I am using Windows Server 2016. I am logged into server with account user/deepak
I want to trigger a job using windows task scheduler using other user account user/UATuser. As soon as I run the job manuallly the status changes to "Running" but actually nothing happens. Do I need to change some other settings? Does security context is preventing the application to impersonate the user user/UATuser?
Note : When I change the user account to user/deepak and choose option "Run only when user is logged on" the job triggers
Note : When I change the user account to user/deepak and choose option "Run whether user is logged on or not" the job doesn't triggers
Related
Windows server 2016.
Old users (those, having profiles/folders created at "C:\Users") are able to remote into our server via RDP, but new users are not. Initially the error was The User Profile Service service failed the sign-in. User profile cannot be laoded.
Checking server, it seems "C:\Users\Default" has the only folder/entry "AppData", nothing more. I copied the file "NTUSER.DAT" from similar server "Default" folder. Also, folder permissions are identical.
Now new users are able to login, but it goes to a temporary profile and of course, user's profile at "C:\Users" does not get created.
Event logs does not tell much, basically just confirms login errors/notes we get:
Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.
Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.
How this can be solved?
Open the registry editor and go to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList then find the key where the ProfileImagePath is the profile location of the user that's not being created. Export, then delete that registry key.
I created an amplify backend using the CLI. I used the manual process to set up the authorization amplify add auth and everything is working except that every time a user logs in they are prompted to verify their e-mail by the Amplify SignUp component
In the Cognito console I can see that their e-mail has been verified and the process of sending the code and entering it works as expected. But if the user signs out and signs back in they receive the prompt again?
I found my answer in the thread of this github issue: https://github.com/aws-amplify/amplify-js/issues/2730#issuecomment-468005207
During the configuration when I chose the read attributes I did not select the "Email Verified?" attribute. Since it couldn't be read it came back falsey and so amplifies SignUp component prompts the user to verify every time.
I have just created a new user with a new role. I want to allow that user to enter the UI, login, click on the DAG, and once in the Graph View, let him/her trigger the DAG and see the task's status. I have granted the role the following permissions:
can read on My Profile
can read on View Menus
menu access on Views/Menus
can create on DAG Runs
can read on DAG Runs
can create on Task Instances
can read on Task instances
can read on Website
can read on DAG:X
can edit on DAG:X
But when I try to enter the DAG logged as this new user, I get access denied. I am using Airflow 2.1.2. Which permission should I add?
We have got requirement to restrict concurrent login of same user across 2 Web Applications.
We have 2 Web Applications for example: WebApp1, WebApp2.
User: Dashboard
If Dashboard user is logged into WebApp1 then the same user is not allowed to login to WebApp2 instead show error message on second login.
Tried Solution:
Block 2nd login with same user id if there is an active session and show error message to user.
The idea is to maintain user id, Application Name and session id in DB. On second login of same user check if record exist in DB table against the user id then block 2nd login and show error message to user.
Clear the DB record (UserId, Session Id, and Application Name) in following
scenarios:
Logout
Session Timeout
Restart of Application.
Not Sure how to handle below scenarios.
Close Browser.
Browser Crash
System Crash
If 2nd login request is from valid user then Admin should able to Invalidate the session of first login as this user is attacker.
what is best way to invalidate Http session of WebApp2/ WebApp1?
If you really need to know the state of the first session, I would skip trying to manage sessions in the server, and instead maintain a heartbeat from the client. Have the client make a request every 5 seconds to the server which updates a "Last Seen" record, which includes their IP address and which app they are from, and whether "Last Seen" was a logout event.
Then the other app can interrogate "Last Seen", and if it's more than 5 seconds (I'd actually bump it to 10 for the interrogation), or a LogOut event, assume that the first session went away, and that they are free to log into the second application. If "Last Seen" is less than 5-10 seconds, bump them both out and alert the admin with both the IP Addresses to decide which one should be killed.
In addition to what you have, you could save last activity time in your session DB, and update it, when there is a session update, how often ( every request or once in 5 min for example) it depends on your requirements. Then in case of app/browser/system restart, you log in user, even if record exist, if it is older that session timeout. And you can have admin user that can manually delete entry if required.
The other solution would be to always log in new app, and logout the old one. But that would require introducing additional logic in the application to check if session is still valid.
I'm building a web application: some pages will be accessible by non logged-in users (demo and sign-up pages) and others will only be accessible by logged-in users (actual application). In the global.asax file, I'm currently handling the session start event by loading some variable from a query that's based on the UserID. What will happen when a non-logged in user looks at a page? I guess my question is really about how to handle the session start event when it's a logged-in user, when it's not and when a user logs in. I want a certain number of queries to run only once per session, after the user logged in.
Thanks.
I would suggest to implement Forms-Based Authentication, instead of to handle authentication via session. An example can be obtained from here:
http://support.microsoft.com/kb/301240
Don't confuse "login session" with "session state". Session state has nothing to do with whether the user is logged in.
If you want some queries run when the user logs in, you should run them when the user logs in, not in Session_Start.