Different deployment methods without DHCP

Similar Messages

• OS deployment without DHCP in place. WinPE Needs DHCP?

  Hi
  We have config manager 2012 R2 integrated with MDT 2013. We have few locations that doesn't have DHCP servers and have static IPs. Does it possible to refresh (TS Will run from within the OS, capture user state, stage the winPE  and reboot
  the same machine, start deploying image) the machine without DHCP in place? just wondering if refresh actually maintains the static IP address in memory (variable) and can use it throughtout the deployment even when system is running in WInPE or is it mandatory
  to have DHCP to assign automatic Ips to machine when its running in WinPE. Aim here is to achieve Zero touch refresh deployment.
  Any pointers will be appreciated. Thanks
  Regards 

  I never had to do it but it looks like it can be done with a little trickery
  http://bscexp.blogspot.ie/2012/03/sccm-osd-migrate-network-settings.html
  Gerry Hampson | Blog:
  www.gerryhampsoncm.blogspot.ie | LinkedIn:
  Gerry Hampson | Twitter:
  @gerryhampson

• Different auth methods for Clientless & AnyConnect?

  The goal: To allow Clientless(portal) connections with only username/password authentication (LDAP in this case) while requiring two-factor (LDAP & Certificate) authentication for AnyConnect connections.
  The config: Since the auth methods are configured within connection profiles/tunnel groups, I am using two different profiles, one requiring only LDAP auth for use with clientless and one requiring both LDAP and client certificate authentication for AnyConnect. I have not enabled the option to allow users to choose their connection profile.
  The only way I have been able to get the AnyConnect client to use anything other than the "DefaultWEBVPNGroup" profile was to use a URL mapping for the AnyConnect tunnel group, a custom AnyConnect client profile (to specify the custom URL), and a DAP policy to deny AnyConnect connections on the "DefaultWEBVPNGroup" tunnel group.
  Resulting behavior: Web portal requires only username and password. Stand-alone AnyConnect connections require username/password & client certificate.
  The problem: Weblaunch (launching AnyConnect from the portal) installs the client, but throws an error and disconnects (see attached). Subsequent stand-alone AnyConnect connection attempts work fine.
  I assume this issue is related to the different tunnel groups using different authentication methods. If I disable the DAP policy, weblaunch works without erros, but it connects without requiring two-factor authentication.
  Does anyone know if what I am trying to do is possible and/or supported? I am open to alternative suggestions as well.
  Thanks,
  Aaron

  Sounds like you are 95% of the way there. You can definitely get this to work. Based on your description of the problem when trying to web launch AnyConnect, it sounds like you are not matching the correct tunnel group. As you stated, when using more specific connection profiles, you need to give users a means to identify which TG they want to connect to. This is typically achieved via a drop down selection box, group URL, or certificate attribute map. In your case, it sounds like you are using group URLs. With this approach, you will have two more specific URLs for your users to access. For web launch and standalone AnyConnect clients, they may access https://vpn.vpn.com/anyconnect while your clientless users may access https:/vpn.vpn.com/webvpn. The catch as you found is what happens when a user tries to go to the root https://vpn.vpn.com? In this case, the user will hit the default WebVPN TG. I would have to see your DAP policy to understand what policies you have implemented. If you take DAP out of the picture for a moment, a few quick workarounds to preventing AnyConnect users from being able to log into the default WebVPN group is to remove the corresponding tunneling protocol from the default group policy. Alternatively, you could set the simultaneous logins to 0 in the default group policy. You may also want to look into configuring group locking to prevent users from logging into a TG that they don't belong to. With respect to your certificate requirement, ASA 8.2.1 code allows you to configure client certificate authentication on a TG by TG basis. This is more flexible than 8.0 where this is enabled globally.

