Deny user configuration for specific computers

Similar Messages

• How can I access user permission for specific items in Sharepoint 2013 via REST API?

  I want to access user permissions for specific items like lists, documents, folders etc. via the REST API.
  Currently I am hitting the following endpoint:
  http://win-5a8pp4v402g/sharepoint_test/site_1/_api/web/getUserEffectivePermissions('win-5a8pp4v402g\\Sharepoint User 2')
  However the response looks like this:
     "d":
         "GetUserEffectivePermissions":
             "__metadata":
                 "type": "SP.BasePermissions"
             "High": "0",
             "Low": "0"
  I cant understand why high and low are both 0? I have added the user to a specific group. Also this is the same result for each of the users. Another thing to note is that I havent added the "Guest" user in the sharepoint server. So when I hit the endpoint for the Guest user, it still shows the same response. So I know there is something I am doing wrong.I want to access permission of a user for a specific item, say a document using the REST API. Can someone tell me how? What would be the endpoint?

  Thanks for the reply. Although this works for Lists, I need to get permissions of documents too. Here is what I have tried:
  http://win-5a8pp4v402g/sharepoint_test/site_1/_api/web/GetFileByServerRelativeUrl('/sharepoint_test/site_1/Documents/file1.txt')/GetUserEffectivePermissions(@user)?@user='i%3A0%23%2Ew%7Cwin-5a8pp4v402g%5Csharepoint%20user%201'
  And the response is:
     "error":
         "code": "-1, Microsoft.SharePoint.Client.ResourceNotFoundException",
         "message":
             "lang": "en-US",
             "value": "Cannot find resource for the request GetUserEffectivePermissions."
  Clearly this doesnt work for a file. Whats wrong?

• Locking users' PHD to specific computers

  hi, we have a small setup here with ~15 computers linking up to one 10.4.11 OSX server. most of the computers have only one user associated with them but anyone can use any computer at anytime.
  is there a way to lock a user's PHD to a specific computer so that anyone can still log in to any computer but only the user's main computer will have a mobile directory synced up.
  just to clarify, pretend there are 4 computers (A,B,C,D) and 3 users (X,Y,Z)...user X and Y almost always use computers A and B, respectively and user Z uses whatever computer is open. is there a way to create a PHD for X on A and Y on B without impairing their ability to log on to any other computer (and prevent X and Y's PHDs from being created on other computers - AND prevent other user's PHD from being created on A or B)? not sure if that made it less confusing...thanks.

  i've dealt with this by enabling the "ask to create a portable home" option on first login, then instructing users not to do so if they're not logging into their main machine.
  anyone else logging into a given machine should get his/her network home and be able to work well enough.

• BAPI to get all user lists for specific inputs

  Hi Experts,
  Is there any BAPI to get all input related user lists when I give input specific object, authorizations, profiles and values?
  Thanks,
  Rohan

  Hi
  use the fun module/Bapi's
  BAPI_USER_GET_DETAIL
  BAPI_USER_LOCPROFILES_ASSIGN
  BAPI_USER_LOCPROFILES_DELETE
  BAPI_USER_LOCPROFILES_READ
  BAPI_USER_PROFILES_ASSIGN
  BAPI_USER_PROFILES_DELETE
  SUSR_BAPI_USER_PROFILES_ASSIGN
  SUSR_BAPI_USER_PROFILES_DELETE
  also you can use the tables UST12 for user based authorizations
  AGR_USERS   -roles assignment for users
  AGR_PROF  - Profile data for roles
  AGR_DEFINE - Auth Profiles for users
  See the AGR_* and US* tables further
  Reward points if useful
  Regards
  Anji
  Message was edited by:
          Anji Reddy Vangala

• Transaction timeout configuration for specific method

            Hi,
            How can i configure a transaction timeout for a specific method in EJB using a
            deployment descriptor (using weblogic 8.1)
            Amos.S
            

  There is another way but I think it's more complicated.
  After reading the file you can use a java code (java embedded activity) and split the file.
  For each part of the split you can PUT by FTP the file with append mode. That way your transaction will run in few cycles with less time.

