| Author |
Message |
Sergio
Guest
|
 Posted:
Mon Oct 25, 2004 6:35 pm Post subject:
Rights Issue |
|
|
I am having problems gettting my operations people set up to ba able to
monitor the HIS subdomain. Everytime they try to open the domain the get an
"ERROR OPENING SUB-DOMAIN" message. I have checked to ensure that the Remore
Registry service is started and the SNADomain is in the registry. Other than
putting them in the local admin group, which my Info Sec people are cringing
about, what should I be doing to get them access. |
|
| Back to top |
|
 |
lsring@hotmail.com
Guest
|
| Posted:
Tue Oct 26, 2004 9:33 am Post subject:
RE: Rights Issue |
|
|
I am having the same problem. Also in my case I don't want them all changing
the config file.
What I have done so far is give the users that need to monitor rights on the
backup servers but not the primary. This way they can view the real-time
connectivity status, etc... but not change the config file.
The only way I have been able to get around the issue you describe is by
using the "runas" command. This way they logon with limited rights but when
they run manager is runs under the context of an account that has
administrative rights on the server and also does not have the rights to
login interactively.
It is a cumbersome solution but works and with W2K3 Server the runas command
does not have to prompt for the password for the admin account.
Let me know if you come up with a better solution. Also I understand that
HIS 2004 resolves this issue but I am still on HIS 2000.
"Sergio" wrote:
| Quote: | I am having problems gettting my operations people set up to ba able to
monitor the HIS subdomain. Everytime they try to open the domain the get an
"ERROR OPENING SUB-DOMAIN" message. I have checked to ensure that the Remore
Registry service is started and the SNADomain is in the registry. Other than
putting them in the local admin group, which my Info Sec people are cringing
about, what should I be doing to get them access. |
|
|
| Back to top |
|
|
Jeremy Remlinger [MSFT]
Guest
|
| Posted:
Thu Oct 28, 2004 3:13 am Post subject:
RE: Rights Issue |
|
|
There is an easier solution. In the SNA Manager on the Host Integration
Server, if you right-click on the Subdomain and select Properties, and go
to the Security Tab you can set the Permissions for the configuration file.
Here you can add users that will have the ability to 'View Only' the
configuration.
In my testing here, it worked fine, although even setting this to 'READ
(View ONLY)' still allowed the user to stop/start the connections, you
could not make any configuration changes.
Give that a try and see if that gives you the functionality that you are
looking for.
ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸
Jeremy "Rem" Remlinger, MSCE
SNA/HIS Engineer
Microsoft
This posting is provided 'AS IS' with no warranties, and confers no rights.
© 2004 Microsoft Corporation. All rights reserved.
ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸
--------------------
Thread-Topic: Rights Issue
thread-index: AcS7FOCivhiXPrWPQMabsZzEL2Rpmg==
X-WBNR-Posting-Host: 207.235.15.24
From: =?Utf-8?B?bHNyaW5nQGhvdG1haWwuY29t?=
<lsringhotmailcom@discussions.microsoft.com>
References: <8400E4AA-CB0C-472E-BC4A-51289815B301@microsoft.com>
Subject: RE: Rights Issue
Date: Mon, 25 Oct 2004 21:33:01 -0700
Lines: 27
Message-ID: <EDC66074-0A89-472B-9A83-285A6F97B452@microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.hiserver.general
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: cpmsftngxa10.phx.gbl microsoft.public.hiserver.general:4308
X-Tomcat-NG: microsoft.public.hiserver.general
I am having the same problem. Also in my case I don't want them all
changing
the config file.
What I have done so far is give the users that need to monitor rights on
the
backup servers but not the primary. This way they can view the real-time
connectivity status, etc... but not change the config file.
The only way I have been able to get around the issue you describe is by
using the "runas" command. This way they logon with limited rights but when
they run manager is runs under the context of an account that has
administrative rights on the server and also does not have the rights to
login interactively.
It is a cumbersome solution but works and with W2K3 Server the runas
command
does not have to prompt for the password for the admin account.
Let me know if you come up with a better solution. Also I understand that
HIS 2004 resolves this issue but I am still on HIS 2000.
