Ise local admin ( CLI )

Similar Messages

• Cisco ISE and Admin CLI question

  Hi there. 
  I have strange problem with my ISE installation. First of all I use AD users for authentication. It works fine over HTTPS. I can login with my AD admin by HTTPS.
  The problem starts when I try to login via CLI (SSH). I got login prompt. When I type my AD credentials it says "Login Incorrect" and I got the same result if I try with the local admin account.
  I did try to reset the local admin account password via HTTPS to verify that type the correct password. But no effect.  
  My ISE is installed on VMware. 
  Any experiences with this one?
  BR.

  The CLI authentication which is the base Linux OS is not/cannot be tied to AD for admin authentication. You only integrate the application installed on the top of Linux, which in this case is ISE, to AD. So to login to the cli shell you will need to use the username/password that you configured during setup. If you don't recall those you will need to perform a password rest via the installation CD/ISO
  Thank you for rating helpful posts!

• Error message running powershell as admin, not running ISE as admin

  I have a powershell script local on my dc. When I run the script from inside ISE (as admin) it works beautifully. When I run it just inside a powershell window (as admin) it gives me an error:
  Register-ScheduledTask : Cannot bind argument to parameter 'Action', because PSTypeNames of the argument do
  the PSTypeName required by the parameter: Microsoft.Management.Infrastructure.CimInstance#MSFT_TaskAction.
  Why would it be different running from ISE than from powershell window? I don't want to have to open ISE ever time to execute the script.
  mpleaf

  Back quotes and smart quotes from Web pasted code can create big headaches too.
  If you want to see an example of this, take a look at the code here:
  https://dthomo.wordpress.com/2011/02/10/disabling-activesync-by-default-on-exchange-2010/
  Many moons ago, I copied that, pasted it into Notepad++, saved it as xml, and put it up on my Exchange servers.
  Result = broken, very angry Exchange. The code is perfectly fine, but those quotes...
  Now, one interesting thing I just noticed. I pasted that code above into Notepad++ and saw the smart quotes as expected. I then pasted it into the ISE, and the quotes appeared as normal straight quotes. I saved the file as test.xml to see if the
  ISE was somehow smart enough to save me from these quotes. Opened it up in Notepad++. Smart quotes survived.
  I think this could be kind of dangerous, as you'd never know that your quotes were bad by looking at the text in the ISE... Can either of you confirm this behavior?
  EDIT: The text highlighting of the saved file in the ISE is apparently a good indicator of this though:
  Don't retire TechNet! -
  (Don't give up yet - 12,830+ strong and growing)

• How to reset password of a local admin in window 8.1

  Hi, I have a window 8.1 machine with only a local admin user. Accidentally, the user id got locked due to three incorrect attempts and not i cannot get in to the machine. To reset the password, i tried to use the password reset USB from other machine as
  i cannot create from the same machine but it didn't work. I also tried to change the password through command prompt but 
  Please suggest how I can reset the Password or unlock the userID of the local admin user.
  Thanks,
  Kunal
  KC

  Hi,
  A locked-out account cannot be used until it is reset by an administrator or until the lockout duration for the account has expired.
  If you remember the password,you may type the password after the lockout duration for the account has expired.
  If you forget the password,please refer to the link below:
  http://windows.microsoft.com/en-us/windows/what-do-forget-windows-password#1TC=windows-8
  Regards,
  Kelvin hsu
  TechNet Community Support

• How to reset local admin user password in

  Dear members,
  i want to reset local admin account(not administrator built-in), let say i have user adminlocal and member in administrator group. my question, how to reset this user via GPO in domain, because i have more than 5000 workstation in my environment. and how to
  generate summary of all workstation which are password reset.
  i've tried from this link,
  http://community.spiceworks.com/how_to/show/1966-how-to-change-local-user-or-admin-passwords-on-remote-computers
  using PSTools sysinternal from microsoft, but while i execute one PC on domain for sample using this script, they showing access denied
  anyone in this forum can help me to resolve this problem?.

