Jump to content


  • Posts

  • Joined

  • Last visited

  • Days Won


Rick67 last won the day on November 30 2016

Rick67 had the most liked content!

Rick67's Achievements


Newbie (1/14)



  1. Thanks for that response. It makes sense. Regarding the 'ALL USERS' group, does it simply mean ANY user or group including local and domain service accounts obtain the permissions that are set? Is there way of displaying more information about the user when using the command 'cm li'? For example, displaying the domain?
  2. Unfortunately, an online meeting is not an option due to security. However, through the command line, I've now managed to change the owner to myself by including the domain {domain\user}. I've since identified my other account had a different domain and I've successfully deleted it. Furthermore, I've deactivated the user I was unable to. I now have the two spare licences. Regarding the 'ALL USERS' group, does it simply mean ANY user or group including local and domain service accounts obtain the permissions that are set? Can a user be in two groups? If so, how are permissions overridden?
  3. We tried that, the problem we are experiencing are the permissions on the repository server. The 'ALL USERS' group was reinstated with all permissions set to allowed. For your information, the 'OWNER' has all permissions set to allowed, is listed as a user with all permissions set to allowed, but is also in a group that has some permissions denied. This is the user who is unable to change owner or deactivate users. We believe the user is the 'ACTIVE' one too. Is there a way of identifying the domain?
  4. Unfortunately, the repository server owner had the same problem i.e. "You don't have permissions for operation view". We're now back up and running thanks but the owner doesn't have permissions to deactivate users or change owner again. The owner was fine before I set 'Deny all' to the 'ALL USERS' group. Furthermore, I've also noticed that I now have two ACTIVE accounts!
  5. We have a more serious issue now!!!! I set the 'ALL USERS' group to 'Deny all' and now no one can read the repository, including the owner, even though some users are in a group with appropriate permissions or some are not. Receiving the message, "You don't have permissions for operation view".
  6. We've figured it out! The user is duplicated and one of the accounts is 'INACTIVE'. It seems the 'OWNER' was fixed to the 'INACTIVE' account but by adding the domain to the user, the 'OWNER' is now fixed to the ACTIVE account.
  7. There are a number of duplicate users of which one of each is designated 'INACTIVE (Not licenced)'. Interestingly, the user 'OWNER' is also designated 'INACTIVE (Not licenced). The command 'cm showowner repserver:server_address:8087' works fine. I also tried to deactivate user using 'cm deactivateuser {user ID}' but no success.
  8. Unfortunately that's not possible because we are on a very secure network. I don’t know if it helps, but I had a look at what’s being passed to the plastic server. The request from the command “cm du XXXXXX --nosolveuser” is a .net remoting call to DeactivateUser.vCodice.CM.Interfaces.ISecurityHandler The reply from the server includes the response- $Codice.CM.Common.CmSecurityException.....mExceptionArgs.ClassName.Message.Data.InnerException.HelpURL.StackTraceString.RemoteStackTraceString.RemoteStackIndex.ExceptionMethod.HResult.Source.... ........System.Collections.IDictionary.System.Exception................$Codice.CM.Common.CmSecurityException......SECURITY_CANT_DEACTIVATE_USER
  9. In the 'Repository Server Permissions', I am in a group that has ALL 'Allowed' permissions. Unfortunately, I don't appear to have permission to deactivate a user. Using the command 'cm deactivateuser S-1-5-21-xxxxxxxxxx-xxxxxxxxxx-xxxxxxxxx-xxxxx --nosolveuser', I receive the message 'You don't have permissions to deactivate user S-1-5-21-3325927102-2916226932-842127252-66320. You need to be repository server administrator in order to be allowed to complete this operation.' Any suggestions?
  • Create New...