Can a primary SCCM site be added as secondary site to another primary site?
Hi,
I deployed SCCM 1702 primary site in office A. I have to deploy another site in office B.
Actually Primary site should be office B. Can I install another SCCM primary site in Office B and add office A primary site as secondary site to office B?
Or I have to decommission Office A primary site and reinstall SCCM again as secondary site?
Thank you
Regards,
Ali
Reply:
No you can´t just add. Also, think this through, because there is no reason to add another SITE or secondary site to Office B. Why just not using DP (...and maybe MP) wouldn´t be enough for? How much clients you have over all in you company?
SCCM = keep it simple :)
Please remember to mark my post as an answer, if I really helped you out, or vote if usefull. Thank you!
------------------------------------
Reply:
Hi Yannara
Thanks for your prompt reply
Let me tell you the complete scenario. Actually we have four office
Office A: SCCM Primiary site configure and working fine. Clients: 200
Office B: As per plan this should be the primary site. Yet to configure SCCM. Clients: 200
Office 3: Yet to configure SCCM. Clients: 150
Office 4: Yet to configure SCCM: Clients: 170
As per plan, Office 2 must be the primary site. All office are in different countires. What could be the best solution to keep it simple and productive.
SCCM configurations for hardware/software inventory, patch deployment, softwares deployment and OS deployment and maybe infuture will deploy Endpoint Protection.
Thank you
Regards,
Ali
------------------------------------
Reply:
Hi Ali,
You can't change primary to secondary site directly.
Better you just decommission office A site server and add as secondary from office B site server.
Anyhow once you added as secondary, all content will be replicated from primary(Office B).
Note : If you are doing change from primary to secondary without decommission, you may get issues in future.
Mark as answer if you agree.
Regards,
Chithiravel.S
------------------------------------
Reply:
Let me tell you the complete scenario. Actually we have four office
Office A: SCCM Primiary site configure and working fine. Clients: 200
Office B: As per plan this should be the primary site. Yet to configure SCCM. Clients: 200
Office 3: Yet to configure SCCM. Clients: 150
Office 4: Yet to configure SCCM: Clients: 170
As per plan, Office 2 must be the primary site. All office are in different countires. What could be the best solution to keep it simple and productive.
This make no sense, a Primary site is NOT a security boundary, therefore you are not gaining anything by adding one. You need a simple Primary site to all of you Clients. Primary site are for scale.
Garth Jones
Blog: http://www.enhansoft.com/blog Old Blog: http://smsug.ca/blogs/garth_jones/default.aspx
Twitter: @GarthMJ Book: System Center Configuration Manager Reporting Unleased
- Edited by Garth JonesMVP Wednesday, June 21, 2017 11:11 AM Remove intro.
------------------------------------
Reply:
Just use one Primary Site and 3 additional DPs in other offices.Office A: SCCM Primiary site configure and working fine. Clients: 200
Office B: As per plan this should be the primary site. Yet to configure SCCM. Clients: 200
Office 3: Yet to configure SCCM. Clients: 150
Office 4: Yet to configure SCCM: Clients: 170
Please remember to mark my post as an answer, if I really helped you out, or vote if usefull. Thank you!
------------------------------------
Reply:
Your requirement is clear your Primary site should be in office B, Do the decommission and reinstall.
Make the office A as a secondary site to office B.
Regards,
Venkat.
------------------------------------
Reply:
Hi Yannara,
What is the difference between One Primary site and 3 secondary sites for other offices
AND
One primary site and 3 additional DPs in other office?
Considering it that we'll be using these features of SCCM for every location:
Hardware/software inventory
Patch deployment
Softwares deployment
OS deployment
Endpoint Protection in future
Thank you
Regards,
Ali
------------------------------------
Reply:
Hi Ali,
as far as you've read from other people, there is no possibility to do this, but it could be easier to build a Central Administration Site and add the Primary Sites to the hierarchy. Or do you have reasons for not doing this?
