Is there a way to disable the installation of Firefox extensions by non-admin users? Asked by Victor Rodrigues Sort of. You can apply lock down settings with mozilla.cfg. This, however, will prevent all users from using locked down features though. Administrators can of course swap in/out the config file at will. http://www.pcc-services.com/kixtart/firefox-lockdown.html Edit: Here’s the list of settings we deploy via lock down. It’s a K-12 environment, so your needs will likely vary. // lockPref(“app.update.auto”, [...]Continue Reading »
As far as I know, accuracy of NTP syncronization highly depends on the network. I’ve seen some numbers from 50 microseconds to a “below one second” over the internet. Well, this is a huge difference. I believe, accuracy dependence is a great question to study, but so far I failed to find any material, which clearly states that, say, some particular configuration grants that particular accuracy. It is said on http://www.ntp.org/ntpfaq/NTP-s-algo.htm: A time difference of [...]Continue Reading »
I’m looking to create an account similar to a Domain Admin, but without access to domain controllers. In other words, this account will have full Administrator rights to any client machine in the domain, be able to add machines to the domain, but have only limited user rights to the servers. This account will be used by a person in an end-user tech support kind of role. They should have full access to client machines [...]Continue Reading »
I’m using remote desktop on Windows Server 2008 r2 and I’m trying to find a way to prevent users from kicking off admin users. I understand that according to MS a regular user should not be able to kick off an admin user however if a user attempts to log in while the admin user is on (and all other sessions are in use) the admin user has 30 seconds to click the box telling [...]Continue Reading »
One of our clients is a Tier 1 PCI company, and their auditors have made a suggestion with regards to us as System Administrators and our access rights. We administer their entirely Windows based infrastructure of roughly 700 Desktops/80 servers/10 Domain Controllers. They are suggesting that we move to a system where we have three separate accounts: DOMAIN.CO.UK\UserWS DOMAIN.CO.UK\UserSRV DOMAIN.CO.UK\UserDC Where WS is the account that logs on to only WorkStations, is a Local Administrator [...]Continue Reading »
I need to reload my php.ini and there’s nothing in the help dialog about restarting it. Asked by Galen Assuming you have the appropriate RC scripts in place, /etc/init.d/php-fpm restart or restart php-fpm or service php-fpm restart or service php5-fpm restart Or whatever the equivalent is on your system. Edited to include suggestion from Matt Winckler. Answered by tylerl Check more discussion of this question. Bookmark on Delicious Digg this post Recommend on Facebook share [...]Continue Reading »
Is there any reason why I would want to have iptables -A INPUT -j REJECT instead of iptables -A INPUT -j DROP Asked by Mike B As a general rule, use REJECT when you want the other end to know the port is unreachable’ use DROP for connections to hosts you don’t want people to see. Usually, all rules for connections inside your LAN should use REJECT. For the Internet, With the exception of ident [...]Continue Reading »
I’ve been given by a company their FTP IP where I should connect to. I got also username and password. That is supposed to work with port 21, right? I tried to use FTP command-line but it didn’t work; I tried my chance with sftp command-line and, using their credentials, I am authorized and connect without any problem. SFTP is supposed to use port 22 (and I used wireshark to check that). Am I right [...]Continue Reading »
We are currently running ASA9 at a location with redundant ip connectivity. We’d love to configure ip sla so that internet access survives a single carrier outage. I’m aware of the ip sla commands, however when I’ve tried to prepopulate the required NAT rules, the addition of the second rule will overwrite the first. Here is an example: object network NYHQ_GUESTWIRELESS_10.110.6.0_24 nat (NYHQ-GUESTWIRELESS,NYHQ-OUTSIDE_FIOS) dynamic interface When I attempt to add an additional nat rule, perhaps [...]Continue Reading »
I have a server running multiple websites under IIS7.5. I want to view the log files for one website in particular. In C:\inetpub\logs\LogFiles I see a number of folders, W3SVC1 through 6. How do I find out which website corresponds to which folder? In IIS6.0 it used to tell you, but I can’t find this anywhere in IIS7.5. Asked by Liam The numbers on the folders correspond to the Site ID of each specific site [...]Continue Reading »
- Is there a way for administrators to disable users from installing Firefox extensions?
- Is there research material on NTP accuracy available?
- How to create a limited “domain admin” that does not have access to domain controllers?
- Can Windows RDC admin users be immune from being kicked?
- Domain Administrators account policy (After PCI audit)