|
Zoltan Balazs wrote: I think you are wrong here, the LocalSystem account is the highest privileged level that a service can get.
You'd think that's the case, but there have been too many questions about "Access Denied" errors when using it to get at various parts of the file system, registry, and of course, network access.
In practice, unless you REALLY need Desktop Interaction, it's best to create an account explicitly for the service to use so you have greater control over what it can and cannot get to. Truthfuly, how many services REALLY need admin access to the machine?
|
|
|
|
|
Hi all,
Recently i have read some forum said that if rename USBSTOR.pnf and USBSTOR.inf will disable usb storage even the usb drive never install in the computer or plug in when rebooting system.Is that true? Currently i only know the way is deny system group of USBSTOR key(in registry editor). Then, if rename the USBSTOR.pnf and USBSTOR.inf can archeive the purpose of disabling usb storage, may i know which is the best way to totally disabling usb storage(Deny system or rename .inf/.pnf file)?
any tips and suggestion are welcome.
thanks in advance
regards
cocoonwls
|
|
|
|
|
|
Hi Noctris,
Thanks for your reply.
Actually i am already set the registry key to disable usb drives. But if you just simply set the registry key, it only will work for those thumb drive which already install in you deskop, but not for those thumb drive which not install yet in your desktop when they are plug in the device before boot into OS. So, in my own solution, i am using registry key and .inf to disable the usb drive.
So, any suggestion?
regards
cocoonwls
|
|
|
|
|
Hi can any body remind me how to supply paths on windows command line which include folders having spaces in their name.
for e.g how to make the following work on windows command line
cd C:\Douments and settings\user\My Documents
thanks
|
|
|
|
|
scorpion king wrote: Hi can any body remind me how to supply paths on windows command line which include folders having spaces in their name.
for e.g how to make the following work on windows command line
cd C:\Documents and settings\user\My Documents
This command already works at the command prompt (just fix the spelling mistake)
|
|
|
|
|
Put "" around the paths
Judy
|
|
|
|
|
Hi, one of my colleage control the server with more than one hard disk. Last week, my office has a problem with fire and he rush to shutdown the server and take out the hard drive with him. When he return back, he forget the slot of which hard disk is resided. He just know that his disk is configured as dynamic disk but he forget about the type of volume (spanned or strip...).
From here I have a question, if we plug the hard disk in wrong slot, will it affect the data inside the hard drive? Thank in advance
|
|
|
|
|
So much for backup to tape and documentation, huh?
This is what a disaster recovery plan is for. I highly suggest you write one after you get this back up and running.
No, it won't affect the data. You just won't be able to get at it unless the drive is in the correct slot and the configuration of the array is correct. If you don't have anny idea what it was, you're going to go through a lot of trial and error to figure it out. You may even never figure it out! Also, you may even make a mistake and destroy the data on the drive if you inadventantly make the wrong configuration permanent.
|
|
|
|
|
Thank you very much for your support.
|
|
|
|
|
Regarding to Windows Server 2008 Active Directory Domain Services, I want to ask, when compared with other DNS, how the security level improves, besides for better administration (the number of administrator can be reduced)???
modified on Sunday, May 25, 2008 12:49 PM
|
|
|
|
|
Windows Server 2008 Active Directory Domain Services includes a new feature called Read-only Domain Controller (RDC). It enables better administrative management and enhanced security.
For example, on better administrative and security level, it requires no password in the default platform which can lower the risk of passwords being tracked by others in RDC forum.
You can watch the video (Active Directory Domain Services (AD DS) in Windows Server 2008 Technical Overview)http://www.microsoft.com/hk/webcast/default.aspx?sid=311
for a more detailed explanation.
|
|
|
|
|
Hi all,
I would like to know is there have any installer other than MSI can use in win2000 or XP?My purpose to know it is because currently i am developing a small application that can block installation software in win2000 and winXP (using registry setting).I found out that there have one registry value can set to block the MSI installer. So, i need to know isn't only MSI can do the software installation in win2000 and winXP.
If there have other installer, can you guy please suggest me how to prevent software installation?
Note: if it can be done by registry setting would be great
thanks in advance
regards
cocoonwls
|
|
|
|
|
cocoonwls wrote: So, i need to know isn't only MSI can do the software installation in win2000 and winXP
No, it's not the only game in town.
You also cannot stop every installation app out there. InstallShield can build a non-MSI installation, as well as a host of other apps. There is always the possibility of an .EXE type installation that just copies files to locations and setups unregistry values. There is also the plain old XCOPY method, but that usually only works for simpler apps.
There's just no way to stop every kind of installation out there.
|
|
|
|
|
Hi Dave Kreskowiak,
Thanks for your advice...OK, so the only way to do is block the removeable device in user's pc to prevent any software installation.
|
|
|
|
|
cocoonwls wrote: OK, so the only way to do is block the removeable device in user's pc to prevent any software installation
Good luck with that. That's something else you can't stop entirely from your code.
