ISE - User limitation

Similar Messages

• Extended user rights and 500 users limits on a PDF Form

  Hello,
  I read that there's 500 users limits for using extended user rights on Acrobat Pro 9.
  Here's my situation:
  - I built an application PDF form with extended user rights for Adobe Reader users to save the form. And I'm going to be hosting it on the web for users to download the PDF form to their local hard drive.
  - The form will have a button to submit to a web page with a script for processing FDF, XFDF, XML, or HTP form export.
  My question is:
  1. Would it be violating the 500 users limits if more than 500 users download the form and save the PDF after filling out fields, but not submit the data back to the server?
  2. What would happen if more than 500 responses are received through above method? Would new visitors still be able to save the PDF form for their archive purpose after downloading it from our web site?
  Thanks.

  Can Adobe's licensing department define "extract"?  I know there is a lot of confusion here and I'm trying to understand.
  Here is our scenario:  We have developed an Adobe fillable form which we will be sending to 1000 customers.  Customers can open the form (in Reader v9.5 and greater) and fill out the form, validate it and then print it.  The customers are not sending the PDF files back to us and the PDF data is not being collected so there is no data we can extract from Adobe files (we are not that advanced yet).  Customers will just print the information, then fax or send back to us by U.S. Mail. 
  When we receive the completed information (via fax/mail, not PDF), we read information off our form.  Does Adobe consider reading our information “extracting” with our eyes?  I’m not sure how they can consider that extracting?  I would think Adobe owns the mechanism (aka PDF file) for validating our content, but they wouldn’t own the content on our form if we want to physically read it, right?
  Adobe needs to clarify this more clearly and I’ve ready their interpretation of the Policy, but it doesn’t address this scenario.  http://www.adobe.com/products/eulas/pdfs/Reader_Extension_Policy_A10-5-31-2011.pdf
  George, I don't think you are an Adobe Employee.  I see you are a MVP, but you are not officiall speaking for Adobe are you?
  ---Thanks.

• Did Cisco ISE have limitation for policy setting?

  Deat All,
  Did anyone know about Cisco ISE limitation about policy setting?
  Right now my setting for windows posture policy around 200 windows patch checking, did ISE have limitation such as maximum windows patching policy line?
  Thanks you
  Best Regards

  Here is the nswer for your first question.
  Cisco ISE profiler collects a significant amount of endpoint data from the network in a short period of time. It causes Java Virtual Machine (JVM) memory utilization to go up due to accumulated backlog when some of the slower Cisco ISE components process the data generated by the profiler, which results in performance degradation and stability issues.
  To ensure that the profiler does not increase the JVM memory utilization and prevent JVM to go out of memory and restart, limits are applied to the following internal components of the profiler:
  Endpoint Cache—Internal cache is limited in size that has to be purged periodically (based on least recently used strategy) when the size exceeds the limit.
  Forwarder—The main ingress queue of endpoint information collected by the profiler.
  Event Handler—An internal queue that disconnects a fast component, which feeds data to a slower processing component (typically related to a database query).
  For more information go through :
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_prof_pol.html#12624

• Users limitation in Inforamation Broadcasting in BI 7.0

  Hi Guys,
  I'm publishing the reports in portal by using the information broadcasting. Here I have selected the My
  portfolio and seleted the users, user specific. But we have 600 users.
  Is there any number of users limitation in information broadcaasting?
  Please provide me the useful information on this.
  Helpful answers will be rewarded with full points.
  Thanks
  Prasad

  Hi,
  Please check the below link, may be of some helpful to you.
  http://help.sap.com/saphelp_nw04s/helpdata/en/a5/359840dfa5a160e10000000a1550b0/frameset.htm
  Thanks
  Mayank

• ISE User Session Limiting

  With ACS 5.3, you can set a limit on the number of concurrent sessions a single username is allowed.  This feature is documented at http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/access_policies.html#wp1176806.  I am looking for something similar in ISE.  Since ISE is based to a large extent on ACS for its RADIUS functionality, I would presume that it is there, but I don't see any means of setting it at this point.  Does anyone know how to do this?  I am running ISE 1.1.