Edit: If the networks are connected with very good network performance you can choose one primary site for all offices, install DPs on the branches and use different boundaries at the site server
Thanks and greetings from Germany
Matthias
- Edited by Matthias Meissner Thursday, June 29, 2017 10:28 AM
------------------------------------
Reply:
CAS should be avoid at all cost. They will cause you more problems than a single primary server. imo you should have at least one person dedicated to just managing a CAS. CAS are NOT security boundaries. If you build a CAS only a single existing primary can be added to it. All other primary sites must be built from the ground up and attached to the case as part of the install. To put it another way you can't attached two existing primary servers to a CAS.Hi Ali,
as far as you've read from other people, there is no possibility to do this, but it could be easier to build a Central Administration Site and add the Primary Sites to the hierarchy. Or do you have reasons for not doing this?
Edit: If the networks are connected with very good network performance you can choose one primary site for all offices, install Das on the branches and use different boundaries at the site server
Thanks and greetings from Germany
Matthias
Garth Jones
Blog: http://www.enhansoft.com/blog Old Blog: http://smsug.ca/blogs/garth_jones/default.aspx
Twitter: @GarthMJ Book: System Center Configuration Manager Reporting Unleased
------------------------------------
2013 Outlook will not open after Windows 10 update
SSMS 17.1 Installation failure
I have installed Visual Studio 2015 on my windows 10 laptop. I also need SSMS to work on databases.of trying multiple times to install it through different ways, I am unable to get it installed.
The same error shows every time.
I have attached the error pic as well as Log file.
Please help me get the issue solved for installation of SSMS 17.1
ERROR: the drive or file is corrupted and unreadable (0x80070570)
- Edited by Shrehal_bohra Thursday, June 29, 2017 9:49 AM
Reply:
Sorry, Can't attach the error pic as the forum is not allowing me to do so.
------------------------------------
SMB Server Configuration Failures
This isn't so much a question, as an alert.
With almost 50 warnings and errors from Best Practices Analyzer (BPA) and no answers here, there or any(Google)where, I finally bit the bullet and contacted Microsoft.
In simple terms, many of the warnings said that SMB was not in its default configuration. Powershell refused to recognise the command "Get-SmbServerConfiguration", but would list the "Client" config.
If you have that issue - read on. It has taken the best part of week and many, many hours to resolve.
I will spare the intricate details, but basically it turned out to be a corrupt "LanmanManager" Registry branch which Microsoft could find no problem with.
In the end, MS Support copied this branch from one of their systems, and replaced ours.
Server was restarted, and problem solved.
During the resultant post mortem, I understand that other cases have arisen with this problem.
I hope this posting might just save someone the time we spent getting it resolved.
George Bell (UK based)
- Changed type Eve WangMicrosoft contingent staff Thursday, June 29, 2017 7:46 AM sharing
Reply:
Thank you for taking the time to share the details. Your sharing might be helpful for other people who has the similar problem/concern.
As it is a thread about sharing, I will change the thread type from Question to General discussion. Also, if another customer who has experience/suggestion/concern, please feel free to post here.
Best Regards,
Eve Wang
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
------------------------------------
Cannot seize schema ownoer from dead domain controller
I have dead domain controller holding fsmo roles and i tried to transfer roles to an existing domain controller windows server 2003 using ntds utility and i transfer all the roles except schema owner it gives the below error
Reply:
------------------------------------
Reply:
Agree with Martin Binder, you need to seize the roles , you can use ntdsutil or even Powershell to achieve the same.
Also to transfer schema master you would need the "Schema admin" rights. So make sure you are added to it as well.
------------------------------------
Reply:
Hi, You need to SEIZE the Schema Master role as the Schema Master FSMO is dead.
https://blogs.technet.microsoft.com/canitpro/2015/10/14/step-by-step-seizing-the-operation-master-roles-in-windows-server-2012-r2/
You must me the member of the following groups Domain Admins, Enterprise Admins and Schema Admins
Dev T
------------------------------------
deleting an email account
i would like to delete an old email and get a new one how do i do that
- Moved by IoTGirlMicrosoft employee Wednesday, June 28, 2017 11:12 PM ????
