I tried to deploy report from VS2012 to remote server, and when deploy I got error:
"The permissions granted to user 'SERVER\User2' are insufficient for performing this operation."
Deploy work excellent from other developer machine.
Problem is obviously that User2 doesn't have enough permission.
When deploy report from VS, I usually got popup window where I specified username and password. In this case, I don't have any popup to define user for deploy.
Instead of User2 there must be User but I don't know how to change them, it looks like user is preserved somewhere, I don't get popup for credentials.
User and User2 both exists on remote server as account, but User has administrator privilege, and this is first account
Related
I'm investigating a failure in my Windows 10 Credential Provider. It calls out to LookupAccountName in order to get the SID of the user that is attempting to log in. Its per-user configuration uses the account SID as the key.
The failure scenario is as follows:
There is a mixture of local and domain accounts on a domain joined computer.
The computer is in an offline or otherwise disconnected state and cannot contact the domain controller.
The domain user has logged in to this computer in the past and its credential is cached.
The call to LookupAccountName fails with ERROR_TRUSTED_RELATIONSHIP_FAILURE (0x6FD)
Here's where things are interesting:
I can log in with a local account and then "Run As" the domain user. Then subsequent calls to LookupAccountName (even when run in the context of the local user) succeeds in looking up the SID of the domain user. It will continue to work until the computer is rebooted.
I've tried calling LookupAccountName as well as LsaLookupNames2. Both exhibit the same behavior. (I assume LookupAccountName is built off of LsaLookupNames2).
It doesn't look like the NetUser* APIs will help me, as I believe they are intended for local accounts.
Is there a way to lookup the account SID for an offline domain credential? Without requiring them to log in first?
Why does using "Run As" cause these APIs to suddenly work?
I have a requirement to collect windows facts via ansible. By passing the local Administrator account credentials with Ansible, this works with no issues. If I add my own windows account to the local Admin group, this also works.
The problems starts when I need to connect to a windows server with a non-local admin account (an AD account with Administrator privilege). win_ping fail no matter what I try to make it work.
The Ansible documentation seems to suggest you have to be a local admin or a member of the local admin group.
https://docs.ansible.com/ansible/latest/user_guide/windows_setup.html#http-401-credentials-rejected
This section:
Ensure that the user is a member of the local Administrators group or has been explicitly granted access (a connection test with the winrs command can be used to rule this out).
And they give us this workaround:
https://docs.ansible.com/ansible/latest/user_guide/windows_winrm.html#non-administrator-accounts
Non-Administrator Accounts WinRM is configured by default to only
allow connections from accounts in the local Administrators group.
This can be changed by running:
winrm configSDDL default This will display an ACL editor, where new
users or groups may be added. To run commands over WinRM, users and
groups must have at least the Read and Execute permissions enabled.
While non-administrative accounts can be used with WinRM, most typical
server administration tasks require some level of administrative
access, so the utility is usually limited
But even after adding the remote AD account in the ACL editor and giving access to everything, I still get the same error.
"msg": "ssl: the specified credentials were rejected by the server",
Has anyone got this working with an AD account? Any pointers would be very welcome.
Currently, it looks like I need to have a local account with administrator privilege on every Windows server I want to run ansible on. I'm hoping this is not the case.
Thanks
I'm trying to work around a problem with my Self-hosted Azure Pipeline agent. One of the workarounds listed here is to make the agent log on as myself, (instead of as the current, "Network Service" account it uses).
So I tried that. I went to the Services app, edited the "Azure Pipelines Agent" service and changed the user to be myself.
Windows then tells me that I'll need to stop the service and restart it. But when I do that, I get an error dialog with Error 1069: "The service did not start due to a logon failure"
I have tried to use both my Windows 10 Logon PIN (that I type to login when I sit down at the machine) as the password as well as my Azure AD password for our organization that lets me log on to all our resources. Neither one works.
I know I have the correct account. I don't have any other organization passwords that I know of. What am I doing wrong?
Change the logon user on DevOps agent services won't work.
If you'd like to run the agent with specific account, you need to uninstall the agent(config.cmd remove), then reconfigure the DevOps agent, type your account as below during the configuration.
You can validate the user account in DevOps pipeline with below task:
pool: self2
- script: whoami
I am new to TeamCity and currently installing it.
It was asking whether I want to be running the server under a "user account" or "the SYSTEM account" / running the agent under a "user account" or "the SYSTEM account".
I assumed that since my version control (clearcase) is configured to my employee id, I should select user account.
Is my assumption correct? When should either the SYSTEM account or a user account be used? What is the difference between them?
What you're talking about is allowing TeamCity to run as LocalSystem vs a specified user account (local or in ActiveDirectory). LocalSystem is highly privileged (see this article).
If you are interested in following the principle of least privelege, you should create a user account. If you're running TeamCity on your local workstation, LocalSystem is probably ok.
The same advice applies to the build agent.
The main difference for you as the user can be connection of the TeamCity to some remote repositories. I.e., you have an SSH authentication with keys configured in your user account, to access a git repository. From the user account you will be able to configure it almost out-of-box. But it will take time to configure authentication for system account.
Merry Christmas everyone !
I've installed Team Foundation Server 2010 with advanced configuration but I left the settings as default (like Service Account: NT AUTHORITY\LOCAL SERVICE and others)...
All good until when I typed http://localhost:8080/tfs and there it asks me to provide username and password.
What is the default username and password ? I didn't provide any username and/or password during configuration.
I typed as my Windows account name but it doesn't work.
Help me please...
Thank you
EDIT: Please watch my short video capture: http://youtu.be/i8C5mp7fUsA
TFS uses Window's accounts for its permissions. If you're logging in on a workstation setup, rather than one linked to AD then remember you need to specify your machine name as part of the username, for example MACHINE\michaels.
In order to setup new projects you will need to first start off using an administrator account - if your normal username isn't a Windows administrator, then login using your admin username and password (you can then grant permissions to your normal account. You can also use the Windows security groups on the machine to add yourself - there will be a local group called "Team Foundation Administrators". MSDN has a list of the Windows groups you can configure.
it is the windows login , password and u can set it in the administration panel also .
UPDATE - mine was ashutosh-pc\ashutosh and my windows password
You have set your service account to LOCAL SERVICE. Please change this to NETWORK SERVICE. The login box you are getting is not to login TFS, but to get access to your machine resources. The LOCAL SERVICE account does not have enough permissions to operate TFS.
If you don't have NETWORK SERVICE, then use a regular windows account.
See for more information the TFS 2010 Install Guide.
Yeah definitely it works using your windows account, but in my case I have my hotmail email account linked to my windows.. so, I just used my email address and the password for this, I am sharing an screenshot, this is the firs default page after logged in.