Restricted Groups - Help Required to Cutdown more poilcy
Hi,
We have around 1000 Server in Domain, where in different OU, However it depends on the Application or role, GPO has been created for adding restricted group for individual server, As referring below the amount of GPO is Keep increasing,
Do we have any option to cut down the Policy common for a OU or some script can be amended ,.. Any suggestions Appreciated.
> depends on the Application or role, GPO has been created for adding
> restricted group for individual server, As referring below the amount of
> GPO is Keep increasing,
Use GPP "Local Users and Groups" instead of restricted groups... This
will allow you to put all your group configuration in ONE gpo and do
item level targeting for specific groups only.
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :))
Similar Messages
-
Hi,
I have a field AUFK-AUFNR (Order) in my dialog program.
I wanted the F4 help for this field based on the order type(AUART).Means when user press F4 help it should display orders for order type 'PP01'(Just Example).
Please let me know how can I get it.
ThanksHi,
did u check this FM:
F4IF_INT_TABLE_VALUE_REQUEST -
Display internal table as search help.
http://www.sapdevelopment.co.uk/dictionary/shelp/shelphome.htm
Also check out:
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/webas/abap/abap faqs.faq#q-9
Regards,
Anjali
Message was edited by: Anjali Devi -
Urgent help required: Query regarding LC Variables
Hi All
Sometime earlier I was working on a performance issue raised by a customer. It was shell script that was taking almost 8-9 hrs to complete. During my research I came across a fact that there were some variables which were not set, the LC variables were impacting the sort funnel operations because of which the script was taking a long time to execute.
I asked them to export the following commands, after which the program went on smoothly and finished in a couple of mins:
export LC_COLLATE=en_US.ISO8859-1
export LC_MESSAGES=C
export LC_MONETARY=en_US.ISO8859-1
export LC_MONETARY=en_US.ISO8859-1
export HZ=100
export LC_CTYPE=en_US.ISO8859-1
export LANG=en_US.UTF-8
Later I did recover that setting the LC_COLLATE to C, is not helping and the program was again taking a lot of time. Few questions that I want to ask are:
1. Can someone please tell me, what each of these variable mean and how these values make a difference.
2. When I exported LC_COLLATE=en_US.ISO8859-1, it worked fine, but when i tried with the defalut value LC_COLLATE=C, then why the program didnt work.
As this issue is still going on, hence I would request All to provide their valuable inputs and let me know as much as possible.
Appreciate your help in this regard.
Thanks
Amit
Hi All
A new development in this regard. The customer has send us a screen shot in which they were trying to export the locale variable using the commands which I have pasted above. I can see in the screen shot that while exporting LC_COLLATE and LC_TYPE, they get a message that ""ksh: export: couldn't set locale correctly"".
Request everyone to please give their inputs as it's a bit urgent.
Thanks for all the help in advance.
Thanks
Amit
Some help required please...
Edited by: amitsinhaengg on Jul 22, 2009 2:03 AM
Edited by: amitsinhaengg on Jul 22, 2009 2:06 AMLC_CTYPE
Controls the behavior of character handling functions.
LC_TIME
Specifies date and time formats, including month names, days of the week, and common full and abbreviated representations.
LC_MONETARY
Specifies monetary formats, including the currency symbol for the locale, thousands separator, sign position, the number of fractional digits, and so forth.
LC_NUMERIC
Specifies the decimal delimiter (or radix character), the thousands separator, and the grouping.
LC_COLLATE
Specifies a collation order and regular expression definition for the locale.
LC_MESSAGES
Specifies the language in which the localized messages are written, and affirmative and negative responses of the locale (yes and no strings and expressions).
You can use command
# locale -k LC_CTYPE
to see more detail about each type. -
Restricting F4 help in transaction ME22n
Hi all,
I have one requirement, i want to restrict F4 help list in me22n, i want to restrict for the field Purch. Group in the Org.data in Header, if some one knows how to do this than please let me know.