  Dear,
  you can use Powershell to do this.
  I've found a script in the script center which can do this.
  http://gallery.technet.microsoft.com/scriptcenter/66a5b38f-cdf1-4126-aa0c-be65e16dd650/view/Discussions#content
  Set-Password -computer 'server' -user 'Administratorlocal' 
  You can create a loop in powershell to check all your servers which you've posted in a .txt file for example.
  $strcomputers = Get-Content c:\servers.txt
  foreach ($strcomputer in $strcomputers)
  $admin=[adsi]("WinNT://" + $strComputer + "/administratorlocal, user")
  $admin.psbase.invoke("SetPassword", "Whatever1")

• Restart-Computer remotely with Local Admin

  Hello;
  I manage my company's server and AD infrastructure, containing hundreds of Windows 2012 R2 servers.  I also patch all of my servers monthly.  The biggest challenge in patching servers, is the fact that they need to be restarted every month, in
  order for the patches to finish installing.
  We have a certain group of servers, that need to have their restarts specifically scheduled.  The services offered by these servers are managed by a specific group of IT Pros.  However, this group of IT Pros do not have Local Administrative permissions
  on these servers (nor do they need it to do there jobs).
  I would like to enable this group to remotely restart these servers every month using the 'Restart-Computer' powershell command, without granting them Local Admin (that way, I won't need to get up at 3am every month to do this myself).  I've tried adding
  them to the following "User Rights Assignment": "Force shutdown from a remote system" and "Shut down the system".
  But, they still get an "Access Denied" error message.  What am I missing?  Is this even possible?  I've searched for hours now, but with no luck.

  Thank you for the reply, but I had already tried those suggestions.  Here's what I've tried so far:
  First, as I mentioned before, I've added the admins to the following "User Rights Assignment": "Force shutdown from a remote system" and "Shut down the system".  Then I temporarily added the admins to the "Allow log
  on locally" user rights assignment so that I may log on to the server as the admins and prove that the admins can indeed restart the local server.  From the server console, the admin was able to launch a powershell session and run the "Restart-Computer"
  command, and the server restarted perfectly. 
  So that part worked just fine.  But I would like to get the admins to remotely restart the servers, without granting them the "Allow log on locally".  Another thing I tried, was to create a new remote PSSession, and then run the Restart-Computer
  command from there.  At first, the New-PSSession gave me an access denied error message.  That's when I ran the Get-PSSessionConfiguration command, and I noticed that the "Builtin\Remote Management Users" group was allowed access. 
  So I added the Admins to that group on one of the servers.  Now the New-PSSession command worked.  But the Restart-Computer still gives me an Access Denied error message.
  Here are the commands that I am using.
  First, running the Restart-Computer from the admin's workstation:
  Restart-Computer -ComputerName SERVER01
  Second, running the Restart-Computer command from with a remote PSSession.
  New-PSSession -ComputerName SERVER01
  Enter-PSSession 2
  Restart-Computer
  Either way, I get an access denied message.

• Can't print with user but can with local admin

  Hello All,
  I'm a Windows admin learning how to support Macs in a 2003 AD environment. Here's my problem. I have a Windows 2003 AD Domain and an office of Mac clients running OSX 10.3.9. I'm using AdmitMac version 1 to connect the Mac's to AD. There's been previous problems with Mac machines dropping from the AD domain. A quick fix of this problem involves re-adding the affected machine back to the AD via the Admitmac utility. A long term fix of this problem will be an upgrade to Admitmac version 3, but that's down the road.
  Anyway, when 1 client lost its AD authentication, adding the machine back to the AD caused the local user profile to not be able to print to the shared network printer anymore. Printing works when logged in as the local admin on the Mac, but not as the user. I've tried giving the user admin rights, reconnecting the printer, and re-adding the machine to the domain. All of this has not helped the situation.
  Does anyone have any ideas for a possible fix?
  Thanks and sorry for the long winded post.
    Mac OS X (10.3.9)  

