Is there a LDAP server emulator or a Windows Active Directory emulator, I'm talking something in the lines of smtp4dev which doesn't have to be configured and just work for a development environment in order to test authentication code.
I suspect you might want to try Active Directory Lightweight Directory Services (AD LDS), formerly known as Active Directory Application Mode (ADAM).
Related
I'm trying to use CreateAppContainerProfile to run a .NET 6 application.
Based on the documentation that api is used to set up the same kind of sandbox used by UWP applications.
Now this works correctly if the application is installed below c:\program files but if it's installed elsewhere the process fails with "Failed to resolve full path of the current executable [path to the executable]" (code 0x80008085)
If the user account has the WRITE_DAC access right to the application folder I can allow the sandbox read/list_directory access and it works again, but if the user account itself only haves read/list/execute rights there I can't do that.
The documentation for UWP sandboxes say that they implicitly give the sandbox read access to the application directory (which makes sense) and considering the application works in c:\program files without granting any permissions, that seems to somewhat also apply here but I don't understand why it doesn't work the same elsewhere.
Is there some security settings on the folders outside the user rights that would be relevant here?
There is so little documentation on this functionality I'm not entirely sure where else to look for information.
Answering my own question here:
I did really overthink this by assuming that the app container was supposed to magically give read/execute permission to the application directory.
In reality, c:\program files simply has an ACL for the special user "ALL RESTRICTED APPLICATION PACKAGES" that grants all app containers read/execute access to the entire directory tree.
Unfortunately this means there isn't really a nice solution for what I'm looking for apparently. At some point my main process has to be elevated to change ACLs to the application directory so that the app container can read it, there is no way afaict to just "inherit" rights the host process has to the containerized one.
"Capabilities" can be used when creating the appcontainer to allow access to certain predefined functionality (libraries, devices, ...) or you can basically set up custom capabilities, like a set of directories a container should be able to access but that then again requires the right to change ACLs on those directories when setting up the capability.
I am developing desktop database application. Using rdlc report and reportviewer. Everything was fine in developing process, reportviewer was showing all data smoothly. I deploy app with Inno Setup. But when I install the app, the reportviewer is not showing data. While data is correctly inserted in the tables.
For applications that work incorrectly or fail completely, when installed by Inno Setup to Program Files folder, the first thing to test, is to try to deploy the application manually to the same folder.
If the application fails even after a manual deployment, the most usual problem is that the application requires a user to have write permissions to application folder. As on modern versions of Windows a user typically does not have write permissions to the Program Files folder, the application does not work. So the problem usually has nothing to do with Inno Setup, but it's a problem of the application itself.
To solve the problem:
The best solution is to redesign the application so that it does not require write permissions to its folder. Windows applications should not require write permissions to their folder. That's against Windows guidelines. The application should write data to a user profile folder (C:\Users\username\AppData) or to a common data folder (C:\ProgramData).
A dirty workaround is have the installer grant a user(s) write permissions to the installation folder. Do that only, if you cannot get the application fixed (e.g. it's 3rd party application).
See Inno Setup - How to set permissions of installation folder.
Even more gross workaround is to configure the application to be executed with elevated (Administrator) privileges.
See Inno Setup desktop shortcut (link) which has "Run as administrator" advanced property set
or How to set 'Run as administrator' on a file using Inno Setup.
Another solution is enabling legacy compatibility mode that makes Windows redirect all application write attempts to a virtual store. See also Application installed with Inno Setup writes files to unknown location instead of its installation folder.
There are numerous other possible reasons, why the application might be failing when installed, including:
You omitted some dependency:
DLL library
.NET assembly
.NET Framework
Java Runtime Environment
other runtime
COM/ActiveX object, etc.
The application requires some configuration:
a file
a registry key [including COM/ActiveX object registration]
an environment variable, etc.
The application is not designed to be executed from a folder that has a space in its name (Program Files).
The application gets confused by Windows File virtualization (though it's unlikely). See Application installed with Inno Setup writes files to unknown location instead of its installation folder.
I just installed Remote Server Administrative Tools (RSAT) on windows 7, and turned features on as mentioned in the installation guide. Now the Administrative Tools have been installed and successfully listed in the All Programs list of start menu.
I want to set up a local network. I want to create users/passwords, and give them access to shared drives with permissions, etc.
My questions is:
How do I configure the Active Directory in windows 7 for the first time?
RSAT is to remotely manage an Active Directory environment. It's not for creating an AD environment.
If you want to create an AD environment, you need Windows Server (2003/2008/2012) and install the 'Active Directory Domain Services' or 'Active Directory Lightweight Directory Services' role. There are instructions online on how to do that.
I am working in a mixed environment of Mac OS and Windows machines, which the domain controller is Open Directory served by a Mac server. Actually, Mac and Windows both are installed on every machine and could be selected on boot time.
As a longtime problem, we could not join Windows 7 users to Open Directory domain. That's why I decided to setup an Active Directory server for Windows users and leave Open Directory for Mac users. Then the next problem was we must have each user twice in both Open Directory and Active Directory.
My question is: Is there a way to configure AD to relay its authentication requests to OD user database, and also load home directories from a shared point on the network?
An Open Directory can be used as PDC or a BDC and yes you can replicate active directory into your Open Directory server. once that is said, setting up a new Open Directory BDC is not a question of two lines of code. I'll suggest you to read the following:
http://manuals.info.apple.com/MANUALS/1000/MA1180/en_US/OpenDirAdmin_v10.6.pdf
you may find more than you are looking for. :)
My application consists of two parts: A Windows Service running under the LocalSystem account and a client process running under the currently logged in regular user.
I need to deploy the application across Windows versions from XP up to Win7.
The client will retrieve files from the web and collect user data from the user.
The service will construct files and data of it's own which the client needs to read.
I'm trying to figure out the best place (registry or filesystem, or mix) to store all this. One file the client or service needs to be able to retrieve from the net is an update_patch executable which needs to run whenever an upgrade is available.
I need to be sure the initial installer SETUP.EXE, and also the update_patch can figure out this ideal location and set a RegKey to be read later by both client and server telling them the magic location (The SETUP.EXE will run with elevated privileges since it needs to install the service)
On my Win7 test system the service %APPDATA% points to:
C:\Windows\system32\config\systemprofile\AppData\Roaming
and the %APPDATA% of the client points to:
C:\Users\(username)\AppData\Roaming
Interestingly Google Chrome stores everything (App and Data) in
C:\Users\(username)\AppData\Local\Google\Chrome
Chrome runs pretty much in exactly the way I want my suite to run (able to silently update itself in the background)
What I'm trying to avoid is nasty popups warning the user that the app wants to modify the system, and I want to avoid problems when VirtualStore doesn't exist because the user is running XP/2000/2003 or has UAC turned off.
My target audience are non-tech-savvy general Windows users.
Chrome doesn't have any services running under the LocalSystem account, though.
If you want to have files that can be shared between accounts on the same system, store them under the %ALLUSERSPROFILE% folder.
If you just want to be able to auto-update programs, then doing what Chrome does is fine: just make sure you launch the updated elevated when UAC is turned on.