Delegate access for Bitlocker recovery on an OU only?

Similar Messages

• I need help with Bitlocker recovery

  Hi thanks for taking the time to read this. My laptop was running very rough so I put all my information onto my external hard drive. I wasn't thinking that my external would be locked if I re-downloaded windows 7 ultimate on my computer but guess what
  it's locked now. My first question is does the full bit-locker recovery key identification help me at all? My second question is either know I re-downloaded windows 7 on my computer is the info I'm looking for still obtainable? I really need this info but
  I'm afraid it might be lost. I feel stupid lol.

  I don't have access to the Bitlocker recovery tool on my version of Windows, but when I was supporting a bitlocker environment, you could install a bitlocker recovery tool on Vista.  There was an update you had to download and install, then add the
  Windows feature for Bitlocker Recovery Tool.  You would enter the first 8 alphanumeric characters of the recovery key and it would provide the 48 character numeric recovery password.
  I have a Windows Server 2012 R2 vm that does not appear to have that feature.
  Maybe try this link:
  http://www.sevenforums.com/tutorials/210071-bitlocker-drive-encryption-unlock-locked-data-removable-drive.html
  There are also a lot of references to Bitlocker Repair, which would probably work as well even though the drive isn't damaged, but you would need another drive on which to decrypt the data.  But the link above should work for you.

• Restrict access for Vendor Master Data

  Hi all.
  Our company structure is like below:
  Single instance, just one mandant.
  Company codes like 1001, 3001, 6002, 6006, etc... over the world.
  At some companies just the central administration can create vendor for the companies using the transaction XK01.
  Now we need to give access to users from one of our company from other country but we can´t give access to transaction XK01 because just the central administration can create the master data for the vendors.
  I already read about the object F_LFA1_AEN that is possible to create some field groups and give access just for the rigth groups. I also read that this authorization groups don´t have effect on the vendor master data like address.
  How can I restrict access for the vendor master data? I´m thinking to give access to transaction FK01 and MK01 and restrict access for create a new vendor, I only want that the users can create the data for a new company or new purchase organization.
  Thank you
  Darlei Friedel

  among many other authorization objects, you find following three:
  F_LFA1_GEN general data
  F_LFA1_BUK company code data
  M_LFM1_EKO purchasing org data.
  If the user does not have authorization for F_LFA1_GEN , then he cannot maintain general data.

• I'm having trouble getting my reset link for my security questions because I no longer have access to the recovery email address

  I'm having trouble resetting my security questions because I no longer have access to the recovery email account that the link gets sent to and I can't make any purchases in the app or iTunes Store until this is fixed because I'm on a new iPad and it won't let me make any purchases until I've done so

  You need to ask Apple to reset your security questions; ways of contacting them include clicking here and picking a method for your country, phoning AppleCare and asking for the Account Security team, and filling out and submitting this form.
  (97070)

• Using USB for Bitlocker in a Bootcamp install of Windows 7 x64 Ultimate on early-2011 Macbook Pro

