Delegate Control Restrictions...

Similar Messages

• Delegate Control in the masterpage viewable in a single web page?

  Hi,
  I am working on a emergency banner that will appear across all site collections' root website of a SharePoint Web Application using delegate control on the masterpage and user control on a feature.  I was wondering if there is a way to restrict
  the delegate/user control to activate only on a single webpage of a website.
  For example:
  I want the emergency banner to appear on the welcome page (e.g.
  http://mywebapp.com/sites/SiteA/Pages/default.aspx), but not in Site Settings/Contents (e.g.
  http://mywebapp.com/sites/SiteA/_layouts/15/viewlsts.aspx)
  Any help is greatly appreciated.

  ok, then try only second part: create feature of Web scope with Control element and activate it only on particular sites. Did you try it?
  Another option is to change logic of control itself: e.g. it may check some value in property bag of current SPWeb (e.g. ShowControl = true), and if it contains this flag, control will be rendered, if not just set this.IsVisible = false. I.e. you will be
  able to control on what sites to show the control via property bag.
  Blog - http://sadomovalex.blogspot.com
  Dynamic CAML queries via C# - http://camlex.codeplex.com

• Issue in custom delegate control

  hi 
   am  creating a custom delegate control with controlid ="AdditionalPageHead" . i deployed and activated as a  site collection feature.
  but i am not sure how to see the activated control/  how to see this control in action.
  below is my code:
  using System;
  using System.Collections.Generic;
  using System.Linq;
  using System.Text;
  using System.Web;
  using System.Web.UI;
  using System.Web.UI.WebControls;
  using Microsoft.SharePoint;
  using Microsoft.SharePoint.Administration;
  using Microsoft.SharePoint.Utilities;
  using Microsoft.SharePoint.Diagnostics;
  namespace OPUserDispName
    public  class EcmaScriptDelegateControl :WebControl
        protected override void OnLoad(EventArgs e)
            base.OnLoad(e);
            string helloAlert = "alert('Hello, world!');";
            this.Page.ClientScript.RegisterClientScriptBlock(this.GetType(), "popup", helloAlert, true);
  //          if(!HttpContext.Current.User.Identity.IsAuthenticated)
     //              return;
        //       SPUser user = //SPContext.Current.Web.EnsureUser("i:0#.f|OPMembership|OPAdmin");
     //          user.Name = "OPAdmin";
        //       user.Update();
  in my  elements.xml file  of my module :
  <?xml version="1.0" encoding="utf-8"?>
  <Elements xmlns="http://schemas.microsoft.com/sharepoint/">
      <Control Id="AdditionalPageHead" ControlAssembly="OPUserDispName, Version=1.0.0.0, Culture=neutral, PublicKeyToken=467af93481413beb" ControlClass="OPUserDispName.EcmaScriptDelegateControl"
  ></Control>
  </Elements>
  here i wanna see alert when the activated/or page load happened.
  may i know, how to see this, in working. as per the current scenario, am unable to see any output even after feature activation. 
  do i need to do any settings in master page? do i need to perform any changes in web.config.
  help is appreciated!

  This has complete solution.
  http://www.codeproject.com/Articles/113704/SharePoint-Master-Page-Customizations-Through
  can you try RegisterStartupScript instead
  of RegisterClientScriptBlock?
  Bala

• Question about Delegate Control to Desktop Support

  I am working on delegating control to a newly formed/reclassified position in my company. This role will primarily provide Desktop Support. They will have little to no need to log into servers.
  I have already gave them admin rights to the end users machines, now I just need to grant them the proper rights in ADUC/Exchange so they can properly perform their role.
  Here is what they will need to do:
  User account lifecycle management (Create, change, delete, change password, etc)
  Computer account lifecycle management (Create, change, delete)
  Security & Distribution Group membership management (Create, change, delete)
  Exchange mailbox creation (Exchange Recipient Administrators)
  Run RSOP for GPO
  Basically, I want them to have full control over user, computer and group objects. This way they can create users, change group memberships,  add computers to domain, delete computer objects, etc.
  The problem I am having, I am not sure what rights I need to grant them via the delegate control wizard to accomplish all of that. I know I could just grant them "Full Control" of the OU structure containing all of our user, computer and group
  objects, but would like to avoid that unless its really what I need to do in the end.
  Any assistance would be appreciated!
  Thanks!

