CSA 6.0 - policies in Audit mode - per groups

Similar Messages

• ISE 1.2 - Posture Detail Assessment - enforcement audit mode report not show status for non-compliant

  ISE 1.2 - Posture Detail Assessment - enforcement audit mode report not show status for non-compliant.
  - For old version 1.1.4 it can be reported for non-compliant, How can I generate report for this? 
  Thanks
  Kosin Usuwanthim

  It used to be in there (id 226635 is the last one with it); should I clean it up a bit and put it back with a bit more of a disclaimer?

• Windows 8.1 Won't get updates in audit mode.

  I just installed Windows 8.1 in a Hyper-V virtual machine. The release version that was distributed through msdn not the preview. I enter audit mode as soon as I can, so there have been no changes or customization applied to the install prior to entering
  audit mode. I start up windows update to search for new updates. The status is displayed as "Checking for updates..." "Most recent check for updates: Never." "Updates were installed: Never." The status never changes from "Checking
  for updates...". I have even left it running over night and it still says "Checking for updates...". There is never any error message or failure. Network connectivity is functional. I have attempted an install on a physical machine as well with
  the same result. If instead of entering audit mode a proceed through setting up windows and a user account, updates will work just fine. There should be an update to defender as well as an update to ie11.
  I considered the possibility of a corrupt download so I compared the sha-1 hash to what is listed on the msdn download page and it does match.
   

  Quoted from http://social.technet.microsoft.com/Forums/en-US/afc7f693-f742-402f-b513-063989b79c2f/windows-81-enterprise-windows-updates?forum=w8itproinstall.
   Emphasis added.
  Thank You for sharing the logs. I was able to reproduce the issue in my virtual environment. To understand more about this behavior, I engaged the Product Group and I have been informed that
  this behavior is By Design. WU uses the OOBEComplete() Windows API call to determine whether OOBE is in progress or not, and if so, it will not perform automatic or UI update searches. HRESULT code 0x8024a008 is the WU error code WU_E_AU_OOBE_IN_PROGRESS.
  WU automatic and UI updates won’t run while Setup reports that OOBE is still in progress. This is to prevent automatic updates from causing a system reboot during OOBE, which is – needless to say – a Very Bad Thing. This problem has always existed. Unfortunately,
  when the computer is in Sysprep audit mode, Setup will report to WU that OOBE is in progress even though it might not actually be so. This is the reason that updates from WU UIs are blocked in audit mode.
  I was having the same exact issue when creating an updated WDS image for deployment to select end-users for testing.  At first, I thought I was doing something wrong.  This process--having a VM boot into audit mode so that it can be fully updated
  with Windows Updates along with new and updated third-party applications so to become the baseline/template for deployment--has worked wonderfully since the Vista days.  And it worked perfectly with Windows 8.  Why did Microsoft choose to deprecate
  the functionality is beyond me.
  Its bad enough there is so very little traction in the corporate/Gov't world for Windows 8/8.1.  Now it seems that Microsoft, once again, is hades bent on destroying all that was good with Windows.
  This is to prevent automatic updates from causing a system reboot during OOBE, which is – needless to say – a Very Bad Thing.
  So this was a problem?  Really?  I don't ever recall that happening to me or ever reading about such an issue.  Even if this "issue" was a problem, why not just add another switch to the sysprep command to allow admins to specify
  the allowance of updates.  Something like like sysprep /oobe /audit /AllowUpdates?  Is that too hard or too much to ask?
  So now with the current Windows-won't-update-in-audit-mode default, if I chose to deploy over 200 Windows 8.1 Enterprise clients, I now have to have ALL 200 machines contact Microsoft Update or my internal WSUS (or push via Shavlik) for updates.  Regardless
  of which method is used, the result is that 200 COMPUTERS must consume valuable network bandwidth for updates.  Not to mention there is always several machines that never act right.  Instead of having 200
  identically configured machines, I end up with 200 similarly configured machines.
  Exactly who is making these decisions?  Has anyone experienced the OOBE update issue that Microsoft claims is such a problem?
  So disappointing.

