Cisco ACS 5.3 - How to only allow specific AD groups to login

Similar Messages

• How do I only allow SPECIFIC webpages the ability to refresh or redirect?

  Is there some way to have FIrefox only allow specific webpages the ability to reload or refresh a page? I already know of the
  Tools -> Advanced -> Warn me when webpages attempt to refresh or reload the page
  option. I am looking for the ability to only allow specific webpages, not ALL webpages.

  Without additional information on the addon, as the documentation provided is sorely lacking, this addon doesn't help much.
  Now if Firefox itself had a built-in whitelist / blacklist of pages allowed to redirect/refresh automatically, I'd be all for it.
  Appreciate the thought cor-el, but it doesn't help.

• How to only allow integer in textfield/

  hello,
  for my project i need to allow only ip address.
  For this, i get input from text field. If the input is only integer and between range 1 to 255 only i allow into to enter.
  My problem is,
  when I enter aa.bb.cc.dd into the text field ,it also allowed to enter into main function.
  i need to restrict the characters to enter into text field. I want only allow integers.
  how can I do it.
  pls help me to integer check in text field.

  Hi,
  I've implemented number fields based on JFormattedTextField.
  They also support a min and a max value.
  Maybe you find them usefull (the library is open source):
  http://softsmithy.sourceforge.net/lib/docs/api/org/softsmithy/lib/swing/JRealNumberField.html
  http://softsmithy.sourceforge.net/lib/docs/api/org/softsmithy/lib/swing/JDoubleField.html
  http://softsmithy.sourceforge.net/lib/docs/api/org/softsmithy/lib/swing/JFloatField.html
  http://softsmithy.sourceforge.net/lib/docs/api/org/softsmithy/lib/swing/JLocalizedRealNumberField.html
  http://softsmithy.sourceforge.net/lib/docs/api/org/softsmithy/lib/swing/JLocalizedDoubleField.html
  http://softsmithy.sourceforge.net/lib/docs/api/org/softsmithy/lib/swing/JLocalizedFloatField.html
  http://softsmithy.sourceforge.net/lib/docs/api/org/softsmithy/lib/swing/JWholeNumberField.html
  http://softsmithy.sourceforge.net/lib/docs/api/org/softsmithy/lib/swing/JByteField.html
  http://softsmithy.sourceforge.net/lib/docs/api/org/softsmithy/lib/swing/JIntegerField.html
  http://softsmithy.sourceforge.net/lib/docs/api/org/softsmithy/lib/swing/JLongField.html
  http://softsmithy.sourceforge.net/lib/docs/api/org/softsmithy/lib/swing/JShortField.html
  Homepage:
  http://www.softsmithy.org
  Download:
  http://sourceforge.net/project/showfiles.php?group_id=64833
  Source:
  http://sourceforge.net/svn/?group_id=64833     
  http://softsmithy.svn.sourceforge.net/viewvc/softsmithy/trunk/lib/src/org/softsmithy/lib/
  -Puce

• Only allow specific USB device GPO - Existing drivers question

  My employer is introducing a policy that only a specific model of USB drive will be allowed on our IT infrastructure in the future, and I need to restrict the estate so they cannot use any others.
  I have successfully tested & configured the following settings:
  Allow installation of devices that match these device IDs
  Prevent installation of devices not described by other policy settings
  Which works to allow the approved device and block any other new ones. The problem is that any USB storage device that was installed prior to the GPO going live can still be used, unless it is explicitly uninstalled. I have confirmed this in testing across
  multiple devices/reboots.
  Is there any way to force all USB storage drivers to uninstall/other way around this? We have a large estate over a wide area, so it not feasible to uninstall all old drivers manually. Thanks!

  Just a note for anyone else in a similar situation. I haven't found a way to do what I require using Group Policy:
  -Two policies exist that can block all USB storage devices from running or installing, including previously installed devices
  OR:
  -Can block all USB devices except approved device, but have to specifically allow all other desired classes, and has no affect at all on any USB device, including storage, already installed on the computer.
  As a result we are now looking at third party tools to control device access.

