Deny permissions for specific device collections

Similar Messages

• I am running Lion 10.7.2 and I have an external drive hooked to my time machine. I can't rename folders and when trying, I get an error code 8076. The checkbox "ignore permissions for this device" does not show on volume info. Help please???

  I am running Lion 10.7.2 and I have an external drive hooked to my time machine. I can't rename folders and when trying, I get an error code 8076. The checkbox "ignore permissions for this device" does not show on volume info. Help please???

  The TIme Machine volume does not have that checkbox.
  I think the issue is with your Finder...
  Go to Finder "Go" menu hold the option key and choose Library. Then go to Preferences trash these files:
  com.apple.finder.plist
  com.apple.sidebarlists.plist
  Then, restart, or log out and in again.
  (You will have to reset a few finder prefs the way you like them.)

• ISE - Guest - permanent access for specific device

  Hello,
  In brief: I'm using ISE 1.2, 5508 wlc and few 3702-I APs - brodcasting 2 SSIDs: Internal and Guest (Internet olny). Guest SSID forces user to provide username and password through guest portal.
  Is there any way to configure some policy on ISE to allow specified mobile device(s) (filtering by IMEI or MAC address) access to Internet via Guest network without necessity of provide username and password? An exception that is avoiding guestportal and/or permanent remember that particular device.

  Hey kkoziarski,
  It sounds like you are looking for the functionality of that known as Web Passthrough.  Where the device can just view some TOC and possibly be presented with a Guest AUP.  This is something that is doable with a Standalone WLC, as I am sure you know.
  Funny thing is that I was coming here to post something along the same lines.  I've spent the past week researching and trying some configs on both ISE 1.2 and ISE 1.3.  It appears that the final answer is no.  This wouldn't be performing any authentication and neither would it be applying any permissions to the device/user, which at that point - it wouldn't be utilizing any of the functionality of ISE.
  What I have found is that there are 2 methods that can offer a similar experience, but will not be a true Webb Passthrough, and it will not be easily configurable.
  1.  Creating a customized HTML page for the WebAuth AUP, that would then have the username and password embedded in the code, and more than likely need to be linked to the Submit button or something of that nature.
  2.  Utilizing ISE policies on a per-WLAN basis and including specific attributes, which would then have to communicate with the above custom HTML page.
  Any other users out there, please feel free to correct me if I am wrong!  I wonder if they will ever come out with a feature as such :/

• Change/Set permissions for specific application?!

  I have at least one application that always enables GPS although it isn't needed --> more power consumption, I don't know why it is doing this. Additionally I have some applications I don't want to have access to the internet (at least if I'm not connected to Wifi).
  On the other hand I have a java application that should have access to GPS and mobile data without asking every time for the permission.
  Where/How can I achieve this? Why have some applications always to ask when others have permissions for things they don't need for proper function?
  PS: N8 with Belle

  Hi AUTxRemoteC,
  According to the best of my knowledge you can only access suite settings and change them according to your preferences for certain applications only. To be able to do so, go to Menu> Settings> Installations> Already Installed the open it. From there, you can only change specific application settings and I know mostly java applications use this method. To check on which applications that you can access and change the settings place your finger to the desired application and hold it and when you see suite settings then you can change it settings. Usually when you hold to an application there is view details and delete but when you see the extra option that is suite settings then open suite settings and change them to your preferences.
  I hope that it helps you.
  Ngwangwa - Six Million Ways To Die Choose One

• File and folder permissions for specific AD groups

  Having a special folder over multiple servers that certain user groups can access with specific permissions I'd like to audit the security mappings using get-acl commandlet. It's easy for a single folder but I would need subfolders and files too. I know
  I can assign a variable say $object = dir c:\MyShare -recurse  and then would need to somehow pipe each object to get-acl and filter for the AD groups I'm interested in. Ideally if the results were then passed on to csv. Can someone help with getting
  this to work?
  yaro

  Hi Yaro,
  I checked your script, and found you haven't defined the variable $folder before use, please refer to the script below:
  $folders = dir D:\TEST1 -recurse | where {$_.psiscontainer -eq $true}
  foreach($folder IN $folders){
  $folder|Get-Acl | Select-Object -ExpandProperty Access | where {$_.identityreference -match "sys|Adm"}
  Get-Acl $folder.fullname | Select-Object -ExpandProperty Access | where {$_.identityreference -match "sys|Adm"} |
  Select-Object @{n="object";e={ $folder.fullname }},
  @{n="security_principal";e={ $_.identityreference }},
  @{n="type";e={ $_.accesscontroltype }},
  @{n="rights";e={ $_.filesystemrights }}
  And to list the nested groups on local computer, please check this function writed by Boe Prox, which will also list the property "isGroup":
  Get-LocalGroupMembership
  If there is anything else regarding this issue, please feel free to post back.
  Best Regards,
  Anna Wang
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Keyword search on collection set not working for specific sub-collections