• C2 audit mode Option in SQL server 2000

  Hi,
  How to set c2 audit mode Option for only customized tables not for entire database SQL server 2000

  Don't do that on the database level but on the application level:
  Note 1916 - Logging table changes in R/3
  Markus

• Is it possible to get Remote Desktop Services running when in Sysprep Audit mode in 2012r2?

  Hi,
  I'm setting up some images for 2012r2 and personally like to be able to access the machines via RDP. I have broken out of the OOBE by pressing
  CTRL+SHIFT+F3, however, even though RDP is enabled (System --> Remote Setting) and running (Services --> Remote Desktop Services),
  when I run 'netstat -a', I cannot see any process bound to port 3389, as such I cannot connect. Have restarted the services just in case, but no dice.
  I most the other OS setups (Windows 7, 208R2) this is fine (assuming you update either the password in audit mode or enable RDP login with a blank password), but the fact that nothing is listening
  on 3389 means that no matter what I do, I will not be able to connect.
  Is there any reason why this is the case?
  Cheers
  Chris
  Chris

  Hi Chris,
  Thank you for posting in Windows Server Forum.
  Can you ping successfully the respective server?
  Initially check whether there is any firewall rule set which is blocking your connection. Please try to change the RDP port from following registry key and verify whether you can get access. 
  To change the port assigned to RDP:
  Caution:  Incorrectly editing the registry might severely damage your system. Before making changes to the registry, you should back up any valued data.
  1. On the Remote Desktop server, open Registry Editor. To open Registry Editor, Start Run, type regedit, and then click OK. 
  2. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
  3. Locate and then click the following registry subkey: 
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Remote Desktop server\WinStations
  Note:  RDP-TCP is the default connection name. To change the port for a specific connection on the Remote Desktop server, select the connection under the WinStations key.
  1. In the right-pane, double-click the PortNumber registry entry.
  2. Type the port number that you want to assign to RDP in the
  Click OK to save the change, and then close Registry Editor.
  For more information you can refer following article (Point 2: You may have a Port assignment conflict).
  Remote Desktop disconnected or can’t connect to remote computer or to Remote Desktop server (Terminal Server) that is running Windows Server 2008 R2
  http://support.microsoft.com/kb/2477176
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Windows 8.1 Image with audit mode

  Check this out.

  Im trying to make a Windows 8.1 image for deployment but i am unable to install any windows updates. it just keeps looking for updates. ive read that this issue is by Microsofts design and that the solution is to install updates then enter audit mode.
  how do you install updates first and then enter audit mode? or is there another way to install windows updates in audit mode?
  This topic first appeared in the Spiceworks Community

• Sysprep runs by itself in Audit Mode

  I am cloning a HP desktop and when I put it into Audit Mode everything seems to work fine until you would normally see the sysprep utility with drop down menus, check boxes and the OK or Cancel buttons.  Instead the sysprep utility is already running
  as if I had already selected OK.  Sometimes if I am quick enough I can hit Ctrl-Shift-Esc to bring up Task Manager and End the sysprep utility.  This happens every time it boots in Audit Mode.  I have removed the HP bloatware and now it runs
  too quickly for me to stop it and boots to the OOBE screen and I have to press Ctrl-Shift-F3 and try it again.
  Is there a better way to stop the sysprep utility from running automatically in Audit Mode?
  Can anyone explain why this is happening?

  Hi,
  There is a better way to stop this, you can select "shutdown" not "restart" item when you run the sysprep utility. Then you can manually start the computer. Or You can use Windows System Image Manager to create an answer file.
  To Boot to Audit Mode with answer file:
  http://technet.microsoft.com/en-us/library/cc722413(v=ws.10).aspx
  Regards
  Wade Liu
  TechNet Community Support

• All but 1 theme per group disappeared after Premiere Elements 4.0 crashed on start of burn to DVD

  I have a project that is approximately 1 hour in length.  This is the first project I am attempting to burn.  I assigned a theme to the project and then proceeded to burn a DVD.  Before the burn could actually start, PE crashed with a "blue screen" dump.  I rebooted in Windows safe mode, then rebooted back into normal Windows mode.  When I started PE and opened the project, nearly all of the themes were missing!  It appears that only one theme per group remained.
  What would have removed or hid the themes?  I would have also expected all or none of the themes, rather than leaving just one per group.  I was using a template in the "General" group, but the one that remained after the crash is not the one I had assigned to my project.
  Does a reinstall restore the templates?   If so, can I reinstall PE 4.0 from my CD without erasing, distroying, or losing the current projects I have created?
  Thanks in advance for your comments!

