Deploying to User Groups

Similar Messages

• Wireless Deployment with Active Directory User Group Integration

  I am trying to find out the best practice in deploying a WLAN for users in the cooperate environment, which uses their company active directory integrated laptops to join to the WLAN.
  I know this can be done using certificates easily but I want to just find a way to deploy this without certificates and only based on the AD user group. Maybe a Radius server + LDAP server integration solution would be great.
  Please advice. Thanks.
  Cheers
  Lal Antony
  www.lalantony.com

  The easiest way to deply this is with a Microsoft toolkit, it has everything you need included, manuals, scripts to install and configure server-side components and it's very easy to use. You can get it from here:
  http://www.microsoft.com/downloads/en/details.aspx?FamilyID=60c5d0a1-9820-480e-aa38-63485eca8b9b&displaylang=en
  It's based on Win2003 server but I've been advised by MS that it should be OK on Win2008 as well.

• Deploying to AD based user groups

  I am trying to understand the user based deployment.
  I have AD discovery enabled, the AD groups are populated in SCCM, however it is not possible to deploy directly to any group showing under All User Groups, I have to make the target groups a part of an SCCM based user collection.
  Is this by design or am I missing something?
  Thanks

  You always have to deploy to collection. In this case you indeed should create a (user) collection that contains the user group (or the members of the user group, depending on the query that you use).
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• How can I deploy EFS using Group Policy and automatically encrypt computers for ALL users who login?

  How can I deploy EFS using Group Policy and Active Directory with a goal to automatically encrypt computers for ALL users who login? (NOT an option for me to use BitLocker)
  I was asked to deploy EFS to encrypt the user my documents folder and profile on all of the users laptops. The laptops are in common areas (board meeting rooms, etc) and security of files is a must.
  I successfully created a recovery certificate in AD. I created an OU and setup an EFS policy and users can now login and select to encrypt their own files. The issue is that management would like to have automaticy Encrypt ALL users my documents AUTOMATICALLY
  when a user login.
  Can this be done?
  Please help

  Hi,
  Any update?
  Just checking in to see if the suggestions were helpful. Please let us know if you would like further assistance.
  Best Regards,
  Andy Qi
  TechNet Subscriber Support
  If you are
  TechNet Subscription user and have any feedback on our support quality, please send your feedback
  here.
  Andy Qi
  TechNet Community Support

• Built-In Users-group is suddenly gone on folder security tab.

  Dear forum-members,
  I have got a problem with folder-permissions (acl) on a Windows 2003 Server with Terminal Services (Citrix).
  The application "Sybase" is installed on the D-drive (disk). A thrid party application needs Sybase to communicate through the sql.ini with the database. All terminal server users needs read permissions on the Sybase install directory to
  use the sql.ini.
  Normally every new folder on a server has the Builtin Administrators-group and System account "Full-Control" permissions and the Builtin Users-group had "Read en List" permissions. Now on the Sybase folder only the Builtin Administrators-group
  en System account are at the security tab, but
  not the Builtin Users-group.
  When I manually set the Builtin Users-group with read permissions it okay, but after a while the Builtin Users-group is gone/deleted/removed. There is no signal that a person, proces or action removes the permissions for the Builtin Users-group. I set
  Auditing on the folder, but with no result. I know for sure there is no GPO (Group Policy) that removes this group.
  For now I have a dirty solution to run a scheduled task every 10 minutes that run xcalcs to set the permissions. A tried a GPO to set the permissions, after a reboot the group policy doesn't apply (only after a gpupdate /force).
  Does some one of you has another proper/nice solution to force the read permissions on the Sybase folder for the Builtin Users-group?
  Thanks in advance.
  Greetings, Sidney

  Hi Shaon,
  Thank you for your reply.
  The 'third party app' is APP-V sequenced and not in production yet, so only some test users are using the app.
  I did a test today to use Domain Users instead of Builtin Users, but the same problem. After a reboot only the Builtin Administrators and SYSTEM has permission on the Sybase installation folder and Domain Users (& Builtin Users) were automatically
  removed again.
  We have 6 terminal (citrix) servers and all of them has the same problem, so it's not server related.
  Could it be an issue with the way how Sybase is packaged (it's a silence install through our deployment application)?
  Before I do the next test: Will it help to force the rights (replace permissons) from the upper folder to the sub-folder(s)? (force the inheritance)
  Greetings, Sidney

