Domain User GPO exempt not working

Similar Messages

• 1. TACAS+ Accounting and Logged in Users report is not working on ACS 4.1(1

  Hi,
  I am facing problem with ACS 4.1 accounting, TACAS+ Accounting and Logged in Users report are not working, the csv file is been generated but nothing is showened in the file.
  I have checked the documents related to ACS 4.1, it says that there is a bug related to command accounting “CSCsg97429 - TACACS+ Command Accounting does not work in ACS 4.1(1) Build 23”.
  Tried upgrading the same with the patch applAcs-4.1.1.23.3.zip, still it is not working.
  Other reports are working fine.
  1. TACAS+ Accounting - not working
  2. Logged in Users - not working
  3. TACAS+ Administration - working
  4. Passed Authentication - working
  5. Failed Attempts - working
  Any suggestions or any idea, please revert.
  Regards
  Vineet

  Hi,
  Thanks
  Yes I have configured the command “aaa accounting exec default start-stop group tacacs+”
  As I have mentioned all the other reports are working. Which user and when he has logged in and what commands he has used. Only the TACAS+ Accounting and logned user is not working.
  Regards,
  Vineet

• GRC 10.0: Access Request Creation - LDAP user advanced search not working

  Dear Experts,
  We are implementing SAP GRC Access Control and we have an issue in Access Request Creation. If we put the user name in “User” field and press intro, the user details are updated, but if we want to make an "Advanced search" the user is not found and the application give us the following message: “No records found for the search criteria entered.”
  Scenario 1: If we put the user name in “User” field and press intro, the user details are updated:
  Scenario 2: If we want to make an "Advanced search" the user is not found and the application give us the following message: “No records found for the search criteria entered.”
  We are using the Active Directory as Data Source.
  Thanks and Regards.

  Hi Jose,
  Try maintaning the parameter 2050 as YES and check once.
  Kindly, also make refer to  the below list of SAP notes:
  1757906 - GRC 10.0 - LDAP user search does not work in NWBC
  1745370 - LDAP search in GRC does not work anonymously
  1718242- UAM: User search not working in Access Request.
  Regards,
  Neeraj Agarwal

• Windows 2012 : A domain user who does not belong to the Administrators group can change the passwords

  Hello,
  Can a domain user
  that does not belong to the Administrators group,
  be able to change your password ?
  I tried to create a domain user account
  without administrative access. This user account have
  permission to access Windows Server
  2012 via Remote Desktop.
  I tried to access the same account
  to the Active Directory Users and Computers,
  i was amazed, because the user account it can  changed
  the password for multiple accounts,
  included one administrator account.
  Best regards,
  Ricardo

  Hi Ricardo, 
  I agree with Martin, we can check the membership about this user account. Besides, we can refer to following steps to check the memberships:
  Start the ADUC on windows 2012.
  Right-click the user account and select
  Properties, then click the Member Of tab.
  Check which group is the user account belongs to.
  In addition, i suggest you create a new user account, and check if the new account can change other user’s password.
  Best Regards,
  Erin

• Outlook 2013 people pane is not showing any items for internal domain users. External contacts works fine

  I have recently purchase a new PC which has Windows 8.1, and Outlook 2013, connected to an exchange 2010 SP3 RU4 server.
  In the People pane, the for External clients, then this box populates correctly, but for internal domain users, it shows "There are no items to show in this view"
  On my OLD PC using XP, and Outlook 2010, connected to the SAME account, then people pane shows correctly for all users.
  Any help appreciated
  regards
  Chris

  Hi Chris,
  I have checked in my Windows 8 and Outlook 2013 with Exchange 2010 SP3 RU4 environment. There are three folders listed under My Contact in my People pane:
  Contacts: The contacts which we added and saved
  manually before.
  Lync Contacts: The contacts we added in Lync.
  Suggested contacts folder: Automatically
  keeps track of everyone you send a message to, but isn’t in your Outlook contacts. Please note that it is different from Auto-Complete List.
  Therefore, I suppose that the meaning of “but for internal domain users, it shows ‘There are no items to show in this view’ ” is that there is no contacts in the
  Contacts folder. Is it right? If I misunderstand, please point it out. And we need to add and save users manually in this folder.
  Thanks,
  Winnie Liang
  TechNet Community Support

• Outlook 2007 autoarchive via GPO is not working.

  Hello everyone!
  For the begging about our environment: Exchange 2007, Outlook 2007.
  We have the problem with setting the autoarchive to work. We`re using GPO to do it. All the settings are configured correctly, but the policy is still not working. On each client the settings in Tools-Options-AutoArchive can be seen(and it is correct), but
  if to look for the same settings in each folder (Inbox, for example) there is nothing set... The settings for for this folder remain "Do not archive items in this folder". 
  Can anyone tell me, how to make them work and to make unchangeable for users?
  Thx for help!