  Hunt,
  Before diving into the details of the items in the article, I did a few of the basic things:
  stopped my anti-virus product (doh!)
  stopped the temperature monitor software (doh!)
  did a quick disk cleanup
  turned off all trivial stuff in msconfig
  I rebooted the system and started Premiere Elements.  I had not attempted to reload the templates at that point, so I proceeded to "Burn to DVD".  I selected the minimal quality and started the burn.  That worked!   Next I exited PE and restarted it and then was able to successfully "Burn to DVD"  using the max setting for quality. As expected, it took a while to finish, but it also completed successfully!  The resulting DVD looks and sounds great, so the rendering and burn phases seem to be working fine on my hardware.
  I noticed on the CD that there is an option to load the themes, so I am going to try loading that today.  I'll post more comments after I get the themes reloaded in case there are other steps involved in restoring those within the program.

• Percentage based on Status using per group

  Hi Gurus,
  Can you help me with this? You have any approach of getting the percentage based on status using per group?
  Currently I have this code below but it doesn’t have result but no error. I am trying to get the % In Complete.
  <?xdofx:(sum(current-group()/NUMINCOMPLETE)/(sum(NUMSUBMITTED) + sum(NUMCOMPLETED) + sum(NUMINPROGRESS) + sum(NUMINCOMPLETE)))*100?>
  Thanks Much,
  JP
  Edited by: BIPnewbie on Feb 6, 2012 3:05 AM

  Use this:
  <?xdoxslt:div(sum(current-group()/NUMINCOMPLETE), ((sum(NUMSUBMITTED) + sum(NUMCOMPLETED) + sum(NUMINPROGRESS) + sum(NUMINCOMPLETE)))*100?>
  Thanks,
  Bipuser

• How to limit row number per group without change new page in crystal report

  Hi All Expert,
  Is there any way to limit row number per group without change new page in crystal report 2008. The reason i do that is due to customer using printer EPSON LQ 300 (dot matrix) always will print in landscape if detech my layout in landscape. Because they need the record always print in 1 page (Letter size) for 2 groups and each group must show 5 records. Example:
  But, in CR2008, if you set the row per group from group section expert, definitely it will change to new page, but I do not want it change to new page. Any Idea?
  In one page (Letter size):
  Group Name: Customer-ABC
  NO  INVOICE  AMOUNT
  1)   INV001     USD100
  2)   INV002     USD100
  3)   INV003     USD100
  4)   INV004     USD100
  5)   INV005     USD100
  Group Name: Customer-ABC
  NO  INVOICE  AMOUNT
  6)   INV006     USD100
  7)   INV007     USD100
  8)   INV008     USD100
  9)   INV009     USD100
  10)  INV010     USD100

  Hi Angie.....
  I guess it is not possible.
  Because if you have one common group for all the 10 records then in one page it will show 10 records under one group.
  I mean i think it is not possible but m not completely sure......
  Lets wait for expert advise....
  Regards,
  Rahul

• Select latest two records per group

  hi there,
  i've been googling around and still can't really find an appropriate solution to retrieve two most recent records per group in one sql. Is this even possible?
  Let's say there is a MyLife table :
  ID, Event , RecordedDate
  1. 1, 'Fell down the stairs', '20-DEC-07'
  2. 1, 'Fell down the stairs', '22-DEC-07'
  3. 1, 'Fell down the stairs', '23-DEC-07'
  4. 2, 'Tried to kiss santa', '23-DEC-07'
  5. 3, 'Reindeer stolen', '24-DEC-07'
  6. 4, 'Chimney Broke', '25-DEC-07'
  Output should be :
  2. 1, 'Fell down the stairs', '22-DEC-07'
  3. 1, 'Fell down the stairs', '23-DEC-07'
  4. 2, 'Tried to kiss santa', '23-DEC-07'
  5. 3, 'Reindeer stolen', '24-DEC-07'
  6. 4, 'Chimney Broke', '25-DEC-07'