Look, this is all possible to do with the appropriate use of Group Policy, not code. Pickup the Resource Kit for the O/S in question for more detailed information on how this works and how it would work in your networking environment.
|
|
|
|
|
Hi Dave Kreskowiak,
Currently i am using registry editor to restrict the removeable device instead of using group policy. It(registry setting) work for me if the device is already install on the pc. So i am found out that may be i can deny the permmision to the USB port(HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR). But i am sturd on it, i cant determind which group/user's permission should i deny and also for the special permission(I am not sure what the user's permission refer to).Any suggestion?Or is there have any document about permission in registry?
note:I am using vb to create the application
regards
cocoonwls
|
|
|
|
|
The only books I know of are the Resource Kit's for XP, Vista, Server 2003, 2008, ...
The other method would be to search for the Group policy ADM files (*.adm) and look through them to find out what they are changing. They're simple, but very long text files that describe what you see in the Group Policy Editor. You'll have to read through them a bit to figure out what everything means, but it's not difficult to understand.
|
|
|
|
|
hi, thanks!yes, i was found some useful information.Thanks alot
regards
cocoonwls
|
|
|
|
|
Hi guys,
I am in trouble...somehow I ended up disabling the local admin account on a Windows XP machine, and the rest of the users are only Power Users.
Is there any way to recover from that?
Any pointers are appreciated.
Thanks,
...neualex
|
|
|
|
|
neualex wrote: somehow I ended up disabling the local admin account on a Windows XP machine
Not possible. Even if the built-in Admin account shows it's disabled, the value is ignored. The local Admin account is NEVER treated as disabled.
This does NOT hold true for accounts that are members of the local Administrators group.
You can, however, reset the password to whatever you want (inside the password restriction policies) using any of a number of recovery disks. You can find a bunch of them here[^]. I, myself, have used ERD Commander and this[^] little gem.
|
|
|
|
|
Hi there,
I need help in getting the below code to work. I'm trying to programmatically reposition
the taskbar to the top of the screen, and the below program does so. However, the problem is that, once taskbar has been repositioned
and I click any icon/application there, it returns back to the bottom.
Can somebody please help as I want it to be permanently repositioned?
Below is my full code:
#include <stdio.h>
#include <windows.h>
#include <shellapi.h>
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nShowCmd)
{
RECT rect;
RECT deskTopRect;
HWND hDesktopWindow;
char* strMessage = "Your Taskbar is now repositioned.";
HWND hWnd = FindWindow("Shell_TrayWnd", NULL);
APPBARDATA abd;
ZeroMemory(&abd, sizeof(APPBARDATA));
abd.cbSize = sizeof(APPBARDATA);
SHAppBarMessage(ABM_GETTASKBARPOS, &abd);
GetWindowRect(hWnd, &rect);
SetWindowPos(hWnd, NULL, rect.left, 0, rect.right, rect.bottom-rect.top, SWP_NOSENDCHANGING);
UpdateWindow(hWnd);
hDesktopWindow = GetDesktopWindow();
GetWindowRect(hDesktopWindow, &deskTopRect);
RedrawWindow(hDesktopWindow, NULL, NULL, RDW_FRAME|RDW_INVALIDATE|RDW_UPDATENOW|RDW_ALLCHILDREN);
SystemParametersInfo(SPI_SETWORKAREA, 0, NULL, SPIF_SENDCHANGE);
UpdateWindow(hDesktopWindow);
MessageBox(NULL, strMessage, "Taskbar Message", MB_OK);
return 0;
}
</shellapi.h></windows.h></stdio.h>
|
|
|
|
|
I have a question like how to exit a batch file after launching a Windows application from it.
I have a small batch file to launch an application with a specific commandline parameter. For that matter, I am actually using Todolist application from here http://www.codeproject.com/KB/applications/todolist2.aspx?msg=2566112#xx2566112xx[^]. The only contents of the batch file are below:
todolist -x
I need this parameter so that the encrypted todolist files are demanded with the password only once instead of everytime I toggle tabs within the application. Now the problem is after launching the todolist, the batch file still remains open and running. How to exit the batch file after starting this application?
Vasudevan Deepak Kumar
Personal Homepage Tech Gossips
A pessimist sees only the dark side of the clouds, and mopes; a philosopher sees both sides, and shrugs; an optimist doesn't see the clouds at all - he's walking on them. --Leonard Louis Levinson
|
|
|
|
|
When just calling a exe like todolist -x cmd will sit and wait for the program to exit. To start the program without waiting for it to finish use the start command. If I remember corrrectly, to send params you need to use it like this start todolist "" -x . If that doesnt work just type start /? to see the syntax.
//Johannes
|
|
|
|
|
Thank you.
start todolist -x worked.
Vasudevan Deepak Kumar
Personal Homepage Tech Gossips
A pessimist sees only the dark side of the clouds, and mopes; a philosopher sees both sides, and shrugs; an optimist doesn't see the clouds at all - he's walking on them. --Leonard Louis Levinson
|
|
|
|
|