first I want to state that I am a novice when it comes to code/programming. Also, I have a Mac (that runs Catalina, if that matters).
This is my first time posting to this forum, so please forgive any missteps in protocol...
Here's some background info to my question:
I have Microsoft 365 for Business and I use Teams. I'm a small business and I'm the owner and administrator. I need to be able to share externally with anyone. I have changed the settings in SharePoint admin and OneDrive admin to be able to share externally. Look here to see an example of what I have done, and the problem: https://techcommunity.microsoft.com/t5/onedrive-for-business/share-with-anyone-with-the-link-setting-is-grey-out-why/m-p/810390
Even after allowing for external sharing, the sharing options are still greyed-out. But this is not my question. I know how to fix it; as it says in the above link, I need to enable sharing in Powershell via set-sposite "siteurl" -sharingcapability ExternalUserAndGuestSharing
After some research, I found that there is a Microsoft Pwsh for Mac. I downloaded Homebrew, Microsoft PowerShell and Azure. (I also have Node.js, if that matters.) Here is a screenshot of my terminal (I hid any identifying information...):
terminal screenshot
As you can see, I get this error: Connect-SPOService -Url https://<organization name here>admin.sharepoint.com Connect-SPOService: The term 'Connect-SPOService' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
I contacted Microsoft and had a technician with me on the phone trying to troubleshoot their way into my SPOService on my Mac using Homebrew in order to fix the greyed-out "share with anyone" option. We were unsuccessful. At the moment, I do have access to a Windows computer, and I was able to enter my SPOService on that Windows computer and resolve the problem. However, for each new SharePoint site I create and want to share externally, I will need to repeat this process (at least, this is what the technician told me). I will not always have access to a Windows computer, therefore I need to be able to enter my SPOService on my Macbook.
Are there any workarounds? Is there an SPOService powershell for Mac? If I have the pswh for Microsoft, why won't it let me into sharepoint?
Thank you in advance for any assistance
First, I can still not rename the domain, but I can help you with a general SharePoint update. It does not work either in Azure or on Mac OX X.
If you like to check, repeat the following steps on your computer setup, assuming you don't use a Windows Computer.
Check the availability of SharePoint
Get-Module -Name Microsoft.Online.SharePoint.PowerShell -ListAvailable | Select Name,Version
Install the module if missing
On a mac with the name of your user directory
Import-Module /Users/username/.local/share/powershell/Modules Microsoft.Online.SharePoint.PowerShell -Verbose
On Azure Powershell
Import-Module Microsoft.Online.SharePoint.PowerShell -Verbose
You get a PowerShell via a one-month Test-Subscription.
Prepare your Admin URL
$AdminCenterURL="https://name_you_used_during_first_setup-admin.sharepoint.com"
Make sure you add "-admin" at the end of your domain name. You received this when you signed up. It is not the domain name you can use for your subscription later; it's, unfortunately, how Microsoft decided to implement it. Therefore, changing from Mac or Azure is not possible.
Connect to your side
Connect-SPOService -Url $AdminCenterURL -Credential (Get-Credential)
And now it will fail with
Connect-SPOService: The type initializer for 'Microsoft.Win32.Registry' threw an exception.
Unfortunately, after exchanging many emails with Microsoft, I could not resolve this with the Support desk. However, the error seems to be known.
I wrote this note to allow others to save valuable time so that somebody would not waste his time if they tried to resolve it as I tried.
If like me, you are stuck with renaming the initial SharePoint subdomain, you currently have the following options.
Buy a Windows PC with a License or install a VM with a MS Windows trial license
Buy an Enterprise License, and use the Beta functionality.
Delete your subscription, but then you might lose the active licenses and the work you have put in already. But you can re-register, and this time put the name into the subscription, which you like to see as a subdomain of SharePoint. But you lose all work put in, in the first place.
My email address has changed and now I can't log into Visual Studio 2017.
The error is "We could not refresh the credentials for the account. Failed to refresh the access token".
How can I fix this?
This bug will be fixed in a future version.
For now:
Close down VS2017
Go to "C:\Users\{username}\AppData\Local\.IdentityService"
Rename "IdentityServiceAdalCache.cache" as shown below. (for example just add an underscore to it)
Restart VS2017 and log in.
NOTE: There are similar issues that this won't resolve, but this worked for me.
Open Visual Studio. Click Help, Send Feedback, Report a Problem...
This brings you to a login screen. If you log in from there, it will log you into Visual Studio.
What worked for me was to rename .identityservice and then restart VS and log in to your VSTS account. It then recreates a new .identityservice that it can access.
I tried by deleting only the IdentityServiceAdalCache.cache as in the accepted answer but it did not fix the problem.
For the record, I managed to fix it by deleting every files within the .IdentityService folder (located in C:\Users{username}\AppData\Local.IdentityService).
I have read dozens of posts on this topic discussing clearing out .IdentityService. I tried every variation of this solution that one might think of. None worked.
