Dem Armin sei Seidn

Dem Armin sei Schmierzettel

Archive for the ‘IT’ Category

How to grant or get Elevated Privileges in Windows 10/8/7

leave a comment

Brauchte ich für den Terminalserverbetrieb von Albis:

Quelle: http://www.thewindowsclub.com/elevated-privileges-windows

You must have noticed, there are often, many programs installed on your machine that require administrative rights to start. Having admin rights lets you make changes to the system, that can affect all other users. In other words, any program that you decide to run as administrator, lets it more access to the computer when it runs.

The User Account Control notifies you before changes are made – not all changes, but only those which require administrator level or elevated permissions. Whenever you run some programs, you may get to see the UAC Prompt first. Only after you give your consent, will the program run. This is a security feature in Windows. The key lies in understanding what can be done and how changes to admin rights or elevated privileges can be achieved without compromising security.

Let us see the various options and scenarios.

Open elevated Command Prompt window

While you can carry out many tasks using the CMD, some tasks required elevated privileges to carry out. Windows 8.1 lets you easily open Command Prompt (Admin) using the WinX menu. This post shows how you can run Command Prompt as an Administrator.

Read: How to create shortcut with elevated privileges to run a Program.

Make program always Run as Administrator

If you want to make a program always run with admin privileges, right-click on the program’s executable file, select Properties. Here, select the Run this program as an administrator box. Click Apply > OK. This post will show you in detail, how to make applications always Run as Administrator.

Turn off Admin Approval Mode using Secpol

Run secpol.msc to open the Local Security Policy and navigate to Local Policies > Security Settings. In the right pane you will see a setting User Account Control: Turn on Admin Approval Mode. Double-click on it and select Disabled.

Elevated Privileges in Windows

This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer. The options are:(1) Enabled. (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode. (2) Disabled. Admin Approval Mode and all related UAC policy settings are disabled. If this policy setting is disabled, the Security Center notifies you that the overall security of the operating system has been reduced.

 

Mind you, this WILL downgrade your computer’s overall security!

Grant Elevated Privileges in Windows 10/8/7

A Standard user does not have any special permission for making changes in the server administration. He may not have the following privileges: Adding, deleting, modifying a user, shutting down the server, creating and administering Group Policy Object, modifying file permissions, and so on.

But a user with admin rights, can do much more than the standard user. The rights however, are granted after he is given elevated privileges for each level in one of the groups viz, Local Server, Domain and Forest.

When a user is added to one of the groups they get extra power to do more than the standard user. They get extra User Rights. These are the rights or configurations that control “who” can do “what” to the computer. When configured, each computer can support a unique set of administrators controlling different areas of that computer.

There are over 35 user rights per computer. Some of the most common user rights that control elevated privileges over a computer are listed below:

  • Shut down the system
  • Force shutdown of remote system
  • Log on as a batch job
  • Log on as a service
  • Backup and Restore files and directories
  • Enable trusted for delegation
  • Generate security audits
  • Load and unload device drivers
  • Manage auditing and security log
  • Take ownership of files and other objects

The user rights are deployed using Group Policy (Local/Active Directory). This paves the way for controlling the access to servers in a consistent manner.

Moreover, each file, folder, and Registry key has an Access Control List (ACL). The list provides standard permissions, like

  1. Full control
  2. Modify
  3. Read

These standard permissions enable easier configuration over the objects. In short, ACL is a sort of list of users, groups, and/or computers that are granted permissions over the object associated with the ACL. You can read the full details about this, Active Directory Delegation, Group Policy Delegation and more, at this excellent post onWindowsSecurity.com. It discusses how to grant elevated privileges over Active Directory and a Server.

These how-to’s may also interest you:

  1. Take ownership & full control of registry keys
  2. Take Full Ownership of Files & Folders.

Written by Armin Senger

August 16th, 2016 at 4:19 pm

Posted in IT

OpenStage (Unify 60 SIP) an der Fritzbox

leave a comment

Quelle: http://www.ip-phone-forum.de/showthread.php?t=207693

Da ich nun schon sehr oft um Hilfe zu dem Thema angeschrieben wurde, hier mal eine kurze Beschreibung der Inbetriebnahme eines OpenStage SIP an einer Fritzbox.

Zunächst muss ich im Besitz einer Fritzbox sein, welche ein internen SIP-Registrar und aktuelle Software hat. Das sind meines Wissens auf jeden Fall die 7170 und 7270. Ich gehe davon aus, das es bei der 7240 ebenso ist.
Lässt sich ganz einfach kontrollieren indem ich im Menü unter „Ansicht“ die Expertenansicht aktiviere und dann unter „Telefoniegeräte“ ein neues Gerät (Telefon) hinzufügen möchte . Wird hier nun LAN/WLAN (IP-Telefon)“ angeboten, sind die Voraussetzungen erfüllt. Bevor ich diesen Schritt aber vollständig durchlaufe, sollte ich mein OpenStage vorbereiten. In den Screenshots sieht man, was man einrichten muss. Als Passwort reicht was einfaches wie 123456.
Ist dies alles im Phone konfiguriert, lass ich das Phone einmal durchstarten. In der Zwischenzeit den Wizard für das Einrichten eines LAN-Phones komplett durchlaufen. Das ist eigentlich nur ein Schritt, in dem ich das Kennwort eingebe, welches ich im Phone eingestellt habe. Klicke ich nun auf weiter, wird versucht das Telefon zu registrieren(das Phone sollte deshalb bereits wieder hochgelaufen sein). Sollte es beim ersten Versuch nicht gleich klappen einfach mal auf „Wiederholen“ drücken. Hat man alles richtig gemacht, sollte man einen grünen Balken und eine positive Bestätigung bekommen.

Noch ein paar Hinweise.
Um aus dem Telefonbuch wählen zu können, müssen auch noch ein paar Felder gepflegt werden. Ich habe alle Kontakte im Outlook im kanonische Format angelegt und mittels OpenStage Manager übertragen. Dieser konvertiert die Rufnummern entsprechend. Trotzdem geht das Wählen und die Erkennung der kommenden Rufnumern (und damit die Zuordnung zu den Namen im Telefonbuch ) nur, wenn alle Parameter stimmen.

Written by Armin Senger

August 16th, 2016 at 4:06 pm

Posted in IT

Speedlink 5501 mit Telekom VoIP-Daten füttern

leave a comment

Quelle: http://web1.ip-phone-forum.de/showthread.php?t=273011

Written by Armin Senger

August 16th, 2016 at 3:57 pm

Posted in IT

PC-Notarzt … Sachen gibts …

leave a comment

Neulich in Dachau…
schon länger her, aber das musste jetzt mal raus:

Written by Armin Senger

Juli 28th, 2011 at 11:16 pm

Posted in foto,fun,IT