Reply:
Hi Jill,
You will need to contact your domain admin. For example Your.Name@YourCompany.Com will have someone in charge of managing your email accounts. They are who you want to contact.
If you are talking about one of the free email services, you will have to look on their support pages for guidance on how to delete your account and separately the steps for creating a new one. For example the steps for closing a Microsoft Account are available here: https://support.microsoft.com/en-us/help/12412/microsoft-account-how-to-close-account
Sincerely,
IOTGirl
------------------------------------
Windows crashes after locking screen (Windows + L), screen goes black, computer unresponsive
The crashes don't happen every time but they are happening pretty consistently.
I checked event viewer after the crash and it had the following errors:
Filter Manager failed to attach to volume '\Device\HarddiskVolume12'. This volume will be unavailable for filtering until a reboot. The final status was 0xC03A001C.
ProcessID 4
and
Filter Manager failed to attach to volume '\Device\HarddiskVolume14'. This volume will be unavailable for filtering until a reboot. The final status was 0xC03A001C.
ProcessID 4
This is happening on a fresh install of Windows 10
Reply:
------------------------------------
WSH Missing
One of my programs I've been using for some time now suddenly gave me this message when trying to email within the program.
"This feature is unavailable because Windows Scripting Host (WSH) is unavailable on this computer." I have no problems using email in other programs. I've tried to download the latest WSH but it's been very hard to find. I'd even settle for the not the latest version. Please help!!
- Changed type Bill_Stewart Friday, August 4, 2017 9:36 PM
- Moved by Bill_Stewart Friday, August 4, 2017 9:36 PM This is not support forum for third party software
Reply:
-- Bill Stewart [Bill_Stewart]
------------------------------------
Reply:
On newest releases of Windows "scripting support" has to be added from features as it may not be installed by default.
Post in a forum for you OS version.
WSH may also be disabled by your Admins via Group Policy.
\_(ツ)_/
- Edited by jrv Wednesday, June 28, 2017 5:06 PM
------------------------------------
missing windoows edge.
Its states when trying to reinstate edge it cant because of windows defender isn't showing protected. Now I have allways had another AV program running in place of windows defender. and windows edge has be running normal for years after YOUR own update. it stopped. why don't your own updates stop things running. should you test these updates before you put them out to down load on to other peoples computers ?
- Moved by Garth JonesMVP Wednesday, June 28, 2017 5:07 PM Not a CM12 Q
Reply:
https://ccmcache.wordpress.com/ | @kevmjohnston
------------------------------------
help
- Changed type Eva SeydlMicrosoft employee Wednesday, July 5, 2017 5:28 PM
Reply:
Hi,
Please describe more details about your environment including the RDP client version, source/target device/OS and network environment.
When did this issue start to occur? Before the issue happened, did you do any modifications? Or install any updates?
Have you tried remote connect to different machines to have a test?
Best Regards,
Alvin Wang
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
------------------------------------
Reply:
Hi,
Any update on this case?
Best Regards,
Alvin Wang
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
------------------------------------
caught in a loop after windows update-running windows 10 pro v.1703
Couldn't configure server in Microsoft Remote Desktop in MacBook pro
Hi All,
I configured my office VPN in my personal laptop which is MacBook Pro. VPN status shows connected. But when I configure a server using Microsoft Remote Desktop and try to connect to it I get the below error.
"Unable to connect to remote PC. Please verify Remote Desktop is enabled, the remote PC is turned on and available on the network, and then try again"
There is no issue with the PC I am connecting. It works well in my office laptop. Kindly assist.
- Changed type Eva SeydlMicrosoft employee Wednesday, July 5, 2017 5:29 PM
Reply:
Hi SayeeLakshmi,
Please configure Gateway on the Microsoft Remote Desktop App on the MacBook Pro that will allow you to connect to your company network.
If that doesn't work then try to ping the Server IP from your MacBook and telnet the RDP Port (RDP Servers listen by default on TCP/UDP port 3389) to make sure that's not blocked from your MacBook Pro.
Let me know if you still face the issue.