"Sergio" wrote:
| Quote: | I am having problems gettting my operations people set up to ba able to
monitor the HIS subdomain. Everytime they try to open the domain the get
an
"ERROR OPENING SUB-DOMAIN" message. I have checked to ensure that the
Remore
Registry service is started and the SNADomain is in the registry. Other
than
putting them in the local admin group, which my Info Sec people are
cringing
about, what should I be doing to get them access. |
|
|
| Back to top |
|
|
lsring@hotmail.com
Guest
|
| Posted:
Thu Oct 28, 2004 3:39 am Post subject:
RE: Rights Issue |
|
|
Thanks alot. I will try that.
"Jeremy Remlinger [MSFT]" wrote:
| Quote: | There is an easier solution. In the SNA Manager on the Host Integration
Server, if you right-click on the Subdomain and select Properties, and go
to the Security Tab you can set the Permissions for the configuration file.
Here you can add users that will have the ability to 'View Only' the
configuration.
In my testing here, it worked fine, although even setting this to 'READ
(View ONLY)' still allowed the user to stop/start the connections, you
could not make any configuration changes.
Give that a try and see if that gives you the functionality that you are
looking for.
ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸
Jeremy "Rem" Remlinger, MSCE
SNA/HIS Engineer
Microsoft
This posting is provided 'AS IS' with no warranties, and confers no rights.
© 2004 Microsoft Corporation. All rights reserved.
ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸
--------------------
Thread-Topic: Rights Issue
thread-index: AcS7FOCivhiXPrWPQMabsZzEL2Rpmg==
X-WBNR-Posting-Host: 207.235.15.24
From: =?Utf-8?B?bHNyaW5nQGhvdG1haWwuY29t?=
lsringhotmailcom@discussions.microsoft.com
References: <8400E4AA-CB0C-472E-BC4A-51289815B301@microsoft.com
Subject: RE: Rights Issue
Date: Mon, 25 Oct 2004 21:33:01 -0700
Lines: 27
Message-ID: <EDC66074-0A89-472B-9A83-285A6F97B452@microsoft.com
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.hiserver.general
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: cpmsftngxa10.phx.gbl microsoft.public.hiserver.general:4308
X-Tomcat-NG: microsoft.public.hiserver.general
I am having the same problem. Also in my case I don't want them all
changing
the config file.
What I have done so far is give the users that need to monitor rights on
the
backup servers but not the primary. This way they can view the real-time
connectivity status, etc... but not change the config file.
The only way I have been able to get around the issue you describe is by
using the "runas" command. This way they logon with limited rights but when
they run manager is runs under the context of an account that has
administrative rights on the server and also does not have the rights to
login interactively.
It is a cumbersome solution but works and with W2K3 Server the runas
command
does not have to prompt for the password for the admin account.
Let me know if you come up with a better solution. Also I understand that
HIS 2004 resolves this issue but I am still on HIS 2000.
"Sergio" wrote:
I am having problems gettting my operations people set up to ba able to
monitor the HIS subdomain. Everytime they try to open the domain the get
an
"ERROR OPENING SUB-DOMAIN" message. I have checked to ensure that the
Remore
Registry service is started and the SNADomain is in the registry. Other
than
putting them in the local admin group, which my Info Sec people are
cringing
about, what should I be doing to get them access |
|
|
| Back to top |
|
|
Sergio
Guest
|
| Posted:
Thu Oct 28, 2004 5:01 pm Post subject:
RE: Rights Issue |
|
|
Jeremy,
I gave the Helpdesk ID full rights in the HIS security screen but I am still
receiving the same error. Is there something else I can try?
Thansk,
Serge Harnais
"Jeremy Remlinger [MSFT]" wrote:
| Quote: | There is an easier solution. In the SNA Manager on the Host Integration
Server, if you right-click on the Subdomain and select Properties, and go
to the Security Tab you can set the Permissions for the configuration file.
Here you can add users that will have the ability to 'View Only' the
configuration.
In my testing here, it worked fine, although even setting this to 'READ
(View ONLY)' still allowed the user to stop/start the connections, you
could not make any configuration changes.
Give that a try and see if that gives you the functionality that you are
looking for.
ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸
Jeremy "Rem" Remlinger, MSCE
SNA/HIS Engineer
Microsoft
This posting is provided 'AS IS' with no warranties, and confers no rights.