• How to only allow ssl in tomcat

  Hi expert,
  I am able to set Tomcat using SSL on port 443 but I like to enabled this the whole site so when user access it throught port 80, I like to redirect them to 443, how can I do this in Tomcat?
  e.g http://www.test.com should redirect user to https://www.test.com
  Thanks.

  Then don't make any other pages available on the non-SSL server.
  If you were using Apache HTTP server, you could do URL rewriting to accomplish what you're talking about, but Tomcat doesn't have that functionality. However, you can use mod_jk to connect an Apache HTTP server to Tomcat using AJP which effectively uses Apache as the HTTP server, and only uses Tomcat to process JSPs and Servlets. I really like this approach, since I can run my Java processes on a "less secure" machine like Linux and protect it entirely with a firewall, and run my HTTP server on a "more secure" server like OpenBSD. Plus I can add additional Tomcat servers and do load-balancing.
  Check out the jakarta-tomcat-connectors on the Jakarta project site.
  Brian

• How to 'Only' allow Numeric value in the Edit Box in AcroDialogs

  Hi all,
  I've create an AcroDialog wizard, I need to allow onlu numeric values in the Edit Box. Can someone please help me with this validation?
  Regards,
  Chris

  There isn't a keystroke event for custom JavaScript dialogs, or any proper interactive events for the fields.  You can validate fields when the user presses OK, and you can test fields when the user changes focus by setting the "Action" property for the field.  But the only practical way to restrict user input to numbers is to use George's suggestion.  There is a number property for the fields but it has an undesirable side affect and I never use it.
  Thom Parker
  The source for PDF Scripting Info
  pdfscripting.com
  The Acrobat JavaScript Reference, Use it Early and Often
  http://www.adobe.com/devnet/acrobat/javascript.html
  Then most important JavaScript Development tool in Acrobat
  The Console Window (Video tutorial)
  The Console Window(article)

• How to only allow internet access.

  I've got an ASA with two "outside" interfaces and twelve "inside" interfaces.
  I'd like to separate the Access Lists between outside access and inside access. By default I'd like the inside interfaces access to the internet and nothing else and then build the ACL's to allow access between inside interfaces.
  I can't imagine this being very difficult to achieve but I've spent quite sometime trying to accomplish this but haven't been able to make it work how I would like.
  Does anyone have any tips?
  Thanks,
  Carlos

  Carlos,
  How I normally handle this is to build a network object group and place the RFC 1918 networks (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) in it and then do a deny to these networks with an allow IP any/any to the outside (internet).
  HTH

• How can I restrict Lion to only allow certain network users to login when bound to an Active Directory?

  Hi,
  I'm trying to find a way to configure which network users can login to a lab of iMacs running 10.7.4. They're being deployed using DeployStudio, and the Macs are bound to an MS Active Directory by a script that runs as part of the workflow. I'd like to have another script run after the AD binding to permit only users in certain AD groups to be able login to them.
  I'm halfway there, in that using dseditgroup I can easily add AD groups or individual users to the relevant group (deseditgroup -o edit -a <domain\\group name> -t group com.apple.loginwindow.netaccounts. After running this I can see the desired groups added to the list in Sys Prefs -> Users & Groups -> Login Options -> Options. However, membership of this group is deemed irrelevant by the fact the radio button above this list for 'Allow these users to log in at login window' is still set to 'All network users' and not 'Only these network users'.
  Does anyone know of a way to enable the 'Only these network users' option via the Terminal/a shell script?
  Thanks,
  Chris

  I tried that, thinking it was exactly what I wanted, but it still sends stuff as SMS (green bubble).

• How to only allow certain users to use internet?

  Hello, I've recently taken over the job of overseeing the internet connection here in my building. We have a shared internet connection and I was told to just give out the same WEP key to everyone. The problem now is that many people have canceled, but the WEP key still works. I want to make sure that only people paying for the service are using it. What is the best way of doing this?
  1. Generate new WEP keys? I think I can only generate 4. Is there a way of generating more?
  2. Block certain "Device Numbers" or "mac addresses?"
  I really know very little, so any help would be really appreciated.

  change the wep key first and then go to the go to the wireless and then on wireless network access (on the set-up page of your router) and click on the button select MAC address of networked computers and it will display the mac address of the client's that was able to connect using the new key and so you can just easily copy it on the permit only MAC address box to flter the connectoin.  So it's much easier than askign each 1 of the client's for the mac address.
  Do this right after dissemnating the new wep key to the clients,