• Delegated Admin and non-flat user/group structures

  Hello, I am trying to build a directory structure with several containers under an organization used to store different portions of userdata and group data (i.e. not only ou=people and ou=group, but also a few ou's like them). Server software is from OUCS 7u2 release. Users in "other" containers are populated into LDAP (ODSEE 11) by replication, filling in all the same attributes as a freshly DA-created account has.
  The Delegated Admin interface and other parts of the software accept this and work okay with this setup, displaying user information, allowing logins and so on - except for attempts to edit user accounts in the alternate containers in the DA (i.e. add/remove service packages, change quotas, etc.). First I've verified that this is not an LDAP problem - I can use both command-line ldapmodify and an LDAPBrowser GUI to edit the entries with no hiccups.
  I tracked that when trying to save account information for accounts in non-standard containers, the DA still tries to use a hard-coded path (i.e. uid=USERNAME,ou=people,o=DOMAINNAME,dc=DOMAIN,dc=NAME) despite the fact that the user account is (and DA displayed it from) uid=USERNAME,ou=morePeople,o=DOMAINNAME,dc=DOMAIN,dc=NAME.
  Possibly, this "hardcoding" stems from DA configuration in WEB-INF/classes/sun/comm/cli/server/servlet/serverconfig.properties which does list components of the LDAP structure:
  # Ldap configuration.
  # List of ldap hosts. Form is <ldaphost>:<portnumber>. (Default port = 389)
  # add additional hosts with ldaphost-<consecutive number>
  # Schema type is either "1" or "2".
  # Reconnect interval is in seconds
  # Group and people container is dn from organization dn (e.g ou=people)
  ldaphost-1=oucsldap01:389
  ldaphost-2=oucsldap02:389
  ldaphost-suffix=dc=DOMAIN,dc=NAME
  ldaphost-dcsuffix=dc=DOMAIN,dc=NAME
  ldaphost-maxcount=50
  ldaphost-schematype=2
  ldaphost-reconnectinterval=60
  ldaphost-peoplecontainer=ou=People
  ldaphost-groupcontainer=ou=Groups
  ldaphost-orgadminrole=cn=Organization Admin Role
  While the organization root dn is not explicit here (and shouldn't be), the default people container is... I might guess a coding error logic like this: indeed, the "ou=People" container should be used by default when creating a user via DA; as a likely error, it might also be used when editing existing users - instead of their existing full DN/parent DN.
  Questions:
  1) Does anyone have a working configuration with several user/group containers within an organization like this? Would you care to share details and workarounds, if were needed?
  2) I think that possibly the "shared domain/organization hosting" mode might help here - at least it is expected to have several LDAP trees with their delegated administrators performing as a single e-mail domain. Before I go and reconfigure everything, I'd love to hear if there are any success stories with this route? Is it a proper solution (or THE solution) for such config?
  Thanks,
  //Jim Klimov