Thanks,
Ganesh Pandian
------------------------------------
Reply:
Hi,
VPN doesn't work
VPN issues can have several causes. The first step is to verify that the VPN works on the same network as your PC or Mac computer. If you can't test with a PC or Mac, you can try to access a company intranet web page with your device's browser.
Other things to check:
- The 3G network blocks or corrupts VPN. There are several 3G providers in the world who seem to block or corrupt 3G traffic. Verify VPN connectivity works correctly for over a minute.
- L2TP or PPTP VPNs. If you are using L2TP or PPTP in your VPN, please set Send All Traffic to ON in the VPN configuration.
- VPN is misconfigured. A misconfigured VPN server can be the reason why the VPN connections never worked or stopped working after some time. Ensure testing with the iOS device's web browser or a PC or Mac on the same network if this happens.
Best Regards,
Alvin Wang
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
------------------------------------
Lightweight Gateway 0x80070643 and Log on as a batch job
Hi all,
This is a tip for customers working to deploy the lightweight gateway who are receiving 0x80070643. Firstly, that error code is a generic error for an MSI installation failure, so causes and solutions will vary greatly. This thread is specific to the below scenario.
While deploying the lightweight installer on a 2012 R2 DC that has KB2919355 installed, I repeatedly received 0x80070643 in the GUI of the installer. Reviewing the "*_MsiPackage" log in <C:\Users\%USERNAME%\AppData\Local\Temp> revealed that the installer was failing to create the Data Collector Set required by ATA:
Exception thrown by custom action: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED)) at PlaLibrary.IDataCollectorSet.Commit(String name, String Server, CommitMode mode) at Microsoft.Tri.Infrastructure.Utils.DataCollectorSet.Create(String name, String configurationFilePath) at Microsoft.Tri.Deployment.Package.Actions.DataCollectorSetActions.Install(Session session) at Microsoft.Tri.Gateway.Deployment.Package.Actions.CustomActions.InstallFinalize(Session session) --- End of inner exception stack trace --- at System.RuntimeMethodHandle.InvokeMethod(Object target, Object arguments, Signature sig, Boolean constructor) at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object parameters, Object arguments) at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object parameters, CultureInfo culture) at Microsoft.Deployment.WindowsInstaller.CustomActionProxy.InvokeCustomAction(Int32 sessionHandle, String entryPoint, IntPtr remotingDelegatePtr) CustomAction InstallFinalizeCustomAction returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox) Action ended 10:20:11: InstallFinalizeCustomAction. Return value 3. Action ended 10:20:11: INSTALL. Return value 3.
Perhaps the most revealing line from the log and stack trace is "Microsoft.Tri.Infrastructure.Utils.DataCollectorSet.Create(String name, String configurationFilePath)". Those familiar with perfmon will know that Data Collector Sets can be used to collect a bundle of diagnostic data to a user-specific location. If the installer cannot configure this then ATA can't collect the event data from this DC.
As an initial troubleshooting step, I attempted to create my own data collector set using perfmon.exe while logged on as a domain admin. Predictably, this failed. I proceeded to browse to %SYSTEMDRIVE%\PerfLogs and granted myself Full Control on all folders in the hierarchy. This was ultimately not needed, as the installer was elevating itself through UAC (as can be seen elsewhere in the logs) and had full access to the PerfLogs hierarchy. Indeed, after adding a DACL to C:\PerfLogs for myself, creating a data collector set still failed.
Researching further, Justin Gu helpfully mentioned in this thread that a data collector set is executed in a user context that requires the "Log on as a batch job" security privilege (as seen in Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment in secpol/gpedit.msc/gpmc.msc depending on how you're managing computer policy in your domain). In an effort to comply with the latest Windows Server security baselines distributed by Microsoft (see their Security Compliance Manager product), I had pruned several security principals from that privilege in the Default Domain Controllers Policy. In any case, members of Domain Admins do not have that privilege in our domain.