• Windows 7 & SCCM without DHCP

  We are discussing the merits of moving forward with a Windows 7 rollout using SCCM 2007 and static IP addressing (no DHCP). Our environment is about 3500 workstations running XP and SCCM 2007 SP2. We intend to implement DHCP but don't have a target date.
  We understand DHCPis required for zero touch OS deployment.
  Would appreciate any MVP comments/opinions on how far the project might be able to proceed without DHCP and whether Microsoft tools can be installed (with limited functionality) like MS Application Compatability Toolkit, MS OFfice Environment Assessment
  Tool, MS OFfice Migaration Planning Manager   

  Nothing actually requires DHCP and you will have no issues with any tools without it.
  The only reason OSD is best with DHCP is two-fold:
  - How else are you going to assign IP Addresses to the new systems? Doing anything manual defeats the purpose of having an
  automated deployment system.
  - PXE requires DHCP. There is no wiggle room on this one. PXE, as an industry/international standard, requires this -- this has nothing to do with Microsoft so please don't blame them. In lieu of PXE, you can use boot media, but PXE just makes the process
  smoother.
  Jason | http://myitforum.com/cs2/blogs/jsandys | Twitter @JasonSandys

• Need a Effective Design Pattern for Different Validation methods ???

  Hi All,
  I am having different validation methods with separate functions. I like to know the Best and Effective Design Pattern to do this.
  for example
  validateUserId()
  validatePassword()
  validateAuthentication()
  validateSession()
  validateConnection()
  .... etc......
  Can anybody help me to solve this?
  Thanks,
  J.Kathir

  Hi there - is this the kind of thing you wanted?.
  This structure has served me well. There is quite a lot to it and lots you need to infer but you should be able to work it out!
  It works for EJB & swing etc (I believe)..
  It doesn't use exceptions to return validation messages.
  It doesn't use lots of little objects. The code is very explicit & pretty simple.
  public class PersonValidator
  Person myData;
  public PersonValidator() {
  //personId will be 0 and we are in nsert mode
  myData = new Person();
  public PersonValidator(long personId) {
  //personId will have a value and we are in update mode
  myData = PersonDb.getPerson(personId);
  // =================================Single field validation
  // =================================For swing apps to call - not over network.
  // =================================Use validateData method
  public String validateDateOfBirth(String dataOfBirthStr) {
  String msg = "";
  msg = validateDateStr(dataOfBirthStr);
  if (!msg.equals("")) return msg;
  public String validateSurname(String surname) {
  String msg = "";
  if (surname.equals("")) return "surname must be entered";
  //=============================================Cross Validation
  public List crossValidateAndSave(boolean saveData) {
  String msg = "";
  List valerrs = new ArrayList();
  if (surname.equals("Collins") && dateOfBirth.compareTo("???")) {
  List.add("Candidate is lying about their age. Please enter a realistic Date of birth");
  if (valerrs.size() == 0) {
  if (saveData()) {
  personDb.saveData(myData);
  // =========================To validate across the netwrok this lets you
  // pass all the data in 1 go & receive multiple messages in reply.
  // AN EJB can delegate to this code or this code could be in the EJB.
  // @param stopAtFirstMessage flag allow efficiency if app ccan't handle multiple validation
  // erros at a time.
  // @param saveData flag allows validation without saving - allows for confirm message.
  // @param EditPersonGuiData - What the user types in. Numeric data & dates can be
  // in Strings. Using struts this could be the formBean.
  public List validateData(EditPersonGuiData inputData, boolean stopAtFirstMessage, boolean saveData) {
  String msg = "";
  List valerrs = new ArrayList();
  msg = validateDateOfBirth(inputData.dateOfBirth);
  if (!msg.equals("")) valerrs.add(msg);
  if (stopAtFirstMessage) return valerrs;
  valerrs = crossValidateAndSave()
  return valerrs;
  }

• Ironport not allowing different subnet using cisco dhcp

  Recently i configured new vlan on remote site and directed it to backup  link, but strange thing is our wireless clients proxy is working and lan  connected pcs proxy is not working,
  Ironport is working on default vlan, microsoft dhcp server but i created  different vlan and configured dhcp on cisco but it is not allowing  access that subnet. using wccp redirect on the interface.
  we configured NTLM authentication connecting to AD, the problem is the  clients which are different vlan is not in AD, and AD pc in different  vlan is working only non AD denied actually we configured guest on  authenticaion, and also that subnet is placing remote site and our main  site's unknown pcs are accessing throught guest no problem, 2nd thing is  main vlan uses MS server 2003 dhcp pool and working non AD users, im  using switch own dhcp pool for vlan 200, is it conflict? and when i put  ironport ip on IE's proxy setting it is working
  How to fix it?

