Is it possible to set up a GPO by using active directory groups but without specifying pc's?
I have 3 Active directory groups which I want to have MSMQ enabled for on the pc's they log on to. Can that be done? How?
Thanks
You should able to do this in the GPMC with the following,
Select your policy, then in the Scope tab (right hand pane) in the Security Filtering area select the Authenticated Users group and click Remove. Then click Add and search for the group names that you do want the policy applied to and add them in that Security Filtering pane. Then verify on the Delegation tab that those groups are listed and have Read access under Allowed Permissions, if necessary click Advanced and set that as necessary for each group.
Related
I want to list users without WDAGUtilityAccount and other service accounts.
Just like the users list in the Windows Control Panel.
However, both wmic and NetUserEnum(UF_NORMAL_ACCOUNT) will show all users including WDAGUtilityAccount.
By my experience, the users shown in the Control Panel are users under Administrators / Users / Power Users / Guests, but I cannot find a document to prove this.
Is there a rule that filters out the service accounts like WDAGUtilityAccount?
Update:
UF_PASSWD_NOTREQD of NET_DISPLAY_USER that returned byNetQueryDisplayInformation indicates the user is created by control panel (not the users created in computer management), but the flag of Guest and DefaultAccount still makes no difference.
BTW, the SID may be another way to distinguish service account(501+) and normal account(1001+)
https://learn.microsoft.com/en-us/windows/win32/secauthz/well-known-sids
If somebody has left my firm, how do I disable their account in Teamcity. I only see a delete option. I'll lose the configurations set by the user if I delete him right?
Is there a disable/Deactivate user option?
Currently it is not possible to disable a user. You can watch/vote for the corresponding issue in the bug tracker
The options you have now are:
Remove all roles/permissions of a user
Change user's password
Delete the user. This will not delete user's created items (projects, configurations, etc). The deleted user will be shown as 'unknown' on the UI
I have a user requesting that an employee be allowed to access only a specific sub-area in a project.
No access to the source code, no access to tests, only access to a single "area".
I have tried granting the user access as a Reader, and then setting specific security permissions on the area node. The business complains that the user has access to everything.
Is this possible to accomplish with the TFS 2013 security model?
Not trivial, the solution goes along this line.
Remove from the individual any groups except "Valid Users".
The user account must have "View project-level information".
Give the individual "View work items in this node" by right-clicking on the Area node he/she must have access.
You can add additional permission in this latter, if the person requires write access.
Define a new TFS group for these "special users".
Click on the Group Membership. This should open up the web page in IE.
Now click on the link "Create TFS Group" on the top left hand side.
Create a new TFS group for these special users. Lets call it "Special Users".
Remove the UserID of these special users from any other TFS groups that they are present.
Go to the specific sub-area in the project which they need access to. 1. Right click the file -> Advanced -> Security
Now here you can define the rights for your new "Special users group". Give them just the read access and deny everything else.
I am the administartor of TeamCity 9.0 which is my continuous integration server. I have added many users for different projects. They have the permission to manually trigger the build, but they cannot edit the configurations.
Now , I need to add a user so that the user can view the Web UI and get the logs etc ; but he must not be able to trigger the build. In short, the run button in the Web UI should not work for that user or should be invisible. How can I achieve that? Please help me out.
In the default installation, the All Users group only has the Project viewer role associated with it, which only has the View project and all parent projects permission. You'll see the Project developer role by default has the Run build and Stop build permissions, and many more.
What does your permission set up look like, i.e. what group is the user assigned to and what roles are associated with that group.
You can get a sort of "effective permissions" overview for a user on the "Roles" tab of a user, this shows how the user is getting permission for which projects via the groups they are in.
TeamCity provides a built-in role, Project Viewer, that grants users read-only access to projects. You can also create your own roles with permissions tailored for your team. See Administration > User Management > Roles.
Click on Administration on top right corner. Under User Management on left side of the UI, click on Users. Click on the user you want. Under Roles tab select Assign Role. In the pop up select what privilege you want to give to that user for what project.
Check this link https://confluence.jetbrains.com/display/TCD9/Role+and+Permission for knowing about different types of users in TeamCity.
I need to allow the administrator group to access to System->Global Configuration page.
By Global Configuration page I intend that page that has the Site, System, Server, Permissions, Text and Filters tabs.
I don't see this component anywhere to configure it, so I understand that it is meant only for the Super Users.
So maybe I have to edit administrator/components/com_config. But where and how?
The only way to give that kind of access is to make the users Super Admins under the Users section. You can see a list of the default user groups and their roles here: Changing User Groups
Here is the process to change a user's group:
Log into the Administrator Back-end via the sitename/administrator URL.
Click on Site, then User Manager
Click on the check box next to the user you want to change, then click Edit in the top right corner.
In the User Details section, change the user's group.
Click Save.