Can anyone help me with the command to give a user browse permission on all the existing queues in an ems server?
Regards,
Abhishek
I think this should work:
grant queue > user1 browse
Related
I am trying to change the connections in a flow to a different account, but I keep getting the following error. Kindly help me figure out how to solve this
I am not sure what to try kindly help
Make sure you have below things configured for new user account you are trying to use in Power automate flow:
The new user account should have license to use "Microsoft Forms" service.
Access/permissions to the Microsoft form you are trying to use in flow.
I'm configuring a private/onprem Windows build agent (vNext) for VSTS. I need to use a PAT, but this doesn't seem great long term as the longest I can set it for is 1 year - thus in a years time it will break and require updating. Is there a more 'permanent' solution or is this the only option? The documentation suggests PAT only for VSTS.
Thanks in advance!
A colleague found the answer in the FAQ:
https://www.visualstudio.com/en-gb/docs/build/admin/agents/v2-windows
How does the agent authenticate and communicate with the TFS AT?
The agent pool administrator role is needed only when you register an agent. At that time, the agent downloads an OAUth token so that it can listen to the queue. The account that you use in this role has no bearing on future communication between the agent and the TFS AT.
When a build is run, it generates an OAuth token for the scoped identity selected on the general tab of the build definition. That token is short lived and is used to access resources on the application tier.
Most importantly "The account that you use in this role has no bearing on future communication between the agent and the TFS AT."
Based on this article (Deploy an agent on Windows), you need to choose PAT for Team Services (step 9)
You need to use a PAT.
Since most organisations require password changes on all account much more regularly than yearly the likelihood of this being a big issue are next to nill.
Note: the PST is only used to authenticate and get a secret from the server that is the used for coms. Feel free to expire the PAT after you have configured the agent.
I'm trying to create an oauth2 token for an organization. This seems to be impossible (or at least I'm not finding it). This will be used for various one of scripts (non-web use). This is also for an enterprise github (github.company.com/api/v3 vs api.github.com).
I created one under my user like this:
curl -u 'username:password' -d '{"scopes":["scripts!"],"note":"test?"}' https://github.company.com/api/v3/authorizations
and that worked as expected. What I can't figure out is the magical way to do this under an organization since an organization doesn't have basic auth credientals. I haven't been able to find any documentation that tells me how to give something a client id/secret and get an oauth token out of it, which seems like the thing I would want to do.
If anyone could help that would be much appreciated.
At the moment of this writting this is not supported
You can't create a token for the org directly, but if you have a dev account that has full access to the org, you can do this (sort of), just in a round about way.
Create the oauth token for that dev account.
When registering the token with a 3rd party (e.g. Confluence, Jira, etc...) you can specify the org as the "Team"/"Owner".
This will use the dev accounts credentials but only grant access to things under the org (not full access to the dev account's repos, etc...).
I came across your question when trying to link a github org account with my company's Jira account, so figured I'd share.
Hope that helps.
I'm pretty sure that's not possible currently. As you say -- the organization itself doesn't have any credentials associated with it. So, the only way to do it is to do it yourself, as a developer, with your credentials.
This might be a cool feature request to send to the GitHub folks.
Update: this setting is now under
Developer settings > OAuth Applications
I have a simple Windows Service hosting a WCF Service. I want to run the Windows Service under the LocalService account (or even the NetworkService account). However when I try to start it under either of these accounts it starts then immediately stops. It starts and runs OK under the LocalSystem account. Any thoughts as to how to work out why it will not stay running under LocalService or NetworkService.
Thanks,
David
Thanks to the suggestions to check the event log from marc_s and ho1 I found out that I needed to add a namespace reservation as follows:
netsh http add urlacl url=http://+:1239/BOBPersistenceServer/ user="Local Service"
See http://msdn.microsoft.com/en-us/library/ms733768.aspx and http://msdn.microsoft.com/en-au/magazine/cc163531.aspx for more details.
LocalSystem has extensive privileges on the local machine while LocalService and NetworkService have minimum privileges. So this sounds very much like your service needing some privileges that LocalService doesn't have. As marc_s says in his comment, the first step should be to check the event viewer to see if there are any relevant error messages in there.
If that doesn't help, try adding in some exception handling around the startup code in the service and log any exceptions to the Event Log, hopefully that would then give you enough information to figure out what it is that you're doing that requires higher privileges.
Ok so I'm using ASP.NET MVC. I'm supposed to upload a file and write it to a network share.
I'm getting "Logon failure: unknown user name or bad password." when I try to write to the network location.
I solved it on my machine by impersonating the file server account, added this to web.config:
<identity impersonate="true" userName="xx" password="xx"/>
But when we made the build on the server, the admin suggested to run the App Pool under a custom identity instead of my solution (don't ask why), that in theory would be the same thing... But it wasn't, we got the "Logon Failure" exception again.
What is the difference between these two methods and why doesn't the later work?
Thanks in advance!
Change the application pool to run under the account that has access to the network share, or create a new application pool which these credentials.
Your Sys Admin is thinking of security. If he creates an IUSR account (or something like that), then he can restrict what it sees. As a developer your account will probably have permissions to servers and lots of other stuff, which your MVC site doesn't need.
So, if you set the App Pool to use your logon credentials it'll probably work, but if the site doesn't work using the account the Sys Admin wants, then he or she will have to give that account some permission to the network share.