dnd 5e – As a Warlock, can I cast Vampiric Touch on myself to grant my pact weapon an extra 3d6 necrotic damage?

No, you can’t improve Thirsting blade with the Vampiric Touch

Thirsting Blade is a Warlock’s counterpart of the Extra Attack feature:

You can attack with your pact weapon twice, instead of once, whenever you take the Attack action on your turn.

The Vampiric Touch is a spell involving a spell attack:

The touch of your shadow-wreathed hand can siphon life force from others to heal your wounds. Make a melee spell attack against a creature within your reach. On a hit, the target takes 3d6 necrotic damage, and you regain hit points equal to half the amount of necrotic damage dealt. Until the spell ends, you can make the attack again on each of your turns as an action.

When you cast Vampiric Touch, firstly you take the Cast A Spell action and expend a 3rd level spell slot. Then you deal 3d6 and only 3d6 necrotic damage, if you succeed with the melee spell attack. This melee spell attack is a part of the spell — you literally have to touch the target with “your shadow-wreathed hand” to apply the spell effect.

Within 1 minute, you can repeat this action without expending more spell slots, providing you maintain the concentration. This requires an Action. So you have to choose — either you make two weapon attacks (second one because of the Thirsting Blade invocation) with your pact weapon, or you make one spell attack with the Vampiric Touch.

See also Can you apply the Vampiric Touch and Shocking Grasp damage together in one attack?

5e is quite restrictive regarding damage output. For instance, you can’t stack Thirsting Blade with Extra Attack, if you have the latter from multiclassing:

the warlock’s eldritch invocation Thirsting Blade doesn’t give you additional attacks if you also have Extra Attack

There are methods of increasing the Vampiric Touch damage output, but they are based on increasing of number of actions, not just number of attacks being made.

oracle – TNS-00534: Failed to grant connection ownership to child

when I tried to connect to my oracle instance with sql developer, I see this error in logs

TNS-12518: TNS:listener could not hand off client connection
 TNS-12560: TNS:protocol adapter error
  TNS-00534: Failed to grant connection ownership to child
   64-bit Windows Error: 10022: Unknown error

Can someone give me a poit how to solve this error. Note I have 64b client installed.

windows – Grant database access through GPO

I have a domain in which I have couple servers with dedicated SQL Server databases. I also have couple external companies that need access to this servers and databases on different permission level (even within single company).

At the moment I only have Remote Desktop access working by using a solution from this article:
https://social.technet.microsoft.com/wiki/contents/articles/17671.how-to-add-domain-usersgroup-to-remote-desktop-users-group-on-servers-using-group-policy.aspx

I basically have one GPO for each company on each permission level like User and Admin. Inside GPO I’m assigning security group linked to a company members (for example “RDP Access – User – CompanyA”) to “Remote Desktop Users”. And I can drag and drop this GPO to particular OU linked to a computer. By that everyone inside company security group is also getting assigned to “Remote Desktop Users” and will get access to a RDP on that server.

I have trouble granting access to a database. I tried the same approach as for RDP – where I would make a GPO that would assign company’s security group to a group responsible for database access. But the problem is that there is no builtin group like that. So I tried to create my own security group, let’s say “Database User” that will be an equivalent for “Remote Desktop Users” but instead of RDP it would apply to the database. I then made a login inside my DB corresponding to that group following this article:
https://www.mssqltips.com/sqlservertip/6702/sql-server-windows-authentication-with-users-and-groups/

But this does not work and users can not connect to the DB even if they are in correct security group. Group “Database User” works by itself and I can assign users straight this group and they are able to connect. But it does not work when assignment is handled via GPO.

I suspect that this is a problem with “Remote Desktop Users” being local group on that particular computer whereas my group is only visible through domain (I can view “Remote Desktop Users” inside Local Users and Computers but there is no “Database User”).

Is there any way of granting database access through GPO in such scenario? If yes – how?

This is simplified example of my GPO structure:

enter image description here

Unable to add user inside Office 365 from SharePoint + Adding the user inside the Office 365 group will not grant permission on the SharePoint site

I have this weird problem, where we have a modern team site collection >> and using the office 365 admin >> I want to add a user to the underlying Office 365 group >> so I went to SharePoint site >> clicked on “Site Permission” >> “Invite Users” >> “Add members to group”, as follow:-

enter image description here

but i did not get any option to add the new user, as follow:-

enter image description here

Also when i went to the Office 365 group and added the user as Members >> wait for around 3 hours now >> the user did not get any permission on the SharePoint site..

so not sure what is going on?
Thanks

oauth 2.0 – How to create a client for Authorization Code Grant with PKCE in Laravel Passport?