  First of all some details on my current setup:
  Macbook Pro 15" (early 2011) with a i7 QM processor and 8 GB RAM, Superdrive and HD installed
  Mac OS X 10.7.3
  Windows 7 x64 Ultimate in a Bootcamp setup
  Existing partitions on HD are EFI, MacOS X, Bitlocker Startup, Windows
  I removed "Recovery HD" after creating DVD image contained in latest Lion installer from AppStore.
  What I got so far:
  It took some time to find a way for Windows getting a second partition to be used for Bitlocker startup files. Using existing partition layout I replaced previously existing "Recovery HD" partition for Bitlocker partition in Windows (after taking dd-based image of Recovery HD).
  Recently I tried to enable Bitlocker and continued to fail on Bitlocker System Check claiming to have no access on USB while booting. And that's my issue ...
  I read about using Windows' diskpart to have a GPT partitioned USB stick containing single NTFS partition. I tried to achieve the same with disk management in Mac OS X though it was creating a hybrid MBR/GPT setup that wasn't recognized by Windows at all. Then I tried partitioning in Mac OS X to have GPT partitioning, used Clonezilla Live CD's gdisk to apply hybrid setup another time. I even tried to do the whole partitioning in Linux using gdisk, but Windows still didn't recognize the formatted partition on USB stick then. So, the only way found is using diskpart in Windows to get a GPT-based USB-stick with a single NTFS partition.
  I put my startup key there (attributed as hidden, system file) and tried to restart several times. On every boot Windows is prompting for inserting valid startup key as it wasn't found. The partition is encrypted already and entering the printed 48 digits recovery key gets me in every time.
  If I keep the stick inserted the boot is noticeably delayed, but it's instantly continuing as soon as I unplug the stick. So there is something processing the stick ... I tried different sticks, but hope it's not related to using one special stick since they are used to support similar (equivalent) interfaces, aren't they?
  Don't tell me about using TrueCrypt or similar as I prefer to use existing software instead of adding 3rd-party software doing things the same way. And for True Crypt USB must be readable at boot as well. And previous trials with different approaches rendered all failing at some point of setup. Finally, I don't want to reinstall existing Windows as it keeps me from working even more.
  Found some post regarding trouble with Lion installations (e.g. I can't use rEFIt ... it simply didn't show up and this seems to be related to using Lion), found the KB article of Apple on preparing USB external storage for use at boot, but all troubleshooting hints didn't help.
  What the heck is wrong with this setup?
  EDIT: There is no problem to have Bootcamp starting previous Recovery HD partition now Bitlocker startup partition instead of originally prepared Bootcamp partition, which is encrypted now. This is in contradiction to other posts here. I'm sure Apple support isn't best choice to ask for support as this problem is MS specific and thus Apple won't care that much ...

  Well, I've seen lots of those threads as well and most failed to manage cooperation of Bitlocker and FileVault, have trouble to get a second partition for windows to use with bitlocker or truecrypt etc. But these issues don't apply to me anymore.
  Next there are threads instructing how to get a USB stick to work with Bitlocker claiming to have GPT instead of MBR so EFI is gaining any access on them. Those cases seem to work with MacBooks running with Windows, only, thus passing the issues mentioned in paragraph before as well.
  And there is my confusion originating from: I can remember some sites claiming to have trouble with EFI on a Mac using Lion, but all those sites are older than Lion's final release date. So I don't know if there is a similar issue today or if I'm actually missing some option ... rEFIt isn't working with Lion according to the refit site itself. Some sites claim EFI is behaving differently on whether there is a super drive or not as Lion isn't supporting USB booting as long as booting from DVD/CD is available ... what's true about those facts? Is my problem related to having a super drive? Are things getting better as soon as I'm replacing my superdrive by a second internal drive? Is it that strange or some sort of plausible behaviour?
  According to GPT, Windows 7 is obviously failing to properly detect hybrid MBR/GPT setups on USB sticks while that's what MacOS' disk manager is doing on having GPT-based single partition stick with exFat format. Instead of using the second hybridized partition it's accessing the protected part, only. If I'm converting a disk to GPT in windows everything works fine, but then without hybridized MBR ...
  Regarding the fans I'm with you ... as soon as processor load is exceeding 5% the fans get quite noisy ...