To overcome this obstacle, I executed "C:\Users\%USERNAME%\Desktop\Microsoft ATA Gateway Setup\Microsoft ATA Gateway Setup.exe" using PsExec to run the process as SYSTEM which is still permitted "Log on as a batch job" in our Default Domain Controllers Policy. The full command was:
PsExec.exe -i -s "C:\Users\%USERNAME%\Desktop\Microsoft ATA Gateway Setup\Microsoft ATA Gateway Setup.exe"
In doing so, the lightweight gateway successfully installed.
Reply:
This helped for me
Thank you
------------------------------------
Creating R Stored Procedures with sqlrutils
Hi all,
A while ago it was a thread on this forum about sqlrutils, asking some questions about it. I got interested and started to look into it, and during my "looking into it", I cane across some errors in the documentation. So, I decided to write a blog-post to try to explain a bit about sqlrutils. If you are interested, the blog-post is at:
Niels
windows server 2008 service pack 3
- Changed type Tim Quan Monday, March 28, 2011 4:41 AM
Reply:
------------------------------------
Reply:
------------------------------------
Reply:
Anyone know the release date for windows server 2008 service pack 3?
Just curious ! any specific reasons behind this query ?
Thanks, Santosh (MCTS W2K8 AD and SCCM) " To Infinity and Beyond… "
------------------------------------
Reply:
Hello,
why do you need it?
I assume there will be none as the way was until now Windows server 2003, SP1, SP2 then Windows server 2003 R2(with SP), Windows server 2008, SP1, SP2, now Windows server 2008 R2, SP1..........let's see what comes next.
Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
------------------------------------
Reply:
Nice info could you please add some more windows server and their service pack !!
Thank you
------------------------------------
[Forum FAQ] Troubleshoot the error “The Remote Desktop Session Host server is in Per User licensing mode and No Redirector Mode”
Symptom
RD License server is a key component of RDS. It licenses users to access RDS servers.
After purchase the required RDS CALs, we need to activate the RDS License server and install the purchased RDS CALs. However, during the installation or after installation, we may face errors about RDS License.
In most cases, the following error may occur.
Error:
The Remote Desktop Session Host server is in Per User licensing mode and No Redirector Mode, but license server "Server name" does not have any installed licenses with the following attributes:
Product version: Windows Server 2012
Licensing mode: Per User
License type: RDS CALs
Troubleshooting
1. Check whether the RD License Configuration is configured properly and there are no Warnings in the Event.
2. The License Server should be part of 'RD Server License' group in Active Directory Domain Services.
3. Check if the Licensing Mode is correct.
- To change the Licensing Mode we can use RD Licensing diagnose, PowerShell cmdlet and Group Policy.
Via PowerShell cmdlet:
To change the licensing mode on RDSH/RDVH:
$obj = get-wmiobject -namespace "Root/CIMV2/TerminalServices" Win32_TerminalServiceSetting
$obj.ChangeMode(value)
# Value can be 2 - per Device, 4 - Per user
Via Group Policy
Path: Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Licensing
Use the specified RD license servers = FQDN of server name
Set the Remote Desktop licensing mode = Per User
However, if issue persists, please provide detailed information and post the question in the Remote Desktop Services (Terminal Services) forum.
Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.
- Edited by Jeremy_Wu Sunday, September 14, 2014 8:36 AM Edit
Reply:
boa tarde!
O erro parou de acontecer, porem, ainda não consigo conectar ao Remote desktop.
------------------------------------
Reply:
Segue erro que ocorre na tentativa de conexão:
A Área de trabalho remota não pode se conectar ao computador remoto por uma destas razões:1) O acesso remoto ao servidor não está ativado
2) O computador remoto está desligado
3) O computador remoto não está disponivel na rede
Verifique se o computador remoto está ligado e conectado à redem e se o acesso remoto está ativado.
------------------------------------
Step By Step Migrate Active Directory Server 2012 R2 to Server 2016
I have written this article to help you migrate your existing Active Directory Domain Controller which is running on Windows Server 2012 R2 to Windows Server 2016.
This is very straight forward process, but make sure you test it 1st in your Test Environment.
https://newhelptech.wordpress.com/2017/06/24/step-by-step-migrate-active-directory-server-2012-r2-to-server-2016/
More Malicious code...
If MS does not start dealing with this I (may) file a complaint against MS with the appropriate criminal authorities.