  FYI,
  Release Notes for Cisco Identity Services Engine, Release 1.2
  http://www.cisco.com/en/US/docs/security/ise/1.2/release_notes/ise12_rn.html

• ISE RBAC, limiting data to regional admins

  Hey all, I was playing around a little bit with the local RBAC. The config is fairly straightforward in limiting access to menus and works like a champ. However I'm struggling a little bit with limiting access to data. Here is the strategic goal:
  Create local site users that can only look at the 'operations' menu. Limit what appears in the data fields to only things from their particular sites, so that only authentications from the site show up for instance.
  Here is what I tried to do:
  Created a network device group for the site under 'all locations'
  Created a Data access permission with:
       Site group->Full Access
  Created an admin access policy with the following rule:
       If Admin Groups=Site Then Permissions=Menu-Helpdesk Admin (operations only) and Data-Site group access
  Created admin group for the Site
  Created a user and assigned it to the Site admin group
  When I log in it's limited to the operations menu as expected. However I can view all authentications, it isn't limited to auth that happened on the location WLC I defined.
  Now that was just a guess on how to limit the info based on my logic. So, if anyone knows how to limit this let me know, thanks!

  Please refer "Role-Based Permissions" from
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_man_admin.html#62254
  Data Access Name
  RBAC Group
  Permissible Admin Groups
  Permissible Network Device Groups
  Super Admin Data Access
  Super Admin
  Admin Groups
  User Identity Groups
  Endpoint Identity Groups
  All Locations
  All Device Types
  Policy Admin Data Access
  Policy Admin
  User Identity Groups
  Endpoint Identity Groups
  None
  Identity Admin Data Access
  Identity Admin
  User Identity Groups
  Endpoint Identity Groups
  None
  Network Admin Data Access
  Network Device Admin
  None
  All Locations
  All Device Types
  System Admin Data Access
  System Admin
  Admin Groups
  None
  RBAC Admin Data Access
  RBAC Admin
  Admin Groups
  None

• Cisco ISE - User with expired password is forced to logoff before they can change password.

  I came across a situation today where a user was logged into a laptop with an expired password and could not change it by simply locking the computer and logging in with the correct credentials. (They had previously changed it on their main computer) The port restricted any communication since the user was failing authentication.
  So, the I had the user logout and immediately the computer authenticated, and the user was able to login with the correct credentials.   I dont want my users to have to logout completely in this situation.  Below is the port config and the ISE error messages.
   switchport access vlan 423
   switchport mode access
   switchport block unicast
   switchport voice vlan 425
   ip arp inspection limit rate 10
   ip access-group ACL-LOW-IMPACT-MODE in
   authentication event fail action next-method
   authentication event server dead action authorize voice
   authentication event server alive action reinitialize
   authentication host-mode multi-auth
   authentication open
   authentication order dot1x mab
   authentication priority dot1x mab
   authentication port-control auto
   authentication periodic
   authentication timer reauthenticate server
   authentication timer inactivity server
   authentication violation restrict
   mab
   snmp trap mac-notification change added
   dot1x pae authenticator
   dot1x timeout tx-period 3600
   spanning-tree portfast
   spanning-tree bpduguard enable
   ip dhcp snooping limit rate 100

  Completely forgot about odac version. I have ODT with ODAC 102.02 installed.
  I want to download new drivers from here:
  Oracle10g Release 2 ODAC and Oracle Developer Tools for Visual Studio .NET
  http://download.oracle.com/otn/other/ole-oo4o/ODTwithODAC1020221.exe
  And old drivers from here (just for testing)
  Oracle Developer Tools for Visual Studio .NET 10.1.0.4.0
  http://download.oracle.com/otn/other/ODT10104.exe
  Does anybody know something about these releases? Do they have the same behavior?
  Thanks.