  USB printers are a pain.. it might not work at all from windows.. that is just the reality.
  USB printers are local printers that plug into your computer.. save your $50.. and the cost of the next couple of sets of ink cartridges or toners and go and buy a network printer. ie one that is designed to work in a network.
  If you want to pursue this..
  1. How did you name the Express.. and its wireless?
  Names should all be short, no spaces and pure alphanumeric.
  2. What printer is it? If you plug it in via USB to the computer does it work?
  3. Once you have it working plugged into the computer change it to print to IP of the airport express and see if that works.
  You can do this without bonjour..
  See this video for example of setting up printing to Extreme (same thing) by printing directly to the TCP/IP port.
  http://www.youtube.com/watch?v=qTN1g846dRE
  It is windows 7 but 8 should be much harder .. naturally MS took away the easy access to everything .. but it is still there for the most part.

• Delay when starting accdb without local Admin rights.

  Hi,
  I have a problem with one application, the front end of the application is MS Access DB that's connects to our SQL Server over odbc driver If the user is in a local administrator group everything is working fast. When the same user is put in the user group
  without Administrative rights I recive a delay for about 60 sec then the error pops up
  After I hit ok a new SQL login pops up and I just press second time ok and the application starts without entering any user and pass. This is not happening if the user is in the built in Administrators Group.
  Thanks for the help
  fract

  Hi fract,
  as a Microsoft partner I have asked support for help.
  Here is their answer:
  Hi Partner,
  Thanks for your reply.
  Based on my research, the issue is identified as a compatibility issue that Access 2010 has with SQL Server 2008 R2. Access uses PERMISSIONS function to check the privileges. The PERMISSIONS function is deprecated in SQL Server 2008 R2. I haven’t found
  any workaround for this issue currently.
  You can check the more detail information at below link:
  PERMISSIONS (Transact-SQL)
  http://msdn.microsoft.com/en-us/library/ms186915(v=sql.105).aspx
  I think you need to access SQL Server 2008R2 with local admin right.
  If you have any further questions, please let me know.
  Best Regards,

• How to Reset Password of User while not connected to Domain using Local Admin Account

  How to Reset Password of User while not connected to the Domain using Local Admin Account
  (I have the use of a local admin account), and I want to help a user reset their password who has logged in the PC and had their credentials cached, but forgot this password. 
  In Local Admin Account :
  When I go to Control Panel, users, users, manager user ; I cannot see any users in this window except the local admin account, and, so I cannot reset a user password this way.
  When I go to lusrmgr.msc, then users ; the local admin account will display only. 
  If I go to command prompt and type "net user", this will not display any users who have logged in to the computer, and so I cannot use "net user" to reset a password.
  I don't want to use any disks, 3rd party programs, or create a VPN connection to the domain.  I just want to help a user who calls in and forgets their password.

  Hello Keith,
  I know this is an old thread but I'm trying to better understand how I could change the domain password while not on the network. What I'm getting from your post is that you:
  1. Create a local user account (not a domain user)
  2. Login with that local user account
  3. Connect to the VPN while logged in as a local user
  4. Log out of the local account and login with the domain credentials
  Now, my question is based on the assumption that the password created on the local account is the same password that one will use to login to the domain account? Also, is the local user account the same as the domain account?
  Thanking you in advance!

• Can individual Adobe Air apps be installed without local admin permission into a user-owned folder?

  Is this a supported scenario?
  Windows 7 PC.
  Adobe Air runtime (latest; 4.0) has been installed by an administrator using a local admin account and the eulaAccepted file is present under the "All Users" profile.
  User logs in using her own account which does not have local admin rights.
  User downloads an Air app and tries to install it to C:\Users\<username> where she has full write permissions to the disk.
  What I observe when acting as the User is that the Windows UAC (security escalation to local admin rights) dialog pops up. Can anyone clearly state what the Adobe Air installer is doing that requires the UAC escalation when installing an app to a user's folder? Thanks.