• Sudden prompt for Bitlocker key without Any Hardware, Bios or Software Changes

  Hi
  My 3 Dell Windows 7 Enterprise laptops suddenly prompted me for a Bit locker key with out any changes made to them. I just wanted to find the root cause of the issue as I made no changes to the laptop. Looking at the Microsoft page for Bitlocker failures
  found nothing that might have caused the bitlocker recovery key prompt. One of the three laptops I had in my draw and haven't turned on for few months until yesterday.
  Only common thing between the laptops they were all encrypted about the same time a year ago and until now I have never been prompted for the bit locker recovery key.
  Looking through the system logs I found the two error messages below on all three laptops.
  Event id - 24635
  General - Bootmgr failed to obtain the BitLocker volume master key from the TPM because the PCRs did not match.
  Details
  System
  Provider
  [ Name]
  Microsoft-Windows-BitLocker-Driver
  [ Guid]
  {651DF93B-5053-4D1E-94C5-F6E6D25908D0}
  EventID
  24635
  Version
  0
  Level
  2
  Task
  0
  Opcode
  0
  Keywords
  0x8000000000000000
  TimeCreated
  [ SystemTime]
  2014-01-21T08:15:55.932006100Z
  EventRecordID
  50445
  Correlation
  Execution
  [ ProcessID]
  4
  [ ThreadID]
  52
  Channel
  System
  Computer
  FT-WL25662.FTROOT.com
  Security
  [ UserID]
  S-1-5-18
  EventData
  ErrorCode
  0xc0280018
  Volume
  C:
  WritePhase
  0x0
  VolumeGUID
  {43C5A384-AC50-4017-9B84-DB1B1448041C}
  OptionalGUID
  {00000000-0000-0000-0000-000000000000}
  Flags
  Event id - 24636
  General - Bootmgr failed to obtain the BitLocker volume master key from the TPM.
  Details
  +
  System
  Provider
  [ Name]
  Microsoft-Windows-BitLocker-Driver
  [ Guid]
  {651DF93B-5053-4D1E-94C5-F6E6D25908D0}
  EventID
  24636
  Version
  0
  Level
  2
  Task
  0
  Opcode
  0
  Keywords
  0x8000000000000000
  TimeCreated
  [ SystemTime]
  2014-01-21T08:15:55.932006100Z
  EventRecordID
  50446
  Correlation
  Execution
  [ ProcessID]
  4
  [ ThreadID]
  52
  Channel
  System
  Computer
  FT-WL25662.FTROOT.com
  Security
  [ UserID]
  S-1-5-18
  EventData
  ErrorCode
  0xc0280018
  Volume
  C:
  WritePhase
  0x0
  VolumeGUID
  {43C5A384-AC50-4017-9B84-DB1B1448041C}
  OptionalGUID
  {00000000-0000-0000-0000-000000000000}
  Flags
  0x1500300
  I can't find any useful information regarding these error logs so hoping someone here might be able to help me in find out the root cause of this issue.
  Thanks

  Hi,
  Please update the BIOS to improve the stability for TPM.
  I also would like to suggest you disable and enable BitLocker again to reset the settings, which may waste you a little time.
  Andy Altmann
  TechNet Community Support

• Error:[The specified object was not found in the store] when trying to read another mail box using Delegate access

  Hi all,
  I need to create service to access all unread mails of  other mailbox's every time in Exchange server 2013, for that i trying to use Delegate access.
  but i am not succeed. I am getting Error Every time : [The specified object was not found in the store]
   error shows in FolderId in  
  var folderId = new FolderId(WellKnownFolderName.Inbox, userMailbox);
  List<DelegateUser> newDelegates = new List<DelegateUser>();
  DelegateUser emailDelegate = new DelegateUser("[email protected]");
  emailDelegate.Permissions.InboxFolderPermissionLevel = DelegateFolderPermissionLevel.Editor;
  newDelegates.Add(emailDelegate);
  Mailbox mailbox = new Mailbox("[email protected]");
  Collection<DelegateUserResponse> response = service.AddDelegates(mailbox, MeetingRequestsDeliveryScope.DelegatesAndSendInformationToMe, newDelegates);  var userMailbox = new Mailbox(useremail);
      var folderId = new FolderId(WellKnownFolderName.Inbox, userMailbox);
      var itemView = new ItemView(20);   
      var userItems = service.FindItems(folderId, itemView);
   i changed my code in many ways by adding new Delegate User with different folder permissions.
   but i am getting same Error, Please help me.

