Cisco ISE: How to identify/inactive old users?
Hello,
I want to get all users / mac-adresses which haven't connected to out network since 180 days.
How can I query that?
The report "Dormant Users" dont seems to be the right way: it displays current associated users which are inactive...
How can I purge Cisco ISE : cleaning it from useless, old, inactive mac-addresses?
Thank you very much for any answer
The only thing I could find was purging data in the MNT node. The default is 90 days. This doesnt apply because the profiles are store on the policy node. I dont think you can in an automated form.
You could change the MNT to purge after 210 days and then run a report to see which macs have not authc in the passed 180 days. That will require excel and some scripting.
Similar Messages
-
In I tunes store how do I delete old user ID?
In ITunes store- how do I delete old user ID?
Edit :
You can log out of an account by tapping on its id in Settings > iTunes & App Store (and for iCloud via Settings > iCloud > Delete Account, Sign Out if on iOS 8). Any content that was downloaded by the account will remain tied to it, so only that account can potentially redownload its purchases and/or download updates to its apps -
How to identify temp tablespace user in the past
hi,
can anyone guide me on how to identify temp tablespace users and corresponding temp space amount they used in the past?
we have this situation where in we need to identify the top temp tablespace user last jan 1 around a specific time.
is this possible? do these get stored in one of the tables in the dictionary? any sql statement?
thanks.900666 wrote:
hi ckpt,
thats unfortunate..=(
anyways, any sql that can be used to capture current sessions with their used mb in temp tablespace? for future monitoring.
thansk.Here is example
SQL> SET LINESIZE 145
SQL> SET PAGESIZE 9999
SQL> SET VERIFY off
SQL>
SQL> COLUMN tablespace_name FORMAT a15 HEAD 'Tablespace Name'
SQL> COLUMN username FORMAT a15 HEAD 'Username'
SQL> COLUMN sid FORMAT 99999 HEAD 'SID'
SQL> COLUMN serial_id FORMAT 99999999 HEAD 'Serial#'
SQL> COLUMN contents FORMAT a9 HEAD 'Contents'
SQL> COLUMN extents FORMAT 999,999 HEAD 'Extents'
SQL> COLUMN blocks FORMAT 999,999 HEAD 'Blocks'
SQL> COLUMN bytes FORMAT 999,999,999 HEAD 'Bytes'
SQL> COLUMN segtype FORMAT a12 HEAD 'Segment Type'
SQL>
SQL> BREAK ON tablespace_name ON report
COMPUTE SUM OF extents ON report
SQL> SQL> COMPUTE SUM OF blocks ON report
SQL> COMPUTE SUM OF bytes ON report
SQL>
SQL>
SQL> SELECT
2 b.tablespace tablespace_name
3 , a.username username
4 , a.sid sid
5 , a.serial# serial_id
6 , b.contents contents
7 , b.segtype segtype
8 , b.extents extents
, b.blocks blocks
9 10 , (b.blocks * c.value) bytes
FROM
11 12 v$session a
13 , v$sort_usage b
14 , (select value from v$parameter
15 where name = 'db_block_size') c
16 WHERE
17 a.saddr = b.session_addr
18 /
Tablespace Name Username SID Serial# Contents Segment Type Extents Blocks Bytes
TEMP SYSTEM 1333 4725 TEMPORARY LOB_DATA 1 128 1,048,576
SYSTEM 1562 444 TEMPORARY SORT 89 11,392 93,323,264
SYSADM 1602 80 TEMPORARY LOB_DATA 1 128 1,048,576
SYSTEM 1613 18693 TEMPORARY SORT 89 11,392 93,323,264
sum 180 23,040 188,743,680
SQL> -
How to identify if a user master record is locked
Hi,
I want to use function module BAPI_USER_CHANGE to change a user's master record (transaction SU01). But if the user that I want to change is being modified by another user, this BAPI doesn't update, correctly so. Is there a way to identify if a user master record is being edited by someone else? This way, I can find out before making the change whether the change will be successful.
Along the same lines, if I'm adding a role (from transaction PFCG) to a user ID and role is locked, I'd like to know that before hand; before I try to assign a user to that role programmatically.
Thank you for your help.
PeteHi
Refer this Lock Owners
Definition
Person who holds a lock.
Use
At the start of an SAP transaction, two owners are always created who can request locks.
A lock can have one or two owners. You use the _SCOPE parameter to specify this.
To determine in a program which user is currently holding a lock, use the ENQUEUE_ function module. This function module puts the name of the owner into SY-MSGV1.
Structure
There are dialog owners and update owners.
An owner is identified by his or her owner ID, as described in the section entitled The Lock Table.
A lock can have one or two owners. The ABAP programmer uses the _SCOPE parameter to define this (see below).
Example
The graphic below shows how lock owners function during a dialog transaction.
SAP LUW: Dialog Transaction with Update
At the start of the dialog transaction, the system creates two lock owners: the dialog owner Owner_1 and the update owner Owner_2.