  I would not recommend providing Full control over user, computer and group objects. Provide permission based on the tasks that they need to perform. The following articles
  should help you:
  User/computer/Add remove members to Groups Delegation
  http://kpytko.pl/2012/05/16/active-directory-rights-delegation-overview/
  http://kpytko.pl/2012/05/26/active-directory-rights-delegation-part-2/
  http://social.technet.microsoft.com/wiki/contents/articles/6477.how-to-view-or-delete-active-directory-delegated-permissions.aspx
  Exchange Mailbox Delegation :
  http://blogs.technet.com/b/matabra/archive/2011/09/16/how-to-create-a-custom-recipient-management-group-using-exchange-2010-rbac.aspx
  Run RSOP for GPO Delegation:
  http://technet.microsoft.com/en-us/library/cc758756(v=ws.10).aspx

• Control/Restriction of ECC SoS as per Source List in MM ?

  Hi Experts,
  We are configuring SRM7.0 with ECC6 ( Ehp4) having Classic Scenario .
  We are going to use ECC Contract & info Record as a SoS in Shopping Cart in SRM.
  Can we control / restrict the proposing of these SoS as set in Source List in ECC just like in MM Module?Thanks
  NAP

  I checked it and it is Possible.

• Delegate Control of an OU

  how do i Delegate control for an OU so that members of a group that has been delegated control and move computer objects from one OU to another?
  I can delegate control for users and groups but can't seem to be able to delegate control of computers in a way that allows me give admins rights to move them from OU to OU
  Systems is Windows Server 2008 Active Directory.paddy ryan

  Hi,
  You can use the following steps to grant a group to control the two OUs. Then, members in this group could move computer objects between these two OUs.
  1. In ADUC, right click the first OU and select Delegate Control.
  2. Add the group you want.
  3. Select the "Create a custom task to delegate" option and click Next.
  4. Select "Only the following objects in the folder".
  5. Check the box before "Computer objects" in the list.
  6. Check the box before "Create selected objects in this folder" and "Delete selected objects in this folder". Click Next.
  7. Check the box for "Write".
  8. Click Next and Finish.
  9. Perform the same steps on another OU.
  After that, members in the group could move computer objects between these two OUs.
  If anything is unclear, please let me know.
  Regards,
  Bruce

• Delegate Control on OU for Non-Admins

  Hello. I have an OU for a remote office. There is a local IT person who is able to join computers to the domain and manage the OU. I created a security group and this person is in this group. I have given the delegate control permission to this group and
  everything is working fine. The IT person can join computers to the domain and do other things in the OU. The issue is that a new IT person has joined the team in that remote office and he needs the same rights. I added him to the security group but for some
  reason he cannot join computers to the domain. He gets an access denied error. What am I missing??
  Asif Shah

  Hello. I have an OU for a remote office. There is a local IT person who is able to join computers to the domain and manage the OU. I created a security group and this person is in this group. I have given the delegate control permission to this
  group and everything is working fine. The IT person can join computers to the domain and do other things in the OU. The issue is that a new IT person has joined the team in that remote office and he needs the same rights. I added him to the security group
  but for some reason he cannot join computers to the domain. He gets an access denied error. What am I missing?
  In addition check the user membership in other groups. Maybe he has Deny access somewhere in the domain.
  Mahdi Tehrani   |  
    |  
  www.mahditehrani.ir
  Please click on Propose As Answer or to mark this post as
  and helpful for other people.
  This posting is provided AS-IS with no warranties, and confers no rights.
  How to query members of 'Local Administrators' group in all computers?

• Can i use parental controls restrictions alone or should i purchase 3rd party software

  Can I use parental control restrictions alone or should I purchase 3rd party software?

  There isn't much 3rd party software can do in the way of parental controls on the iPhone due to the way apps are sandboxed.

• Delegate Control - Add/Remove Computers

  We are looking at a way to delegate control to our client services group so that they can add and remove computers from the domain.  I am not seeing this in the available options.  We'll be applying this to certain OU's within the domain to ensure
  they cannot remove critical server accidentally such as a DC.  Ideas or links are appreciated.
  Thanks!