  Network Side:   
                         ---->Cisco 2800-1 (Gre Configured) --> Sat Link-->Cisco 2800-2(Gre Configured)--->
  End Users->1-L3->                                                                                                  ---->L3-2(WCCP)---Ironport
                         ---->Cisco 2800-3 (MPLS Configured ) --> Sat Link-->Cisco 2800-4(MPLS Configured)--->
  Our network is like this, so through MPLS everything is working fine. The problem is on backup.
  End users --> VLAN 1, VLAN 200  and VLAN 1 is default and our AD users, AD users working okay but looks like depending on some operating system Win XP, Win 7 some of them not working, and for VLAN 200 is all unknown pc.
  1-L3 doing only routing role.
  Cisco 2800-1 and 2800-2 both also configured routing and Gre tunnel.
  Cisco 2800-1 Configs
  crypto isakmp policy 2
  encr 3des
  authentication pre-share
  crypto isakmp key *** address 10.1.9.254
  crypto ipsec transform-set 3DES-SHA esp-3des esp-sha-hmac
  crypto ipsec profile VPN
  set transform-set 3DES-SHA
  interface Loopback0
  ip address 1.2.2.1 255.255.255.252
  interface Tunnel0
  bandwidth 1024
  ip address 10.1.9.250 255.255.255.252
  ip mtu 1300
  tunnel source 10.2.9.254
  tunnel mode ipsec ipv4
  tunnel destination 10.1.9.254
  tunnel protection ipsec profile VPN
  service-policy output QoSTunnel
  interface GigabitEthernet0/0
  description Connected to Satellite Modem
  bandwidth 1024
  ip address 10.2.9.254 255.255.255.252
  duplex auto
  speed auto
  interface GigabitEthernet0/1
  description Connected to L3-Switch
  ip address 10.2.5.253 255.255.255.240
  ip nbar protocol-discovery
  duplex auto
  speed auto
  service-policy input block-p2p
  ip forward-protocol nd
  ip http server
  ip http authentication local
  no ip http secure-server
  ip http timeout-policy idle 60 life 86400 requests 10000
  ip route 0.0.0.0 0.0.0.0 Tunnel0
  ip route 1.2.1.1 255.255.255.255 Tunnel0
  ip route 10.1.0.0 255.255.224.0 Tunnel0
  ip route 10.1.5.240 255.255.255.240 Tunnel0
  ip route 10.1.5.254 255.255.255.255 10.1.5.253
  on the WCCP configuration L3-2
  sh ip wccp
  Global WCCP information:
      Router information:
          Router Identifier:                   192.168.0.1
          Protocol Version:                    2.0
      Service Identifier: web-cache
          Number of Service Group Clients:     1
          Number of Service Group Routers:     1
          Total Packets s/w Redirected:        4
            Process:                           2
            CEF:                               2
          Redirect access-list:                -none-
          Total Packets Denied Redirect:       0
          Total Packets Unassigned:            2970
          Group access-list:                   -none-
          Total Messages Denied to Group:      0
          Total Authentication failures:       0
          Total Bypassed Packets Received:     0
  sh ip wccp int
  WCCP interface configuration:
      Vlan6
          Output services: 0
          Input services:  1
          Mcast services:  0
          Exclude In:      FALSE
      Vlan7
          Output services: 0
          Input services:  1
          Mcast services:  0
          Exclude In:      FALSE
      Vlan8
          Output services: 0
          Input services:  1
          Mcast services:  1
          Exclude In:      FALSE
  interface Vlan6
  ip address 10.1.0.254 255.255.224.0
  no ip redirects
  ip wccp web-cache redirect in
  ip access-list standard wccp_grp_list
  permit 10.1.7.253 ## Ironport IP ##
  ip access-list extended wccp_redir_list
  permit tcp 10.1.0.0 0.0.31.255 any eq www
  permit tcp 10.2.0.0 0.0.31.255 any eq www
  permit tcp 10.2.1.0 0.0.0.255 any eq www ## VLAN 1 Users ##
