About computing object digests

Similar Messages

• Computing object digest

  Is there an example anywhere of computing an object digest? Appendix I theoretically lays it out, but without an example many things are vague. Furthermore, a later Errata document says this appendix is known to contain several errors.

  Good to know!
  I'm trying to duplicate the behavior of Acrobat 8 when I use it to a) sign, b) certify visibly, or c) certify invisibly a PDF. In cases b) and c), it created a DocMDP and a FieldMDP, each with an MD5 digest. For the FieldMDP, for instance, how is this calculated, if Appendix I is invalid?

• Request for info regarding MAC address population in computer objects

   
  Hi,
  I am trying to determine how MAC address information is populated in computer objects. I had assumed initially that the hardware scan would be used, but observation shows this information
  to be obtained prior to any hardware inventory.
  I have laptops that are primarily connected via VPN, and before long their objects lose the internal network interface's MAC address. When I try to rebuild them, they fail to PXE boot. I have
  found that importing a CSV of host / MAC / SMBIOD GUID will update the object (rather than having to delete and recreate it) which works temporarily. The MAC will eventually disappear, and the device fail to PXE boot.
  I have thousands of these devices to manage, and it is already difficult enough having a CAS and two primaries (the windows Deployment Service on a DP only cares about devices in the DPs primary
  site, and so devices that move site are a real pain already, try finding that anywhere in the OSD reference documents!)
  I'm assuming now that this information is pulled from the actual client-server connection, and therefore is dynamic(ish), like IP information. If this is the case, more detail around that process,
  where to find evidence of  that process occurring would be very useful.

  The MAC is updated by hardware inventory and heartbeat discovery. 
  Torsten Meringer | http://www.mssccmfaq.de

• Health rollup to computer object from Microsoft.Windows.ApplicationComponent

  Hi All.
  Trying to author a Management Pack in Authoring Console 2007 R2. And can't get rollup to work as I want.
  Here's the long story.
  I've created:
  A discovery MP witch holds:
  - an abstract class inherited from Microsoft.Windows.Computer, named: "AppX.Cmp.Role"
  - a (seed?) class inherited from the above, named: "AppX.Cmp.Role.Server"
  - a class inherited from "AppX.Cmp.Role.Server" named "App.Cmp.Role.Server.Replicator"
  - a class inherited from "Microsoft.Windows.ApplicationComponent" named: "AppX.Cmp.Role.Server.Replicator.Loginstance"
  - a class of type "Microsoft.SystemCenter.InstanceGroup" named: "AppX.Group"
  - a relationship (system.hosting) where source class is "AppX.Cmp.Role.Server.Replicator" and target class is "AppX.Cmp.Role.Server.Replicator.Loginstance"
  - a registrydiscovery to discover "AppX.Cmp.Role.Server" targeted at "Windows.Operating.System"
  - a scriptdiscovery to discover "AppX.Cmp.Role.Server.Replicator" targeted at "AppX.Cmp.Role.Server"
  - a scriptdiscovery to discover "AppX.Cmp.Role.Server.Replicator.Loginstance" targeted at "AppX.Cmp.Role.Server.Replicator"
  - a groupdiscovery ("Microsoft.SystemCenter.GroupPopulator") target: "AppX.Group" (Microsoft.Windows.Computer)
  - a dependencymonitor targeted at "AppX.Cmp.Role.Server.Replicator" and monitor dependency set to "AppX.Cmp.Role.Server.Replicator.Loginstance", HealthRollup set to "worst state".
  A monitoring MP (depending on the discovery MP) witch holds:
  - a processmonitor targeted to "AppX.Cmp.Role.Server.Replicator" and "replicator.exe"
  - a logfilemonitor targeted to "AppX.Cmp.Role.Server.Replicator.Loginstance"
  - a stateview targeted to "AppX.Group"
  When I kill the "replicator.exe" process the object goes to unhealthy all the way up to "Windows.Computer". But when the logfilemonitor triggers and turns into "unhealthy state" the object in the above view turns RED but not the
  "Windows.Computer" object (looking at the default view "Windows Computers").
  Is it possible to get the "Windows.Computer" object to reflect the "AppX.Cmp.Role.Server.Replicator.Loginstance" state?
  How?