  These articles cover delegating these rights to users.  In general delegating these rigths creates issues because the user that created the object is given full control, and therefore they can do things other users can't.  Moving an object requires
  special rights in the source and target OU, while managing all computers in multiple OUs requires additional rights.
  How to allow specific users to add workstations to the domain
  http://networkadminkb.com/kb/Knowledge%20Base/ActiveDirectory/How%20to%20allow%20specific%20users%20to%20add%20workstations%20to%20the%20domain.aspx
  How to overcome issues related to specific users adding workstations to the domain
  http://networkadminkb.com/kb/Knowledge%20Base/ActiveDirectory/How%20to%20overcome%20issues%20related%20to%20specific%20users%20adding%20workstations%20to%20the%20domain.aspx
  How to allow users to fully manage Computer objects in an OU
  http://networkadminkb.com/kb/Knowledge%20Base/ActiveDirectory/How%20to%20allow%20users%20to%20fully%20manage%20Computer%20objects%20in%20an%20OU.aspx
  How to allow users to move computer objects between OUs
  http://networkadminkb.com/kb/Knowledge%20Base/ActiveDirectory/How%20to%20allow%20users%20to%20move%20computer%20objects%20between%20OUs.aspx

• Delegate Control (AdditionalPageHead) rendering...but when?

  Hi,
  can someone tell when a Delegate Control (AdditionalPageHead) is rendering?

  It renders in the Initialization Page Lifecycle event,
  In the v4.master page, in the additonal head place holder, there is a delegate control, literally SharePoint:Delegatecontrol... etc defined in the markup.  it has an ID of AdditionalPageHead.
  When the delegate control loads in the Initialization lifecycle event, it goes through the Features folder in the 14 hive and looks for Element.xml files that define <Control.. nodes.
  If the control nodes ControlID is set to AdditionalPageHead, the delegate caches them, and then initializes the control the Control node references in the order of their
  Sequence.  The control node with the lowest Sequence gets initialized first.
  Any control loaded via that delegate control should be available in a child controls CreateChildControls method, assuming you did base.CreateChildControls() first.  Any script output in an ascx control loaded by that delegate control should render in the
  page head of a page at the end of the page head.  The delegate control is declared after the ootb sharepoint scrip and css includes, so anything you deploy to that delegate control should have all the ootb javascript available and you can use ExecuteOrDelayUntilScriptLoaded
  to wait for a sharepoint java api to finish loading (they load dynamically).
  Additionally, if you need a control to load in a delegate control someplace else, you can edit the master page for a site and add your own delegate control place holder.
  My Blog: http://www.thesug.org/Blogs/ryan_mann1/default.aspx Website: Under Construction

• Hi, I keep getting this message: Creative Cloud attempted to access a secure website, Parental Controls restricts access to secure websites. To add this website to your approved list, click Add Website. To do this, you need an administrator password.

  Hi, I keep getting this message: Creative Cloud attempted to access a secure website, Parental Controls restricts access to secure websites. To add this website to your approved list, click Add Website. To do this, you need an administrator password.
  what is this? what password do i need?
  I am trying to download Creative Cloud but it not working?

  Tamaro34896425 the error message you have posted appears to be related to the settings of your security software.  You can find guidance on how to configure software firewalls at Sign in, activation, or connection errors | CC, CS6, CS5.5 - http://helpx.adobe.com/x-productkb/policy-pricing/activation-network-issues.html.  You can find a link to the list of secure servers that the computer will need access to.

• Control/restrict user access

  Hi,
  we are currently on EP7.0,would like to find out if we are able
  to control/restrict number of users from accessing an ESS transactional
  page. Thanks.