Thanks,
NamdevHi,
Get access key for the object
Create a Zview with restrictions and create search help and assign this search help to the standard screen.
Regards,
thiru -
Group Policy "Restricted Groups" (local groups) using group policy preferences
I was recently tasked a solution with creating a group policy to manage RDP user access to a set of Active Directory computer objects.
Part of the solution was to create a policy so that this would only apply a specific security group(users) to a specific set of Active Directory computer objects within the OU to which it was applied so that other machines
and/or user accounts in this OU remain un affected by this policy.
The policy was to be able to include multiple sets of Security groups(users) for the associated machines isolating those security groups(users) to only their sets of Active Directory computer objects.
Reduce the requirement to create multiple group policies to apply different "Local Group"/"Restricted groups" management for computer objects in the domain.
I thouhgt about using System based policies and creating different WMI filters to target sets of AD Computer objects, but came to the conclusion this would not help due to the limited of WMI quries I would be able to create for a standard
Image.
So I then thought about group policy preferences and came up with the solution
I created a new Group policy and created a new item for the local group, in this instance but not limited to "Remote Desktop users (built-in)" and added the security group(users). In my case I did not need to use the "delete
all member users" or "delete all member groups" as I wanted other groups in this local group for the computer objects to remain intact.
Then what I did is set the "item-level-target" setting from "the common tab" on the GPP and set it to the security group which containd the AD computer objects the user accounts required access to. I then did a couple of standard
tests to confirm the local security group(users) appeared only on the machine in the item level target security group and applied to no other machines in the outside of SOM.
So with this in place, if I needed to create any other entries for different groups and access to specific machines all I need to do is create a new GPP item within this policy.
Being mindful that system policies settings if applied to same OU will take preceedence over GPP settings....
Thought I would just share this in-case anyone else has had similar requests/thoughts and or has other methods that they have used that they would like to share.
I am not sure either on the limit of entries that GPP have either so if anyone does know please post and possible links?
I have struggled to find an answer, however it could be that I am not asking the right question!good sharing...
Best,
Howtodo -
How to add Restricted Groups in GPO programmatically?
I have a requirement where i need to manage (crud) GPO on a server. I was able to create gpo and add some security filters but i could not find any way to add Local group in Restricted groups.
I am using GPMC class library for C#. Any help will be appreciated.
Thanks!> This works but i am still looking for the way to do it programmatically.
As said - there is none. At least not from MSFT - they only provide APIs
to set ADM Template values and GPP Registry.
If you have a budget, check out
https://sdmsoftware.com/group-policy-management-products/group-policy-automation-engine/
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
Help required for unicode compatibilty
Dear All,
We are in a process of analyzing the impact of unicode compatibility for our environment.
Following is our scenario:
- ECC6.0 is non unicode systsem
- Need to buid unicode CRM 7, SCM 7, PI 7.1 and BI7
- Need to integrate the above systems to non unicode ECC system.
Our questions are :
1. Is there any performance consideration when using communication between an Unicode and non-Unicode system?
Is Unicode - Unicode faster than Unicode - non-Unicode communication performance wise?
2. Do we face any technical or functinal problems while trying to integrate
unicode BI/ NW Java Stack to non unicode systems.
3. Do we need to review our sizing estimations due to unicode implemenation?
5. what will be the storage consumption increase for unicode systems compared to non unicode?
It would be greatly helpful for me if you can clarify these doubts.
Thanks and RegardsHi,
1. I think no one has really measured this. I expect a slightly higher requirement for Unicode <--> Non-Unicode interfaces.
2. Please have a look at SAP Notes 838402, 73606, 975768 and 1358929 for restrictions in Non-Unicode systems. SAP highly recommends to go for Unicode in the whole landscape.
3. and 5. If you use the SAP quicksizer (http://service.sap.com/quicksizing), then Unicode is integrated.
