Permisssions no replicating down.VMware dilemma??
Hi all,
Just a question to see if anybody else has experienced this.
Currently using VMware and a couple of us are experiencing a problem all of a sudden.
With installshield we permission the [INSTALLDIR] for APPGROUP, power Users, Administrators. In the last week or so we have noticed that these permissions are not replicating down to subfolders, files.
We are now thinking that our VMware slices are becoming corrupt the longer we use them. By this i mean that we do our setup captures on a vm slice, and then constantly revert back to the original vmslice. Is Vmware infallible or is it keeping reg keys, env variables, files etc, each time you revert back to parent slice.
Is this a bit left field or has anybody any other suggestions
Hope this makes sense.
Thanks.
Just a question to see if anybody else has experienced this.
Currently using VMware and a couple of us are experiencing a problem all of a sudden.
With installshield we permission the [INSTALLDIR] for APPGROUP, power Users, Administrators. In the last week or so we have noticed that these permissions are not replicating down to subfolders, files.
We are now thinking that our VMware slices are becoming corrupt the longer we use them. By this i mean that we do our setup captures on a vm slice, and then constantly revert back to the original vmslice. Is Vmware infallible or is it keeping reg keys, env variables, files etc, each time you revert back to parent slice.
Is this a bit left field or has anybody any other suggestions
Hope this makes sense.
Thanks.
0 Comments
[ + ] Show comments
Answers (6)
Please log in to answer
Posted by:
VikingLoki
18 years ago
Sounds like your problem is that VMWare ISN'T keeping things when you revert. The problem really presents itself when your VMWare machine is attached to a domain. The constant reverting eventually causes the Domain and the workstation to become out of sync. The biggest problem is that eventually the domain will update the computer login and a revert will undo it. Then you're stuck with a machine that can no longer attach to the domain because it's credentials don't match the domain anymore.
If you're using domain based security policies or groups, the machines are probably out of sync with the domain. Since you say a couple people are having the problem, I'd bet that all these VMWare machines were built around the same time. I regularly have to reattach my VMWare packaging environments to the domain every 45 days and re-snapshot.
Here's the procedure:
Revert to snapshot.
Log in as local Administrator
Control Panel -> System -> Computer Name tab -> Change button
Select workgroup radio button, type in any workgroup name.
Select OK. Ignore all "must reboot" messages, you do not need to reboot.
Go back to Control Panel -> System -> Computer Name tab -> Change button
Select Domain radio button, type in the name of your domain.
Enter domain credentials, reconnect, select ok.
Reboot.
Re-shapshot.
That should take care of the problem until the domain updates the machine login again, probably in about 45 days.
If you're using domain based security policies or groups, the machines are probably out of sync with the domain. Since you say a couple people are having the problem, I'd bet that all these VMWare machines were built around the same time. I regularly have to reattach my VMWare packaging environments to the domain every 45 days and re-snapshot.
Here's the procedure:
Revert to snapshot.
Log in as local Administrator
Control Panel -> System -> Computer Name tab -> Change button
Select workgroup radio button, type in any workgroup name.
Select OK. Ignore all "must reboot" messages, you do not need to reboot.
Go back to Control Panel -> System -> Computer Name tab -> Change button
Select Domain radio button, type in the name of your domain.
Enter domain credentials, reconnect, select ok.
Reboot.
Re-shapshot.
That should take care of the problem until the domain updates the machine login again, probably in about 45 days.
Posted by:
mgroover
18 years ago
Can't say there is any doable solution for this except not joining the VMWare image to a domain.
The problem lies in the passkey for the computer object changes every 45 days or so which also triggers an USN update on the computer object. When you revert the image you have an old passkey and an USN that doesn't match the object in the AD.
If there is some way of making the passkey not being updated then this could be applied but I think that is "by design" in the AD. Security shit.. ;)
If anyone has a solution to the problem (perhaps you can modify the computerobject in the active directory and restrict everyone to updating the object? ;) uncommon solution to the problem but perhaps viable?)
// martin
The problem lies in the passkey for the computer object changes every 45 days or so which also triggers an USN update on the computer object. When you revert the image you have an old passkey and an USN that doesn't match the object in the AD.
If there is some way of making the passkey not being updated then this could be applied but I think that is "by design" in the AD. Security shit.. ;)
If anyone has a solution to the problem (perhaps you can modify the computerobject in the active directory and restrict everyone to updating the object? ;) uncommon solution to the problem but perhaps viable?)
// martin
Posted by:
oreillyr
18 years ago
Great answer VokingLoki,
You gotta get some points for that.
Our AD guy is looking in to it with interest.
I'll let you know if it works.
Thanks again
Rob
You gotta get some points for that.
Our AD guy is looking in to it with interest.
I'll let you know if it works.
Thanks again
Rob
Posted by:
VikingLoki
18 years ago
You gotta get some points for that.
Well there is the "Rate Post" link.... [:D]
Good luck. I bet your problem is at least somewhat related to that.
Posted by:
VikingLoki
18 years ago
It you manage to find a way to stop this from happening, I'd love to hear about it.
I have yet to find a way to configure the VMWare machine, AD or the Machine object in AD so that this won't happen. Every road I tried lead to a dead end except for dealing with reattaching & resnapshotting, or don't join a domain which creates more trouble than it solves.
I have yet to find a way to configure the VMWare machine, AD or the Machine object in AD so that this won't happen. Every road I tried lead to a dead end except for dealing with reattaching & resnapshotting, or don't join a domain which creates more trouble than it solves.
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.