  Hi Eric,
  access to portal content is managed with help of portal roles. Basically, you assign portal content (worksets, portal pages, iViews) to a portal role (see SAP Library  <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/4f/bceaffeb8c114ebef8255b63079c7c/frameset.htm">Roles and Worksets</a>). To make the content available to a certain set of users you have to assign the portal role to the users (see SAP Library <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/ed/845890b89711d5993900508b6b8b11/frameset.htm">Assigning Roles to Users and Groups.</a>).
  If you would like to restrict access to a certain ESS portal page remove this page from the standard ESS role and create a new role. Assign the ESS portal page to this new role and assign the role to all users you would like to give access to the page.
  Make sure you set the right Merge-Ids and Sort-Ids in order to display the ESS portal page at the right point in your portal navigation structure (see SAP Library <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/53/89503ede925441e10000000a114084/frameset.htm">Merging Navigation Nodes and Defining the Sequence</a>)
  Best regards,
  Martin
  <i>Please reward points for helpful answers</i>

• Delegate control, how can I find out which one is being used?

  I am working with some mysites customizations and came across a delegate control. How can I tell which control SharePoint is currently pointing this delegate control to?  If someone already swapped it out, how would I know?
  <SharePoint:DelegateControl runat="server" ControlId="ColleaguesLink1" Scope="Farm" />
  What does ColleaguesLink1 currently point to?  What did it originally point to?

  This blog post may get you started (same applies to SharePoint 2010):
  http://usingsystem.wordpress.com/2008/04/11/sharepoint-delegatecontrol/
  I hope this helps,
  Regards,
  Yuri Lausberg, MCP, MCAD, MCSD, MCTS, MCPD

• Access control - Restricted access not working

  Hi
  I have an application I have created an Access Control administration page in. I have set the application mode to 'Restricted access. Only users defined in the access control list are allowed'. I have defined two users one with administrator and one with edit privileges. I have a third workspace user who is not listed on the access control page.
  I have added the authorisation scheme to the tabs, pages and page items I require. This appears to work fine if I change the privilege of one of the listed users to 'view' the items disappear and cannot be accessed.
  The issue I have is that the workspace user who is not listed can still log into the application, and has the same access as 'view' privilege. My understanding is that the 'Restricted Access' application mode should prevent this user from accessing this application as they are not explicitly listed?
  Have I missed some set-up, misunderstood the meaning of 'restricted access' or is it some sort of bug? I am assuming I have missed some set-up somewhere.
  PS This is APEX 4.0.2 on 11g
  Edited by: tlane on 15/02/2011 19:43

  I have set the application up on apex.Oracle.com
  http://apex.oracle.com/pls/apex/f?p=48123:101:506666493527664
  four users have been defined :
  control_admin
  control_edit
  control_view
  control_na
  The first 3 are defined on the access control page available on the user_admin tab when you login as control_admin user.
  user control_na is not listed but can still access the application.
  password for all users is : demo1234
  Thanks in advance for all help with this issue.

• Parental Controles, restricted apps...

  Hi,
  I've set my sons machine up with parental controles and restricted what apps he can run.   Everything seemed ok, but one of his apps contains a unix executable within the package.  Now whats happening when he uses this allowed app, it trys to use unrar and throws up a message telling him its not allowed. I've tried clicking on the Allways Allow button and giving the admin password but its not working.
  I've even tried opening the app package and draging the unrar exe into the allowable apps box, but it just disapears after a reboot.  Anyone know if there is a list of apps I can add to manually...?
  Many thanks in advance...

  I don't have "Tiger", but with "Panther", this issue was most often due to the fact that the problem app did not have either (depending on the type of app) a unique "creator" code, or a 'CFBundleIdentifier' specified in its "Info.plist" file. As alluded to in the article below, the responsibility lies largely with the developer of the programme, although there are some special cases where Apple could improve things on their end.
  http://docs.info.apple.com/article.html?artnum=300842
  At this point, you could begin to look in to how to edit the "Info.plist" file, and make modifications to the 'mcx_settings' (in the "NetInfo" database where the settings for "managed" accounts are stored), and this would be necessary for a "Some Limits" account.
  However, for a "Simple Finder" account (which doesn't actually limit application use), an easier workaround would be for the "admin" to switch to log in to the account, go to "Finder" > "Switch to Full Finder", and manually add "alias" files for the "missing" applications to a folder accessible to the user. Note that if the user's "~/Library/Managed Items/My Applications" folder is to be used, it will be necessary to use "Get Info" to "lock" the aliases since the contents of that folder are determined by the contents of 'mcx_settings' and any alias not listed would be deleted during the next login unless it is locked.