• Netflix on iPad with restrictions set to only allow "Specific Websites Only"

  I have Netflix app installed on my child's iPad.  I have restrictions in place on the iPad too - Website restrictions set to "Specific Websites Only".
  When I do this the netflix app just spins (never gets to the Netflix login).
  If I remove restrictions to allow "All Websites" Netflix works.
  I also allowed www.netflix.com as an Allowed Website.  Also set Safari "Block Cookies" to never to see if this would help.  No luck.
  I want Netflix to work, but I also want the restrictions on the iPad to be set to "Specific Websites Only".
  Netflix support said (tried them first):
  Just spoke with my team who informed me that they have received a few of these complaints. The Netflix app was introduced on the Ipad as a partnership with Apple. We do not have much control over the function of of the permission on the device. They have asked that you reach out to Apple to determine if there is a work around.
  Anyone know how to fix this???

  hello msreyes,
  after countless hours of googling for answers i came up with a solution that works on my situation...it could work for you, its not 100% kids-proof (if your child is tech-savvy then maybe this wont work for you but anyways...)
  first step go Settings/ General/ Safari and set your search engine
  then Go to Settings/ General/ Restrictions/ Enter your passcode, after you set your restrictions (obviously this step differ from parents to kids age) just for reference here are my screenshots of how i managed the kids phone
  ok, so now to the point...next i checked "Limit Adult Content"
  and finally you type as many "search engine" and "social media"  websites you can possible find. " i know that could be quite allot of URL's but by you having Google as "default  serarch enigine and also having www.google.com in th the "NEVER ALLOW" section you kind of take away the "avility" to easly browse Safary,
  so say your child types facebook in safari search bar it will show a " website is restricted" message, thus not allowing google or any websites you strict "for that matter" to let your child roam free in the internet world.
  and to wrap things up, you can now use Netflix's app in you iPhone. and perhaps your child will never find a walk around glitch..

• How to only display specific members from dissimilar hierarchy levels?

  Hi,
  I have a Business Partner that routinely wants to build a report that displays members from dissimilar hierarchy levels. For example, she wants to display member "210_UNASSIGNED EXP/ACC" from level 8 and member "E090_ADVISOR SERVICES" from level 1. When she filters on just those two members, the reports displays as such:
  She then must manually expand the "E020_CORPORATE AND EXECUTIVE" member 7 times to see "210_UNASSIGNED EXP/ACC":
  Is there anyway to make her life easier and have the report display only the "210_UNASSIGNED EXP/ACC" member and the "E090_ADVISOR SERVICES" member, even though they are from different levels?
  Thanks,
  Michael J Titera
  BI4.0 SP8.3
  SQL Server 2012

  Hello Michael
  Displaying information from mixed hierarchy levels without the context of the parent members is a reporting workflow best suited to WebI and CR. The AOLAP content can be exported as an Analysis View and then this becomes a data source for WebI and CR.
  Our previous product Voyager used to allow member selection from mixed levels without the context of parent members but it caused a lot of confusion and misinterpretation of the data, which is why we deliberately do not have it in AOLAP.
  Worth noting that BI4.1 was a big release for AOLAP with many enhancements. One is "Expand to Level". So instead of having to click 7 times to expand the hierarchy, it now just requires one mouse right-click to do the same thing.
  Regards
  Ian

• How to view employees of "only a specific employee-group" from an org unit

  Dear All,
  I am working with authorization for  MSS , now there is following requirement ,
  There are 2 cheif positions in one orgunit , say as cheif-1 and cheif-2 , cheif-1 can view all employees exist in his organization unit ,including cheif-2 . But cheif-2 can see all those employees who belong to employee group non-management and reports to cheif -2  only.
  We have tried to restrict the chief 2 to view employee group of non-mgmt in object p_orgin but still he is able to view all employees of org unit in mss. Kindly let us know it is possible to strict chief-2 to view non-mgmt employees .. & how ?
  Kindly let me know the solution , as it is an urgent .
  Regards
  Sadia Kamal
  Edited by: Sadia Kamal on Oct 14, 2011 3:32 PM

  Dear  All,
  i used the structural authorization everything was working fine but cheif1 can view all his employees as well as cheif 2 ' employees but he can not view chief2 . any suggestion please let me know .
  Regards
  Sadia Kamal
  Edited by: Sadia Kamal on Oct 16, 2011 11:10 AM

• How do I count specific, smaller groups of information in one large table?