  Sorry about that - its been a long weekend.
  I was quoting from the following;
  "Use the Microsoft.Windows.LocalApplication as
  a base class when your class type represents a local application that shares the resources of the hosting Windows computer with other applications. Unlike theMicrosoft.Windows.ComputerRole class,
  the Microsoft.Windows.LocalApplication class
  type does not automatically roll its health up to the hosting computer."
  http://msdn.microsoft.com/en-us/library/ee533867.aspx
  Would you be able to upload the results if you run the Visio MP diagram generator and possibly the health explorer views and this will help me see how it hangs togther?

• Deleted computer object from SCCM console, so why is it still appearing in SSRS reports?

  We recently divested about 400 computers from our network. I got a list of these computers and deleted them from both Active Directory and in the SCCM Console. I know the deletes were successful because when I search via device name in the SCCM console
  they no longer show up. Yet when I run one of our inventory reports in SSRS I still see several of the devices that I deleted listed there. I thought SSRS represented a" live view" of the SCCM database. If that's true then how can a computer object
  that I deleted in the console still be present in the database? Is there something I'm missing? 

  Okay you are saying to select from v_R_System_Valid instead of v_R_System in my query and that will automatically filter out items I removed in the console? Okay that sounds like what I want, the only problem is my query is selecting form v_GS_COMPUTER_SYSTEM.
  Can I just add "_Valid" to the end of that and achieve the same result?
  Update - Yeah no I tried that and it did not work. Clearly I have a very limited understanding of the SQL views. Interestingly enough Torsten I see you posted a linbk on your blog to a new Microsoft article that documents the SQL views in SCCM 2012. Looking
  at it now...

• Logoncount Attribute on Computer objects in Active Directory

  Hello,
  I have one question about the logoncount Attribute on Active Directory objects. As I understood on user objects this attribute counts the number of logons per DC (because it is not replicating).
  My question is:
  What exactly is count here on computer objects?
  I can see that on a Domain Controller computer object the logoncount is high for the DC itself and low on the other DC objects.
  Thank you.
  Regards
  Dennis

  Here is an old thread.  You will see some of the explanation from our own Richard :)
  http://www.techtalkz.com/windows-server-2003/500367-attributes-update-during-computer-logon.html
  Santhosh Sivarajan | Houston, TX | www.sivarajan.com
  ITIL,MCITP,MCTS,MCSE (W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),Network+,CCNA
  Windows Server 2012 Book - Migrating from 2008 to Windows Server 2012
  Blogs: Blogs
  Twitter: Twitter
  LinkedIn: LinkedIn
  Facebook: Facebook
  Microsoft Virtual Academy:
  Microsoft Virtual Academy
  This posting is provided AS IS with no warranties, and confers no rights.

• Managing multiple "old" AD computer objects

  So we have implemented a naming convention where the techs just select a location and department during the imaging process for a  machine that is about to be deployed; during that process and the computers are automagically named something like "NYC-FIN-1234567"...
  with 1234567 being the dell asset tag.... pretty nifty Johan(!)
  However... the problem is that once that machine gets re-imaged at the same location and deployed to another team like the marketing folks  (ie."MKT")... it gets the name NYC-MKT-1234567...
  the problem I am seeing is now we have multiple objects in AD with the same asset tag which is causing nightmares for licensing management... NYC-FIN-1234567 & NYC-MKT-1234567 respectively.
  I am working on a PowerShell script that will trim the names down to their respective tags and then compare the list for duplicates - then check  and compare the duplicates properties like "created date" and make a determination and delete
  the older object...
  this checking for duplicates is proving to be a little more difficult and haven't even gotten to the evaluate section yet...  I am still working on my proficiency when it comes to more complex arrays.
  am i going about this the right way or does anyone else have another approach to this conundrum?
  scripting games '14 anyone :p