  Hi,
  As far as I know, AutoArchive feature in outlook is designed based on each "Folder". The GPO setting you applied only changes the Default AutoArchive settings in File > Options > Advanced > AutoArchive Settings, it won't apply to all folders.
  There is no method available on Outlook client side to achieve the goal.
  Since you are using Exchange 2007, you may consider to use Exchange document management feature. See:
  http://technet.microsoft.com/en-us/library/bb310756(v=exchg.80).aspx
  If you need further assistance regarding Exchange document management feature, you can post a question in Exchange forum:
  https://social.technet.microsoft.com/Forums/office/en-US/home?category=exchangeserver
  Regards,
  Steve Fan
  TechNet Community Support
  It's recommended to download and install
  Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
  programs.

• Get/Set-NetQosPolicy with GPOs does not work

  Hi,
     I am trying to set the QoS policy in a GPO via P$; I am using the latest patched 2012R2 Windows P$. I have noticed that when you run the command and use the
  switch -PolicyStore GPO:DOMAIN\GPONAME the command does not work. Bug ??
     If you type an incorrect/non-existant GPONAME the command returns an error correctly saying:
  PS C:\> Get-NetQosPolicy -PolicyStore GPO:DOMAIN\GPONAME
  Get-NetQosPolicy : Group policy object not found on domain controller.
     If however you enter an existing GPONAME, the command simply returns without giving any error or output (regardless of
  whether or not the GPO has a policy in it).
     Further, if you try and set/new a policy in a GPO the command returns a very odd error:
  PS C:\> new-netQoSPolicy -Name "TestPolicy" -IPProtocolMatchCondition TCP -DSCPValue 24 -Port 5067 -PolicyStore GPO:DOMAIN\GPONAME
  new-netQoSPolicy : The system cannot find the file specified.
  Any Ideas ? I know I can use the Set-GPPrefRegistryValue or Set-GPRegistryValue; but I was looking for a neater way of doing this.

  >     If however you enter an existing GPONAME, the command simply returns
  > without giving any error or output (regardless of whether or not the GPO
  > has a policy in it).
  Try " | get-member" to see if it returns anything...
  > PS C:\> new-netQoSPolicy -Name "TestPolicy" -IPProtocolMatchCondition TCP -DSCPValue 24 -Port 5067 -PolicyStore GPO:DOMAIN\GPONAME
  > new-netQoSPolicy : The system cannot find the file specified.
  Suppose that's ok - this cmdlet creates a QoS policy, but possibly is
  not able to create the GPO that contains this QoS policy. So use new-gpo
  in advance :)
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Windows XP SP3 cached domain user credentials are not updating after password change over VPN

  We have a bunch of sales people who stay on the road indefinitely, using Windows XP SP3 domain joined laptops.  
  When they change their domain user password, while connected through the VPN, the cached credentials are not updating locally on their laptops.  This causes issues at their next Windows login, where they have to use their prior password to gain access
  to the OS.  Then when they connect through the VPN client, they have to use their new password.  We have already tried Microsoft KB 829652 (which was rolled up with SP3 anyways).
  I have found several work arounds, but I would like to attack the root cause.

  You have to recache the credentials if you change the password. You may have to get the user to log in locally. Then connect to VPN. Once connected to vpn, have them do a run as on any program...I usually use notepad or internet explorer (this will
  cache their credentials with the updated password.).

• Desktop Wall Paper GPO is not working on XP client system

  Hi
  I 've a DOMAIN active directory server 2008. and also added some XP & Some window 7 Clients in this domain. I 've configure a policy thar all domain's clients desktop wallpaper would same.
  this policy is working fine on windows 7but on XP this policy is not working. I 've also try to set desktop wall paper from LOCAL GROUP POLICY of this client machine. but this is also not working.
  I am showing this wallper on my desktop.
  So kindly help me out that how apply desktop wallpaper policy on this XP system...
  I am showing this wallper  on my desktop as given below...

  Hi Manjesh Kaushik,
  Earlier version of the OS only support .bmp(bitmap) format to configure wallpaper where as enabling Active Desktop allows you to use range of formats including animation as well as web pages. Since, you are using JPEG, enable configure the option Enable
  Active Desktop setting in GPO. For your information, please refer to the following article:
  Customizing the Desktop
  For your information, please refer to the following similar post:
  Wallpaper for Windows XP VIA GPO
  http://social.technet.microsoft.com/Forums/en-US/e7dd656a-a687-45e4-9847-975bce059033/wallpaper-for-windows-xp-via-gpo?forum=winserverGP
  Regards,
  Lany Zhang

• CIM installer - domain user account parameters not recognized

  I'm trying to install a Cisco Interaction (Eim-Wim) but i have a problem. during a step installation, I can't authenticate the user. I tried some options, but not recognized by installation program. I tried with domain user and local admin, but not work. The lab is in domain and a single server. Help me.

  Hi,
  Please refer the below discisson on the same topic,
  http://pdirequest.egain.com:8080/community/posts/list/66.page
  Hope it helps,
  Anand
  Please rate helpful posts..

• Google Chrome GPO extensions not working in Central Store.

