In our corporate environment we need to have the Privacy Mode in Lync 2010 enabled for a specific user group. Unforutnately it's only possible to enable this mode for the whole environment and not for specific users.
The idea is to enable the privacy mode via Lync policy for the whole environment and control the setting on the Clients with our software deployment system. It's possible to choose "I want everyone to be able to see my presence..." and "I want the system administrator to decide". What I'd need is a little client tool preferably written in C# which is able to change that Status option in the Lync 2010 client.
Unfortunately it seems like this is not simply a registry key being set. I found that there is a "PolicyPak" which is able to control this setting through Group Policies. Most likely they're using the LyncSDK to control this setting.
My questions is: Does someone know how to change this setting through the LyncSDK? I've already downloaded it but didn't really know where to start. Maybe someone can point me in the right direction.
From the research I've been able to do, I don't see any network traffic sent to the server or registry settings being modified.
This leads me to conclude the client (when setting this) loops through contacts and places them in the appropriate permission group. I'll revisit this post soon with findings and some code for testing purposes.
By using the UCMA it is possible to change the PrivacyMode for a user with the BeginUpdatePrivacyPreference method
Related
I'm working on a script that generates a user in my network. Besides the AD, File-Share and Exchange part of it I want to set some default Outlook settings for the new user. As a start I want to change some calendar settings like holidays and calendar viewing permissions.
First of all I thought of the Microsoft.Office.Interop.Outlook Namespace. Sadly all parameters are read-only. So this didn't work out.
Then I came across this SO post and was confident as hell. Sadly as far as I tried and understand (Source: Understanding an Outlook profile file) you can't set those settings in a .prf-file.
And here I ran out of options.. There used to be a ADODB method to interact with Outlook. But as far as I know this doesn't work anymore since Exchange/Outlook 2010.
Thanks in advance for any shared thoughts.
I'm not sure what the answer is, but I can tell you how to find it. If you change those settings, close Outlook, and then configure Outlook on a different machine to connect to the same Exchange mailbox, do the settings persist? Probably not, in which case they're not stored in the mailbox.
If they're not stored in the mailbox, they're probably stored in the registry. Use procmon or a similar tool to monitor which keys Outlook modified when you change those settings. You should then be able to just set those keys in your program, but be aware that the exact key may vary with version of Outlook, so you'd want to ask your customer how many versions of Outlook they use in their environment.
My question is related to write permissions to the Windows Event Log.
I have looked around several posts concering this, and have found some ways to solve my problem, but none of these are acceptable for my current scenario.
I use C# in .NET 4.0. I use the EventLog class:
EventLog class
In short, I need to see if there is a way to impersonate or authenticate with an authenticated user and password to reach the right I need to write to the Event Log. The server will always be in the Windows Server family, but the version may vary.
My application is a Windows Service running with one of the following accounts:
Network Service
Local Service
Local System
User with restricted rights (Users or
Domain Users groups)
Here are some other criterias I have:
I cannot put the service user as Administrator, not even local administrator on the server
I cannot edit or alter the registry
I cannot alter the UAC or any group policies on the server
I have a user with Administrator rights, but it cannot be used to run the service
The Event Log will always be the local Event Log, not on a remote machine
The Log will probably always be the "Application" log
The Source may vary, and that seems to be the heart of the problem
My question is : Is this at all possible?
Can I impersonate a user in my code to achieve what I need?
I do that when connecting to web services, logging on to smtp servers and of courseclogging in to databases etc.
I stumbled into this class:
EventLogPermission Class
But I cannot seem to get a good concept on how to use the class.
I hope I have expressed my problem good. I don't concider this a duplicate of another post because of my criterias.
By default, any authenticated user is able to write to application event log. However only administrators can create new event Sources. If all event Sources are known at the service installation time, I recommend register those sources ahead of time, then you will be all set up. Registering is a simple call to EventLog.CreateEventSource.
If you need more flexibility on event sources, you can customize permissions. Those defaults could be customized by tweaking a registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\CustomSD
A process described in this KB Article. A wevtutil tool, which is part of OS, available on Server 2008 and above, makes it a bit easier than going through regedit.
The answer showed to be "no".
I realize there are no good way of solving this the way I requested. There must be a manual job done.
So the solution I pick for this scenario is that customers who cannot run the service as an administrator or do a manual registry edit cannot use the functions around logging to event log. And I will make it possible to enable and disable the logging from the config.
Admin user and registry edit are known ways for me, but as stated something I was trying to avoid. But that is, as it seems, not possible according to my criterias this time.
I need to write a script that verifies that the user is not using the "Picture Password" feature in Windows 8. I'm using .NET 4.
I tried to search for info about it, but couldn't find anything. Do you have any clue how it can be done?
my company information securiy forbids using picture password when using other specific product (can`t give more info). I need to enforce this request by code.
You don't enforce these kinds of things with code, you enforce them with Group Policies.
To do so, open the Group Policy editor (gpedit.msc) and navigate to the following path:
Computer Configuration\Administrative Templates\System\Logon
Double-click the "Turn off picture password sign-in" setting, and set either the "Enabled" or "Disabled" option.