  all good info!
  Since our AD has less than 3000 workstation objects the 'scaling' is manageable... but could make it a little faster, but alas here is what i have with a couple of tweaks
  i am skimming all computer objects in our 'workstation' OU... and dropping the first two prefixes, and then checking for machines that match... we were originally using "created date" but since we have workstations that have been imaged to say
  a FIN dept and then to a MKT dept and then re-re-imaged back to FIN... the created date doesn't change so i switched to Modified date, and keep the newest one...
  but also as another 'layer' of protection i test-path of the workstation (we run this middle of the day) before disabling it and moving it to a "temp" ou where we can let them sit for a couple weeks in case we had a false positive (thus the ping)
  we can quickly restore that object... i also can just comment out the actual "move and disable command" so it generates me a nice list of machines that would have been deleted so i can do a 'sanity check' before deleting a bunch of vip's machiens
  from AD :)
  #Declare Domain and OU to be Scrubbed - and $dupou is the ou we can let them 'chillout' before deleting on the next run
  $domain = "domain.com"
  $OU = "OU=Workstations,DC=domain,DC=com"
  $CleanupList = "c:\disabled.txt"
  $dupOU = "OU=Duplicates,OU=INACTIVE,DC=domain,DC=com"
  if (test-path $CleanupList) {Remove-Item $CleanupList}
  $delOK = "c:\DelOk.txt"
  if (test-path $delOK) {Remove-Item $delOK}
  #this is the TEMPORARY throttle cap... so it will stop after it finds the amount defined by $cap (so we can phase it in)
  $cap = 10000
  $Global:i = 0
  $sdate = (Get-Date)
  Write-Output "AD Duplicate 'Scrubber' Script started on: "$sdate >> $CleanupList
  Write-output "These Machines were disabled and moved to the Inactive\Duplicates OU in our domain" >> $CleanupList
  Write-Output "--------------------------------------------------------------------------------------------------------------">> $CleanupList
  $comps = (Get-ADComputer -filter * -Server $domain -SearchBase $OU).name
  ForEach ($comp in $comps) {
  if ($global:i -lt $cap) {
  #trim length to just asset tags (last 7 digits)
  $Length = $comp.Length
  $var = $Length - 7
  $tag = $comp.Substring($var,7)
  Write-host -ForegroundColor yellow "Testing asset tag: $tag"
  $x =(Get-ADComputer -Filter "name -like '*$tag'" -Properties DistinguishedName, Modified -Server $domain -SearchBase $OU |Sort-Object -Property Modified)
  if ($x.count -gt 1) {
  $y = ($x.count) -1
  while ($y -ge 1 ) {
  $z = $y - 1
  $x.name[$z] >> $CleanupList
  #added a ping feature to as another level of "protection"
  if (Test-Connection $x.name[$z] -Count 2 -Quiet){
  Write-Output $x.name[$z]" is Online... Skipping"
  $x.name[$z] >> c:\WTF.txt
  }Else {
  #this line below this one is the one that moves and disables... comment out if testing with a # sign or remove when testing compelete
  #Get-ADComputer $x.name[$z] | Move-ADObject -TargetPath $dupOU -PassThru | Disable-ADAccount
  Write-Output $x.name[$z]" is Offline... should delete"
  $global:i++
  $x.name[$z] >> $delOK
  write-host -ForegroundColor Cyan $x.name[$z]" Moved and Disabled - $global:i"
  $y--
  Write-host "------------"
  Write-host -foregroundcolor cyan "$i Computer objects were Disabled and Moved to $dupOU :)"
  #message in the body
  $msg ="Please review the attached list to see the Duplicate machines that were moved and disabled via this script"
  #Recipients
  $mailTo = "shad acker <[email protected]>"
  Send-MailMessage -SmtpServer smtp.domain.com -Attachments $delOK -Body $msg -to $mailTo -From "DuplicateFinder<[email protected]>" -Subject "Computer Duplicates Disabled" -Cc "who ever <[email protected]>"
  not the prettiest or most efficinent but it seems to be working :)

• I have a requirement where I have to give the list of users who can access a specific computer. I am new with PS. Do you have a script to list users that can access a computer object of AD ?