© 2004 Microsoft Corporation. All rights reserved.
ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸
--------------------
Thread-Topic: Rights Issue
thread-index: AcS7FOCivhiXPrWPQMabsZzEL2Rpmg==
X-WBNR-Posting-Host: 207.235.15.24
From: =?Utf-8?B?bHNyaW5nQGhvdG1haWwuY29t?=
lsringhotmailcom@discussions.microsoft.com
References: <8400E4AA-CB0C-472E-BC4A-51289815B301@microsoft.com
Subject: RE: Rights Issue
Date: Mon, 25 Oct 2004 21:33:01 -0700
Lines: 27
Message-ID: <EDC66074-0A89-472B-9A83-285A6F97B452@microsoft.com
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.hiserver.general
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: cpmsftngxa10.phx.gbl microsoft.public.hiserver.general:4308
X-Tomcat-NG: microsoft.public.hiserver.general
I am having the same problem. Also in my case I don't want them all
changing
the config file.
What I have done so far is give the users that need to monitor rights on
the
backup servers but not the primary. This way they can view the real-time
connectivity status, etc... but not change the config file.
The only way I have been able to get around the issue you describe is by
using the "runas" command. This way they logon with limited rights but when
they run manager is runs under the context of an account that has
administrative rights on the server and also does not have the rights to
login interactively.
It is a cumbersome solution but works and with W2K3 Server the runas
command
does not have to prompt for the password for the admin account.
Let me know if you come up with a better solution. Also I understand that
HIS 2004 resolves this issue but I am still on HIS 2000.
"Sergio" wrote:
I am having problems gettting my operations people set up to ba able to
monitor the HIS subdomain. Everytime they try to open the domain the get
an
"ERROR OPENING SUB-DOMAIN" message. I have checked to ensure that the
Remore
Registry service is started and the SNADomain is in the registry. Other
than
putting them in the local admin group, which my Info Sec people are
cringing
about, what should I be doing to get them access |
|
|
| Back to top |
|
|
lsring@hotmail.com
Guest
|
| Posted:
Thu Oct 28, 2004 9:33 pm Post subject:
RE: Rights Issue |
|
|
I tried the view only rights and that did work as long and the users had
assess to log on but likewise I have only been able to get a user with admin
rights to make changes. I will test this again in case I made a mistake and
will let you know the results.
"Sergio" wrote:
| Quote: | I am having problems gettting my operations people set up to ba able to
monitor the HIS subdomain. Everytime they try to open the domain the get an
"ERROR OPENING SUB-DOMAIN" message. I have checked to ensure that the Remore
Registry service is started and the SNADomain is in the registry. Other than
putting them in the local admin group, which my Info Sec people are cringing
about, what should I be doing to get them access. |
|
|
| Back to top |
|
|
Jeremy Remlinger [MSFT]
Guest
|
| Posted:
Thu Oct 28, 2004 11:49 pm Post subject:
RE: Rights Issue |
|
|
What account is your SNA Base running under for the SNA Administrator
client? Is it the same accourt that the HIS 2000 Server Services are
running under?
ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸
Jeremy "Rem" Remlinger, MSCE
SNA/HIS Engineer
Microsoft
This posting is provided 'AS IS' with no warranties, and confers no rights.
© 2004 Microsoft Corporation. All rights reserved.
ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸
--------------------
Thread-Topic: Rights Issue
thread-index: AcS85cwgodxc+lA2Sy6xb1BmsQeuJg==
X-WBNR-Posting-Host: 12.11.145.74
From: =?Utf-8?B?U2VyZ2lv?= <sergio.o.harnais@bos.frb.org>
References: <8400E4AA-CB0C-472E-BC4A-51289815B301@microsoft.com>
<EDC66074-0A89-472B-9A83-285A6F97B452@microsoft.com>
<YZf6DJHvEHA.3696@cpmsftngxa10.phx.gbl>
Subject: RE: Rights Issue
Date: Thu, 28 Oct 2004 05:01:03 -0700
Lines: 94
Message-ID: <8E64C234-E972-418E-B274-DD07FE52A197@microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 8bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.hiserver.general
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: cpmsftngxa10.phx.gbl microsoft.public.hiserver.general:4333
X-Tomcat-NG: microsoft.public.hiserver.general
Jeremy,
I gave the Helpdesk ID full rights in the HIS security screen but I am
still
receiving the same error. Is there something else I can try?