During the course of the transaction, Owner_1 requests a lock, as does Owner_2 slightly later. When the update task is called (see also Functions of the Update Task), the lock and Owner_2 are inherited by the update task. An update work process is started with two owners, in the same way as a dialog work process, and then has three owners until the update is completed. All of the locks are released with an implicit DEQUEUE_ALL at the end of the update, at the latest.
Regards
Shiva -
CISCO 881 how exactly identify IOS for installation.
Dear All.
Please clerify for me:
1.I have a cisco router CISCO881-SEC-K9.
ROM: System Bootstrap, Version 12.4(22r)YB5, RELEASE SOFTWARE (fc1)
if I understood it correctly - 12.4(22r)YB5 - is my current IOS version.
2.I would like update my IOS and save all licenses which already installed.
Questions:
1.How how exactly identify IOS for installation, which release?
2.How to make installation and save installed licenses.
any examples?Hi,
The command "show version" must show the ios version and licenses installed, if not try the command 'show license detail".
To save licence, example: "license save tftp:...."
Take a look on the following site, it may help:
http://www.cisco.com/c/en/us/td/docs/ios/csa/configuration/guide/csa_commands.html#wp1397264
Regards,
Pedro Lereno -
Cisco ISE: How to match an endpoint belong to an identity group ?
Hello,
I am running Cisco ISE 1.1.4.218 in a standalone environment.
I am trying to setup Compound Condition for Authorization.
I would like the condition to match the MAC address of the calling machine to the internal endpoint MAC address list.
I created 1 endpoint identity group and 2 children groups
- GroupParent
- ChildA
- ChildB
I put the MAC address of my machine in the group ChildA.
In my condition, I tried the following:
IdentityGroup:Name, Equals, ChildA
IdentityGroup:Name, Equals, GroupParent:ChildA
IdentityGroup:Name, Match, .*(ChildA).*
I even tried to put the MAC address in the GroupParent level and tried to update the condition to be:
IdentityGroupName, Equals, GroupParent
IdentityGroupName, Match, .*(GroupParent).*
But no one of these options worked.
I am almost sure that in Cisco ISE 1.1.1, it was working fine. But I updated today to 1.1.4 and I cannot make it work.
Can anyone help me ?
Best regards,
DavidYou could try the following to match only the parent group
IdentityGroup:Name EQUALS GroupParent
You could try the following to match only child group A
IdentityGroup:Name EQUALS GroupParent#ChildA
You could try the following to match all child groups of GroupParent
IdentityGroup:Name STARTS_WITH GroupParent
Please rate if this helps -
How to disable an old user's email attached to iTunes
I purchased a computer from my former employer. It has two email accounts attached to iTunes. When I try to download a new app or upgrade an existing app, it prompts with these old emails. They are grayed out so that I'm unable to write over them and add my email. I get a prompt for the first old user, and when I hit CANCEL, I'll get a prompt for the second old user. Both prompts ask me for passwords, which I do not have. If I hit CANCEL on the second old user, the prompts go away. I am unable to find a way to enter my email and password to download upgrades or new apps. Any advice? Other than "never buy a used computer?"
Click here and follow the instructions. If the computer originally shipped with Mac OS X 10.6.8 or earlier, when you reach step 5, insert its original disk, restart with the C key held down, use the Disk Utility to erase the internal drive, and install a fresh OS.
(113601) -
Cisco ISE - How to map User- Location - Restrict Access to other locations
Hi,
i've got a simple question and I hope someone here can help me out with this mess.
The problem is about WLAN 802.1x Auth with Cisco WLC and a ISE.
The design goal is the following:
There are several branch facilities. A user belongs to only ONE facility. This user should not access the WLAN in other facilities.
The technical design is this:
Local WLC and/or central vWLC. In the datacenter is one ISE which must handle the auth-requests. The identity source of the users, where I add and manage them, should be the ISE itself for the first time, later I want to AD and LDAP sources.
Here is the problem:
I don't understand how I can create a ruleset or something else where I can define that a user of facility A can only login over APs, WLCs,.....in facility A and NOT facility B. Or maybe my design is so bad that I have to start from scratch.
PLEASE HELP.I don't know but may be this is the correct way to validate the user:
NAS-ID in AP-Groups (One AP-Group per facility) must match "12345" AND Identity-Group must match "12345".
Iam confused because there is no way to compare these values.
In this case to compare the value of "NAS-ID" and die users "IDENTITY-GROUP".
If they match against each other than "Permit-Access". -
Cisco ISE: How to add a description of an Internal Endpoint
Hello,
In ACS 5, when adding an Internal Hosts, we could add a description of the host, in addition to the MAC address.
In ISE, there is no such description field available. However, it present in the Internal User but not in Internal Hosts.
How can we do to add description of MAC address device ?
Many thanks,
Davidis this what you are looking for , if not let me know
-
How to identify which role user is associated with?