  permit tcp 10.2.11.0 0.0.0.255 any eq www ## VLAN 200 Users ##
  and Static routings on L3-2.
  On Ironport.
  connected NTLM to Domain server
  Service Profile Name:
  Service:
  Standard service ID: 0 web-cache (destination port 80)
  wccp_redir_list
  Router ip address: 10.1.7.254
  Load Balancing : Allow hash and mask
  Forwarding method: Allow GRE or L2
  Return method: Allow GRE or L2
  Default Route : to Router IP
  And configured Guest privileged so if unknown pc will connect it should go through Guest privilege.
  Global Authentication Settings
  Action if Authentication Service Unavailable:    Block all traffic if authentication fails
  Failed Authentication Handling:    Log Guest User by: IP Address
  Re-authentication:    Disabled
  Basic Authentication Token TTL:    18000
  Transparent Proxy Mode Authentication Settings
  Credential Encryption:    Disabled
  Redirect Hostname:    proxy
  Credential Cache Options:    Surrogate Timeout: 3600 seconds
  Client IP Idle Timeout: 3600 seconds
  Cache Size: 8192 entries
  User Session Restrictions:    Disabled
  Secure Authentication Certificate:    Common name:    IronPort Appliance Demo Certificate
  Organization:    IronPort Systems, Inc.
  Organizational Unit:   
  Country:    US
  Expiration Date:   
  Basic Constraints:    Not Critical
     Enable Identity
  Name:       
  (e.g. my IT policy)
  Description:    
  Insert Above:   
  Membership Definition
  Membership is defined by any combination of the following options. All criteria must be met for the policy to take effect.
  Define Members by Subnet:    
  (examples: 10.1.1.1, 10.1.1.0/24, 10.1.1.1-10)
  Define Members by Protocol:    
  All protocols
  HTTP/HTTPS Only 
  Native FTP Only
  Define Members by Authentication:   
  Select a Realm or Sequence:   
  Select a Scheme:     Scheme setting applies to HTTP/HTTPS only.
  If a user fails authentication:     Support Guest privileges   
  Authorization of specific users and groups is defined in subsequent policy layers
  (see Web Security Manager > Decryption Policies, Routing Policies and Access Policies).
  Authentication Surrogate for Transparent Proxy Mode:    Surrogate Type:       
  IP Address
  Persistent Cookie
  Session Cookie
  Explicit Forward Request:        Apply same surrogate settings to explicit forward requests
  If this option is not selected, no surrogates will be used with explicit forward requests and NTLM credential caching will not be available to these requests.
  Advanced
  Use the Advanced options to define or edit membership by proxy port, destination (URL Category), or User Agents.
  The following advanced membership criteria have been defined:
  Proxy Ports:    None Selected
  URL Categories:    None Selected
  User Agents:    None Selected
  Use: NTLMSSP
  Identity Policies: Global Group
  Settings for Global Policy
  Define Members by Authentication:    Require authentication
  Select a Realm or Sequence:    NTLMSSP
  Select a Scheme:     Scheme setting applies to HTTP/HTTPS only.
  If a user fails authentication:     Support Guest privileges   
  Authorization of specific users and groups is defined in subsequent policy layers
  (see Web Security Manager > Decryption Policies, Routing Policies and Access Policies).
  Authentication Surrogate for Transparent Proxy Mode:    Surrogate Type:       
  IP Address
  Persistent Cookie
  Session Cookie
  Explicit Forward Request:        Apply same surrogate settings to explicit forward requests
  If this option is not selected, no surrogates will be used with explicit forward requests and NTLM credential caching will not be available to these requests.
  But the problem is it is not forwarding Guest privilege and browser stuck when loading .