Thansk,
Serge Harnais
"Jeremy Remlinger [MSFT]" wrote:
| Quote: | There is an easier solution. In the SNA Manager on the Host Integration
Server, if you right-click on the Subdomain and select Properties, and go
to the Security Tab you can set the Permissions for the configuration
file.
Here you can add users that will have the ability to 'View Only' the
configuration.
In my testing here, it worked fine, although even setting this to 'READ
(View ONLY)' still allowed the user to stop/start the connections, you
could not make any configuration changes.
Give that a try and see if that gives you the functionality that you are
looking for.
ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º |
°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸
| Quote: | Jeremy "Rem" Remlinger, MSCE
SNA/HIS Engineer
Microsoft
This posting is provided 'AS IS' with no warranties, and confers no
rights.
© 2004 Microsoft Corporation. All rights reserved.
ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º |
°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸
| Quote: |
--------------------
Thread-Topic: Rights Issue
thread-index: AcS7FOCivhiXPrWPQMabsZzEL2Rpmg==
X-WBNR-Posting-Host: 207.235.15.24
From: =?Utf-8?B?bHNyaW5nQGhvdG1haWwuY29t?=
lsringhotmailcom@discussions.microsoft.com
References: <8400E4AA-CB0C-472E-BC4A-51289815B301@microsoft.com
Subject: RE: Rights Issue
Date: Mon, 25 Oct 2004 21:33:01 -0700
Lines: 27
Message-ID: <EDC66074-0A89-472B-9A83-285A6F97B452@microsoft.com
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.hiserver.general
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: cpmsftngxa10.phx.gbl microsoft.public.hiserver.general:4308
X-Tomcat-NG: microsoft.public.hiserver.general
I am having the same problem. Also in my case I don't want them all
changing
the config file.
What I have done so far is give the users that need to monitor rights on
the
backup servers but not the primary. This way they can view the real-time
connectivity status, etc... but not change the config file.
The only way I have been able to get around the issue you describe is by
using the "runas" command. This way they logon with limited rights but
when
they run manager is runs under the context of an account that has
administrative rights on the server and also does not have the rights to
login interactively.
It is a cumbersome solution but works and with W2K3 Server the runas
command
does not have to prompt for the password for the admin account.
Let me know if you come up with a better solution. Also I understand that
HIS 2004 resolves this issue but I am still on HIS 2000.
"Sergio" wrote:
I am having problems gettting my operations people set up to ba able to
monitor the HIS subdomain. Everytime they try to open the domain the
get
an
"ERROR OPENING SUB-DOMAIN" message. I have checked to ensure that the
Remore
Registry service is started and the SNADomain is in the registry. Other
than
putting them in the local admin group, which my Info Sec people are
cringing
about, what should I be doing to get them access |
|
|
| Back to top |
|
|
Sergio
Guest
|
| Posted:
Fri Oct 29, 2004 5:50 pm Post subject:
RE: Rights Issue |
|
|
Yes, teh SNAServer service and the SNABase service are both using a the same
account. I have retried your previous suggestion, but I still amnot getting
into the sub-domain using a non-admin local or domain account.
"Jeremy Remlinger [MSFT]" wrote:
| Quote: | What account is your SNA Base running under for the SNA Administrator
client? Is it the same accourt that the HIS 2000 Server Services are
running under?
ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸
Jeremy "Rem" Remlinger, MSCE
SNA/HIS Engineer
Microsoft
This posting is provided 'AS IS' with no warranties, and confers no rights.
© 2004 Microsoft Corporation. All rights reserved.
ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸
--------------------
Thread-Topic: Rights Issue
thread-index: AcS85cwgodxc+lA2Sy6xb1BmsQeuJg==
X-WBNR-Posting-Host: 12.11.145.74
From: =?Utf-8?B?U2VyZ2lv?= <sergio.o.harnais@bos.frb.org
References: <8400E4AA-CB0C-472E-BC4A-51289815B301@microsoft.com
EDC66074-0A89-472B-9A83-285A6F97B452@microsoft.com
YZf6DJHvEHA.3696@cpmsftngxa10.phx.gbl
Subject: RE: Rights Issue
Date: Thu, 28 Oct 2004 05:01:03 -0700
Lines: 94
Message-ID: <8E64C234-E972-418E-B274-DD07FE52A197@microsoft.com
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 8bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.hiserver.general
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: cpmsftngxa10.phx.gbl microsoft.public.hiserver.general:4333
X-Tomcat-NG: microsoft.public.hiserver.general
Jeremy,
I gave the Helpdesk ID full rights in the HIS security screen but I am
still
receiving the same error. Is there something else I can try?
Thansk,
Serge Harnais
"Jeremy Remlinger [MSFT]" wrote:
There is an easier solution. In the SNA Manager on the Host Integration
Server, if you right-click on the Subdomain and select Properties, and go
to the Security Tab you can set the Permissions for the configuration
file.
Here you can add users that will have the ability to 'View Only' the
configuration.
In my testing here, it worked fine, although even setting this to 'READ
(View ONLY)' still allowed the user to stop/start the connections, you
could not make any configuration changes.
Give that a try and see if that gives you the functionality that you are
looking for.
ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤ºÂ
°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸
Jeremy "Rem" Remlinger, MSCE
SNA/HIS Engineer
Microsoft
This posting is provided 'AS IS' with no warranties, and confers no
rights.
© 2004 Microsoft Corporation. All rights reserved.
ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤ºÂ
°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸
--------------------
Thread-Topic: Rights Issue
thread-index: AcS7FOCivhiXPrWPQMabsZzEL2Rpmg==
X-WBNR-Posting-Host: 207.235.15.24
From: =?Utf-8?B?bHNyaW5nQGhvdG1haWwuY29t?=
lsringhotmailcom@discussions.microsoft.com
References: <8400E4AA-CB0C-472E-BC4A-51289815B301@microsoft.com
Subject: RE: Rights Issue
Date: Mon, 25 Oct 2004 21:33:01 -0700
Lines: 27
Message-ID: <EDC66074-0A89-472B-9A83-285A6F97B452@microsoft.com
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.hiserver.general
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: cpmsftngxa10.phx.gbl microsoft.public.hiserver.general:4308
X-Tomcat-NG: microsoft.public.hiserver.general
I am having the same problem. Also in my case I don't want them all
changing
the config file.
What I have done so far is give the users that need to monitor rights on
the
backup servers but not the primary. This way they can view the real-time
connectivity status, etc... but not change the config file.
The only way I have been able to get around the issue you describe is by
using the "runas" command. This way they logon with limited rights but
when
they run manager is runs under the context of an account that has
administrative rights on the server and also does not have the rights to
login interactively.
It is a cumbersome solution but works and with W2K3 Server the runas
command
does not have to prompt for the password for the admin account.
Let me know if you come up with a better solution. Also I understand that
HIS 2004 resolves this issue but I am still on HIS 2000.
"Sergio" wrote:
I am having problems gettting my operations people set up to ba able to
monitor the HIS subdomain. Everytime they try to open the domain the
get
an
"ERROR OPENING SUB-DOMAIN" message. I have checked to ensure that the
Remore
Registry service is started and the SNADomain is in the registry. Other
than
putting them in the local admin group, which my Info Sec people are
cringing
about, what should I be doing to get them access
|
|
|
| Back to top |
|
|
Jeremy Remlinger [MSFT]
Guest
|
| Posted:
Sat Oct 30, 2004 2:57 am Post subject:
RE: Rights Issue |
|
|
Did you possibly manually modify the share or folder permissions for the
COMCFG share at any point?
I can't think of anything off of the top of my head that would cause this.
I will see if I can break mine here.
ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸
Jeremy "Rem" Remlinger, MSCE
SNA/HIS Engineer
Microsoft
This posting is provided 'AS IS' with no warranties, and confers no rights.
© 2004 Microsoft Corporation. All rights reserved.
ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸
--------------------
Thread-Topic: Rights Issue
thread-index: AcS9tc8x6COxmF0YQoSn6zBCiHl3pw==
X-WBNR-Posting-Host: 12.11.145.74
From: =?Utf-8?B?U2VyZ2lv?= <sergio.o.harnais@bos.frb.org>
References: <8400E4AA-CB0C-472E-BC4A-51289815B301@microsoft.com>
<EDC66074-0A89-472B-9A83-285A6F97B452@microsoft.com>
<YZf6DJHvEHA.3696@cpmsftngxa10.phx.gbl>
<8E64C234-E972-418E-B274-DD07FE52A197@microsoft.com>
<kqC7o7RvEHA.3956@cpmsftngxa10.phx.gbl>
Subject: RE: Rights Issue
Date: Fri, 29 Oct 2004 05:50:03 -0700
Lines: 153
Message-ID: <17191B8A-EADD-40C8-934B-93CADACDDA3D@microsoft.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 8bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.hiserver.general
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: cpmsftngxa10.phx.gbl microsoft.public.hiserver.general:4348
X-Tomcat-NG: microsoft.public.hiserver.general
Yes, teh SNAServer service and the SNABase service are both using a the
same
account. I have retried your previous suggestion, but I still amnot getting
into the sub-domain using a non-admin local or domain account.
"Jeremy Remlinger [MSFT]" wrote:
| Quote: | What account is your SNA Base running under for the SNA Administrator
client? Is it the same accourt that the HIS 2000 Server Services are
running under?
ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º |
°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸
| Quote: | Jeremy "Rem" Remlinger, MSCE
SNA/HIS Engineer
Microsoft
This posting is provided 'AS IS' with no warranties, and confers no
rights.
© 2004 Microsoft Corporation. All rights reserved.
ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º |
°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸
| Quote: |
--------------------
Thread-Topic: Rights Issue
thread-index: AcS85cwgodxc+lA2Sy6xb1BmsQeuJg==
X-WBNR-Posting-Host: 12.11.145.74
From: =?Utf-8?B?U2VyZ2lv?= <sergio.o.harnais@bos.frb.org
References: <8400E4AA-CB0C-472E-BC4A-51289815B301@microsoft.com
EDC66074-0A89-472B-9A83-285A6F97B452@microsoft.com
YZf6DJHvEHA.3696@cpmsftngxa10.phx.gbl
Subject: RE: Rights Issue
Date: Thu, 28 Oct 2004 05:01:03 -0700
Lines: 94
Message-ID: <8E64C234-E972-418E-B274-DD07FE52A197@microsoft.com
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 8bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.hiserver.general
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: cpmsftngxa10.phx.gbl microsoft.public.hiserver.general:4333
X-Tomcat-NG: microsoft.public.hiserver.general
Jeremy,
I gave the Helpdesk ID full rights in the HIS security screen but I am
still
receiving the same error. Is there something else I can try?
Thansk,
Serge Harnais
"Jeremy Remlinger [MSFT]" wrote:
There is an easier solution. In the SNA Manager on the Host
Integration
Server, if you right-click on the Subdomain and select Properties, and
go
to the Security Tab you can set the Permissions for the configuration
file.
Here you can add users that will have the ability to 'View Only' the
configuration.
In my testing here, it worked fine, although even setting this to 'READ
(View ONLY)' still allowed the user to stop/start the connections, you
could not make any configuration changes.
Give that a try and see if that gives you the functionality that you
are
looking for.
ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø |
,¸¸,ø¤º°`°º¤ø,¸¸,ø¤ºÂ
| Quote: |
°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø |
¤º°`°º¤ø,¸
| Quote: | Jeremy "Rem" Remlinger, MSCE
SNA/HIS Engineer
Microsoft
This posting is provided 'AS IS' with no warranties, and confers no
rights.
© 2004 Microsoft Corporation. All rights reserved.
ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø |
,¸¸,ø¤º°`°º¤ø,¸¸,ø¤ºÂ
| Quote: |
°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø |
¤º°`°º¤ø,¸
| Quote: |
--------------------
Thread-Topic: Rights Issue
thread-index: AcS7FOCivhiXPrWPQMabsZzEL2Rpmg==
X-WBNR-Posting-Host: 207.235.15.24
From: =?Utf-8?B?bHNyaW5nQGhvdG1haWwuY29t?=
lsringhotmailcom@discussions.microsoft.com
References: <8400E4AA-CB0C-472E-BC4A-51289815B301@microsoft.com
Subject: RE: Rights Issue
Date: Mon, 25 Oct 2004 21:33:01 -0700
Lines: 27
Message-ID: <EDC66074-0A89-472B-9A83-285A6F97B452@microsoft.com
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.hiserver.general
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: cpmsftngxa10.phx.gbl microsoft.public.hiserver.general:4308
X-Tomcat-NG: microsoft.public.hiserver.general
I am having the same problem. Also in my case I don't want them all
changing
the config file.