  Hello all,
  I have a feeling the answer to this is right under my nose, but somehow, it is evading me.
  I would like to be able to count how many photos are in any specific gallery. Why? Well, on my TOC page, I thought it would be cool to show  the user how many photos were in any given gallery displayed on the screen as part of all the gallery data I'm presenting. It's not necessary, but I believe it adds a nice touch. My  thought was to have one massive table containing all the photo information and another massive table containing the gallery  information, and currently I do. I can pull various gallery information  based on user selections, but accurately counting the correct number of  images per gallery is evading me.
  In my DB, I have the table, 'galleries', which has several columns, but the two most relevant are g_id and g_spe. g_id is the primary key and is an AI column that represents also the gallery 'serial' number. g_spec is a value that will have one of 11 different values in it (not relevant for this topic.)
  Additionally, there is the table, 'photos', and in this table are three columns:  p_id, g_id and p_fname. p_id is the primary key, g_id is the foreign key (primary key of the 'galleries' table) and p_fname contains the filename of each photo in my ever-expanding gallery.
  Here's the abbreviated contents of the galleries table showing only the first 2 columns:
  (`g_id`, `g_spec`, etc...)
  (1, 11, etc...),
  (2, 11, etc...),
  (3, 11, etc...),
  (4, 11, etc...),
  (5, 12, etc...),
  (6, 13, etc...)
  Here's the contents of my photos table so far, populated with test images:
  (`p_id`, `g_id`, `p_fname`)
  (1, 1, '1_DSC1155.jpg'),
  (2, 1, '1_DSC1199.jpg'),
  (3, 1, '1_DSC1243.jpg'),
  (4, 1, '1_DSC1332.jpg'),
  (5, 1, '1_DSC1381.jpg'),
  (6, 1, '1_DSC1421.jpg'),
  (7, 1, '1_DSC2097.jpg'),
  (8, 1, '1_DSC2158a.jpg'),
  (9, 1, '1_DSC2204a.jpg'),
  (10, 1, '1_DSC2416.jpg'),
  (11, 1, '1_DSC2639.jpg'),
  (12, 1, '1_DSC3768.jpg'),
  (13, 1, '1_DSC3809.jpg'),
  (14, 1, '1_DSC4226.jpg'),
  (15, 1, '1_DSC4257.jpg'),
  (16, 1, '1_DSC4525.jpg'),
  (17, 1, '1_DSC4549.jpg'),
  (18, 2, '2_DSC1155.jpg'),
  (19, 2, '2_DSC1199.jpg'),
  (20, 2, '2_DSC1243.jpg'),
  (21, 2, '2_DSC1332.jpg'),
  (22, 2, '2_DSC1381.jpg'),
  (23, 2, '2_DSC1421.jpg'),
  (24, 2, '2_DSC2097.jpg'),
  (25, 2, '2_DSC2158a.jpg'),
  (26, 2, '2_DSC2204a.jpg'),
  (27, 2, '2_DSC2416.jpg'),
  (28, 2, '2_DSC2639.jpg'),
  (29, 2, '2_DSC3768.jpg'),
  (30, 2, '2_DSC3809.jpg'),
  (31, 2, '2_DSC4226.jpg'),
  (32, 2, '2_DSC4257.jpg'),
  (33, 2, '2_DSC4525.jpg'),
  (34, 2, '2_DSC4549.jpg'),
  (35, 3, '3_DSC1155.jpg'),
  (36, 3, '3_DSC1199.jpg'),
  (37, 3, '3_DSC1243.jpg'),
  (38, 3, '3_DSC1332.jpg'),
  (39, 3, '3_DSC1381.jpg'),
  (40, 3, '3_DSC1421.jpg'),
  (41, 3, '3_DSC2097.jpg'),
  (42, 3, '3_DSC2158a.jpg'),
  (43, 3, '3_DSC2204a.jpg'),
  (44, 3, '3_DSC2416.jpg'),
  (45, 3, '3_DSC2639.jpg'),
  (46, 3, '3_DSC3768.jpg'),
  (47, 3, '3_DSC3809.jpg'),
  (48, 3, '3_DSC4226.jpg'),
  (49, 3, '3_DSC4257.jpg'),
  (50, 3, '3_DSC4525.jpg'),
  (51, 3, '3_DSC4549.jpg');
  For now, each gallery has 17 images which was just some random number I chose.
  I need to be able to write a query that says, tell me how many photos are in a specific photoset (in the photos table) based on the number in galleries.g_id  and photos.g_id being equal.
  As you see in the photos table, the p_id column is an AI column (call it photo serial numbers), and the g_id column assigns each specific photo to a specific gallery number that is equal to some gallery ID in the galleries.g_id table. SPECIFICALLY, for example I would want to have the query count the number of rows in the photos table whose g_id = 2 when referenced to g_id = 2 in the galleries table.
  I have been messing with different DISTINCT and COUNT methods, but all seem to be limited to working with just one table, and here, I need to reference two tables to acheive my result.
  Would this be better if each gallery had its own table?
  It should be so bloody simple, but it's just not clear.
  Please let me know if I have left out any key information, and thank you all in advance for your kind and generous help.
  Sincerely,
  wordman