  I have a requirement where I have to give the list of users who can access a specific computer define in AD.
  I am new with PS.
  Do you have a script to list users that can access a computer object of AD ?
  I have executed the following script  but it does not give me the access rights of who can access the computer 'computername'
  How can i have this information. please help
  Import-Module activedirectory
  $computer=get-adcomputer "computername" -properties ntSecurityDescriptor
  $omputer.ntsecurityDescriptor.Access | select-object -expandproperty IdentityReference | sort-object -unique

  I would say that, since the OP has so little info, there are no policies in use.  It there were then this question would never be asked the way it is being asked.
  I had a client call with a letter from their insurance company; an accountant with malpractice insurance.  THey asked the same question inmuch the same way.  "What computer can you users access?"  The question should be more like
  "Do you have a policy that restricts access to computers and do you audit for compliance?"
  I have had other clients whose insurance asked the question in that way.  It produces a better view of what should be happening and how to show compliance.
  I recommend that companies being asked these questions by their legal departments or insurance companies should contract with a god computer security consultant to assist with answering these very tricky questions.  Of course if it is just you boss's
  curiosity  then you may need to discuss his requirements with him in more depth.
  ¯\_(ツ)_/¯

• Bitlocker to Go and deleted computer object

  When encrypting a USB drive using Bitlocker to Go and storing the recovery information in AD, where does it get stored?  Is it in the computer object like regular Bitlocker?  If so, if the computer is retired or the AD computer account is deleted,
  do you lose the recovery information for that drive?

  Hi,
  Backed up BitLocker recovery information is stored in a child object of the computer object. That is, the computer object is the container for a BitLocker recovery object. If you delete a computer object from AD, you will also delete the BitLocker recovery
  information, which is a child object.
  But you can use AD restore mode to retrieve the deleted object.
  If you have any feedback on our support, please click
  here
  Alex Zhao
  TechNet Community Support

• Getting information about an object from JList

  Hi
  I have created a movie application and i have a JList displaying all registered movies, it uses a DefaultListModel to display these.
  I want to be able to click on an element in the JList and then push a button called "Show movie details" to display all information about the selected movie.'.
  Every new movie is added to the DefaultListModel as an object with "Titlle", "Genere" etc. If someone click on a movie, what do i do to get information about which object that was clicked. All i can see is that integers can be returned with the getSelectedIndex/Value methods. If i use one of these methods to get the object from the DefaultListModel, that would work i guess, but what when someone deletes a movie in the middle of the JList, then the indexes wouldnt match.
  Can someone help me out here? :)

  I get a big fat exception when trying to cast the returned object to a Movie object which im using.
  Exception in thread "AWT-EventQueue-0" java.lang.ClassCastException: java.lang.S
  tring cannot be cast to Movie
  ...sure that this is the way to do it? If so, what am i doing wrong..

• Poweshell script for adding the computer object in to SCOM 2012 group.

  Hi Team,
  Is there any way to add the computer object ( csv file) to SCOM 2012 manually created  group.

  Hi,
  In addition, hope the links below be helpful for you:
  Creating and Updating Groups
  http://blogs.msdn.com/b/jakuboleksy/archive/2006/11/15/creating-and-updating-groups.aspx
  Programmatically Creating Groups
  http://blogs.technet.com/b/brianwren/archive/2008/11/18/programmatically-creating-groups.aspx
  Modifying Explicit Group Membership in SCOM 2012 with PowerShell
  http://blogs.msdn.com/b/rslaten/archive/2013/06/27/modifying-explicit-group-membership-in-scom-2012-with-powershell.aspx
  Regards,
  Yan Li
  Please remember to mark the replies as answers if they help and unmark them if they provide no help.