  Thanks for your reply, Chris. We're working around these problems by deploying the Air runtime + the application separately using an administration tool, which is fine for now.
  I logged the question because I don't see any registry edits or privileged folder access taking place. I suspect that the UAC escalation has something to do with the "eulaAccepted" file; checking that it exists. I doubt that escalated permissions are really required for this. In the long term, it'd be good if this "use case" could be added to the test cycle of Air; perhaps the UAC dialog could be avoided, improving the flexibility of deployment options.
  Ideally the test would start with an adminstrator-installed Air package *without* the EULA being accepted. The user should be able to install apps and approve the EULA without the UAC dialog popping up at all.

• Flash Player works only for Local Admins

  Hi!
  We have about 40 computers in our organisation with the same problem: Since few weeks the Adobe Flash Player (ActiveX) works only, when the user has administrative privileges. If a normal user wants to watch youtube-films or other flash objects, there will only appear a message that (a new) Adobe flash player must be installed to view the content (or so). It looks like there is no Adobe Flash player installed. But if the user is a local admin, everything works fine - on the same computer.
  Under Software Adobe Flash Player is displayed as installed.
  We have WinXP Professional SP2/SP3 32bit running on 4-year-old Maxdata computers. And few new computers (also WinXP Professional SP2/SP3 32bit)
  Confusing: There are few computers where flash works for everyone! It seems, that especially the computers that are new don't have this problem.
  I've tested everything: Using the MSI-file, using the EXE-file. Uninstalling the MSI, uninstalling the EXE. Using Version 14, 16 and now 26. Uninstalling everything by the offical Adobe flash player uninstaller. Installing the software as administrator, installing the software via GPO. I've deleted system32/macromed/flash. I've used Microsoft subinacl - with the offical adobe reset_fp10.cmd. I edited system32/macromed/flash so that everybody has write rights on this folder.
  But nothing works. It's always the same: Videos in the IE are only shown for admins.
  And now, I've no idea, what else I could do?!
  Anyone else?
  Greetings from Germany
  Peter

  Pat, is this the one?
  http://forums.adobe.com/thread/729200?tstart=0
  eidnolb

• VM Template bypass Local Admin Password, can it be done?

  I was curious to know if there was a way to create a VM from Template in VMM without having to supply a password in the OS Configuration properties? I know that if we leave that field blank normally, when the VM creation occurs, it will get to about 98%
  and hang. When you "Connect via Console" option, it is sitting at the screen asking you to supply a password, then the installation finishes, and the VM is ready to go. We are trying to set up VM Templates in SCVMM 2012 R2 that are going to be more
  or less a user self-service situation. We have several powershell scripts that automate nearly 100% of our admin tasks for us, and in the VM Template, there is a simple batch file that copies down a directory, and launches a script and away it goes. After
  10-15 minutes, the Hyper-V VM is joined to our domain, page file virtual memory is set based on specs of VM, WSUS is connected and all updates applied since template creation, etc etc etc...
  Our goal is to have the server log on after creation from a template, run the bat file on the D:\ drive, and go completely untouched from start to finish. The Local Administrator account is renamed and given a new password as part of the setup postload scripts.
  But the only way to get the VM to do this is by putting in an initial password in the properties of the VM. How can we create a VM from template without supplying any password? So that once SCVMM creates the powered off VM, the person who created the VM powers
  it on, and then after their 15 minute break, have a server joined to the domain and ready for them to log into.

