Dynamic users group

Similar Messages

• Dynamic User Group Role for ASA 8 ACS 4 External Windows DB

  1. I've successfully got a Win2003 AD user to authenticate to the ASA via an ACS but the default group settings the dynamic user becomes part of don't get transfered to the user. How do I get the user to adopt the group settings?
  2. ASDM recommends nabling authentication for admin console sessions so you don't ssh into a box then have to login as the enable password which isn't logged. When I check the box for this feature I can ssh to the ASA but my password is denied ASA. How do I keep the user credentials all the way to the privilege exec mode?
  3. Back in the day I could configure the ACS shell, privilege 15, custom attributes cisco-av-pair "priv-lvl-15" to get a user to jump directly to privilege exec mode. This doesn't work now. Is there a different way to do this on ACS v 4?
  Thanks in advance,
  Matt

  Try this:
  aaa authentication enable console
  aaa authorization command
  on ACS go to the user or group that the user is in and go to enable options and click on "Max Privilege for any AAA client" and set it to "15". Then go to the "tacacs+" section on click on "Shell(exec)" and click on "Privilege leve" and enter 15. Then go to the "Shell command authorization set" and set the default to permit any commands not listed. This will get the user into privilege mode. In ASA/Pix it requires command authorization and authentication for enable console. On IOS it requires that you use aaa authentication exec and then the aaa authorization exec/command. This will allow the user to go straight into privilege mode instead of user mode.

• Dynamic User,Role,Group rather than use jazn.xml

  Hi everyone
  For Jdev 11..
  can anybody tell me how to make application wich can make user,group,role dynamically...
  rather than use jazn.xml...
  I thought if i use jazn.xml for register user and group its very static...
  I cannot make it dinamycally....
  I read OPSS and I cannot found the idea behind it...
  thanks...

  Hi,
  You can achieve this by using a sql authentication provider. It gets the users and their roles & credentials from the db tables which you can configure in WLS. In JSF, you can create a creation form based on the table (which you configured for authentication), which can be used for the users to register.
  Check out this doc for more information.
  Regards,
  Arun

• OSMF Online-only User Group Meeting -- Edwin van Rijkom  |  TODAY Wed, Jan 20 @ 12:00 NOON PST

  TODAY Wed, Jan 20 @ 12:00 NOON PST we are having the third meeting of the online-only OSMF User Group ( http://www.adobe.com/go/osmf_usergroup ).
  The online-only OSMF User Group is pleased to have a live presentation on OSMF's new features by a developer from the OSMF Team, Edwin van Rijkom, Sr. Computer Scientist at Adobe.  This meeting is open to all who are interested.  Please forward notice about this meeting to all who you think may be interested.
  The link for the online meeting room can be found in the meeting announcement link here:
  http://groups.adobe.com/posts/3e8fddb492
  Edwin will be reviewing changes and new features in OSMF delivered in Sprint 8 (released December), as well as providing an overview of new features in Sprint 9 (releasing next week).
  Topics to be covered include:
  API Refactoring Changes
  Subclip Support
  Live Streaming Support
  Flash Media Manifest File Format (F4M) Support
  Multi-BitRate (MBR) Streaming;
  Digital Rights Management (DRM) via Flash Access,
  Closed Captioning Plug-in
  Pre-Assigned Durations
  Edwin previously presented at the Adobe MAX 2009 conference as a co-presenter on the session entitled "Introduction to Adobe's Open Source Media Framework".  Following is a link for a recording of Edwin's MAX Session (Edwin's portion starting at 24:00 in the recording timecode):
  http://max.adobe.com/online/session/332
  OSMF is an open source ActionScript 3 framework for building video and media players supporting cutting edge Flash Platform features for media delivery.  If you have any curiosity about media players in Flash or Flex, this is a great forum for exploring and getting questions answered.
  If you have an ongoing interest in this area, please join this group by logging in at groups.adobe.com/groups/7af970e6e4 and selecting the "JOIN THIS GROUP" link (red graphic on right side).
  This online-only OSMF User Group meets regularly at this time and day of every month.  That is the 3rd Wednesday of every month @ 12:00 NOON PST time.  All meetings are recorded.  Links for prior meeting recordings are on the group site in various places including on the group home page under the heading "Previous Connect Sessions".
  Following are a few time zone conversions:
  London:  8:00 PM to 9:30 PM GMT
  Rome/Paris/Berlin:  9:00 PM to 10:30 PM CET
  New York:  3:00 PM to 4:30 PM EST
  Los Angeles:  12:00 NOON to 1:30 PM PST
  Sydney:  7:00 AM to 8:30 AM EDT ** THURSDAY January 21 **