  I wanted to follow up that reconfiguring the directory structure according to shared domain hosting, with branches for ISW-synchronized accounts as one of the sub-organizations which share the domain, and manually created OUCS-only accounts being in another sub-organization. This works for both messaging components and the DA, as long as UIDs are in ou=People in their organization. Somewhat unfortunately, ISW config seems to allow only one DSEE target branch and puts groups (CN) there as well. Well, for our needs to edit user attributes and service packages via DA, this suffices. Sometimes there are hiccups (Can not save changes), but they are intermittent and harder to trace debug; usually go away with restart of the DA web container. The DSEE LDAP instances are configured with plugins to enforce uid uniqueness across the organization and uniqueness of values of messaging email address attributes (mail, mailAlternateAddress, mailEqiuvalentAddress) to avoid mixups between user accounts in different branches.
  Also, we had a problem with Calendar server after migrating the LDAP entries: since our deployment used the nsUniqueID for calendar user identification, relocation of entries (the way we did it) generated new values for new entries and users got new empty caledar databases. On this POC this was not a major problem, and newer OUCS releases with a davUniqueID attribute should specifically be immune to this problem. However, for others trodding this path I can suggest that they export the LDAP database into LDIF including the unique IDs, recreate the suffixes as needed (the ISW target organization in DSEE should be a separate LDAP database suffix), change the LDIF entry pathnames, and import the LDIF anew. This would wipe old LDAP data and should add old nsUniqueIDs to relocated entries (unlike recreation via ldapadd or relocation via ldapmodrdn).
  We have also hit a problem with DA refusing to render the list of accounts (returning 0 or 25 empty entries in a table). The LDAP logs showed that on the LDAP side all is ok, and expected amount of replies was located. Pattern searches often produced the proper table with a subset of users in DA. Ultimately, we linked the problem to ISW binary base64-encoded attributes (dspswuserlink et al; some of those values also garbaged output of commadmin queries in a terminal) and created an LDAP ACI which forbade our DA-admin user to read,search,compare these attributes. This solved the problem for us. I wonder if a more generic solution is possible, so as to apply this ACI not to an explicitly named admin user but to any users with DA admin privileges (by group or role? which string, to cover them all in advance)? Or, perhaps, nobody except the ISW user account should see these ISW attributes?
  Hope this report helps others who would try to pioneer this path of messaging integration
  //Jim Klimov

• Software request shows as completed but software not deployed to user computer.

  User from my organization has submitted software request from the SCCM software portal, but installation doesn't happen. The User was automatically added to application deployment
  active directory group , but software not appearing in the application catalog for further process and software request shows installation completed.  What would be the issue?
  SN

  Ah... it looks like you are using the Application Approval Workflow Solution, which brings SCOrch and Service
  Manager in to play.  You'll have to trace through the runbook to see what actions trigger the closing of the service request. If you're not seeing anything happen on the ConfigMgr side, its likely a problem with the runbook.
  Do you see the application request in ConfigMgr at all?  Does it actually get approved by the workflow?
  I hope that helps,
  Nash
  Nash Pherson, Senior Systems Consultant
  Now Micro -
  My Blog Posts
  If you found a bug or want the product to work differently,
  share your feedback.
  <-- If this post was helpful, please click the up arrow or propose as answer.

• International User Groups - Workflow Survey

  All,
  We (ASUG, VNSG, DSAG, SAUG) are collecting data related to your activities in the development and deployment of SAP Workflows. 
  Please follow this link to complete the survery
  http://ws.asug.com/ss/wsb.dll/5/ASUGWFBPMSurvey2010.htm
  And pass this message on!
  Thanks
  Sue
  PS: /people/susan.keohan/blog/2010/03/11/international-user-groups-150-sap-business-workflow-survey-2010

  Fixed-
  Created Document Library--> added web part--> chose my custom list as the webpart--> edited the webpart and gave it a view which I created for the custom list--> hid the actual list so users can't see it when they log in.
  Now the user just selects the document library and if they do not have permissions to that document library (settings=permissions) they can't see the ones they aren't suppose to view (the views for other members who will be logging in)