"It is necessary to show that the defendant has wilfully associated himself with the crime being committed, that he does, through his own act or omission, as he would do if he wished for a criminal venture to succeed"
https://en.wikipedia.org/wiki/Omission_(law)
"An omission is a failure to act, which generally attracts different legal consequences from positive conduct. In the criminal law, an omission will constitute an actus reus and give rise to liability only when the law imposes a duty to act and the defendant is in breach of that duty. In tort law, similarly, liability will be imposed for an omission only exceptionally, when it can be established that the defendant was under a duty to act."
http://www.ericgoldman.org/writings/websiteliabilityalert.htm
"Contributory infringement occurs when a party knows of an infringing activity and substantially participates in that activity. While the existing cases have not definitively addressed when a website is contributorily infringing based on its users' activities, the cases generally have suggested a notice-based liability standard. In other words, once a website receives notice that a user is committing infringement, the website will be deemed to be substantially participating in the infringement if it does not remove the infringement within a reasonable period of time."
http://trial.laws.com/evidence/preponderance-of-evidence
"what is meant is the importance of evidence, the accuracy of the evidence, and the convincing nature of the evidence, as opposed to pure quantity of evidence. A preponderance of evidence thus might be generated from a single witness who provides reliable, clear, and truthful testimony which invalidates all the numerous points of evidence generated by the other side of the trial. "
http://www.legalmatch.com/law-library/article/criminal-activity-and-social-networking-websites.html
"Many lawyers and even judges have begun obtaining information from social network websites for use as evidence in trial. Again, this has caused much debate; however, the general consensus is that such information can be used as evidence in court, sometimes without the person's approval. "
NOTICE:
[HELP] how to use SendMessage to delete item listview in External program
[HELP] how to use SendMessage to delete item listview in other programm
can anyone convert this code from c++ to vb.net
[HELP] how to get process used "NtQuerySystemInformation" [VB.NET]
[HELP] Make this module work on 64Bit vb.net
[HELP] how to prevent the programm from take handle my app VB.NET
[HELP] How to get Process name by Class name window
[VB.NET] how to remove icon after close my programm using tool NotifyIcon
Click button using SendMessage [VB.NET]
[VB.NET] how to export cookies Chrome to Json file
[HELP] to use CommandLine to antivirus
- Changed type tommytwotrain Sunday, June 25, 2017 9:57 AM
- Moved by Reed KimbleMVP Monday, June 26, 2017 4:18 PM concern related to forum usage
- Edited by tommytwotrain Tuesday, June 27, 2017 11:42 AM changed WILL to MAY
- Moved by Dave PatrickMVP Tuesday, June 27, 2017 1:23 PM not a forums application issue
Reply:
Tommy, I realize you are upset over this recent string of threads but there is really nothing illegal occurring here. I'm afraid you've bolded the wrong parts of those statements. There can be no crime of omission because there are no laws concerning anything occurring in the threads in question. Yes, combined, those threads may provide evidence toward the particular user's intent, should they be accused of some hacking crime; but in-and-of themselves, the threads do not break any rules.
There is no law on record which requires a forum operator to aggregate a user's contributions and monitor them for suspected malicious behavior. Without a law requiring this kind of investigation of contributions, there can be no legal omission.
Now, when the results of an independent investigation are brought to the forum operator's attention, and nothing is done about it, it could be considered irresponsible - but not illegal. However, even calling it irresponsible may not be valid if in fact there has been no actual policy violation in any of the threads, despite their apparent theme... reason being: first amendment rights. You quickly wind up in censorship territory.
If you want to report a user for their overall activity when no particular post contains actual violations to mark as abuse, consider reporting the account as detailed in the TechNet Wiki article How to Ban or Report a TechNet or MSDN User Account. This will bring the activity to the attention of the correct folks and if any further actions are warranted, they will take care of it.
Keep in mind that MS has a vast legal team and as an organization they are keenly aware of their responsibilities and duties as spelled out by the law.