  The presentation by Will Law was recorded and can be viewed online, on-demand from the following link:
  http://experts.na3.acrobat.com/p47054887/ 
  Will's presentation is an excellent introduction to HTTP Dynamic Streaming.
  This presentation is a supersized version of a presentation that Will also will be delivering at Adobe MAX 2010.  MAX session description here:
  http://bit.ly/bh77Gz 
  Supersized in that in the recording above Will spent a bit more time in ActionScript for the OSMF developers in attendance than he will with more general audiences.  Plus supersized in that Will took 1 hour 15 minutes (plus 15 minutes more on Q&A), whereas MAX sessions are 60 minutes, less a few minutes for the Q&A.,
  hth,
  g

• What is the best approach to store "dynamic" user accessibility ?

  Hi all,
  We are implemennting security in our ADF BC + Faces application. There is always requirement to hide/disable functionalities that a user is not allowed / authorized to access.
  Usually we do this during development time, based on what role the user is in. Using this approach, there is no way to change that , or give access to new role during runtime (after the deployment). This is what I call "static accessibility".
  In our apps, we need the give / revoke access to some functionalities during runtime. This is what I call "dynamic accessibility".
  One approach that comes to my mind is :
  We define the accessibility to each function that we want to protect (hide/unhide) in database tables. Then every time a use enter a page, read these tables through JDBC calls then store tha data in Managed Bean.
  Has anybody here implement this "dynamic accessibility" ?
  Is there a better approach ?
  Thank you very much,
  xtanto

  Saeed,
  SRDemo uses a managed bean that checks is user in role when called and returns true or false. Another approach - more elegant - is the use of a security property resolver as available
  http://jsf-security.sourceforge.net
  Regarding dynamic permissions, the use of JAAS seems to be a good solution. ADF Security uses JAAS permissions to assign component access to users.
  E.g. if the user role manager has access to edit the salary column, then the security constraint added to the update button could be
  #{!bindings.<attribute binding>.updateable}
  Note that ADF Security sets the updateable flag on an attribute.
  Or you use
  #{bindings.<iterator binding>.permissionInfo.create}
  #{bindings.<attribute binding>.permissionInfo.update}
  #{bindings.permissionInfo['pageDefName'].view}
  etc. to determine what a user can do or can't.
  Note that I haven't tested if the permissions are cached for a specific application or if they are checked each time again. If they are checked each time then this would be a performance penalty but allows to dynamically set permissions to user groups as obviously needed in your applications.
  No, we don't have tutorial for this. But a Oracle By Example for end-to-end security implementation is on my collateral plan for JDeveloper 11 (just need to write a doc writer ;-) )
  Frank

• In human task, dynamically assign group doesn't work

  Oracle SOA 11.1.1.4
  My bpel process invokes a human task.
  On the human task Assignment tab, I assigned 3 users (by name), 1 group (by expression).
  The group is configured in LDAP
  When I tested the bpel process, I entered the group and other data required.
  From the worklist app, I see the task listed. It is assigned to the 3 users, but not the dynamically passed-in group.
  From the Audit trail, I saw all data I entered (include the group). Everything seems correct, but I still can’t make the dynamically-pass-group work.
  If I assign the group by name in human task, it works fine.
  The problem is: dynamically assign group doesn't work.
  Please kindly advice.

