Lookup of Permissions on ACLs Shows Only SIDs

Reference: https://blogs.technet.microsoft.com/askds/2011/07/28/troubleshooting-sid-translation-failures-from-the-obvious-to-the-not-so-obvious/ https://www.microsoft.com/en-US/download/details.aspx?id=53314 How Domain and Forest trusts work: https://technet.microsoft.com/en-us/library/cc757352(v=ws.10).aspx EMC ISILON SID translation errors: https://community.emc.com/thread/177333?tstart=0   Actions to do: Check Trust relationships Check Firewall logs and use portqry to test ports required. Also use nltest; netdom command lines. Check GPO: Network access: Allow anonymous SID/Name translation and  The following groups have the “Access thisContinue reading “Lookup of Permissions on ACLs Shows Only SIDs”

Which permissions rights does a user need to have WMI access on remote Machines ?

Which permissions rights does a user need to have WMI access on remote Machines: http://serverfault.com/questions/28520/which-permissions-rights-does-a-user-need-to-have-wmi-access-on-remote-machines The following works on Window 2003 R2 SP 2, Windows Server 2012 R2: Add the user(s) in question to the Performance Monitor Users group Under Services and Applications, bring up the properties dialog of WMI Control (or run wmimgmt.msc). InContinue reading “Which permissions rights does a user need to have WMI access on remote Machines ?”

AD object permissions, how to hide AD data, impact on ldap search and browsing

AD object permissions: http://www.selfadsi.org/deep-inside/ad-security-descriptors.htm http://technet.microsoft.com/en-us/library/cc740104(v=ws.10).aspx   How to hide AD data: part 1: http://windowsitpro.com/active-directory/hiding-data-active-directory part 2: http://windowsitpro.com/active-directory/hiding-active-directory-objects-and-attributes part 3: http://windowsitpro.com/active-directory/hiding-data-active-directory-part-3-enabling-list-object-mode-forest part 4: http://windowsitpro.com/active-directory/using-confidentiality-bit-hide-data-active-directory       AD permissions – How Rights are Evaluated ? Two types of rights exist: permissions (authorization to do something such as read or reset a password on a specific object)Continue reading “AD object permissions, how to hide AD data, impact on ldap search and browsing”

How to reset NTFS permissions on Windows 7 or 2008 R2

How to reset NTFS permissions on System drive on Windows 7 or Windows 2008 R2 ? After Win 2008 R2 was installed, some files on drive C: were not accessible anymore and I was getting “Access Denied” I tried to right-click/properties on the folders that were not accessible and changed their owner and changed permissionsContinue reading “How to reset NTFS permissions on Windows 7 or 2008 R2”

How to script DCOM permissions and WMI security for non-admins ?

The objective is to allow WMI queries on a computer for a non-admin user/group ? the group to allow is mydomain\wmiquery-users the scripts requires, dcomperm.exe and wmisecurity.exe Authorize WMI users and set Permissions on Win7, Win2008 R2:http://technet.microsoft.com/en-us/library/cc771551.aspx example of PS code:http://unlockpowershell.wordpress.com/2009/11/20/script-remote-dcom-wmi-access-for-a-domain-user/ Download the wmisecurity.exe from codeproject site:http://www.codeproject.com/KB/system/WmiSecurity.aspx Download the dcomperm.exe from: http://cid-62b84429c3a8a991.skydrive.live.com/self.aspx/SharePoint/DComPerm.zip  1st step: SetContinue reading “How to script DCOM permissions and WMI security for non-admins ?”