  bregent,
  I got it!
  Here's the deal: the query that picks the subset of records:
  $conn = dbConnect('query');
  $sql = "SELECT *
          FROM galleries
          WHERE g_spec = '$spec%'
          ORDER BY g_id DESC
          LIMIT $startRow,".SHOWMAX;
  $result = $conn->query($sql) or die(mysqli_error());
  $galSpec = $result->fetch_assoc();
  picks 3 at a time, and with each record is an individual gallery number (g_id). So, I went down into my code where a do...while loop runs through the data, displaying the info for each subset of records and I added another query:
  $conn = dbConnect('query');
  $getTotal = "SELECT COUNT(*)
              FROM photos
              WHERE g_id = {$galSpec['g_id']}
              GROUP BY g_id";
  $total = $conn->query($getTotal);
  $row = $total->fetch_row();
  $totalPix = $row[0];
  which uses the value in $galSpec['g_id']. I didn't know the proper syntax for including it, but when I tried the curly braces, it worked. I altered the number of photos in each gallery in the photos table so that each total is different, and the results display perfectly.
  And as you can see, I used some of the code you suggested in the second query and all is well.
  Again, thank you so much for being patient and lending me your advice and assistance!
  Sincerely,
  wordman

• In Profile Manager, Can I assign users to ONLY a specific Device Group?

  In profile Manager (Lion Server 10.7.3) I created DEVICE GROUPS per Lab, and each Lab has a manager. I want to give each manager permissions to see and manage ONLY their devices. Is this possible?

  I'm not sure this was ever designed to be user friendly as typically only Admins or those with elevated permissions would see these groups.  There isn't as far as I can see, any way to add this step within a Wokflow too, unless you're able to install
  some third party steps.
  Steven Andrews
  SharePoint Business Analyst: LiveNation Entertainment
  Blog: baron72.wordpress.com
  Twitter: Follow @backpackerd00d
  My Wiki Articles:
  CodePlex Corner Series
  Please remember to mark your question as "answered" if this solves (or helps) your problem.

• Approve suppliers only for specific material groups

  Dear Experts,
  Current scenario: Our purchasers can buy products from all material groups from every boarded supplier. E.g. they can buy production materials from an office paper supplier.
  Target scenario: The moment a purchaser buys a material that's not part of the approved material group of that specific supplier, he get's an error.
  What is a practical way to achieve this?
  Thanks a lot,
  Steffen

  Normally we maintain Source lists,  which restrict the list of vendors from whom certain materials can be purchased. 
  Sometimes you can also create a Material group level contract, and then in the PO  specify the materials from that specific material group.
  but ideally you should go for source list, as it is the simplest and standard way to control approved suppliers for materials.  I know its not at material group level , but still its the best option.
  Last case, you can go for a development  , use the BADI ME PO PROCESS CUST i think it is.