• 8th Oracle Life Sciences User Group Meeting, April 30, 2007, Boston, MA

  8th International Oracle Life Sciences User Group Meeting
  World Trade Center, Boston, MA, USA
  April 30, 2007
  Oracle Life Science User Group
  The Oracle Life Sciences User Group (OLSUG) represents a worldwide association of people who share a vested interest in the successful deployment and use of Oracle products within the life sciences industry. The 8th International OLSUG meeting is designed to accelerate the success of users of Oracle products by providing a forum for sharing useful information and best practices, discovering novel and innovative practices, and exposing issues and limitations concerning Oracle products.
  Meeting Format
  The meeting will consist of exciting keynote presentations from industry renowned individuals. There will be workshops and discussions that are focused on topics of great interest, for example, the Semantic Web and database analytics. Oracle partners will be describing their latest offerings. In addition, there will be many presentations that have been selected to be of interest to scientists, application developers, architects and DBAs.
  Submission Process
  To be considered for a presentation, an abstract (max. 600 words) needs to be submitted by January 12, 2007 to OLSUG mailto: [email protected]
  Please note, by submitting an abstract, you are granting OLSUG permission to post the abstract and presentation on the OLSUG Web site.
  Important Dates
  Last date for submission of abstracts: January 12, 2007
  Presentation notification: February 1, 2007
  8th International OLSUG Meeting: April 30, 2007
  Topics of Interest as Related to Life Science
  Distributed Data Access: Gateways, External Tables & Generic Connectivity.
  Data Integration: Relational, XML & Semantic Web.
  Supporting Many Data Types: Text, Images, XML & RDF.
  Managing Lots of Data: Partitioning, RAC, ASM, Streams, Data Guard & Grid.
  Enabling Secure Collaboration: Collaboration Suite, Portal & Security.
  Finding Patterns and Insights: Data Mining, Statistics & Text Mining.
  Application Development: Fusion Middleware, JDeveloper & Application Express.
  Database Performance: Tuning tips.
  Registration
  Stay tuned for information about registration.
  Conference Program Co-Chairs
  Charlie Berger, Oracle, [email protected]
  Mark Forster, Syngenta, [email protected]
  Carolyn Hamm, Walter Reed Medical Center, [email protected]
  Vijay Pillai, Oracle, [email protected]
  Kevin Prime, MDL, [email protected]
  Susie Stephens, Oracle, [email protected]
  Henri Tuthill, Astrazeneca, [email protected]</nowiki>
  Meeting Sponsor:
  Bio-IT
  http://www.bio-itworldcongress.com/index.asp

  maybe OP want to extract all numbers from his inbox using regular expressions?

• Error importing EC user groups

  Hi,
  I'm trying to install EC3.0 using the installation guide for 3.0 (from http://service.sap.com/instguides). Step 3.3.5 that Imports the EC User Groups by importing them from file "u201C<INSTDRIVE>/User Groups" is giving some problem.
  When I try to import the group, it gives an exception saying that the it cannot find the corresponding role, for example:
  "warnings=Error: Cannot assign role to this group. Reason: Role with uniqueName pcd:portal_content/com.sap.pct/specialist/ec30/roles/role06/ec_environmental_analyst not found!.
  uniquename=UMEGROUP_Environmental Analyst
  gid=UMEGROUP_Environmental Analyst
  role=[pcd:portal_content/com.sap.pct/specialist/ec30/roles/role06/ec_environmental_analyst]
  status=UPDATE FAILED"
  The 5 EC Software Components deployed using JSPM were deployed successfully. But the logs revealed some of the steps had some warnings. Eg.
  <component vendor="technidata.de" type="DC" description="1. Warning occurred on server 7846250 during deploy technidata.de/xemtaskexcinternaleappl : EJB Model Builder: J2EE Security role technidata.de/xemtaskexcinternaleapplxml|technidata.dexemtaskexcwebservejb.jarxml|XEM included in a 'security-role-map' tag in the additinal xml, doesn't contains corresponding 'server-role-name' sub tag(tags)., file: technidata.dexemtaskexcwebservejb.jar#technidata.dexemtaskexcwebservejb.jar, column 0, line 0, severity: warning" size="107146" status="SUCCESS" location="C:\usr\sap\CE1\SYS\EPS\in\TDAGXEMMOD30000P_1.SCA --> xemtaskexcinternaleappl.sda" name="xemtaskexcinternaleappl">
  - <timeStatistics>
  - <timeStatistic finishTime="1259814131652" entryType="4" startTime="1259814124913" duration="6739">
    <timeStatistic finishTime="1259814124929" entryType="1" startTime="1259814124913" duration="16" />
  - <timeStatistic finishTime="1259814131637" entryType="1" startTime="1259814124929" duration="6708">
  - <timeStatistic finishTime="1259814131543" entryType="32" startTime="1259814124929" duration="6614">
    <timeStatistic finishTime="1259814131543" entryType="1" startTime="1259814124929" duration="6614" />
    </timeStatistic>
  - <timeStatistic finishTime="1259814131637" entryType="1" startTime="1259814131543" duration="94">
    <timeStatistic finishTime="1259814131637" entryType="1" startTime="1259814131543" duration="94" />
    </timeStatistic>
    </timeStatistic>
    <timeStatistic finishTime="1259814131652" entryType="1" startTime="1259814131637" duration="15" />
    </timeStatistic>
    </timeStatistics>
    </component>
  Please suggest ways to proceed with the installation.
  Regards,
  Harsh