• Cisco ISE User Authentication Certificates for Wired and Wirless Users (BYOD)

  Can any one tell me from where we can purchase User Authentication Certificates for Wired and Wireless Users (BYOD) for Cisco ISE. Also Confirm what certificates we required for the purpose.
  Please suggest the Website form where we can purchase and ipmort in Cisco ISE certificate Section.
  Thanks.

  Dear Mohana,
  Thanks for your reply, Can you please confirm me in regards EAP-TLS certificate, which authorities you recomend if i go to Go dadday or very Sign to buy it and then import in ISE.
  Looking forward for your reply.
  Regards,
  Muhammad Imran Shaikh
  Resident Engineer, IT Network Section - PPL
  Mobile : 0092-312-288-1010
  LinkedIn : pk.linkedin.com/pub/muhammad-imran-shaikh/10/471/b47/

• Cisco ISE users self-registration Time Zone

  Hello, everyone!
  I'm configuring ISE Guest portal and I wonder why I need to choose time zone while in self-registration? Where is it used? And how can I disable this parameter from the self-registration page?

  Time profiles provide a way to give different levels of time access to different guest accounts. Sponsors must assign a time profile to a guest when creating an account, but they cannot make changes to the time profiles. However, you can customize them and specify which time profiles can be used by particular sponsor groups. Beginning with Cisco ISE 1.2 time profiles are referred to as the account duration in the Sponsor portal.
  Cisco ISE 1.2 includes these default time profiles, which replace the profiles available previously:
  DefaultFirstLoginEight—the account is available for 8 hours starting when the guest user first successfully connects to the Guest portal. This replaces the DefaultFirstLogin time profile.
  DefaultEightHours—the account is available for 8 hours starting when sponsors first create the account. This replaces the DefaultOneHour time profile.
  DefaultStartEnd—sponsors can specify dates and times on which to start and stop network access.

• Cisco ISE User support

  In ISE-3355 Platform when we say it supports between 500 and 1000 concurrent users, is it the concurrent user session or authentication or what exactly it is?

  Hi,
  You can use the global search box available at the top of the Cisco ISE home page to search for endpoints. You can use any of the following criteria to search for an endpoint:
  •User name
  •MAC Address
  •IP Address
  •Authorization Profile
  •Endpoint Profile
  •Failure Reason
  •Identity Group
  •Identity Store
  •Network Device name
  •Network Device Type
  •Operating System
  •Posture Status
  •Location
  •Security Group
  •User Type
  You should enter at least three characters for any of the search criteria in the Search field to display data.
  The search result provides a detailed and at-a-glance information about the current status of the endpoint, which you can use for troubleshooting. Search results display only the top 25 entries. It is recommended to use filters to narrow down the results.

• Concurrent User Limitation

  Hi,
  Understand that VS Studio 2008's CR with a limitation of 3 concurrent user access, am I right?
  How about if I upgrade to CR XI Developer Edition,
  Is there any concurrent user access limitation?
  by using CR Developer XI edition with VS studio 2008, using CR viewer in asp.net web application.
  Thanks

  All versions of CR are limited to 3 CPL. To increase this, you have to go to Crystal Reports Application Server or Business Objects Enterprise.
  Perhaps the better question is; why do you feel you need to go beyond 3 CPL?
  For more info re. Crystal Reports Application Server see the following:
  http://www.sap.com/solutions/sapbusinessobjects/sme/reporting/crystalreportsserver/featuresfunctions/index.epx
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/40bccdfd-88a6-2b10-1da1-c47a54b625a7
  Ludek
  Follow us on Twitter http://twitter.com/SAPCRNetSup

• ISE - User reauthentication

  Hi,
  I am in the process of testing ISE. I have run into an issue when a user needs to reauthenticate the below popup that request aditional information happens to fast that you sometimes do not even notice it or able to click it in time to retype your credentials.
  Is there anyway to delay this or a process to be able to type your details.
  It is particularly annoying when you do not have the below enabled.