  Thank you for the reply, I appreciate it.
  I wasn't as clear as I should have been, reading over the initial post I see that now. We have these set up as Service Templates. There is a hardcoded Admin password already supplied in the Machine Tier properties so it does allow from start to creation
  a VM. But then none of the scripts we have set under the "Run Once" property of the configuration will run until an initial logon is provided, then the scripts kick off, the VM reboots twice and 15 minutes later....voila! Server ready to go. It was that initial
  logon we were wondering about bypassing.
  The basic process goes as such:
  1) Service Template launched with "Deploy" option in App Controller or SCVMM
  2) VM Guest syspreps from Machine Tier VM Template and configuration, a local admin password is provided, and VM powers on when complete.
  3) VM Guest stays powered on until local admin hits cntrl+alt+del, provides local admin password
  4) Run Once configuration kicks in, reads the "Auto_script.bat" file from root of D:
  5) Scripts join VM Guest to domain, uses domain credentials, runs a whole series of tasks, removes the domain credentials, reboots server.
  6) Server is now ready for customer to log on to and use, fully updated, on the domain, based on service template used also with the appropriate roles and features configured (File Server, IIS, etc).
  It's that step 3 we are hoping to get around somehow with scripts or whatever so that when the VM guest is powered on after creation, something other than the end user or us cntrl+alt+del the OS, logs on with admin password and fully automated deployment
  occurs from A-Z

• Giving an OD Network User/Group local admin rights.

  Is there a way to manage workstation admin rights from the server?
  I ran into a problem with Lightroom that requires admin privileges to change the program preferences. We have alot of graphic art students with roaming profiles, spread out across 5 labs, that need to make this change. I would like to be able to add a group or all network users to the local admin group, for a few days, so the students can make the changes.

  This works on 10.5, not sure about 10.6.
  As root on the client.
  Upgrading legacy group for local admin group - this is from 10.4 days, not sure if you still need to do it.
  dseditgroup -o edit -f n -t group -n /Local/Default admin
  Nest OD group in local admin group
  dseditgroup -o edit -a DirectoryAdminGroup -t group -n /Local/Default admin
  Gen

• Loginscript via GPO does not work when local admin

  Hi
  We are in the middle of deploying Windows 8.1 to our
  organization. We are using Windows 7 Pro today. We a mapping network drives
  with a logon script via GPO. It is done with the good old net use commands that
  has been working for years e.g.:
  net use K: \\server1\Data /PERSISTENT:YES
  net use L: \\server1\Design /PERSISTENT:YES
  It works perfectly on Windows 7, but on the new
  Windows 8.1 machines, no network drives are mapped. I can see that the GPO are
  applied fine to the machines. It seems to have something to do with UAC and the
  fact that the users is local admins. If I remove the use from the administrator
  group, the script works fine and the drives are mapped just like in Windows 7 (5
  minutes delayed, but it works...!). If I keep the user in the administrator group
  and instead disable UAC by setting the EnableLUA to 0 in the registry it works
  too, but then it gives me a lot of other issues with Metro apps and the Windows
  Store.
  Has anyone found a good solution to map network drives
  for users that needs to be local administrators, without disabling UAC completely
  in the registry?
  Any help would be
  appreciated!
  Thomas | MCP | http://www.techwork.dk

  Thank you Techguy
  "Group Policy Preference Drive Maps", does not just resolve my issue it does also give me some a lot of new awesome options I don't have with net use commands via GPO :-)
  I have not tested it with Windows 7 yet, but I am pretty sure it will work there too
  Thomas | MCP | http://www.techwork.dk

• Can't Login to Local Admin Account

  Over the weekend I rebuilt an OS X 10.4.10 Server.
  I created a local admin account, then set up DNS & OpenDirectory Master. I created some admin accounts in the domain.
  I also set up a Panther Server as "Connected to a Directory System" and joined it to the Kerberos server on the 10.4 server.
  All the clients are connecting to the domain, and everything is working except I can't log in to the 10.4 server with the local directory accounts anymore. I have created a new account in the local directory and tried changing the passwords, but nothing works for logging into the local directory admin accounts. With the exception that I am able to SSh into the local directory accounts.
  Any suggestions?
  Message was edited by: iGary

  Does this help?
  http://docs.info.apple.com/article.html?artnum=307005
  LN