  Hi, I'm trying to get the Google Chrome GPO extensions to work in central store, I've copied the adml file to
  \\dc01\SYSVOL\*domain name*\PolicyDefinitions\en-us and the admx file to
  \\dc01\SYSVOL\*domain name*\PolicyDefinitions\ , like I've done with many other GPO extensions but when I create a new policy and open administrative templates the Chrome extensions aren't
  there.
  Any ideas what my problem might be? I'm running a 2012R2 domain.
  Regards,
  Freyr

  It's working fine for me.
  I just tried it on Win8.1u1 (local policydefinitions and GPedit), and on my virtual WS2012R2 DC (again using local policy definitions and GPMC) and again I created a CS on this virtual DC, copied the entire local policydefinitions folder content/structure
  into SYSVOL to create a CS and every time the Google admin templates showed up just fine...
  You are using the admx/adml files from here?
  https://support.google.com/chrome/a/answer/187202?rd=1
  Edit:... wait... your CS path seems to be missing \policies\ ?
  e.g.: \\fqdn\sysvol\fqdn\policies\policydefinitions\
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Run with User's rights not working as expected

  I have a VBscript that runs the Quest Client Profile Updating Utility for migrating Outlook e-mail profiles to a new Exchange Server.  For this tool to work it must be run using the User's security context when the user is logged onto the computer. 
  What I have found is that the script fails to run because SCCM is running the script with elevated privileges.  The program is set with 'Only when a user is logged on' and a run mode of 'Run with user's rights'.  The advertisement is set to run from
  a distribution point and has two mandatory re-occuring schedules (Logon, and at 6:00 a.m. every day).
  To test what is happening I created a separate Program that has the same program settings but only runs 'Cmd.exe /k echo' for the command line.  If I run this SCCM program as a user who is not a member of the local administrators group
  I can execute privileged programs like regedit.exe.  If I run the Command Prompt from the Start\Accessories folder and try to run Regedit I receive an 'Access denied' message.  It appears SCCM is running with elevated privileges.
  Does SCCM run a program with elevated privileges?  How can I make a program run without elevated privileges.
  thank you for your help.

  Actually I ran into a similar issue today trying to gather info about mapped network drives and found this thread when trying to troubleshoot it.  Here's a summary of what I've done:
  I have an SCCM package set up to run a script to dump the users' mapped drives to a text file.  The program is set to run only if a user is logged on and to run in the logged on user's context.  UAC is enabled.  For users who are members of
  the local Administrators group, the resulting text file was empty, as if no drives were mapped.  Running the script manually (not via SCCM, just double-clicking the script) populated the text file with the expected results.  So the script works correctly. 
  I suspected SCCM was running the package elevated, since drives mapped in the non-elevated context aren't visible to the elevated context.
  To test, I created another package & program that runs a command I know requires elevation (ipconfig /registerdns) and pipes the output to a text file. I configured it in the same way, and for users who are in the local admin group, the text file results
  indicate that the command ran successfully (which means it ran elevated). If I take the user out of the local admin group, making no changes to the package, then run the package again, the text file results say "This command requires elevation."
  So, it appears SCCM is running with the highest elevation level for which the user has rights.  I guess this makes sense, and it's not doing anything the user wouldn't normally have rights to do, but it does cause a problem when a program needs to run
  under the user's non-elevated token.  Any suggestions?
  Thanks,
  Matt

• Session per user = 1 is not working in database ?

  Dear All,
  A profile has been configured on database with parameter session_per_user=1 but it is not working on database.
  user can make n number of session to database . what could be the reason profile is not working ?
  Please sugeest the solution .....
  Regards,
  Rajesh
  Edited by: Rajesh.Rathod on Mar 17, 2009 3:34 AM

  You have to alter resource_limit to true
  Look fo rmore details in metalink note 745752.1

• Web Viewer embedded (custom domain) and button url not work!!! (Urgent!!!)

  Many sorry for this question - we have a Web Viewer embedded (custom domain) that have all url (button with open in browser) that not work!
  On tablet (Apple + Android) the button work great but on web viewer they do not work!
  Any ideas to solve?
  I see it: Where to place add externalLinksOpen : 'window' to FrameService?
  web viewer URL links

  Any ideas to solve?

• SMB - domain login from XP not working

  I have been testing using my MacOSX 10.5.3 server as PDC for Windows XP machines. I set it up on my test server with no problems. Enabled the SMB service, promoted it to a Primary Domain Controller and then a few other minor tweaks and away we went. I got mapped home folders and login script work really quickly. Because of this success I decided to integrate it into a server roll out I am doing at the moment with an Xserve and OSX10.5.4. I setup the SMB service promote it to a PDC and everything is perfect. I get a clean built Windows XP SP2 machine connect it to the domain, reboot, go to login but I get an error saying that "Windows cannot connect to the domain, either because the domain controller is down or otherwise unavailable or because you computer account was not found....".
  After check things several times as well as other people confirm various options I am lost.
  To add further confusion I went back to my test server removed my XP machine from the domain and re-added it to start testing my problem and holy cow I got the same error message.
  The only difference is the 10.5.4 update I did after I setup my test server must have changed something thats stops me from logging in. Can anyone help??

  import java.sql.* package is given, even then its not working.