  I believe that something along these lines would be portable to most other databases.
  SQL> SELECT id, event, recordeddate
    2  FROM mylife o
    3  WHERE recordeddate = (SELECT MAX(recordeddate) FROM mylife i
    4                        WHERE o.id = i.id)
    5  UNION ALL
    6  SELECT id, event, recordeddate
    7  FROM mylife o
    8  WHERE recordeddate = (SELECT MAX(recordeddate) FROM mylife i
    9                        WHERE o.id = i.id and
  10                              i.recordeddate < (SELECT MAX(recordeddate)
  11                                                FROM mylife ii
  12                                                WHERE i.id = ii.id))
  13  ORDER BY id, recordeddate;
          ID EVENT                     RECORDEDDAT
           1 Fell down the stairs      22-DEC-2007
           1 Fell down the stairs      23-DEC-2007
           2 Tried to kiss santa       23-DEC-2007
           3 Reindeer stolen           24-DEC-2007
           4 Chimney Broke             25-DEC-2007John

• Multiple audit records per one report refresh

  We use BO XI R3 on Windows with CMS on DB2.
  I need to create audit reports on BO report usage with following data:
  username, timestamp, duration, report name for DeskI and WebI reports.
  I use auditing on DesktopIntelligenceCacheServer and WebIntelligenceProcessingServer.
  The problem is that I'm getting multiple records in AUDIT_EVENT table with different event_ids and timestamps per one refreshed report.
  Following SQL brings 2 records from WebI server all the time (first with duration=0) and from 1 to 5 records from DeskI server, all of them with real report duration.
  SELECT
  start_timestamp,
  ae.EVENT_ID,
  user_name,
  duration,
  object_type,
  detail_id,
  detail_text
  FROM BO_XI_R3.AUDIT_EVENT ae,
  bo_xi_r3.AUDIT_DETAIL ad,
  bo_xi_r3.EVENT_TYPE et
  where ae.EVENT_TYPE_ID=et.EVENT_TYPE_ID
  and ae.EVENT_ID=ad.EVENT_ID
  and ad.DETAIL_TYPE_ID=8
  and ae.EVENT_TYPE_ID=19
  order by 1;
  How to separate unique refresh info?
  Edited by: Valentin Volk on Oct 3, 2008 9:03 PM

  Valentin,
  The "duplicate" records that you are seeing, is it always consistent or just sometimes.  I ran you query against my Auditor database and sometimes (like maybe less than 50%) I am seeing "duplicate" records.  I say "duplicate" because the Event_ID is different in each case, but by sorty by start_timestamp, I can see a duration 0 record, and if the query takes like 5 seconds, then five seconds later I see the entry again (with a new Event_ID) and the second record has a duration of 5.  What does all this mean?  I don't know exactly, other than BO sees the act of submitting a report (sometimes) as an activity (and records an "enter" record with a duration of zero, zero for obvious reasons), then when the report ends another entry to the journal used to record the duration.  And at other times I don't see the "enter" record, just the entry with the duration.  In my practice we run a similiar query as you've provided but we do not record where duration is zero.
  thanks,
  John

• My C310 when powering up goes into "initializing" mode, per the printer screen, and stays that way

  I have a Photosmart Prem C310.  When I power it up, it goes into "initializing" mode on its screen, and stays there, with the little light beam circling the HP logo forever.  It never gets to the menu screen.  I can only power down by pulling power cord.  I reinsert power cord and it repeats the above symptom.  Any ideas, before I just junk it??
  Thanks!!