• How to deploy par without NWDS wizard

  Hello All,
  How can we deploy PAR files without NWDS wizard.
  We have developed a functionality packaged in PAR, how we can deploy it on Client Side Portal, do there some way to deploy it without NWDS.
  Thanks and regards
  Santosh

  Hi Santosh,
  Yes you can deploy the par file without using the NWDS.
  Please refer to the post:
  <b>Re: Problems deploying par file via Netweaver Developer Studio>
  Here I have mentioned the way to deploy the par file without using NWDS.
  I hope this will definately help you.
  Regards
  Pravesh
  PS: Please consider rewarding points if helpful.

• How can i sync my ipod touch to a different itunes library without losing everything on it?

  Please help!!
  Can someone tell me how I can sync my ipod touch to a different itunes library without losing everything on it?

  Transfer iTunes purchases by:
  iTunes Store: Transferring purchases from your iPhone, iPad, or iPod to a computer
  Transfer your music fom the old computer
  iTunes: How to move your music to a new computer
  You can alsouse a third-party program likeoneof thise discussed here to transfer music from iPod to computr.
  Copy music from Ipod to new computer...: Apple Support Communities
  Connect the iPod to the comuter and make a backup by rignt clickingon the iPOd under Devices in iTunes a nd select Back Up. Then restore the iPod from that backup.

• How do i backup my iphone 3 started on one itunes account and restore to the same phone with a different itunes account without losing all my information?

  how do i backup my iphone 3 started on one itunes account and restore to the same phone with a different itunes account without losing all my information?

  Please search the forums. This has been covered here extensively.

• How to link the same horizontal page for two different vertical pages without duplicate them?

  Hey guys,
  Is there a way to link the same horizontal page on two different vertical pages without duplicate the horizontal page?
  I have a doublepage of a book splitted in two parts in different vertical pages but i want link the fullsized image in the horizontal page for both of them. Got that? hahaha
  Thank you all

  Confusing But interesing.
  I think it's possible. I have a idea. It will need one advanced trick.
  To explain it, I need test simply haha.

• How to call a instance method without creating the instance of a class

  class ...EXCH_PRD_VERT_NN_MODEL definition
  public section.
    methods CONSTRUCTOR
      importing
        value(I_ALV_RECORDS) type ..../EXCH_VBEL_TT_ALV
        value(I_HEADER) type EDIDC .
    methods QUERY
      importing
        I_IDEX type FLAG
        i_..........
      returning
        value(R_RESULTS) type .../EXCH_VBEL_TT_ALV .
  Both methods are instance methods.
  But in my program i cannot created instance of the class unless i get the results from Query.
  I proposed that Query must be static, and once we get results we can create object of the class by pasing the result table which we get from method query.
  But i must not change the method Query to a static method.
  Is there any way out other than making method Query as static ?
  Regards.

  You can't execute any instance method without creating instance of the class.
  In your scenario, if you don't want to process your method of your class, you can check the instance has been created or not.
  Like:
  IF IT_QUERY IS NOT INITIAL.
    CRATE OBJECT O_QUERY EXPORTING......
  ENDIF.
  IF O_QUERY IS NOT INITIAL.
  CALL METHOD O_QUERY->QUERY EXPORTING....
  ENDIF.
  Regards,
  Naimesh Patel