" Please note that the Quick Sizer results include Unicode requirements. For more
information on additional requirements caused by Unicode, see
http://service.sap.com/unicode -> Unicode Media Library -> Unicode information on
specific topics: SAP Business Suite Unicode Hardware Requirements"
Best regards,
Nils Buerckel
SAP AG -
a distribution group with "require all senders are authenticated" checked still receives external mail. this does not happen for any other DG i am aware of. this also happens from multiple external senders.
please assist.
thanksHi,
From your description, I would like to verify if the problematic Distribution Group is a member of other distribution groups that don't check "require all senders are authenticated".
What's more, please check if there is any difference between this problematic distribution group and other normal distribution groups.
Hope this can be helpful to you.
Best regards,
Amy Wang
TechNet Community Support -
We are running Windows 8.1 Pro x86
I am really curious as to why the drive restriction group policy causes the error message to pop up:
"This operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator."
It does not prevent from actual saving so functionality is not lost but it really annoys our end users and we're getting a lot of complaints. We cannot use the workaround of hiding drives instead of restricting as this still presents security issues. This
is happens when saving (or clicking on a button like "Browse" that opens the 'Open' dialogue box) in all Office 2013 applications, Internet Explorer, Paint, Notepad, and probably most others. I've looked at many forums and no suggestions for workarounds
have succeeded for us to get rid of this error message and in fact, I read a post that stated that someone contacted Microsoft and they said this was by design and there is no workaround. I find this very unfortunate that we either have the choice of compromising
security or annoying our end users. It seems to me like the new dialogue box in Windows 8.1 (and maybe 8?) attempts to access the local drive under the logged in user's account before it actually opens up the dialogue box which conflicts with the group policy
that restricts access to the drive.
Has anyone at all had any luck getting this to go away without removing the restrictions? It seems like the answer is either buried in the Windows code or somewhere in the registry.
Thank you in advance for your time!Thank you for your time and response! Unfortunately, we have the machine locked down pretty tight (they are public use computers that require heavy restriction) and it is set to restrict all drives so access is limited to the local profile. We did try
testing your method, however, by adding the Desktop as an allowed location in the Office policy (which would not solve the issue for the other applications but was good for a test) using the path %userprofile%\desktop. When choosing that location, it does
not throw the error but unfortunately, it does not remember like it did for your with the E: drive so it still always throws the error when first loading the dialogue box no matter what I do. If you're able to confirm that this is simply by design and we're
just expected to inform our users to click through the errors, then I guess that's the accepted answer. Although, do you think that there might be a registry key value that is set after you save to the E: drive for the first time? Maybe we could set that value
to %userprofile%\desktop if it's doing the redirection after the first save through registry. Thanks again! -
Hi!
I am trying to install iTunes on my laptop that runs Windows 8.1
I have tried several solutions discussed in similar questions but none worked
-uninstalled and reinstalled
-cleaned C drive for all Apple products
-tried to install security update’ Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update’ but the same error appeared
-Windows module installer is enabled
I always get this error
an error occured during the installation fo assembly "Microsoft.VC80.CRT.type="win32", version="8.0.50727.6195, public key token=,1fc8b3b9a1e18e3b", processor architecture="x86", please refer to help and support for more information. HRESULT: 0x80070422
If i ignore and proceed another error appears
Service 'Apple Mobile device' failed to start. Verify that you have sufficient privileges to start system services
If i ignore one more time, itunes is installed but when i try to run it
Apple application support was not found. Apple Application Support is required to run iTunes Helper- please uninstall iTunes and then install itunes again-error 2
Can someone help me please? Thank you!Hi M2i7guel,
Welcome to Apple Support Communities.
It sounds like there is an issue installing iTunes and other Windows updates on your PC. The article linked below provides troubleshooting suggestions that will resolve most issues like the one that you've described.
Issues installing iTunes or QuickTime for Windows
http://support.apple.com/kb/HT1926
I hope this helps.