• Problems deleting computer objects-because of their subordinate objects

  We are running a 2008 R2 domain.  We have recently removed our techs out of Account Operators because we have read that is best practice.  Our techs now have problems deleting computer account objects that have the msmq active directory objects
  beneath the computer object.  Even if I give the techs full control permissions on those computer objects, they cannot delete them because they cannot delete the msmq subordinate AD objects.  The msmq objects are not showing a security tab, like
  other subordinate objects do.  If I delete the msmq objects with a Domain Admin account, then the techs can delete the computer objects.  Any ideas of how I can fix it so they can delete the msmq objects, without being Account Operators?
  Thanks,
  Dan Heim

  Hello,
  please see
  http://policelli.com/blog/archive/2009/11/06/understanding-adminsdholder-and-protected-groups/ and start with removing the flag for the mentioned accounts. Therefore see "Orphaned AdminSDHolder Objects" in the mentioned article.
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://blogs.msmvps.com/MWeber
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
  Twitter:  

• About ABAP Object

  Hello All,
  i have some question about ABAP Object.
  What is the meaning of friend class and singleton?
  Regards,
  Luke

  Hi,
  The addition Friends makes class class a friend of classes classi and or interfaces ifaci.At the sam time, all subclasses of classes classi, all classes that implement one of the interfaces ifaci and all interfaces that have one of the interfaces ifaci as a component interface become friends of class. you have to specify at least one class or interface.
  The friends of a class have unrestricted access to the protected and private components of that class, and can generate unrestricted instances of the class.
  The friends of class are not automatically friends of subclasses of class. the addition Friends does not make class a friend of its friends.
  Thea ddition global is allowed only when you use the addition public for the global class of a class pool at the same time.You can list other global classes and interfaces from the class library after global friends.This addition is generated when the Class Builder creates a global class and you specified friends at the corresponding tab page of the class Builder.
  `
  In the example , classs c2 is a friend of interface i1, and therefore also of the implementing class c1. It can instantiate these objects and access their private component a1.
  interface i1.
  endinterface.
  class c1 definition create private friends i1.
  private section.
  data a1(10) type c value 'Class 1'.
  endclass.
  class c2 definition.
  public section.
  interfaces i1.
  methods m2.
  endclass.
  class c2 implementation.
  method m2.
  data oref type ref to c1.
  create object oref.
  write oref->a1.
  endmethod.
  enclass.
  Kindly Reward Points If You Found The Reply Helpful,
  Cheers,
  Chaitanya.

• SCCM creating duplicate computer Objects

  Hi
  We have just upgraded from an SCCM 2007 to SCCM 2012. In the old system I had it set up that other members of my team could all add a machine to SCCM adding the MAC address information and then add the machine into AD. once in AD they could assign it
  to security groups for example a windows 7 group. every 10 minutes SCCM would scan AD see the machine name and update the security group information on the computer object that was manually created earlier. based on this if SCCM could see it
  in the Windows 7 group it would move the machine to the Windows 7 collection and then I had an advertisement that would deploy Windows 7.
  On the new system however I add the machine into SCCM with the MAC then add it to AD but I end up with 2 objects one that I added with the MAC but doesn't get updated with the security group information so doesn't get added to the collection and then another
  one created from scanning AD which has the security information but no MAC so wont build. 
  how can I get it to just update the one object?
  thanks

  I create the object in AD so that I can assign a computer security groups like Windows 7 or install office and based on that SCCM moves the machine into various collections. when I then build a machine it will build with the various option set for example
  it will build a machine with Windows 7. I have to also import it into SCCM so I can assign it a MAC address so that when I PXE boot a machine it recognises it.
  I used to be able to under sccm 2007 import it manually into SCCM with the MAC so it would PXE boot and also create an AD computer account with the security groups and in the correct OU so that when it built it would be joined to the domain
  with the correct GP applied. 2007 used to merge the 2 objects or at least detect the machine name already existed and applied the information to the existing objects.  
  its neater for me to do it this way than have everyone doing direct relationships for all machines on collections

• More Details about Info Objects

  I want to enrich my technical skillset.
  So could you experts pls guide me in more detail about Info Objects in SAP BI
  Thanks,
  Vijayakumar

  HI,
  Actually the info given on thatpage is a copy paste of the information from Help.sap.com.
  [Editing InfoObjects|http://help.sap.com/saphelp_nw04s/helpdata/en/80/1a63cde07211d2acb80000e829fbfe/frameset.htm]
  [Creating InfoObjects: Key Figures|http://help.sap.com/saphelp_nw04s/helpdata/en/80/1a63b3e07211d2acb80000e829fbfe/frameset.htm]
  And So on
  Regards,
  Gaurav