  The 5 EC Software Components deployed using JSPM were deployed successfully. But the logs revealed some of the steps had some warnings. Eg.
  <component vendor="technidata.de" type="DC" description="1. Warning occurred on server 7846250 during deploy technidata.de/xem~taskexc~internal~eappl : EJB Model Builder: J2EE Security role technidata.de/xem~taskexc~internal~eappl*xml|technidata.de~xem~taskexc~webserv~ejb.jar*xml|XEM included in a 'security-role-map' tag in the additinal xml, doesn't contains corresponding 'server-role-name' sub tag(tags)., file: technidata.de~xem~taskexc~webserv~ejb.jar#technidata.de~xem~taskexc~webserv~ejb.jar, column 0, line 0, severity: warning" size="107146" status="SUCCESS" location="C:\usr\sap\CE1\SYS\EPS\in\TDAGXEMMOD30000P_1.SCA --> xem~taskexc~internal~eappl.sda" name="xem~taskexc~internal~eappl">
  - <timeStatistics>
  - <timeStatistic finishTime="1259814131652" entryType="4" startTime="1259814124913" duration="6739">
    <timeStatistic finishTime="1259814124929" entryType="1" startTime="1259814124913" duration="16" />
  - <timeStatistic finishTime="1259814131637" entryType="1" startTime="1259814124929" duration="6708">
  - <timeStatistic finishTime="1259814131543" entryType="32" startTime="1259814124929" duration="6614">
    <timeStatistic finishTime="1259814131543" entryType="1" startTime="1259814124929" duration="6614" />
    </timeStatistic>
  - <timeStatistic finishTime="1259814131637" entryType="1" startTime="1259814131543" duration="94">
    <timeStatistic finishTime="1259814131637" entryType="1" startTime="1259814131543" duration="94" />
    </timeStatistic>
    </timeStatistic>
    <timeStatistic finishTime="1259814131652" entryType="1" startTime="1259814131637" duration="15" />
    </timeStatistic>
    </timeStatistics>
    </component>

• Exchange 2013 Deployment - 150 Users

  Hi!I have been asked to deploy Exchange for 150 users in a virtual environment. The organization does not want to deploy O365 for political reasons that are beyond my control.I am looking for verification that my planning is sound. I am looking to deploy in the VMWare environment. Mailbox sizes will range from 4gig to 20gig, depending on user group. I will only have 150 users. I will deploy in a failover cluster. One server will be on site, the other will be across town. We have a stable 1gb fiber connection between the two sites.My questions:Is direct access storage going to be enough? I don't see the need for the complexity of a SAN, but maybe I should use a JBOD for the mailbox databases? Seems like for such a small deployment DAS would work. I am looking at RAID10 over 4 disks with one hot spare. My network will not be getting an...
  This topic first appeared in the Spiceworks Community

  Hi,
  As far as I know, the number of mailbox role depends on mailbox size and mailbox number. I recommend you use the Exchange 2013 Server Role Requirements Calculator to get the proper number:
  http://blogs.technet.com/b/exchange/archive/2013/05/14/released-exchange-2013-server-role-requirements-calculator.aspx
  If you have any question, please feel free to let me know.
  Thanks,
  Angela Shi
  TechNet Community Support

• Deploying Reader through Group Policy

  Hi,
  I have applied for and been granted a deployment license, and am trying to follow the instructions to deploy reader through group policy to computers on my network.
  The document adobe gives you says to put the computer name under security filtering in the OU GP that was created.  I have done this but it's clear the policy isn't getting applied.
  When I run group policy result, it's not even showing so I must have something wrong.  The document that adobe gives has several of the pictures out of place and is covering some text (at least when I display it - and yes I am using most current version of reader).
  Any ideas?
  Thanks,
  Allen