What I have done so far is give the users that need to monitor rights
on
the
backup servers but not the primary. This way they can view the
real-time
connectivity status, etc... but not change the config file.
The only way I have been able to get around the issue you describe is
by
using the "runas" command. This way they logon with limited rights but
when
they run manager is runs under the context of an account that has
administrative rights on the server and also does not have the rights
to
login interactively.
It is a cumbersome solution but works and with W2K3 Server the runas
command
does not have to prompt for the password for the admin account.
Let me know if you come up with a better solution. Also I understand
that
HIS 2004 resolves this issue but I am still on HIS 2000.
"Sergio" wrote:
I am having problems gettting my operations people set up to ba able
to
monitor the HIS subdomain. Everytime they try to open the domain the
get
an
"ERROR OPENING SUB-DOMAIN" message. I have checked to ensure that the
Remore
Registry service is started and the SNADomain is in the registry.
Other
than
putting them in the local admin group, which my Info Sec people are
cringing
about, what should I be doing to get them access
|
|
|
| Back to top |
|
|
Sergio
Guest
|
| Posted:
Tue Nov 09, 2004 7:08 pm Post subject:
RE: Rights Issue |
|
|
Jeremy, our Info Sec people found a couple of issues with the server. I
handed the problem of to them. Thanks for your help, it seems that they have
fixed the issue or at least have stopped worrying about it.
Thanks,
Serge Harnais
"Jeremy Remlinger [MSFT]" wrote:
| Quote: | Did you possibly manually modify the share or folder permissions for the
COMCFG share at any point?
I can't think of anything off of the top of my head that would cause this.
I will see if I can break mine here.
ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸
Jeremy "Rem" Remlinger, MSCE
SNA/HIS Engineer
Microsoft
This posting is provided 'AS IS' with no warranties, and confers no rights.
© 2004 Microsoft Corporation. All rights reserved.
ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸
--------------------
Thread-Topic: Rights Issue
thread-index: AcS9tc8x6COxmF0YQoSn6zBCiHl3pw==
X-WBNR-Posting-Host: 12.11.145.74
From: =?Utf-8?B?U2VyZ2lv?= <sergio.o.harnais@bos.frb.org
References: <8400E4AA-CB0C-472E-BC4A-51289815B301@microsoft.com
EDC66074-0A89-472B-9A83-285A6F97B452@microsoft.com
YZf6DJHvEHA.3696@cpmsftngxa10.phx.gbl
8E64C234-E972-418E-B274-DD07FE52A197@microsoft.com
kqC7o7RvEHA.3956@cpmsftngxa10.phx.gbl
Subject: RE: Rights Issue
Date: Fri, 29 Oct 2004 05:50:03 -0700
Lines: 153
Message-ID: <17191B8A-EADD-40C8-934B-93CADACDDA3D@microsoft.com
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 8bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.hiserver.general
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: cpmsftngxa10.phx.gbl microsoft.public.hiserver.general:4348
X-Tomcat-NG: microsoft.public.hiserver.general
Yes, teh SNAServer service and the SNABase service are both using a the
same
account. I have retried your previous suggestion, but I still amnot getting
into the sub-domain using a non-admin local or domain account.
"Jeremy Remlinger [MSFT]" wrote:
What account is your SNA Base running under for the SNA Administrator
client? Is it the same accourt that the HIS 2000 Server Services are
running under?
ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤ºÂ
°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸
Jeremy "Rem" Remlinger, MSCE
SNA/HIS Engineer
Microsoft
This posting is provided 'AS IS' with no warranties, and confers no
rights.
© 2004 Microsoft Corporation. All rights reserved.
ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤ºÂ
°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸
--------------------
Thread-Topic: Rights Issue
thread-index: AcS85cwgodxc+lA2Sy6xb1BmsQeuJg==
X-WBNR-Posting-Host: 12.11.145.74
From: =?Utf-8?B?U2VyZ2lv?= <sergio.o.harnais@bos.frb.org
References: <8400E4AA-CB0C-472E-BC4A-51289815B301@microsoft.com
EDC66074-0A89-472B-9A83-285A6F97B452@microsoft.com
YZf6DJHvEHA.3696@cpmsftngxa10.phx.gbl
Subject: RE: Rights Issue
Date: Thu, 28 Oct 2004 05:01:03 -0700
Lines: 94
Message-ID: <8E64C234-E972-418E-B274-DD07FE52A197@microsoft.com
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 8bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.hiserver.general
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: cpmsftngxa10.phx.gbl microsoft.public.hiserver.general:4333
X-Tomcat-NG: microsoft.public.hiserver.general
Jeremy,
I gave the Helpdesk ID full rights in the HIS security screen but I am
still
receiving the same error. Is there something else I can try?
Thansk,
Serge Harnais
"Jeremy Remlinger [MSFT]" wrote:
There is an easier solution. In the SNA Manager on the Host
Integration
Server, if you right-click on the Subdomain and select Properties, and
go
to the Security Tab you can set the Permissions for the configuration
file.
Here you can add users that will have the ability to 'View Only' the
configuration.
In my testing here, it worked fine, although even setting this to 'READ
(View ONLY)' still allowed the user to stop/start the connections, you
could not make any configuration changes.
Give that a try and see if that gives you the functionality that you
are
looking for.
ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø
,¸¸,ø¤º°`°º¤ø,¸¸,ø¤ºÂ
°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø
¤º°`°º¤ø,¸
Jeremy "Rem" Remlinger, MSCE
SNA/HIS Engineer
Microsoft
This posting is provided 'AS IS' with no warranties, and confers no
rights.
© 2004 Microsoft Corporation. All rights reserved.
ø¤º°`°º¤ø,¸¸,ø¤º°`°º¤ø
,¸¸,ø¤º°`°º¤ø,¸¸,ø¤ºÂ
°`°º¤ø,¸¸,ø¤º°`°º¤ø,¸¸,ø
¤º°`°º¤ø,¸
--------------------
Thread-Topic: Rights Issue
thread-index: AcS7FOCivhiXPrWPQMabsZzEL2Rpmg==
X-WBNR-Posting-Host: 207.235.15.24
From: =?Utf-8?B?bHNyaW5nQGhvdG1haWwuY29t?=
lsringhotmailcom@discussions.microsoft.com
References: <8400E4AA-CB0C-472E-BC4A-51289815B301@microsoft.com
Subject: RE: Rights Issue
Date: Mon, 25 Oct 2004 21:33:01 -0700
Lines: 27
Message-ID: <EDC66074-0A89-472B-9A83-285A6F97B452@microsoft.com
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.hiserver.general
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA03.phx.gbl
Xref: cpmsftngxa10.phx.gbl microsoft.public.hiserver.general:4308
X-Tomcat-NG: microsoft.public.hiserver.general
I am having the same problem. Also in my case I don't want them all
changing
the config file.
What I have done so far is give the users that need to monitor rights
on
the
backup servers but not the primary. This way they can view the
real-time
connectivity status, etc... but not change the config file.
The only way I have been able to get around the issue you describe is
by
using the "runas" command. This way they logon with limited rights but
when
they run manager is runs under the context of an account that has
administrative rights on the server and also does not have the rights
to
login interactively.
It is a cumbersome solution but works and with W2K3 Server the runas
command
does not have to prompt for the password for the admin account.
Let me know if you come up with a better solution. Also I understand
that
HIS 2004 resolves this issue but I am still on HIS 2000.
"Sergio" wrote:
I am having problems gettting my operations people set up to ba able
to
monitor the HIS subdomain. Everytime they try to open the domain the
get
an
"ERROR OPENING SUB-DOMAIN" message. I have checked to ensure that the
Remore
Registry service is started and the SNADomain is in the registry.
Other
than
putting them in the local admin group, which my Info Sec people are
cringing
about, what should I be doing to get them access
|
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in