• Container Managed Security on Tomcat - configuring different auth-methods

  I am trying to configure the container managed security on tomcat4. Or rather I am trying to add a further dimension to the configuration that already exists.
  At the moment the entire application uses LDAP authentication and I would like to separate an area that requires further authentication. That is to say I would like everyone using the web application to authenticate using the existing Form-Based LDAP authentication but I would like only certain users to be able to use the data upload facility (whose code is stored in it's own directory).
  This is the authentication bit of my web.xml:
    <security-constraint>
      <web-resource-collection>
        <web-resource-name>qmrae</web-resource-name>
        <url-pattern>*.do</url-pattern>
        <url-pattern>*.jsp</url-pattern>
      </web-resource-collection>
      <auth-constraint>
        <role-name>*</role-name>
      </auth-constraint>
    </security-constraint>
    <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>Form-Based Authentication Area</realm-name>
      <form-login-config>
        <form-login-page>/login.jsp</form-login-page>
        <form-error-page>/loginError.jsp</form-error-page>
      </form-login-config>
    </login-config>My first hurdle is in understanding exactly how the application knows where to go for its authentication.
  I had guessed that the realm-name would map "areas" of my application to realm configuration defined in my application's context area in Tomcat's web.xml but this doesnt seem to be the case. In fact I have read conflicting explanations as to what the realm-name is for. One source has said that this is only used for BASIC authentication as a way of naming the resulting pop up window - many others say it maps the login-config to the web-resource-name. However the latter doesnt make sense because the authentication works in my application at the moment even though those values are completely different (and indeed are different in most of the examples i've read on the web). Furthermore I can find any other mention of the defined realm-name in any other file (which of course be because i'm looking in the wrong place).
  I was prepared to accept that the realm-name might not actually do anything and so I've been looking for examples of defining a different auth-method for different url-patterns but i've had no luck.
  I know a user can have one or more roles but I dont have access to the LDAP server to set these up and haven't found anything about defining different auth-methods other than one thread in this forum suggesting that is wasnt possible on AIS.
  This thread suggests that you can have more than one security-constraint but again i'm not sure about the auth methods and how you map an auth method to a security-constraint
  http://forum.java.sun.com/thread.jspa?forumID=33&threadID=320918
  To summarise my questions:
  1) What are the functions of the realm-name and web-resource-name? Are they related?
  2) Is it possible to configure different areas of an application to use different authentication methods? and if so, could you point me in the direction of relevant documentation
  3) If (2) is not possible and I have to assign a new role to the privileged LDAP users, is it enough to define a new security-constraint? Could you describe the behaviour I could expect for users that have authenticated once and try to access this super-security area, will they be shown another login form or will it just let them in because the container is already aware of their permissions.
  Many thanks for your attention,
  Rachel

  If you create your own Realm classes - look at JAAS - you can sort out your last login time, just wrap them around the DataSourceRealm.
  As far as 'remind' him is concerned - I'm guessing you mean provider a reminder for the password based on the user name. If you use form based authentication you can put what ever you like on the page.

• Payment proposal picking up... different payment methods...

  Hi Experts
  we are testing in development phase, Payment proposal is picking up different payment methods even we entered only one payment method in the parameters.
  This should not be selected like this as per the business... process.
  Please let me know how to avoid this.
  Thanks
  Meenakshi

  Even though it will pick up the items from other payment methods. It will not pay, those items will be in the exception list. You can exclude these items though by going to 'Free Selection' tab during Parameters creation, and select the field name 'Payment method' , check box 'exclude value' and in the 'values' field enter the payment methods you want to exclude (One payment method in one row). You can exclude 6 payment methods this way.
  Thanks
  Ranjit

• Different payment method for one invoice

  Hello everyone
  Is it possible to have multiple payment method for one invoice? As my client want to pay different payment method for one invoice.
  Could you please advise?
  Kind regards

  Yes. You can provided if you split the invoice amount into multiple payments under scheduled payments tab in invoice workbench.

• This purchase could not be completed please select a different payment method

  I`ve bought a new BB as a present to my wife - Z3.
  I`ve registered for her new BB ID account - **Removed**@dunaeva.su
  And we can not purchase anything having the same problem using all of our cards - "this purchase could not be completed please select a different payment method",
  I`ve read a lot of forums and web pages and belive that our problem - ur sistem has flagged her account as potentially Fraudulent or Blocked.
  U shold unblock her and bring ur appoligise.
  Edit: Email removed. At no time should you provide any personal information to any other community member. Please review the Community Guidelines and Terms and Conditions of Use. for further information

  I apologize for the rudeness of my first post - i was really disappointed with the situation when i`m not able to provide to my wife fully equipped phone with all her contacts and sms (need some paid app). I`ll check up your recommendations and come back with a report or new questions.