• NBAR configuration for specific Vlan to throttle youtube

  I am trying to throttle http traffic for a specific network utilizing a policy-map and class-maps.  What I am trying to do is limit facebook, youtube, etc for a specific vlan but allow others to pass unmetered.  I have class-maps that match the http hosts which work fine and I have a class-map that matches the source network but I cannot seem to get it to match both at the same time.  Does anyone have a sample config that will match a source network and http host and apply a policer or priority to both?  So basically I just want to slow down youtube and facebook for the network below.
  vlan IP 192.168.30.0/24
  websites *youtube* *facebook* *fbcdn*
  Thank you all for your support and assistance.
  Mike

  Hi ,
  The policy-map works by the first match. I think that the problem is that if you have the first class-map matching all the www traffic , this class-map will match also the "unwanted vlan source". So you should deny the IP sources that you want to police. Your config should look like :
  ip access-list stan ACL-VLAN30
    permit 192.168.30.0 0.0.0.255
  class-map match-all ALL-SOURCES
    match no access-group name ACL-VLAN30
    match protocol http url "*facebook*" "*youtube*" "*fbcdn*"
  class-map match-all POLICE-WWW
    match access-group name ACL-VLAN30
    match protocol http url "*facebook*" "*youtube*" "*fbcdn*"
  Dan

• PO Qty in SKU configuration for specific Material Group in PO

  Dear All,
  I face issue when I do MIGO, which is that unit measure KG can not covert to stockunitstock unit measure PC.
  After I checking, I found the following information in tab Qualities/Weights of PO:
  PO Quantity                     2 PC     Order Unit <-> Ord. Price Unit        PC  <->         KG
  PO Qty in SKU               0.000        Order Unit <-> SKU             0      PC  <-> 0
  What I can configure is "Order Unit <-> Ord. Price Unit        PC  <->         KG", but I can not conifgure "Order Unit <-> SKU" for PO to buy material group rather than sepcific material.
  Could anybody can tell me how to configure "PO Qty in SKU               0.000        Order Unit <-> SKU             0      PC  <-> 0" for PO to buy material group in ME21N?
  I am looking forward to your kind suggestion, which is really appreciated!
  Cheers!

  Does anyone face the same issue before? could you give me any tips if you have such problem? thanks in advance!

• How to authorise users only for specific GL accounts

  Hi friends,
  My client does not want his endusers to see all the GL accounts' balances, they want to restrict them from looking at certain GL a/cs .From my security person I came to know that we cant restrict them only for certain GL accounts, it could eithre be all or none.
  I dont agree with that.
  Please guide if you know anyhitng about it.
  Thanks
  Shefford

  You can use the Authorization Group field in the G/L account master record (field SKB1-BEGRU, free text field) for this purpose. You can then use authorization object F_BKPF_BES to manage the different authorizations.
  Click <a href="http://sap.ittoolbox.com/groups/technical-functional/sap-acct/authorisation-based-on-gl-accounts-727160">here</a> for more information.
  Points are appreciated.
  Kind regards,
  Lodewijk

• How do we restrict the user access for a particular G/L account

  Dear Experts,
  At our customer site, we follow master / derived role concept for authorisations.
  We have a requirement to restrictict user at G/l account authorisation level.
  I am aware that every g/l account account has a authorisaition group. But g/l account authorisation is a non-org value for which the present value is * for brgru, we cannot restrict by user/org. At our customer site the authorisations are provided at master role level for a designation and derived role is restricted for a plant, BA etc..
  Is there is any user parameter level restriction which can handle this requirement, i mean user parameter for specific g/l account, as we do LIF pid to restrict vendor level access.
  Appreciate your suggestions ASAP.
  Best regards,
  M.Kumaran

  Depends.
  What are you trying to protect? GL account masterdata (FS00) or FI document creation for specific GL accounts?
  Without knowing more about the design principles behind your roles, your release or other restrictions, I would suggest:
  (1) grouping off the GL accounts you want to protect in authorization groups (maintained via FS00);
  (2) deactivating either object F_BKPF_BES (if your trying to restrict FI document creation) or object F_SKA1_BES (if your trying to restrict access to GL account masterdata) or both in master/derived role;
  (3) create several separate roles that would contain only the aforementioned objects with access to specific GL account groups;
  (4) assign the roles from step 3 to users as required.
  Hope this helps.

• Default users configured with Webcenter Sites 11gR1 Jump Start Kit

  Hi All,
  I have installed Webcenter Sites 11gR1 Jump Start Kit. I want to use James Email Server that is shipped with the JSK and I am not sure of what default users have been configured with the JSK.
  Does anyone know what are the default users configured for James Server?
  Thanks in Advance,
  Hari

  Hi Hari,
  The default admin user fwadmin should be the default for mail server also. Configuring users explicitly for mail server is not possible. To use mail server the below said properties must have values.
  cs.emailaccount-- The account used to send mail
  cs.emailhost--mail server host exe:localhost:25
  cs.emailpassword--password for above said mail account
  cs.emailcharset and cs.emailcontenttype properties are optional. These properties are found in futuretense.ini
  Thanks,
  Harish

• Deny user based policy for a specific computer

  I have a user based policy that deploys software for specific users when they log in to their Windows 7 workstations.  
  Some of these same users also have login access to a test server.  I am trying to prevent the software deployment policies from being processed when users login to this test server.  I have denied the 'read' and the 'Apply group Policy' security settings
  to the test computer, but since it is a user based policy I believe these computer level denies are being ignored.  
  I have looked into loopback processing but I cannot grasp how it would fit in to my environment.     Do I enable the loopback processing in the same policy that deploys the software?  
  Any suggestions?