  Yes, it is possible assign a group as participant of some human task, passing the group name as parameter.
  I have tested just now.
  It works pretty well in SOA 11.1.1.4 (BPEL or BPM).
  Make sure add a data parameter in your human task definition and pass a valid group name to it.
  At the Assignment tab, in the participants' list, add a group, data type by expression, and set the value to the right xpath expression to the corresponding parameter.
  For example: /task:task/task:payload/task:group
  If it is not working look the SOA log files, probably you'll find some information about the error there. Maybe there is some problem with your jazn.com configuration.
  You can also test if there is something wrong related to the group name, trying to transfer some task to the same group by the worklist.

• Dynamic record group not working when apostrophes are used

  Hi Everyone,
  I have developed a Form for the most part everything is working as expected. However, there is a search functionality that is giving me problems. The issue is that when the user enters search criteria for last_name that has an apostrophe (O'brian) the search lov doesn't get populated because the dynamic record group is not getting created when the string has an apostrophe (ie O'brian). I have a dynamic record group that takes the user's search criteria and populates an LOV on the screen with the records that matched their criteria.
  Here is the code that is behind my search button where the dynamic RG gets created. It works fine for all searches that don't contain an apostrophe. Btw, the Oracle Forms version is 10g.
  DECLARE
  p_where_debtor varchar2(2000);
  p_where_liab varchar2(2000);
  rg_id RecordGroup;
  v_query varchar2(2000) := null;
  rg_name varchar2(2000):= 'RG_LIAB_LST';
  errcode NUMBER;
  BEGIN
  IF :SEARCH.cd_nb is null and
  :SEARCH.cd_seq is null and
  :SEARCH.f_name is null and
  :SEARCH.l_name is null and
  :SEARCH.mi_name is null
  then
  display_message ('Search criteria must be entered');
  raise form_trigger_failure;
  END IF;
  v_query := 'SELECT last_name, first_name, middle_name, c_no, c_seq
  FROM TABLE_VW2 WHERE 1=1';
  /*Search criteria entered by user*/
  IF :SEARCH.l_name_srch IS NOT NULL THEN
  v_query := v_query||' AND UPPER(last_name) LIKE '''||UPPER(:SEARCH.l_name)||'%''';
  END IF;
  IF :SEARCH.f_name_srch IS NOT NULL THEN
  v_query := v_query||' AND UPPER(first_name) LIKE '''||UPPER(:SEARCH.f_name)||'%''';
  END IF;
  IF :SEARCH.mi_srch IS NOT NULL THEN
  v_query := v_query||' AND UPPER(middle_name) LIKE '''||UPPER(:SEARCH.mi_name)||'%''';
  END IF;
  IF :SEARCH.cdcs_nbr_srch IS NOT NULL THEN
  v_query := v_query||' AND UPPER(c_no) LIKE '''||UPPER(:SEARCH.cd_nb)||'%''';
  END IF;
  IF :SEARCH.cdcs_seq_srch IS NOT NULL THEN
  v_query := v_query||' AND UPPER(c_seq) LIKE '''||UPPER(:SEARCH.cd_seq)||'%''';
  END IF;
  /*Make sure record group doesn't exisit*/
  rg_id := Find_Group(rg_name);
  /*If it doesn't exist then create record group*/
  IF id_null(rg_id) THEN
  rg_id:= create_group_from_query(rg_name,v_query);
  END IF;
  IF NOT id_null (rg_id) THEN
  delete_group (rg_id);
  rg_id:= create_group_from_query(rg_name, v_query);
  END IF;
  errcode := Populate_Group(rg_id);
  Any help would be greatly appreciated.
  Thanks,
  Adrian

  For every item where an apostroph can occur, do a
  REPLACE(:BLOCK.ITEM, '''', '''''');

• Dynamic user/role management

  I'm currently working with WebLogic 6.1 and looking into doing what seems to be
  a standard piece of development work, specifically dynamic user management. I
  need the ability to create/modify a user and define them as members of security
  role(s) from within my application, and not through the Weblogic adminstrative
  console. From what I've read the only option is to create a custom RDBMS
  security realm. Does anyone know of any other available options or is this it?
  If anyone has implemented a custom RDBMS security realm I'd be interested in any
  feedback about your experience doing so. Such as performance issues or
  deficiencies of this security model. Thanks in advance.
  - Rich