Oracle 11.0.1.7:
How do I identify which role a user is associated with?
Also how do I identify the privilges for a given role. For eg if SELECT, INSERT, DELETE was granted for a table to a role which dictionary table do I look at?
I looked at USER_TAB_PRIVS.Check this:
http://www.adp-gmbh.ch/ora/misc/recursively_list_privilege.html
HTH
-Anantha -
How to find my old user account?
When I upgraded to tiger I chose "Upgrade Mac OS X". I should have selected the Archive option so I could have preserved my settings. But I didn't.
So now all my setttings are not working - I can't get my mail through Entourage, my bookmarks are missing, etc.
I can see a folder containing my old username, but I can't figure out how to log into that name. My log in choices do not include it. My log in choice is restricted to root.
My question is: How do I log in under my old name?My log in choice is restricted to root
Did you enable the root user account? If so, disable it and try again. I've never had your problem and have always used the upgrade earlier version option.
See http://docs.info.apple.com/article.html?artnum=106290 for details. -
How can I locate old users on my computer?
I am experiencing issues with space on my hard drive and need to export old photos, docs etc from previous computers/users that are all on my current MacBook Pro. I am having trouble locating them on my computer in order to export them...
Ezreynolds wrote:
Copy and paste where?
Applications/Utilities/ Terminal.app
I am having trouble locating them on my computer in order to export them...
Are you saying >SystemPreferences>User&Groups you can not see any other users??
Log out as discribed above, or enable fast user switching
>SystemPreferences>User&Groups>Log-inOptions (unlock the padlock)> Enable fast user switching -
How to identify which application users are connected to in an rdp session
so we have an rdp gateway with couple of servers acting as brokers. users connect to the RD web access site and see a list of applications. usually these applications are the same but with different parameters like (done through the RemoteApp manager)
app1: C:\Program Files\app.exe arg: C:\appdata\group1\file
app2: C:\Program Files\app.exe arg: C:\appdata\group2\file
i'm trying to find a way to tell which app the users are connecting to at a point with no luck, any help will be appreciated
NoorHi Noor,
Thank you for posting in Windows Server Forum.
From your description I can understand that you want the user name with app they have in their session.
You can achieve with below command.
Query process User name
Displays information about processes running on a terminal server. You can use this command to find out which programs a specific user is running, and also which users are running a specific program.
More information:
Query process
http://technet.microsoft.com/en-us/library/bb490798.aspx
Hope it helps!
Thanks.
Dharmesh Solanki -
Cisco ISE and Fast User Switching
Greetings,
In our deployment, we are interested in utilizing the "Fast User Switching" that is contained within the Windows Functionality. After searching for quite a while, I see that the native Windows supplicant is not compatible with Fast User Switching. It does not appear that Anyconnect is either. Can you please inform me as to what suppluicant I would need to research in order to allow for the User Switchign Functionality?
We are currently using ISE 1.2 Patch 4.
Thank You for any assistance.
DavidThe NAC Agent for Cisco ISE does not support Windows Fast User Switching when using the native supplicant. This is because there is no clear disconnect of the older user. When a new user is sent, the Agent is hung on the old user process and session ID, and hence a new posture cannot take place. As per the Microsoft Security policies, it is recommended to disable Fast User Switching.
Source:
http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_pos_pol.html -
How do i delete the old users account on my second hand imac g5 without the origonal disc
im new to imacs and not sure how to delete the old users account without the origonal disc
First of all, you need to make sure your current user account (the one you intend to keep) is an administrator account (not standard).
Go to System Preferences Accounts pane. Click the lock, if it's locked, and enter your authorization, to unlock.
In the sidebar, you will see the list of user accounts. To delete a user account, select it on the list and click the minus sign.
Maybe you are looking for
-
UCS-CUCM Swicthport configuration
Hi There, I just wanted to ask for best practice port config on BE6K servers. The BE6K(UCS) is only hosting CUCM server. The switch port is configured as ether-channels. Below is the config that I am planning to apply. I am just wondering whether we
-
How come the color of items in some MC can be edited whilst the colors of other MC can't
How come the color of items in some MC can be edited whilst the colors of other MC can't. All layers are unlocked.
-
How to convert text module language in Smart Form?
Hello Friends, I want to print a title in chinese language in smartform. How can I do it. Please help me out from this situation?. Thanks & Regards Sathish Kumar
-
Incorrect quantity updates of sub-order in collective order
Hi, We are using Cable solutions ver: 4.6c. When the quantity of the leading order is changed (co02), the sub-order quntities are not changing accordingly. Let me explain you in detail. Following are the settings in Material Master. Material Bas
-
Error HRPAY99PM271 in Process Model for Offcycle (6.0 Upgrade Issue)
We have a process model for offcycle payments and need to change RPCIPE00 to RPCIPE00_OLD. The first problem we had with this was solved by OSS note 1070580. Now we are getting error HRPAY99PM271 (Parameter PNPPERID was not found in the selection p