I ended up poking around and trying to manually login to my Microsoft account using Internet Explorer, but I could not connect to https://login.microsoftonline.com. I added the https://login.microsoftonline.com address to my Trusted Sites in Internet Options. Once I had done this, Visual Studio was able to connect to Microsoft and validate my account.
When an error occurs, Visual studio will log it's error messages in the following folder. Please check the logs located at
%Temp%\servicehub\logs
This can also be caused by network restrictions. Please disable your virus guard or firewall and check.
This issue can also be caused by running VS "As Administrator" and the administrator is a different user. Just some FYI.
None of these answers will resolve that issue unfortunately.
Very old thread but if someone is still having this issue, then try following in my footsteps:
I just deleted the entire .IdentityService folder, and launched visual studio again... It asks you to log in and works normally. (for me)
Make sure you can access https://login.microsoftonline.com
If your network is blocking that (perhaps to block Microsoft webmail), then the above solutions will not pertain to you. Either unrestrict access, or you will need some off-line version.
In case someone is still looking for an answer. What worked for me was checking that the AppData folder and Local folder were not on 'read only mode' in the path "C:\Users{username}\AppData\Local.IdentityService" and it just worked!
Check to make sure that your PC no limit(IP-Firewall) to Internet connection access.
Disable or turn off VPN
It happened to me when using an account that uses my organization's email-domain, and I guess it tried to verify it and it couldn't find it in their database, and as soon as I used an account with a onmicrosoft.com domain, it worked.
The interesting part is that it allowed me to create the Microsoft account with this organization email and I still use it for DevOps, and it just stopped me when signing in with Visual Studio, I don't understand why this difference is.
I hope this can help someone..
I have VS 2017 and had this exact issue. Simply deleting
C:\Users\{username}\AppData\Local.IdentityService did not work for me.
Follow the steps 1-2 below to see if you might have and identical cause of the problem, and the rest how to solved it if so.
Go to C:\Users\{user}\AppData\Local\Temp\servicehub\logs and open the latest error logs from VS.
IF you see "Retrieved tenant memberships, found '2' owned tenants", then follow the rest of the steps.
Go to azure portal then login under the username you are
trying to use.
The following steps may change by the time you read this, but you
want to get to step 6. Go to Manage Azure Directory.
Click "Switch Tenants"
I was linked to 2 tenants, one of which I did not need. This is what had been causing my issues. Select the useless tenants, and click "leave tenant".
Once this is completed, close all instances of VS.
Delete C:\Users\{username}\AppData\Local.IdentityService.
Open VS and login to your account.
I found the same behavior when using Administrator user.
Any other user can login and activate the license only for himself.
I don't think there is a way to activate for Administrator, which makes using this licensing awkward for usage in a shared resource (i.e. build server).
The one solution which worked for me was resetting the domain password and restarting the system.
I just wanted to share this because i was struggling with the same problem since 8 days tried everything on net and this worked.
Hope it helps someone :)
I updated Visual Studio with latest package and after rebooting my PC issue was solved. I was able to log-in
Opening VS as admin worked for me, none of the above did
I was getting this error from our proxy having restrictive rules in place, I was able to add the sites to a whitelist that were being blocked while trying to login.
Some of the sites I whitelisted in Webmarshal were:
*.windows.net
*.msocsp.com
*.ws.symantec.com
*.digicert.com
*.clicktale.net
app.vssps.visualstudio.com
demdex.net
For me it was due wrong system time, after setting correct time it got fixed automatically
I had the problem of not being able to sign in to VS after not using unity for a long time and then updating everything. The way I solved it was to open VS and then click help. This opened the sign in box with 'Personalization Account'. I clicked 'Account options' under the afore mentioned heading, and changed the 'Embedded web browser' to 'System web browser' in the right window. This enabled me to log in via my Edge browser and everything worked fine.
I just fixed it by changing folder to be public.
folder files: "C:\Users{username}\AppData\Local.IdentityService"
right click and choose property and uncheck the hidden and apply it.
If you are under a domain network there is a workaround (quick fix),
Adding or changing the following key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Protect\Providers\df9d8cd0-1501-11d1-8c7a-00c04fc297eb
ProtectionPolicy = 1 (DWORD)
Check the most recent modified files at %temp%\servicehub\logs.
Check StorageUtilitiesSingleton-10788-lqnuymos-1.log
For an error like this: The computer must be trusted for delegation and the current user account must be configured to allow delegation.
If that is the case this might help you.
I has this issue recently.
Tried all the options above, none worked.
Get it sorted, after repairing Visual Studio, doing all the updates, restart and updated again, restart, another repair and bang! Worked like a charm.
Instead of doing all this, change embedded broswer to system browser so it will works normally in default browser and gets updated in VS.