  Cameron -
  Thanks for your input. Clearly LDAP will not cut it for what I'm trying to do.
  I really need the ability to manage these user accounts from within the
  application not from a separate administrative tool. A custom RDBMS realm seems
  the only option at this point. I looked at some of the vendors you mentioned,
  but they do not seem to offer the type of solution I'm looking for. These
  vendors seem to manage authorization policies which will keep programatic
  security out of your business logic. I did not see where they would allow you to
  create and manage user accounts/groups/ACL's. If there is one that does I'd
  definitely like to take a look at it. Thanks again.
  - Rich
  Cameron Purdy wrote:
  First, if you are using LDAP then you typically use directory management
  tools, not an application, to manage security.
  Second, there are security products that work with J2EE from vendors such as
  Entegrity, IBM, Netegrity, et al. Basically all of them provide advanced
  features like what you describe.
  Third, if you must manage stuff from within the app, you need to use a
  ManageableRealm implementation. See the Weblogic docs to see what I mean.
  Peace,
  Cameron Purdy
  Tangosol, Inc.
  Clustering Weblogic? You're either using Coherence, or you should be!
  Download a Tangosol Coherence eval today at http://www.tangosol.com/
  "Rich Naylor" <[email protected]> wrote in message
  news:[email protected]...
  I'm currently working with WebLogic 6.1 and looking into doing what seemsto be
  a standard piece of development work, specifically dynamic usermanagement. I
  need the ability to create/modify a user and define them as members ofsecurity
  role(s) from within my application, and not through the Weblogicadminstrative
  console. From what I've read the only option is to create a custom RDBMS
  security realm. Does anyone know of any other available options or is thisit?
  If anyone has implemented a custom RDBMS security realm I'd be interestedin any
  feedback about your experience doing so. Such as performance issues or
  deficiencies of this security model. Thanks in advance.
  - Rich

• Create/Edit "Custom Attributes" in Dynamic Distribution Groups

  Hi,
  I wanna create a Dynamic Distribution Group based on the users "title" and "company".
  I've noticed that there are 15 "Custom Attributes" that I can edit in someway, I guess via PowerShell?
  So what is the easiest way to accomplice this?

  Hi,
  Agree with the above suggestion, you can also bulk change the custom attributes:
  Get-Mailbox -ResultSize Unlimited -Database Execs | Set-Mailbox -CustomAttribute1 “title”
  http://dougg.co.nz/2012/05/01/bulk-setting-exchange-2010-custom-attributes/
  to Edit Custom Attributes：
  get-mailbox -filter {customattribute1 -eq ""} | set-mailbox -customattribute1 = "<value>"
  And here is a reference about Create/Edit "Custom Attributes" in Dynamic Distribution Groups：
  http://windowsitpro.com/exchange-server-2010/exchange-2010-sp2-value-custom-attributes
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
  sure that you completely understand the risk before retrieving any suggestions from the above link.
  Best regards,
  Angela Shi
  TechNet Community Support

• Dynamic Approval Group with Voting Method  First Responder Wins

  Hi all,
  i create new Approver Group with type: Dynamic, and Voting Method: First Responder Wins. and i write the query to get user_id.
  The query return the correct users, but in the approval list in the wf, it requires approval from all users in my dynamic approver group !!
  i need only one first user to approve (First Responder Wins), then must go to next approver group.
  please help me to solve this problem
  thanks all ..
  hedaya

  With Dynamic approval First Responder wins does not work, We have to use Roles in HR Manager.
  Refer Configuring Parallel Approvers Notification (Doc ID 471125.1)

• Edit existing Dynamic Distribution Group

  I'm running Exchange 2007 RTM
  I have an existing Dynamic Distribution Group "All Staff" - here's the filter taken from 'Properties'
  (&(!cn=SystemMailbox{*})(&(&(& (mailnickname=*) (| (&(objectCategory=person)(objectClass=user)(|(homeMDB=*)(msExchHomeServerName=*))) )))))
  My question is it possible to EDIT the group to exclude a user? If so how?