  That error means you don't have rights to the Mailbox your trying to access. In Exchange by default the only user that has access to mailbox is the owner of the Mailbox, Exchange Administration rights does not grant you access to another users mailbox. You
  need to either specifically grant rights to each mailbox using Add-MailboxPermissions or use EWS impersonation where you can impersonate the owner of the Mailbox see
  http://msdn.microsoft.com/en-us/library/bb204095(EXCHG.140).aspx and
  http://msdn.microsoft.com/en-us/library/office/dd633680(v=exchg.80).aspx
  Cheers
  Glen

• Lync delegate access without Enterprise Voice enabled

  I need the delegate access functionality but due to our current configuration we do not (yet) have enterprise voice setup or enabled. We have assistants that are scheduling meetings on behalf of others and need the conferencing functionality. I
  have only been able to get this work when the enterprise voice is enabled for the delegate, does any one know of a workaround that I can use and not have to enable enterprise voice??
  Thanks in advance!

  Hi,
  Agree with Matt. The feature is not available without enabling Enterprise Voice.
  Regards,
  Kelly

• Automator Watch Me Do gets stuck on "Enable Access for Assistive Devices

  I built a simple Automator Watch Me Do Work Flow that simply pastes text I have already copied into Text Edit and then sets the Font, Size, Color and Make All Caps function.  Every time I run the script it stops and gives me the following error "Enable Access for Assistive Devices".  I have gone into System Preferences/ Universal Access a number of times and confirmed the check box is selected, I even unselected the check and ran the Auotmator script and went back and reselected the check box, I even rebooted my machine, I tired this on another Mac same problem. I must be missing something, can anyone help me out?

  Boot into recovery mode and reinstall the OS. You don't need to get it from the App Store.
  27" i7 iMac (Mid 2011) refurb, OS X Mavericks (10.9.4), ML & SL, G4 450 MP w/Leopard, 9.2.2

• ASM Direct file access (for creating standby database in Standard Edition)

  Hi all,
  Just really looking for any opinions, experience etc. that people may have about this.
  My company are looking to set up a RAC system. They have also asked me to think about creating a standby database for disaster recovery. The first problem they give me here is that they only pay for Standard Edition of Oracle, therefore Dataguard is not an option.
  I know that one can setup "manual" standby databases with Standard Edition, automating the shipping of archive logs with hand-written scripts etc. However, as the primary here is RAC, and will be using ASM on the shared storage, I'm not sure that this would be possible (and I'm even less sure that it would be desirable!). I say this because I don't know of a way to access (using only the O/S and/or Oracle) the database files stored in ASM, and even if there was a way, I can't imagine it being a good idea..
  Anybody know of a way to tackle it, or care to contribute anything to this? As I say, my opinion is that even if it is possible to get to those files within ASM and hence manipulate them, I'd be worried that it wouldn't be such a good idea. But I'm willing to bet I'm not the first to have thought about it...
  Regards,
  Ados
  Edit 1:
  Sorry, I should state that in principal, the basic environment is:
  Windows 2003 Server
  Oracle 10g R2
  I didn't state that originally though, as I'd be keen to hear from anyone who may have attempted this on any O/S and Oracle version.
  Edited by: Ados on 16-sep-2009 9:32
  Edit 2:
  I also realise we could put the archive logs on the local nodes.. but to reinforce the point, I'm talking about having them on the shared storage where - in theory - the management is easier and more effective.
  Edited by: Ados on 16-sep-2009 9:35

  For anyone interested..
  I guess it would be done using RMAN (in fact, I'm sure of it...) in which case, I feel a lot more comfortable doing it!!
  For example:
  backup as copy archivelog ALL to destination 'c:\temp\';
  This way, it shouldn't matter if the arch logs are stored using ASM, we can now get them and "see" them.. and hence "manipulate" them (pass them on to a standby DB, for example).
  I'm just waiting to get my hands on a Standard Edition installation where I can test all this.. To try it all out (with 2-node RAC, and a standby server) I don't think I'll get a chance, so still interested in opinions, or if anyone's actually done this.
  Regards,
  Ados

• Adding new hard drive for Flash recovery area

  i am adding new hard drive for flash recovery area. How i can make single directory on that flash recovery area & how i can test that i am accessing that rightly , to that directory & flash back recovery area disk?