  I am having the following problem:
  When I do a search (Text->Keyword->Contains All-> for a keyword (in my
  case "Fave"), it does not work if I select the collection set that contains the
  collection that contains the images with that keyword.
  It DOES work if I select the folder, parent folder, or just the
  collection that contains the image. Just not the collection set.
  The details of how this came about are below - and are probably a
  little unusual, but not outside the realm of what should be allowed.
  Is there a way to reset/reindex keywords in a collection?
  Specifically:
  images lives in collection C1 which is part of collection set
  CS1. It lives in F1 (on disk and in LR) which is in parent folder
  PF1. A keyword search works when I select F1 or PF1 or C1, but NOT
  when I select CS1
  This happens on a set of folders that went through the following
  (totally allowable?) sequence:
  I am running on a Windows 7 64 bit machine with 64 bit LR3.3
  I have an internal disk where I keep my catalog and images. Windows
  mounts this as P:. I also mount it on my Desktop as the folder
  "Lightroom" (this allows me to change to a larger external disk
  by mounting it in the same place without changing the locations of
  all the files).
  I mistakenly imported pics into P:/PF1 rather than
  C:/.../Desktop/Lightroom/PF1 as I normally do.
  Added keywords made a collection C1 put the images in it, and added
  C1 to collection set CS1
  Having realized my import mistake (P: rather than
  C:/.../Desktop/Lightroom), I went in the Folders->P: section and did
  an Update Folder Location on F1 to C:/.../Desktop/Lightroom/F1
  This seemed to be all fine, but this weird Keyword search problem
  resulted.
  I have tried the following things:
  o Deleting and re-adding Keywords in the Collection
  o Deleting and re-adding the Keywords in the Folder
  o Renaming and relocating the Folder
  o Create new collection C2 and move pics from F1 into C2

  See my simplified recipe for reproducing this bug (which turns out not to be related to the drive mounting I described):
  http://forums.adobe.com/thread/764538

• How to load specific driver for specific device not having PnP-ID?

  Hello,
  as mentoined in a previous post I'm up to adapt an exisiting PCMCIA-based PC Card driver so that it can be used with a PCMCIA/USB adaptor (by using it's driver's IOCTLs), and already had
  some success on it: My driver loads and I can read files (for example, in Windows Explorer) from the card as it did before in "PCMCIA version" (I intend to support both with the same driver, which seems
  to work at the moment). As it did before, the driver currently creates a MTD (memory technology device). My main "problem" is how to load the driver.
  The situation is a bit complicated, I try to give as much details as possible.
  For better understanding
  The PCMCIA/USB adaptor's driver usually has following device stack: PCMCIA/SUB adaptors driver -> USB mass storage device (USBSTOR.SYS) -> Diskdrive (DISK.SYS [->PARTMGR.SYS]). For more ease - to see if my driver works in general - I installed my driver
  via INF using the PnP ID of the "USB mass storage device", with other words I "replaced" the USB mass storage driver with my own driver.
  This is my problem
  This means - and that is currently my problem - that may driver gets loaded regardless of what is attached to the PCMCIA/USB adaptor. Usually, when attached to PCMCIA, the PC card has a PnP ID the driver can be assigned to. In my case, I have no PnP ID for
  the PC card, and the driver may stop because the attached device is not supported The driver will unload properly, but the device remains with error code (in device manager).
  What I want to avoid
  I already thought about filter drivers between USBSTOR and the PCMCIA/USB adaptor's driver (#1), or above the USB mass storage device (#2). If I'm correct, that means that I have to handle URB/CBW requests for case #1 or at least SCSI requests for case #2 -
  but I'm currently not familiar with filter drivers, URB/CBW and/or SCSI. Porting the driver was quiete frustating until yet and I had to get familiar with a couple of technologies that belongs to the driver's functinaliy itselfs -
  I hope you understand that I want to avoid getting familiar with more technologies than required.
  I think there must be a way to check the device (PC card) at the PCMCIA/USB adaptor
  before my driver will be loaded, as well as removing the deivce completely if the PC card was removed (so that it disappears in device manager). But I'm currently have no idea how to do that. Is it possible to
  load my driver along the device/driver stack usually created by the PCMCIA/USB adaptor's driver?
  Some answerers likes to refer to WDK documentation and samples. In such case - because of their complexity, it would be nice to get a hint about where to start.
  Have much thanks in before for any suggestions!
  Regards,
  Willi K.