-Jason -
Help required in Weblogic 6 - Creation & Configuration of Web Application
Forum Home > Enterprise JavaBeans[tm]
Topic: Help required in Weblogic 6 - Creation & Configuration of Web Application
Duke Dollars
2 Duke Dollars assigned to this topic. Reward the best responses to your question
using the icons below, or transfer additional Duke Dollars to this topic.
Welcome moinshariff!
Watching this topic.
Previous Topic Next Topic
This topic has 1 reply on 1 page (Most recent message: Jan 23, 2002 1:05 AM)
Author: moinshariff Jan 22, 2002 4:55 AM
Hi,
I am using Weblogic 6. I have created a new Web
Application called Web (I have not used the DefaultWebApp_myserver).
And I have the following settings:
Name : Web
URI : Web
and Path : C:\Web
and placed my JSP files under c:\Web\
I am able to access the first page, but after that I am not able to access the
second page.
I get "Error 404--Not Found" on the browser. Basically the class file is not getting
created under /Web-inf/_tmp_war_myserver_myserver_Web/jsp_servlet/ folder .
I tried a work around for this. I copied all my files under one more folder called
web and placed this under C:\Web
The it works. Now I have 2 copied off all the files, 1 copy under c:\web and another
copy under c:\web\web\.
If I have the files under DefaultWebApp_myserver and have the setting as
Name: DefaultWebApp_myserver
URI: DefaultWebApp_myserver
Path: .\config\mydomain\applications
everything works fine.
Can any one please let me know if there is any configuration which has to be done
so that I do not duplicate the code in 2 directories
Thanks in advance.
Regards,
MoinForum Home > Enterprise JavaBeans[tm]
Topic: Help required in Weblogic 6 - Creation & Configuration of Web Application
Duke Dollars
2 Duke Dollars assigned to this topic. Reward the best responses to your question
using the icons below, or transfer additional Duke Dollars to this topic.
Welcome moinshariff!
Watching this topic.
Previous Topic Next Topic
This topic has 1 reply on 1 page (Most recent message: Jan 23, 2002 1:05 AM)
Author: moinshariff Jan 22, 2002 4:55 AM
Hi,
I am using Weblogic 6. I have created a new Web
Application called Web (I have not used the DefaultWebApp_myserver).
And I have the following settings:
Name : Web
URI : Web
and Path : C:\Web
and placed my JSP files under c:\Web\
I am able to access the first page, but after that I am not able to access the
second page.
I get "Error 404--Not Found" on the browser. Basically the class file is not getting
created under /Web-inf/_tmp_war_myserver_myserver_Web/jsp_servlet/ folder .
I tried a work around for this. I copied all my files under one more folder called
web and placed this under C:\Web
The it works. Now I have 2 copied off all the files, 1 copy under c:\web and another
copy under c:\web\web\.
If I have the files under DefaultWebApp_myserver and have the setting as
Name: DefaultWebApp_myserver
URI: DefaultWebApp_myserver
Path: .\config\mydomain\applications
everything works fine.
Can any one please let me know if there is any configuration which has to be done
so that I do not duplicate the code in 2 directories
Thanks in advance.
Regards,
Moin -
Help required from JDeveloper Development Team.
HI there,
I Download the JDeveloper 10.1.2 (1811) from OTN, But the downloaded archive file is unable to open. I did the download once again but I am facing same problem. I want to JDeveloper 10.1.2 for the installation of BI Beans 10.1.2.
Help required from JDeveloper Development Team
Thanks For Your Time,
Regards,
ViSHAL.Please use an informative Subject line, there is more chance that people will read the post.
All we can suggest is that you try the download again. -
Hi
With restricted groups I can specify the end user -domain- accounts that are members of the local administrators group on domain PCs. But - I need a particular LOCAL account on all the machines to keep its membership of the local administrators group for testing reasons. At the moment restricted groups is striping this local account of its admin access.
Is it possible to specify a -local- computer account as admin on all the PCs via group policy or it can only be done with domain accounts?
thanksYou are asking for local accounts to be managed via "Restricted Groups".
Yes, it is possible.