Of course, you don't have to do this on each local machine. You can create Group Policies that apply network-wide to specific groups of users. Ask on Server Fault to get more help on setting that up, or talk to your network administrator. Presumably if you have information security policies, you already have a department that handles these sorts of things.
I see that you have Windows-RT as a keyword on the question. So if the application needs to do the checking is a Windows 8 Store app (Modern/Metro app), you will not be able to achieve this.
There is no API to check for this in 8, and as far as I know there isn't one in 8.1 either.
There is no access to the registry for Store apps.
Even if you did manage a way to detect the settings via some other method, you need to ensure it's done through the Windows 8 API otherwise you won't pass certification (section 3.1).
You can however push the policy via GPO if that's an option.
Based on Windows 8 RT being removed from keywords, that means it's not a Windows 8 Store app. Leaving prior answer in case someone finds this and is asking about Store apps.
You should be able to review the setting via the registry at "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System" and checking the value of either BlockDomainPicturePassword or AllowDomainPicturePassword.
I don't know why there is two, I'll leave the testing to you as to which one is the right one.
My question is related to write permissions to the Windows Event Log.
I have looked around several posts concering this, and have found some ways to solve my problem, but none of these are acceptable for my current scenario.
I use C# in .NET 4.0. I use the EventLog class:
EventLog class
In short, I need to see if there is a way to impersonate or authenticate with an authenticated user and password to reach the right I need to write to the Event Log. The server will always be in the Windows Server family, but the version may vary.
My application is a Windows Service running with one of the following accounts:
Network Service
Local Service
Local System
User with restricted rights (Users or
Domain Users groups)
Here are some other criterias I have:
I cannot put the service user as Administrator, not even local administrator on the server
I cannot edit or alter the registry
I cannot alter the UAC or any group policies on the server
I have a user with Administrator rights, but it cannot be used to run the service
The Event Log will always be the local Event Log, not on a remote machine
The Log will probably always be the "Application" log
The Source may vary, and that seems to be the heart of the problem
My question is : Is this at all possible?
Can I impersonate a user in my code to achieve what I need?
I do that when connecting to web services, logging on to smtp servers and of courseclogging in to databases etc.
I stumbled into this class:
EventLogPermission Class
But I cannot seem to get a good concept on how to use the class.
I hope I have expressed my problem good. I don't concider this a duplicate of another post because of my criterias.
By default, any authenticated user is able to write to application event log. However only administrators can create new event Sources. If all event Sources are known at the service installation time, I recommend register those sources ahead of time, then you will be all set up. Registering is a simple call to EventLog.CreateEventSource.
If you need more flexibility on event sources, you can customize permissions. Those defaults could be customized by tweaking a registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\CustomSD
A process described in this KB Article. A wevtutil tool, which is part of OS, available on Server 2008 and above, makes it a bit easier than going through regedit.
The answer showed to be "no".
I realize there are no good way of solving this the way I requested. There must be a manual job done.
So the solution I pick for this scenario is that customers who cannot run the service as an administrator or do a manual registry edit cannot use the functions around logging to event log. And I will make it possible to enable and disable the logging from the config.
Admin user and registry edit are known ways for me, but as stated something I was trying to avoid. But that is, as it seems, not possible according to my criterias this time.
I would like to find out if someone (and maybe someone on StackOverflow works for LogMeIn, and can fill me in on the details) knows how to create a similar experience much like what you get with LogMeIn when you install their remote components on a computer, when logged into their site?
Typically, when you download and keep their remote components on a thumbdrive, you have to log into their software with your username and password, but when you're on their site, and click on "Add Computer" from their menu of options, the setup process bypasses the login process.
I'm writing up the specifications on a different tool, but similar in deployment model, and having that feature would make the setup process for the end user all the more simplistic in the long run.
Any assistance would be greatly appreciated.
Edit:
I did some digging and ran across this example of how to read from a table. So now I'm thinking maybe my way of doing this is to create a custom "download" page that when it gets clicked on, the msi is read into memory, I edit a custom property to insert a guid or other property that expires in 10 minutes or so, and use the guid to link the user account to the installation instance... Hmm... may work :)
Something to try during my next geek week before I go about building the msi installer for said project.
Windows Installer has the concept of transforms. LogMeIn is probably just using a base msi and programtically generating a transform and applying it as part of a watermarking process.
Morphing Installers ( with transforms ):
http://www.tramontana.co.hu/wix/lesson9.php
The concepts here are straightforward and the majority of your work is going to be integrating it into your websites build/release process.
Personally I get nervous about baking that much information into an MSI but the LogMeIn people obviously had a business case for making it as easy easy easy as possible for their users.
Once you have the admin password to a (non-firewalled) windows box, you can copy files, remotely update the registry, start services, etc.
This is one example of a remote VNC install procedure.
One remote desktop vendor (don't remember which) that I looked at allowed remote installation by ordering a computer to log in and install on any computer located on the same subnet.