  Do you have it plugged directly into a wall outlet? If not, take it off of the surge protector and plug it directly into the wall outlet to ensure that it is getting enough power. Even if the prior set up is how the printer has always been connected; it can develop a problem over time by not being plugged directly into a wall outlet.
  The next step to take is to make sure that the light on the module is lit. I would then reset the external power module:
  Follow these steps to reset an external power module.
  Disconnect the power cord from the rear of the printer.
  Unplug the power cord from the electrical outlet, power strip, or surge protector.
  If the printer uses a power module with a detachable power cord, disconnect the cord from the power module.
  Wait 15 seconds.
  If the printer uses a power module with a detachable power cord, reconnect the power cord to the power module.
  Reconnect the power cord to the rear of the printer.
  Plug the power cord back into the electrical outlet. Do not use a power strip or surge protector.
  Check to see if the power module on the power cord has an indicator light.
  If the power module does not have an indicator light, continue to the next step.
  If the power module has an indicator light, make sure that the light is on.
  If the indicator light is off , contact HP to replace the power module.
  If the indicator light is on, try to power printer back on using power button. I hope that this helps.
  I am a former employee of HP...
  How do I give Kudos?| How do I mark a post as Solved?

• [7-mode] Per domain cpu utilization missing on CLI/ZAPI in OCUM but available in NMC

  Hello,I'm trying to get performance counters using ZAPI from perl (in order to export graphs to XLSX file). I can get regular performance counters (like FCP average latency) but I'm getting problems with domain busy.    Counter "processor:domain_busy" is invalid.  When I check on CLI on the OCUM it also doesn't show the domains. C:\Users\XP96SMPlsa>dfm perf counter list NTAP-20A-OW:processor:*:*:*
  Object Instance Counter Label1 Label2 Unit Priv
  processor processor3 processor_busy percent basic
  processor processor3 processor_elapsed_time none basic
  processor processor3 sk_switches per_sec basic
  processor processor1 processor_busy percent basic
  processor processor1 processor_elapsed_time none basic
  processor processor1 sk_switches per_sec basic
  processor processor2 processor_busy percent basic
  processor processor2 processor_elapsed_time none basic
  processor processor2 sk_switches per_sec basic
  processor processor0 processor_busy percent basic
  processor processor0 processor_elapsed_time none basic
  processor processor0 sk_switches per_sec basicBut when I use NMC to connect to OCUM in Performance Advisor fot the same object NTAP-20A-OW I can see the processor per domain utilization.   I have previously used the same perl code to connect to older DFM (4.2) and it worked. What do I have to do to get the domain counters over ZAPI/CLI ?   

  Hello,I'm trying to get performance counters using ZAPI from perl (in order to export graphs to XLSX file). I can get regular performance counters (like FCP average latency) but I'm getting problems with domain busy.    Counter "processor:domain_busy" is invalid.  When I check on CLI on the OCUM it also doesn't show the domains. C:\Users\XP96SMPlsa>dfm perf counter list NTAP-20A-OW:processor:*:*:*
  Object Instance Counter Label1 Label2 Unit Priv
  processor processor3 processor_busy percent basic
  processor processor3 processor_elapsed_time none basic
  processor processor3 sk_switches per_sec basic
  processor processor1 processor_busy percent basic
  processor processor1 processor_elapsed_time none basic
  processor processor1 sk_switches per_sec basic
  processor processor2 processor_busy percent basic
  processor processor2 processor_elapsed_time none basic
  processor processor2 sk_switches per_sec basic
  processor processor0 processor_busy percent basic
  processor processor0 processor_elapsed_time none basic
  processor processor0 sk_switches per_sec basicBut when I use NMC to connect to OCUM in Performance Advisor fot the same object NTAP-20A-OW I can see the processor per domain utilization.   I have previously used the same perl code to connect to older DFM (4.2) and it worked. What do I have to do to get the domain counters over ZAPI/CLI ?   

• Query to show stock value per group

  Hi Experts
  Would it be possible to create a query which would show me the stock value per item group in SAP?   I know this can be done through Stock Audit report etc, but as we have over 300 item groups I would like to see a report which show me only the group name and the stock value within that group.
  Thanks
  Geoff

  Hi Gordon,
  The 2% will be because in almost all cases the query is using Last Purchase Price to calculate the value, but the stock balance on 130000 account in Financials is being generated from the FIFO values of stock.   It is a problem we come up against a lot in calculating stock values - we probably wouldnt have gone down the FIFO route originally had we known!
  Regards
  Geoff