I’m trying to implement the **Authorization Code Grant with PKCE ** flow in Laravel Passport. Its documentation says that I have to use this command:

php artisan passport:client --public

That’s fine, but I have to do it manually, I want to create those clients automatically, I mean, bring to my users a dashboard where they can create their clients. For that, I need to call through Ajax (or fetch) from my frontend some endpoint of Laravel Passport who allows me to create PKCE clients, but I don’t know which endpoint call.

Laravel Passport provides the POST /oauth/clients endpoint to create clients, but this only create Authorization Code Grant Clients (without PKCE) and I don’t know how to specify to create a PKCE client (same problem for Password Grant Tokens clients).

I was searching in the Laravel Passport’s Client Controller and I realized that I can’t specify what kind of client I want, this is the store method of Laravel Passport’s Client Controller:

public function store(Request $request) {

    $this->validation->make($request->all(), (
        'name' => 'required|max:191',
        'redirect' => ('required', $this->redirectRule),
        'confidential' => 'boolean',
    ))->validate();

    $client = $this->clients->create(
        $request->user()->getAuthIdentifier(), $request->name, $request->redirect,
        null, false, false, (bool) $request->input('confidential', true)
    );

    if (Passport::$hashesClientSecrets) {
        return ('plainSecret' => $client->plainSecret) + $client->toArray();
    }

    return $client->makeVisible('secret');
    
}

As you can see, in the create() method of the client, values are “hard-coded” preventing me to create another kind of client through the JSON API.

Also, I was searching in the Laravel Passport’s Client Model and I realized that, with the model I can specify what kind of grants I want for that client:

protected $casts = (
    'grant_types' => 'array',
    'personal_access_client' => 'bool',
    'password_client' => 'bool',
    'revoked' => 'bool',
);

So, there have to be a way to create clients for any type of grants (like PKCE), but I don’t know how.

Should I override the Laravel Passport’s Client Controller? How can I do it? I know that I can use the model to create my own clients in my own endpoint, but I want to keep the POST /oauth/clients route, so I would need to override the Laravel Passport’s Client Controller, but I don’t know how, can you help me, please?

Why have a refresh_token with an OAuth2 Client Credentials grant type?

Can someone explain to me the purpose of the refresh token when you’re using the Client Credentials grant type with OAuth2? I’m confused because you can easily generate a new access token without one, so why bother?

For example, to get an access token you typically only need:

https://oauth.example.com/token?grant_type=client_credentials&client_id=CLIENT_ID&client_secret=CLIENT_SECRET

So why would you ever use:

https://oauth.example.com/token?grant_type=refresh_token&client_id=CLIENT_ID&client_secret=CLIENT_SECRET&refresh_token=REFRESH_TOKEN

Is a refresh token more applicable when using other grant types (eg. Resource Owner Password Credentials)?

dnd 5e – Does Wind Walk grant stealth benefits due to gaseous form?

There has already been some helpful discussion about whether wind walk in D&D 5e also gives the extra effects associated with gaseous form (Just how gaseous is the “gaseous form” of the Wind Walk spell?). I understand the past consensus was that RAW says probably not, but that there is an acceptable basis for house rules to say otherwise.

In my group, we seem to have opted for the interpretation that being in wind walk’s gaseous form gives us all the benefits of gaseous form. For example, we’ve been able to do do things like flow through small cracks in wind walk.

Under my group’s interpretation of a wind walk that allows gaseous state benefits, would being a gas also make us more difficult to see, which would grant a stealth bonus? For context, we have a tentative plan to infiltrate a warehouse by slipping through a keyhole in wind walk, so we may need to resolve how easy it is for the guards on the other side to see us come in.

Personally, I would rather not get the bonus because it feels too easy to be be able to wind walk past foes. I’m hoping to learn whether it’s reasonable to propose no stealth bonus under the current house rules, or whether I’d have to ask the DM and the group if they would consider changing this house rule in order to address this.

conditional – How to set up limited, web-only access for unmanaged devices BUT grant saving/printing for external shared files?

Community,

I need some help with different access controls for unmanaged devices in my company.
Users inside the company having limited, web-only access to SPO sites and content, if they are using unmanaged devices.
External shared files will be opened on unmanaged devices outside the company. They should be able to print and download the files.

The limitation of web-only access on unmanaged devices is blocking saving/printing of external shared content.

How could I solve this problem?

Thanks for your help,
Simon