  Today's memory cards (like CFC) manage their FTL (flash translation layer) in their firmware. Our PC card is quiete old technology and does not have such firmware, this is why Windows cannot recognize the file system (FAT). For example, a request to offset
  0 may be somewhere else on our PC Card.
  I followed your suggestion and used the HWID of device that appears "above" the USB mass storage device, and my driver seems to work as it did before - OK, made no difference.
  But if my driver does not recognize the card (because it is not present or it is another PCMCIA device -> STATUS_NOT_SUPPORTED or STATUS_NO_MEDIA in driver entry), and the device is shown with exclamation mark in device manager.
  Two questions remain:
  - How can I ensure that other drivers may attach if my driver does not support the device inserted in the adapter?
  - How can I force a "re-check" of my driver if there was no card present when driver was loaded?? -> Note: A disk drive always appears in device manager - regardless if a device is attached to the apator or not

• Motorola Android Software Upgrade Page (Info on upgrades for specific devices)

  I nice site for you wondering if and when you'll get that upgrade.... toss it in the Favs, it's a good tool site.
  https://supportforums.motorola.com/community/manager/softwareupgrades

  I nice site for you wondering if and when you'll get that upgrade.... toss it in the Favs, it's a good tool site.
  https://supportforums.motorola.com/community/manager/softwareupgrades

• Setting permissions for specific ports

  Hello.
  Does anyone know how to set up the Airport Extreme router / computer to allow connections from different ports? (exemple: allowing port 6885)
  Thanks,
  Marc

  Hello, Thanks for your input, but could you explain in greater detail (in a step by step fashion) how to perform this action? If you could start from the very start (like which window/program to open) it would be greatly appreaciated.
  Thanks,
  Marc Charette

• JAAS - How to set up permissions for a specific code?

  I would like to set up permissions for specific code in JAAS policy files.
  In other words, let's say I have the followiong entry:
  permission java.util.PropertyPermission "java.home", "read";
  Then, when I do Subject.doAsPrivileged(..., MyAction), if this permission is absent, I will not be able to access the "java.home" property in my MyAction.
  If I, let's say, set up a file permission, I will not be able to read certain files if the permission is absent.
  I want something simpler. I want to be able to specify that the whole class MyAction cannot be executed if the permission is absent - I do not want the code to even go there. Basically, if the necessary entry in the Policy file is not present, I do not want the calling code to have access to class com.mypackage.MyAction.
  This must be really straight-forward, what am I missing?

  Thank you for your input.
  My case is a little bit more complex.
  There is a request and approval process attached to the provision to this target system.
  The approval process has a first level of approval (including 1 to many approval steps) and the user gets the basic access to this target system. The user can then access the target system but is limited to what he/she can do.
  Then the approval goes to a second level of approval (including many approval steps) and if approved the user gets the elevated access to this target system.
  To accomplish this, the previous implementer created 2 resources for the same target. After the first level of approval, he provisioned resource A to the user. After the second level of approval, he provisioned resource B to the user, revoked resource B, and updated resource A.
  This is very confusing because we are dealing with 2 resources for the same target.
  I am looking for way to take advantage of the GTC to provision and reconcile with a system that takes a flat file and can write a flat file. But I also need to make it work with this approval nightmare.
  Do you have any ideas on how to make this better and simpler?
  Thanks
  Khanh

• Use Device Collection to skip an Application

  Hello @ll,
  is there any way to skip installing an application if the device is member of a specific device collection?
  I've a collection called "Win7 Client" and all my default applications are deployed to this collection. This includes a monitoring tool and this should be skipped on devices for the management team. To avoid to create a second collection ("Win
  7 Client - Management") which as all the same deployments except for the monitoring tool, I would like to create a collection called "Skip Monitoring Tool".
  Is there any good way to implement something like this?
  Kind regards,
  Dennis

  No tidy way. It's easier just to create the second collection.
  Gerry Hampson | Blog:
  www.gerryhampsoncm.blogspot.ie | LinkedIn:
  Gerry Hampson | Twitter:
  @gerryhampson

• How to enable the SharePoint 2010 and 2013 Developer Dashboard for specific WebApplication or Sitecollection?

  How to enable the SharePoint 2010 and 2013 Developer Dashboard for specific Web Application or Site collection(not for all Web Application)?
  Vishal Goyal

  Hi Vishal,
  I don't think there is option for specific site collection or web application,but there is option of enabling developer dashboard on specific master pages and that is one on of the way you could do it.
  look article on below link to enable developer dashboard on specific master pages
  https://msdn.microsoft.com/en-us/library/office/ff512745%28v=office.14%29.aspx?f=255&MSPPError=-2147217396
  Let me know if this helps.
  Thanks
  Bhism 

• How can I access user permission for specific items in Sharepoint 2013 via REST API?