  You can edit the dynamic distribution list in EMS and add to the recipient an exclusion based on a value of an attribute (for example a CustomAttribute). 
  first get your current recipient filter with 
  Get-DynamicDistributionGroup dl_dyn_test | fl recipientfilter
  in this example the filter is set to include everything with a CustomAttribute11 value of "plop":
  ((((((((CustomAttribute11 -eq 'plop') -and (Alias -
  ne $null))) -and (-not(Name -like 'SystemMailbox{*'
  )))) -and (-not(Name -like 'CAS_{*')))) -and (-not(
  Name -like 'SystemMailbox{*')) -and (-not(Name -lik
  e 'CAS_{*')))
  lets say we want to exclude the recipients with a CustomAttribute12 value "flop"; we would have to add "-and (-not(CustomAttribute12 -eq 'flop'))" to our filter, making it:
  ((((((((((((((CustomAttribute11 -eq 'plop') -an
  d (-not(CustomAttribute12 -eq 'flop')))) -and (
  Alias -ne $null))) -and (-not(Name -like 'Syste
  mMailbox{*')))) -and (-not(Name -like 'CAS_{*')
  ))) -and (-not(Name -like 'SystemMailbox{*'))))
   -and (-not(Name -like 'CAS_{*')))) -and (-not(
  Name -like 'SystemMailbox{*')) -and (-not(Name
  -like 'CAS_{*')))
  We can write this back to our existing DynDL with the following command:
  Get-DynamicDistributionGroup dl_dyn_test | Set-DynamicDistributionGroup -recipientfilter {<recipientfilter>}
  !!! do not forget the "{}" around the filter value !!!
  So our command becomes: 
  Get-DynamicDistributionGroup dl_dyn_test | Set-DynamicDistributionGroup -recipientfilter {((((((((CustomAttribute11 -eq 'plop') -and (-not(CustomAttribute12 -eq 'flop')) -and (Alias -ne $null))) -and (-not(Name -like 'SystemMailbox{*')))) -and (-not(Name -like 'CAS_{*')))) -and (-not(Name -like 'SystemMailbox{*')) -and (-not(Name -like 'CAS_{*')))}
  After this executes you can use the previous command again to read the value of recipientFilter attribute and verify the change. You can check that the DynDL is working properly by clicking  on the Preview button on the Filter tab in the DynDL properties
  window in EMC, and verifyng that the excluded recipients are not present in the list.

• Create Dynamic Distribution Groups Using Customized Filters

  I am looking to create a new Dynamic Distribution List. 
  Example: 
  DL - United States Users ([email protected]) 
  In AD we have the 'Office' field filled accordingly, which contains the attribute USCA___ or USIL (US,California,etc or US, Illinois,etc). 
  I was wanting to try creating these using this command/script; 
  New-DynamicDistributionGroup -Name "DL - United States Users" -RecipientFilter {(RecipientType -eq 'UserMailbox') -and (Office -eq 'USCA*')(Office -eq 'USIL*')}
  Assistance here please: 
  1. What needs to be added in that line so that only certain users can email to it, rejecting all others (i.e. The Helpdesk or Corporate Communications)
  2. Is there a way to specify the SMTP address you want it to use? 
  3. Is there a way to have it only add mailboxes that are enabled in AD so disabled mailbox user accounts wont be added? 
  Thanks in advance everyone. 

  Hi,
  We can use the following command to create a Dynamic distribution group:
  New-DynamicDistributionGroup -Name "DL - United States Users" -RecipientFilter {(RecipientType -eq 'UserMailbox') -and (Office -like
  'US, California' -or (Office -like 'US, Illinois')) -and (UserAccountControl -ne 'AccountDisabled, NormalAccount')}
  Then as what ED says, we can use the Set-DynamicDistributionGroup cmdlet with AcceptMessagesOnlyFrom or
  AcceptMessagesOnlyFromDLMembers parameter to specify certain users who can send email messages to this dynamic distribution group. And use PrimarySMTPAddress parameter to specify the primary return SMTP email address for the distribution group.
  Hope it helps.
  Thanks,
  Winnie Liang
  TechNet Community Support