  Use loopback merge in the policy of the software that I want to keep?  Or in the Policy I want to deny?
  I finally got it to work.
  I moved the computer object to a new OU and blocked inheritance.<o:p></o:p>
  I created a new policy that only has Loopback Policy enabled (replace).
   I linked that new policy to the OU that has the test server.<o:p></o:p>
  I removed any loopback processing settings from any other policies. I left them at 'Not Configured'.<o:p></o:p>
  For the software I was trying to block I modified its security permission to read DENY for the computer object (Computer Name) of the test computer
  .  ('Apply group policy' was left blank).<o:p></o:p>
  I then linked all other software deploy policies to this new OU and modified the security filtering from authenticated users to whichever users specifically
  needed the software.<o:p></o:p>
  Ran Gpresult /R /scope computer and verified that the only computer policy the server was receiving was my loopback policy<o:p></o:p>
  Reboot test server.
  <o:p>Thanks everybody for your help!</o:p>

• User-Specific Configuration for different named search role

  We need different user specific layout settings for each user. i have duplicated catalog user role for each user and maintained specific named search for that particular user in constraint. but when we want to configure specific layout for individual user. its not showing that catalog user in the catalog config UI for the layout configuration. please advice. if it shows that specific user then we would configure each specific user layout with individual look and feel ( like shopping lists, search fields, images, etc., ). thanks for your inputs.

  Answered

• How to apply Software Restriction policy for specific user in local group policy object ?

  I am working on implementing user based software restriction policy programmatically for local group policy object.
  If i create a policy through Domain Controller,i do have option for software restriction policy in user configuration but in local group policy editor i don't have option for that.
  When i look for the changes made by policy applied from Domain Controller in registry, they modifies registry values for specific users on path HKEY_USERS\(SID of User)\Softwares\Policies\Microsoft\Windows\Safer\Codeidentifiers
  They also have registry.pol stored in SYSvol folder in Domain Controller. When i make the same changes in registry to block any other application, application is getting blocked.
  I achieved what i wanted but is it right to modify registry values ?  
  PS:- I am using Igrouppolicyobject API

  I achieved what I wanted but is it right to modify registry values ?
  You also can modify a registry programmatically based policy. Check this:
  http://blogs.msdn.com/b/dsadsi/archive/2009/07/23/working-with-group-policy-objects-programmatically-simple-c-example-illustrating-how-to-modify-a-registry-based-policy.aspx
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• ERROR: XIAFUSER user is not configured for keystore.....

  Hi all,
  When I am running the an adpater on XI that uses digital signatures that I have loaded into the TrustedCA's keystore view I get this error in my monitor.
  ERROR: XIAFUSER user is not configured for keystore TrustedCA's.
  How do I configure a user for a specific keystore?
  Kind Regards,
  Chris

  Hi
  You can find it from XI config doc here
  https://websmp106.sap-ag.de/~sapidb/011000358700001697502004E.PDF
  Also refer installation & post installation from here
  https://websmp106.sap-ag.de/~sapidb/011000358700009389172004E.PDF
  Cheers
  Jawahar Govindaraj
  PS:Reward pts

• Do not require smartcard for specific user logon

  Hi everyone!
  I set up a GPO setting for some application server "Interactive logon: Require smart card" to "enabled". So, now I need to allow a specific user (admin, for example) to logon to this computer without smartcard. How can I do this?
  Note, that I need to allow only one user to logon without smartcard and other users must use their smartcards (but strongly they must use smartcards only for this application server - so, they should be able to logon to other domain computers without smartcard).
  How can I reach this goal?

  > Require smart card" to "enabled". So, now I need to allow a specific
  > user (admin, for example) to logon to this computer without smartcard.
  > How can I do this?
  To be honest: You cannot. Your setting is a computer setting and has no
  exception possibilities for a subset of users. The other solution (AD
  account properties of users) have no exception possibilities, too.
  To me, it seems this user needs 2 accounts... One with "smartcard
  required" to logon to all other computers and a second one that can only
  logon to this computer (user rights: "allow logon locally").
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))