  Unless I'm misunderstanding your last reply, the GPO is working as intended, when you change it back.
  GPO = Applied to one specific OU
  Security Filtering = 1 specific PC
  Active Directory OU for intended GPO contains = 0 computers
  The PC you're applying the security filtering to must exist in the Active Directory OU you created for the GPO.
  E.G. I create a GPO called acc_sw for my Accounting dept called accounting.  3 PCs in accounting are called:
  Ed_PC
  Karen_PC
  Thomas_PC
  In the security filtering for the GPO I created, I have:
  Ed_PC
  Karen_PC
  Thomas_PC
  Now, in Active Directory Users & Computers, in the accounting OU I have 0 computers.
  The end result is no acc_sw being processed for:
  Ed_PC
  Karen_PC
  Thomas_PC
  They must exist in the target OU, or a suboordinate OU of the target OU, for the GPO to work.

• Deploying office through group policy

  Hi people,
  English is not my mother language so i'll hope you'll understand me.
  I have a school project. Deploying office through group policy worked. But now my teacher has given me a command to give all OU's a different OFFICE packet when they logged in. So.. it will change the current installation when a different user from a different
  OU logged in. I'm out of options. Please can anybody help me:(:(

  No you don't misunderstand :p  My teacher first did it wit Office 2003 and know i must do it in office2010.. and i also thought it was a stupid idea.. But who am i... i have not much knowledge in IT.. i'm still learning.
  But i have 2 options
  To confince him that this is not a good idea... (and i dont know with wich argument)
  or find a way to do this... 
  Hmm, so, I think that kind of crazy was possible with very old versions of Office, which could be "advertised" via GPO to achieve per-user scenarios, but Office2007 and later versions, don't provide such different per-user options as part of setup.
  Office2007 and later, uses the MSPfile etc for customization, and that is per-machine (common to all users of that machine).
  You might be able to achieve something similar, by using AppLocker (e.g. AppLocker rules which deny excel.exe to be executed by GRP_Students).
  But this doesn't address the matter nicely, because the Students can see the Excel shortcut/icon/program, but are forbidden to execute it.
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Rulebase - Multiple User Groups

  Hi
  I am building a rulebase that will be both staff facing (internal) and customer facing (external). There is a requirement to present different question and commentary depending on the user group that runs the interview.
  For example:
  When a customer runs the interview, the question text will read "What is your annual income?" and the Help Text will have generic information on how to calculate the annual income.
  Where as, when a staff runs the interview (on behalf of the customer), the question text will read "What is the customer's annual income?" and the Help text will have generic information + a hyperlink to an internal help page that has more details on how to calculate the annual income.
  So, basically I want to author the rules once - but use different question labels / commentary depending on the user group. How to achieve this?

  The simplest way is to create two separate interviews in the same rulebase project. Then you can configure look and feel, screens, labels, commentary and everything else separately for the two different audiences. The benefits of this probably outweigh the small cost savings you'll likely see from reusing screens across the two audiences.
  The other option is to get tricky with customizing the behavior of Web Determinations based on the audience - but that will likely get hard to maintain quite quickly - and will make it harder to quickly deploy changes to the rulebase when they are required.
  Davin.

• OIM 9.1.0.2 - User group permission conflict issue

  Hi Gurus,
  IHAC who have faced a strange behavior about permission conflict.
  User has been assigned to a user group (ANALISTA DRSI) who have permission to disable resource of the users he administrates. The user group has been assigned to resource's administrator.
  The same use has been assigned to other user group (ANALISTA ADM DRSI) who have other permission. The user group has been not assigned to resource's administrator.
  If the user has been only assigned to ANALISTA DRSI user group the user is able to see records on Rogue Account report. If the customer has been assigned to both ANALISTA DRSI and ANALISTA ADM the user is not able to see the record on Rogue Account report. He got a display error message (You do not have permission). Both user groups have the Report menu item assigned.
  My question: if the customer is assigned to a user group who have permission to see the reports, should not the user is able to see the report even though he is also into the other group who do not have permission?
  Is there conflit in the OIM???
  Any tip will be very appreciated.

  Orgnaization > Manage > Select Org in which users are getting created > Administrative Group (Drop Down) > Select Group for which users are not coming.