Rajesh showed you one way with domain groups. In his version "Administrators" group will only contain those accounts
that are specified in the GPO, no manually added accounts. This is not always desired.
If you wish to have an account (group or user, local or domain) to be added to "Administrators" group while keeping all the other
members, proceed like this:
- create the local account on the client(s)
- in the GPO select "Add Group" in "Restricted Groups".
- type in the name of the local account, e.g. "TestID"
- in the appearing dialogue choose "This group is a member of" => Add
- type in "Administrators"
Link the GPO and that's all.
The original MS description for "Restricted Groups".is here:
http://support.microsoft.com/kb/279301/en-us
Another nice one here:
http://www.frickelsoft.net/blog/?p=13
Besides that, a great solution to manage local accouts is GP Preference Extension "Local Users and Groups".
You can simply create a "Local Users and Groups" Item (computer or user based) and specify the needed options.
http://technet.microsoft.com/en-us/library/cc731972.aspx
Of course you need some prerequisites (at least one Vista or Winows 2008 for management and the GPP CSE on each target machine).
If you are new to GPP, these links will help you to get into it:
http://www.microsoft.com/DOWNLOADS/details.aspx?familyid=42E30E3F-6F01-4610-9D6E-F6E0FB7A0790&displaylang=en
http://support.microsoft.com/kb/943729/en-us
http://technet.microsoft.com/en-us/library/cc732027.aspx
http://technet.microsoft.com/en-us/library/cc731892(WS.10).aspx
Patrick -
Grouping of requirements into Bid Invitation from sourcing cockpit.
Hi ,
We are using Plan driven procurement ,bidding in ECS.Our requirement is as follows, we have multiple requirements(External requirements) transfered from R/3 with same material and same delivery date to same delivery place, we need to create one bid invitation line for all the requirements.
In the standard system it is creating one bid invitation, but it has multiple lines on the bid invitation, one line for each of the external requirement.
Is there any way to group the requirements into one line in bid invitation.
Thanks in Advance.
Nanaji.Hi,
Pls see the foll link:
http://help.sap.com/saphelp_srm40/helpdata/en/25/40f23a53cd0e04e10000000a11402f/content.htm
BR,
Disha.
Do reward points for useful answers. -
Grouping of requirements into Bid
Hi,
Our requirement is as follows, we have multiple requirements(External requirements) with same material and same delivery date to same delivery place, we need to create one bid invitation line for all the requirements.
In the standard system it is creating one bid invitation, but it has multiple lines on the bid invitation, one line for each of the external requirement.
Is there any way to group the requirements into one line in bid invitation.
Thank you
Sreedhar VetchaHi,
Pls see the foll link:
http://help.sap.com/saphelp_srm40/helpdata/en/25/40f23a53cd0e04e10000000a11402f/content.htm
BR,
Disha.
Do reward points for useful answers.
Maybe you are looking for
-
HP Laserjet 400 M401n won't stop printing when more than 1 copy is specified
I use this HP Laserjet printer on a network. It's brand new. I print from both Macbook Pro and / or Mac Pro running OS 10.9.5. Downloaded and installed latest HP printer driver. Problem: I can print 1 page just fine. But when I specify more than that
-
Greetings and salutations. I have a 2.16ghz macbook pro, and was recently given a copy of Windows 7 ultimate. I tried it via bootcamp, and fell in love with it. I found myself using it more and more, so often in fact that I just realized that I haven
-
Hi I am facing problem with printing sample drawing proceducre for inspection type 04 Print is checked for MIC and inspection type when I do GR, the session is terminate with message program RQDSES10 not found same error - when i try to do QA02 But t
-
Expose's Show Desktop hides open windows in finder
how do I get it to show me those open windows?
-
SQL Server 2008 and CF 9 on localhost on XP Pro
Hi All, I am getting an error saying the following error on localhost, "[Macromedia][SQLServer JDBC Driver]A username was not specified and the driver could not establish a connection using NTLM (type 2) integrated security:. The strange thing is tha