  Are you on Windows or Unix? And are you using ASM?
  I'll assume you are on Windows....So after allocating the drive, you will format it say as F drive. Then you can create a directory T:\Flash. The parameter determining the location of the flash recovery area is db_recovery_file_dest. But you also need to set the size of the flash recovery area as well. After that's done. You can do your backups to Flash and see if the directory is populated.

• Surface Pro 3 boots to BitLocker Recovery everytime

  No matter what, Surface Pro 3 boots to the BitLocker Recovery screen every time. I've tried to do a clean Windows 8.1 installation and it still goes to the BitLocker Recovery screen.
  If I press Esc, it goes to this screen:
  Any suggestion is much appreciated.

  Hi Charlie,
  Here is a link for reference of getting into the scenarios ,the hyperlink in it may be more comprehensive :
  Issues Resulting in Bitlocker Recovery Mode and Their Resolution
  http://blogs.technet.com/b/askcore/archive/2010/08/04/issues-resulting-in-bitlocker-recovery-mode-and-their-resolution.aspx
   “I've tried to do a clean Windows 8.1 installation and it still goes to the BitLocker Recovery screen.”
  Do you mean the recovery screen will occur even after we have made a clean installation ? How did you made a clean installation ?Have the drive been formatted ?
  Usually the bitlocker is used to protect the data in the drive ,it should be usable after we formatted it by doing a clean installation. After all it is meaningless after we have formatted the drive .According to the link
  Please check your symptom according to the link ,it is recommended to unplug all the external device when you performed a clean installation .
  Best regards

• Minimum size of SGA for the recovery catalog db ?

  I've created a recovery catalog database and by default the total size of the SGA is 180MB. Problem is, there isnt' much memory on development server to run the target and recovery catalog database (catdb).
  Would it be possible to startup catdb with an SGA of size 10 MB or so? What's the minimum size? I figured since catdb is only used as for the recovery catalog and would rarely be access or changed, it doesn't need to use that much memory.
  Thanks in advance

  Hi David,
  In 10g, the minimal shared_pool_size is 120M, otherwise you will get
  ORA-00371: not enough shared pool memory, should be atleast 123232153 bytes
  You can set java_pool_size to 0, which is NOT the default.
  You could also set the large_pool_size to 0, but I am not sure this is recommended.
  In 8.0 shared_pool_size could be as low as 300K. Read your Reference manual for the values specifics to your version
  HTH
  Laurent Schneider
  OCM DBA

• I can't remember my security questions and have no access to the recovery email address

  I can't remember my security questions and have no access to the recovery email address

  You won't be able to change your rescue email address until you can answer your questions, then you will have to contact Support in your country to get the questions reset.
  Contacting Apple about account security : http://support.apple.com/en-us/HT5699
  If your country isn't on that page then try this form and explain and see what they reply with : https://ssl.apple.com/emea/support/itunes/contact.html
  When they've been reset you can then update your rescue email address to an account that you have access to for potential future use : http://support.apple.com/en-us/HT201356
  Or, if it's available in your country, you could change to 2-step verification : http://support.apple.com/kb/HT5570

• Outlook 2010 Delegate Access Not enable

  In outlook 2010, when i only have the single account, the delegate Access Function is fine.
  When i add more thank one account, the delegate access is gray out.
  are there have any solution?

  Hi Daney,
  I have tested on my lab (Exchange 2010 + Outlook 2010), result as below:
  User: Mavis01, Mavis02, Mavis03.
  Permission: Mavis01 has Full Access permission for Mavis02's mailbox.
  Action:
  1. Create a profile for Mavis01's mailbox, then add Full Access permission for Mavis02's mailbox.
  2. Restart Outlook, I can see Mavis02's mailbox shows up under Mavis01.
  3. Then I add Mavis03 account into this profile, restart Outlook.
  4. Mavis01, Mavis02, Mavis03 are all listed in Outlook, and nothing gray.
  "Delegate Access" gray out seems that it is a permission issue, however the delegate function works well if doesn't add account into one profile.
  I suggest run Outlook under safe mode or re-create profile for testing.
  Thanks
  Mavis Huang
  TechNet Community Support