRANT RESOURCE TO $login_newname WITH ADMIN OPTION"
$query_user_3 = "GRANT ALL_ACCESS TO $login_newname WITH ADMIN OPTION"
$query_user_4 = "ALTER USER $login_newname DEFAULT ROLE CONNECT, RESOURCE"
$query_user_5 = "GRANT SELECT ANY TABLE TO $login_newname WITH ADMIN OPTION"
$query_user_6 = "GRANT UNLIMITED TABLESPACE TO $login_newname WITH ADMIN OPTION"
$cmd.CommandText=$query_user
$cmd.ExecuteNonQuery() | Out-Null
$cmd.CommandText=$query_user_1
$cmd.ExecuteNonQuery() | Out-Null
$cmd.CommandText=$query_user_2
$cmd.ExecuteNonQuery() | Out-Null
$cmd.CommandText=$query_user_3
$cmd.ExecuteNonQuery() | Out-Null
$cmd.CommandText=$query_user_4
$cmd.ExecuteNonQuery() | Out-Null
$cmd.CommandText=$query_user_5
$cmd.ExecuteNonQuery() | Out-Null
$cmd.CommandText=$query_user_6
$cmd.ExecuteNonQuery() | Out-Null
I have managed to find a work-around for anyone that needs to replicate the same functionality.
I have defaulted this line like so IDENTIFIED BY VALUES 'password' .This will now create a user in Oracle with a password of 'password' but it won't apply the hashing.
I had to add an extra line:
$query_user_7 = "ALTER USER $login_newname IDENTIFIED BY password(This can be anything, your desired password)"
And then execute the query like so:
$cmd.CommandText=$query_user_7
$cmd.ExecuteNonQuery() | Out-Null
This will apply Oracle hashing to your new password and will allow you to login.
Please note, this works for Oracle 10g. I have not tried to do this on later Oracle versions.
Background:
I have a server with Windows 2008 R2 installed running as a terminal server session host. I have a long list of local users set-up and configured as remote desktop users. When the users remotely log on using remote desktop connection, a program automatically starts up. When the user closes that program, the session ends. This all works fine if I set it up manually.
My Question:
I have written a script to add a list of local users automatically and setup and configure the properties. The problem is that nowhere can I find how to set the "Environment" > "Start the following program at logon" properties. (See image for the properties I want to set)
A sample portion of my current script is as follow:
$computer = "localhost"
$userName = "aTestUser"
$objComputer = [ADSI]"WinNT://$computer"
$objUser = $objComputer.Create('user', $userName)
$objUser.SetPassword("Password")
$objUser.PSBase.InvokeSet('Description', "Some description for $userName")
$objUser.PSBase.InvokeSet('userflags', 512)
$objUser.PSBase.InvokeSet('passwordExpired', 1)
$objUser.SetInfo();
I also tried this command which doesn't work:
$objUser.PSBase.InvokeSet("TerminalServicesInitialProgram", "C:\programs\a_test_program.exe")
I have searched on Microsoft's MSDN site and Google and StackOverflow but could not find this specific property.
I found a solution here.
$ou = [adsi]"WinNT://127.0.0.1"
$user = $ou.psbase.get_children().find("test")
$user.PSBase.InvokeSet("TerminalServicesInitialProgram", "C:\logoff.bat")
$user.setinfo()
Okay, so I finally got it working. Seems like you have to first create the user then open it again for editing before the InvokeSet sets the TerminalServicesInitialProgram property.
I am not sure, maybe someone can share some experience or explanation.
Thank you to everyone for your help and assistance.