In VS 2019 enabling System Web Browser instead of Embedded web browser fixed it for me,
Hope this helps someone
https://learn.microsoft.com/en-us/visualstudio/ide/work-with-multi-factor-authentication?view=vs-2019
I tried multiple things above such as
Renaming c:\users[user]\appdata\local.IdentityService
Logging directly in https://login.microsoftonline.com (noticed certificate issues)
Adding https://login.microsoftonline.com to the Trust Sites list in Internet Options
Opening VS as non-admin as well as admin
Reviewed the logs here: %Temp%\servicehub\logs
I also installed Chrome, setting it to the default browser, because many features were saying IE is no longer supported
Reviewing the logs gave me the clue I needed to solve my particular issue. The log stated there was an issue with SSL trust.
Consequently, I ran our local version of rootsupd.exe and installed any related Microsoft root certificates such as the DigiCert Global Root G2 to the Trusted Root Authorities. After rebooting my machine, I noticed VS began recognizing my account and was actually already signed in.
During re-installation of Dyntrace I getting below error, Tried to google it but didn't find any appropriate solution.
When you say "re-installation" does it mean you hit the "Modify" option or did you install a 6.1 on an existing 6.0 installation?
Can you look at the Windows Event Log? Typically installers write error messages in the windows event log.
What I'Ve seen in the past is that some anti-virus software corrupated the msi file that people downloaded from our download servers. Can you try downloading it again? maybe from a different machien? You can get the current installers from here https://community.compuwareapm.com/community/display/EVAL/Step+1+-+Download+and+install+dynaTrace
Please also check out our community portal where we have a dedicated discussion forum for dynatrace related questions: https://community.compuwareapm.com/community/display/DTFORUM/dynaTrace+Forums+Home
Andi
Looking for suggestions on how to go about the following, i.e what would be the best language to do it in etc, third party tools are a no :(
I've been tasked to create some sort of windows shell/command line interface that will allow a standard users to install a specific set of applications (configurable by administrators) (installation requires Admin/UAC elevation) due to security restrictions the user cannot have elevated privileges so they'll be able to run the shell as a standard user and it would have hidden/encrypted credentials built in to run the installs as.
Some of the requirements are as follows:
It would need to work on Server 2008 R2, 2012 r1 and 2012 r2
The credentials used to perform the install would have to be hidden (encrypted) from the end user.
Ideally it could work by us providing some config to it prior to handing that server over to the customer and limit what it could be used to install to a particular .exe or .msi (so we know of a need to install an app, we are advised of the name of the install and can logon and can enter it into a form maybe so only that app can be installed, then hand the server over to the customer who runs the same utility or shell extension or whatever and can then install their app.
Even more ideally it was more intelligent than that and some means of ensuring any .msi was indeed installing the application that the msi name related to (seems unlikely but just in case a normal user created an .msi to grant himself further admin access as per http://blogs.technet.com/b/fdcc/archive/2011/01/25/alwaysinstallelevated-is-equivalent-to-granting-administrative-rights.aspx )
Ideally its lifespan would be limited in terms of time (unsure if this could be for example to x number of days).
Any pointers on how to go about this, seems like a good challenge :)
Thanks for reading all that!
Mike
Thanks for the responses,
I managed to do this in C#, with no prior experience in the language :)
The application has 2 parts to it, a GUI and a service. It works by having the application send an install command via IPC to it's counterpart elevated service. (Thanks Hans Passant for pointing me in the right direction there). The service initiates the installer under it's own elevated account but displays the installer GUI on the users session. Files are HMACSHA1 checksum validated prior to install, on both the app and the service.
Thanks,
Mike
If a user requires the ability to install application in the Program Files folder, then instruct the domain administrator to give Full Control of the Program Files folder to Everyone:
Just because the default setting forbids standard users from modifying programs, doesn't mean you have to keep it that way. Windows is a secure operating system that gives you the capability to keep it secure.
If your administrator only wants some users to be able to modify the contents of the Program Files folder, then only give that permission to certain users.
The better solution is to re-design the applications so that they do not install in a (by default) protected location. Have them instead install in:
%APPDATA_LOCAL%\Contoso\Frobber\Grob.exe
e.g.
D:\Users\Ian\AppData\Local\Contoso\Frobber\Grob.exe
A user is always allowed to write anything in their own profile folder.
I am writing an automation the deployes several machines and installs several programs on them.
One of the steps a user would do manually is logging off and on to a windows computer as part of an installation process.
Can someone please point me to relevant links so i can understand how to simulate a logging in process into windows without a gui?
I mean i need to make the machine think someone logged in to it and i am using only powershell.
launching mstsc does not do the trick because i cant overcome the request for certificate (I need an automatic process but i did not find a way to silence the certificate warning)
I searched for a couple of days and could not find what I was looking for.
Thank you for your help!
It's just an idea. Perhaps you can first make the image of the machines with automatic logon , install the software and finally remove the automatic logon ?
This link has details about Automatic Logon
http://support.microsoft.com/kb/315231