Reed Kimble - "When you do things right, people won't be sure you've done anything at all"
------------------------------------
Reply:
Reed,
Heard it all before. I am not going to put up with it.
MS has a duty as I showed. And they have been notified. And there is also passive and active negligence.
Say you leave a running chain saw in front of a 3 year old. No crime has been committed? What's the problem?
The day will come where it will be shown that a crime WAS committed. And when that day comes maybe it will be shown that MS contributed by passive negligence and failure to perform duty even after they recieved notice that the post on their web site can be malicious.
Are you willing to take that risk MS?
I am not. I think there should be discussion and action.
You know how the election was so called "hacked". It was from phishing emails where the election board memebers themselves gave away access to their own accounts by opening and responding to email with malicious attchments that fooled them into thinking it was ligit.
Just like the stuff we see in the posts asking how to spam email and this and that and the other...
It would not surpize me a bit if it turned out code still posted on a MS forum was involved.
So, to me, its just matter of a few simple rules and a few watchful eyes and instead of erring on the side of PCness we should err on the side of what is safe.
At least we are trying instead of giving up by saying it does not break the rules and no crime was commited as far as we know.
If forum members dont like it let them go pound sand.
And finally that works both ways. I can leave anytime too.
;)
PS Reed I know its not up to you and etc. and nothing personal.
------------------------------------
Reply:
Same here, nothing personal.
Since this is really more of a discussion about forum usage than anything particular to VB, I'm going to move this to a forum usage forum.
Reed Kimble - "When you do things right, people won't be sure you've done anything at all"
------------------------------------
Reply:
Reed,
I can not imagine that you know all the laws in the world.
You probably wrote this totally with the USA in mind. The USA population is one of the fastest growing, but still it has yet not more than about 8% of the world population.
The Nazi leaders in the WWII time did the Holocaust completely confirm their own laws, so they did in their eyes legally the killing.
Try to think as a world citizen. (I can write more, but don't want to make this a kind of political statement and will probably be misunderstood).
I know that the comparison with the Holocaust is huge. However, using the First Amendment to proof it is not malicious is in my eyes as well overdone, AFAIK can only the supreme court of the USA decide about that.
Success
Cor
- Edited by Cor Ligthert Tuesday, June 27, 2017 2:41 PM something I did not want to write
------------------------------------
How to sign document online with PKI
Hello
Current user must download certificate into PC then can sign document , if User login to another pc or mobile then must request certificate again .In company use sharepoint and is sharepoint can support sign document online or another solution ? please recommend help me
Thanks
Reply:
You probably need Credential Roaming.
https://social.technet.microsoft.com/wiki/contents/articles/11483.credential-roaming.aspx
------------------------------------
Reply:
Hi Ngo,
In order to sign a document, the user needs the private key that corresponds with the certificate. When requesting a certificate the private key is generated on that PC. When logging on to another PC or mobile, the private key is still on the first PC.
There are a number of ways to deal with this, each with their pros and cons though:
- Export the private key manually and import it where needed. This is user unfriendly and security sensitive though, as the private key must be marked exportable and there will be multiple copies around.
- Use credential roaming as Luc described. It may not work on non-Windows machines though, I'm not entirely sure if it can be made to work in those circumstances.
- Use a different private key and certificate for each device. This is once again user unfriendly though and also increases your certificate base to manage considerably.
- Use portable carriers for your private keys and certificates that can be read by all devices in use, preferably a (virtual) smart card variation for security. This is more expensive though and may be a challenge to implement for mobile devices.
Kind Regards,
------------------------------------
Reply:
I would agree with J.Couwenberg, and only add that I believe Credential Roaming, as a supported solution, appears to me as if its being de-emphasized. Its still there, and supported, but CR has been neither improved nor updated in a long time.
Most of my customers will simply enroll for a different signature cert on each device that requires signature. After that, some use smart cards. Both work fine.
And while technically possible, most don't use the export/and import method. This has more to do with non-repudiation. If the signature is being used for non-repudiation, the private key should not be portable, nor exist in lots of places. That degrades claims of non-repudiation.
Good Luck,
-Wayne
------------------------------------
No comments:
Post a Comment