  I want to access user permissions for specific items like lists, documents, folders etc. via the REST API.
  Currently I am hitting the following endpoint:
  http://win-5a8pp4v402g/sharepoint_test/site_1/_api/web/getUserEffectivePermissions('win-5a8pp4v402g\\Sharepoint User 2')
  However the response looks like this:
     "d":
         "GetUserEffectivePermissions":
             "__metadata":
                 "type": "SP.BasePermissions"
             "High": "0",
             "Low": "0"
  I cant understand why high and low are both 0? I have added the user to a specific group. Also this is the same result for each of the users. Another thing to note is that I havent added the "Guest" user in the sharepoint server. So when I hit the endpoint for the Guest user, it still shows the same response. So I know there is something I am doing wrong.I want to access permission of a user for a specific item, say a document using the REST API. Can someone tell me how? What would be the endpoint?

  Thanks for the reply. Although this works for Lists, I need to get permissions of documents too. Here is what I have tried:
  http://win-5a8pp4v402g/sharepoint_test/site_1/_api/web/GetFileByServerRelativeUrl('/sharepoint_test/site_1/Documents/file1.txt')/GetUserEffectivePermissions(@user)?@user='i%3A0%23%2Ew%7Cwin-5a8pp4v402g%5Csharepoint%20user%201'
  And the response is:
     "error":
         "code": "-1, Microsoft.SharePoint.Client.ResourceNotFoundException",
         "message":
             "lang": "en-US",
             "value": "Cannot find resource for the request GetUserEffectivePermissions."
  Clearly this doesnt work for a file. Whats wrong?

• [SOLVED] setting up permissions for mounted usb devices

  Hi all,
  I've been having the following problem when mounting my external hd: in order to mount the external hd I created a folder /mnt/usbstick/ giving permissions to a non-root user to read the files/directories in this folder (using chmod); however, after I mount the external hd, the set of permissions for /mnt/usbstick/ change so that a non-root user cannot  read the mounted files in /mnt/usbstick. This is a problem for me because, when I copy a file from the external hd to the non-root home folder, the copied file can only be read by the root user.   
  Do you know how I can solve this problem? Should I write a udev rule and place it at /etc/udev/rules.d/? Or should I simply add the non-root user to a specific group from /etc/group? Any ideas?
  Thanks!
  Last edited by falsum (2010-05-08 09:21:59)

  You could try adding an entry for your usb device in /etc/fstab and specify the option user to let non-superusers mount it.
  Here's an example of an entry for my external HD. I'm sure there are probably other (and better) ways to do this but it works for me.
  UUID=4376-0BFB /media/FIRELITE vfat rw,user,noauto,async 0 0
  Nice howto found on the wiki: http://wiki.archlinux.org/index.php/Fstab

• Search account got - Insufficient sql database permissions for user. EXECUTE permission was denied on the object proc_Gettimerrunningjobs

  Dear all,
  I am troubleshooting a critical error showed up on Event log.  It said:
  Insufficient sql database permissions for user 'Name:domain\wss_search ....... EXECUTE permission was denied on the object 'proc_GetTimerRunningJobs', database 'SharePoint_Config', schema 'dbo'
  domain\wss_search is the default content access account. According to
  http://technet.microsoft.com/en-us/library/cc678863.aspx I should not grant it the Farm Administrators permission.
  In the Search Center I am able to search out documents as expected so I think the search service is fine.   However I have no clue why this account is trying to access 'proc_GetTimerRunningJobs'.
  Mark

  Hi Mark,
  This issue was caused by the search account’s permission. For resolving your issue, please do as the followings:
  Expand your SharePoint Configuration database 'SharePoint_Config' and navigate to ‘proc_GetTimerRunningJobs’ under Programmability ->Stored Procedures
  Right-click proc_GetTimerRunningJobs and choose Properties
  Click on Permission on the left launch
  Select the Search button and browse for ‘WSS_Content_Application_Pools’
  Provide ‘Execute’ permissions for ‘WSS_Content_Application_Pools’
  Click OK
  Here are some similar posts for you to take a look at:
  http://adammcewen.wordpress.com/2013/03/01/execute-permission-denied-on-sharepoint-config-db/
  http://technet.microsoft.com/en-us/library/ee513067(v=office.14).aspx
  I hope this helps.
  Thanks,
  Wendy
  Wendy Li
  TechNet Community Support