Working Code:
# Read the CSV file and create the users
# The CSV file structure is:
# UserName,FullName,Description
$Users = Import-Csv -Path "C:\Users.csv"
foreach ($User in $Users)
{
# adds user
$computer = "localhost"
$username = $User.UserName
#$username = "atest001"
$fullname = $User.FullName
#$fullname = "My Name"
$description = $User.Description
#$description = "A new user description"
$password = "MyGreatUnbreakableSecretPassword"
$objComputer = [ADSI]"WinNT://$computer"
$objUser = $objComputer.Create('user', $username)
$objUser.SetPassword($password)
$objUser.PSBase.InvokeSet("Description", $description)
$objUser.PSBase.InvokeSet('userflags', 65536)
$objUser.SetInfo();
# set password not to expire
#wmic USERACCOUNT WHERE "Name = '$username'" SET Passwordexpires=FALSE
# Add to groups
$group = [ADSI]"WinNT://./Power Users,group"
$group.Add("WinNT://$username,user")
$group = [ADSI]"WinNT://./WW_Users,group"
$group.Add("WinNT://$username,user")
$ou = [adsi]"WinNT://127.0.0.1"
$user = $ou.psbase.get_children().find($username)
$user.PSBase.InvokeSet("TerminalServicesInitialProgram", "C:\Program Files (x86)\Wonderware\InTouch\view.exe c:\program files (x86)\archestra\framework\bin\sibanyegold-kdce_app_tse1_test")
$user.PSBase.InvokeSet("MaxConnectionTime", 120)
$user.PSBase.InvokeSet("MaxDisconnectionTime", 1)
$user.PSBase.InvokeSet("MaxIdleTime", 30)
$user.PSBase.InvokeSet("BrokenConnectionAction", 1)
$user.PSBase.InvokeSet("ReconnectionAction", 1)
$user.PSBase.InvokeSet("FullName", $fullname)
$user.setinfo()
}
There are needs when we want to populate user details from Active Directory. Sharing my code to access user details from AD.
Introduction
People often ask for querying active directory by passing network account name or email. There are many articles already available on this, and one might get confused. Here is simple working code to access user detail from active directory database-
Please note in order to access AD, you have to specify valid network account credentials in connection.
function GetADDetails(userId)
Set objConn = Server.CreateObject("ADODB.Connection")
objConn.provider ="ADsDSOObject"
objConn.Properties("User ID") = "domain\userId" 'specify domain and
network account
objConn.Properties("Password") = "password" 'specify network password
objConn.Properties("Encrypt Password") = True
objConn.open "Active Directory Provider"
Set objCom = CreateObject("ADODB.Command")
Set objCom.ActiveConnection = objConn
strTarget="GC://abc.com" 'your domain name
objCom.CommandText ="select sn, givenName, sAMAccountName, name,mail,
telephoneNumber FROM '"+strTarget+"' where sAMAccountname='"+userId+"'"
Set objRS = objCom.Execute
If Not (objRS.EOF Or objRS.BOF) Then
GetADDetails=objRS.GetRows
Else
GetUserData = Null
End If
'Close objects and remove from memory
objRS.Close
objConn.Close
Set objRS = Nothing
Set objConn = Nothing
Set objCom = Nothing
end function
I've a vbscript to authenticate an user credentials, one part of my code is
Set objLocalGroup = GetObject("WinNT://./Administrators, group")
now this code fail in Windows(German and French Version), after debugging, I think the problem is that, in German Version, the Group corresponding to English "Administrators" was named "Administratoren"..
Is there any generic way to get the Object?
Thanks.
The administrators group has a well-known SID, so something like this should work:
Set wmi = GetObject("winmgmts://./root/cimv2")
Set admins = wmi.Get("Win32_SID.SID='S-1-5-32-544'")
Set objLocalGroup = GetObject("WinNT://./" & admins.AccountName & ",group")
Another way would be getting the name from the Win32_Group class:
Set wmi = GetObject("winmgmts://./root/cimv2")
qry = "SELECT * FROM Win32_Group WHERE SID = 'S-1-5-32-544'"
For Each group In wmi.ExecQuery(qry)
Set objLocalGroup = GetObject("WinNT://./" & group.Name & ",group")
Next
I wanted to enable the userflag 'User must change password at next logon' through powershell scripts.
For the flag Account is disable, I did the following :
$user=[ADSI]'WinNT://localhost/account23';
$user.userflags = 2;
$user.setinfo();
Is it possible to add the user flag for 'User must change password at next logon' in the similar way?
It is possible to enable the flag 'User muat change password at next logon' through the following :
$user.passwordExpired = 1;
$user.setinfo();
I believe that's a calculated value,so you can't set it directly, but if you set the pwdLastSet value to 0 it should have the same effect:
$user.pwdLastSet = 0
$username = "enter your local user name here";
$user=[ADSI]"WinNT://localhost/$username";
$user.userflags = 2;
$user.setinfo();