  The issue is not related to ISE per say.
  When a user changes his/her password the popup appears as per my original post. This popup however dissapears 1-2 seconds later. Please keep in mind that ISE sends the authentication requests to an external identity source.
  I am sure anyone else who setup 802.1x would get this issue where the popup is way to fast to re-enter your credetials after the password change. I added the 2nd screenshot on showing that you can enable it to automatically use your domain credentials. This however is not always feasable to have it automattically use the users domain credentials.

• Unity Connection Office 365 Single Inbox - 100 Users Limitation

  Hi all,
  Goiing over the Unity Connection release notes:
  Cisco Unity Connection 8.6(2) Support for Microsoft Office 365
  Revised 13 April, 2012
  In Cisco Unity Connection 8.6(2) and later, you can configure Connection to synchronize voice messages in Connection user's mailbox with the user's Exchange Online mailbox configured on Microsoft Office 365 environment. Microsoft Office 365 is a cloud hosted collaboration solution provided by Microsoft.
  Cisco Unity Connection 8.6(2) SU1 is qualified for 100 users with Microsoft Office 365. For scalability beyond 100 users, you need to contact UCBU Product Management team through [email protected] mailer.
  Note The integration beyond 100 users will not be supported by TAC until the BU has signed off on it.
  I was aware of the 19 users per Unified Messaging account issue, in which we created several UM Service accounts as a temporary fix until Microsoft lifts the limitation.  I wasn't aware of the above that there is a limitation to 100 Users total.
  There has been a few posts regarding the 19 user/account issue in which the workaround has been to create up to 20 UM accounts to get up to 380 users as a temporary solution.
  Any insight as to when this will be lifted or detailed timelines would be great!
  Thanks,
  Chris

  Hey Chris,
  I wouldn't go that route as you nicely noted. The specific locales for su2 are not shown
  and I'm pretty confident that this bug would carry over to su2 as well
  But then again....I could be way off base here
  CSCty54979 - 8.6.x release notes should detail what builds are required for locales
  Symptom:
  Release notes for Unity Connection 8.6(2a) and  8.6(2a)SU1 are not clear about what builds the use of locales  (localizations) are supported with and where they can be acquired
  Conditions:
  Customers wishing to support non-US English (ENU) languages with Unity Connect 8.6.x
  Workaround:
  For  Unity Connection 8.6(2a), you must install ES12 and use the locale  files that are labeled as ES12. The locale files are posted on cisco.com  for download, but Unity Connection ES12 is not (you will need to open a  TAC case and request a copy of 8.6(2)ES12)
  For Unity Connection  8.6(2a)SU1, the 8.6(2)ES12 locales should NOT be used. An updated set of  locales will be posted for use with this build in the near future  (expected by roughly mid to late April 2012). Also note that if you are  currently using the 8.6(2)ES12 locales, you should NOT upgrade to SU1  until the SU1 locales are posted to cisco.com so that you can use them.
  If su2 is equivalent to ES44 then they aren't shown on this doc either??
  http://www.cisco.com/web/software/Voice/pdf/LocalizationSupportforCUCESreleases.pdf
  Cheers!
  Rob
  "May your heart always be joyful
  May your song always be sung" - Bob Dylan

• How do I allow other users limited access to iPhoto?

  I am seeking to create other user accounts for my Mac that will allow my wife and my 8 year old to view photos in iPhoto but will not allow them to screw it up (i.e., will not allow them to edit or delete any photos, etc.).  Is there a way that I can give them access to view only?  Thanks.

  When you share a Photo Stream and invite a family member to view it, the family member will see the photo stream in the iPhoto Library, in the iCloud section:  It will look like regular albums.

• Disabling user limitation notifications

  Hello,
  I have set parental controls on a Macbook Pro running 10.7. When I login as the guest user, I am prompted, oftenly of the things or Apps I cannot use. Is there any way of disabling the notifications other than giving full control to the guest user? Please let me know.
  Thanks in advance!

  tech@scs wrote:
  Is there any way of disabling the notifications other than giving full control to the guest user?
  no.