• Upgrading Dynamic Distribution Groups

  We're nearing our upgrade/migration from 2007 to 2013 and am at the stage where all users have moved off 2007.  We wanted to unplug 2007 for a couple of weeks to see what would happen and within 24 hours noticed that email sent to a dynamic distribution
  group was not being sent, but not received.  After a day of scratching our heads we plugged 2007 back in and a few minutes later the emails came booming in.  
  We did create a DDG on 2013 and notice it is not manageable from 2007 so there is something that gets upgraded.....just what though?
  So my question is how do I upgrade the existing dynamic distribution groups from 2007 to 2013?

  Hi,
  From your description, I recommend you check if your dynamic distribution group has the Exchange 2007 Server configured as ExpansionServer.
  Get-DynamicDistributionGroup -Filter {Expansionserver -ne $null} | ft Name,Expansionserver -AutoSize
  If yes, I recommend you clear that setting using the following cmdlet:
  Get-DynamicDistributionGroup -Filter {Expansionserver -ne $null} | Set-DistributionGroup -ExpansionServer $null
  Hope it helps.
  Best regards,
  Amy Wang
  TechNet Community Support

• Testing a user group field with the current users group

  I have a list which has a column which contains groups.
  I want to create a view with a condition that the current users group should match the group of that field.
  for testing against current date, its [today]
  for testing against the current user, its [me]
  is that a standard way of testing against the current user.
  Tnx 

  Hi,
  According to your post, my understanding is that you want to create a standard view to filter on the current user’s group.
  Per my knowledge, it’s by designed that the [Me] function is only supported to filter on the current user in a SharePoint list view.
  If you want to filter on the current user group in the list view, I recommend that you can try to use the following methods to implement it in your environment.
  1.  Modify the query on a web part in SharePoint Designer:
  http://www.makdeniz.com/how-to-filter-sharepoint-2010-tasks-which-are-assigned-to-you-and-the-group-your-are-member-of/
  2.  To create a custom web part filter that will dynamically filter your content.
  http://christopherclementen.wordpress.com/2012/04/02/filter-a-list-dynamically/
  Whatever your choice, the query will be the following:
  <Or>
  <Membership Type=”CurrentUserGroups”>
  <FieldRef Name=”AssignedTo”/>
  </Membership>
  <Eq>
  <FieldRef Name=”AssignedTo”/>
  <Value Type=”Integer”>
  <UserID/>
  </Value>
  </Eq>
  </Or>
  For more information, you can refer to:
  http://christopherclementen.wordpress.com/2013/05/20/filter-on-current-user-and-current-user-groups/
  http://go.limeleap.com/community/bid/297846/Custom-List-View-Based-on-Current-User-Using-SharePoint-Designer
  http://spuser.wordpress.com/2012/01/13/filtering-list-items-in-sharepoint-based-on-current-user-and-current-user-groups/
  http://techtrainingnotes.blogspot.com/2012/10/sharepoint-filtering-view-by-group.html
  Best Regards,
  Yumi Fu

• Extracting user group membership to a spreadsheet - tip?

  Hello,
  This is a tip that works for me.
  Sometimes I need to extract the Group Membership names for a user or users.
  What I do is have PTSpy running when I find their name from an administrative search. Clicking on the user name opens up the EDIT USER page where you can see the users groups.
  At this point look in PTSpy for the line:
  Create query: '/* QUERY_DYNAMIC_USERGROUPS:ANSI */ SELECT DISTINCT(a.ObjectID), a.Name, a.IsLocalized      FROM PTUSERGROUPS a, PTUSERLINKS b      WHERE a.ObjectID=b.GroupID           AND b.UserID=?           AND (b.ISSTATIC=? AND b.ISDYNAMIC=?) ORDER BY a.ObjectID DESC'
  followed by 3 lines:
  setInt, index: 0, value: 0001. <--user ID
  setInt, index: 0, value: 1. <--Static Group Membership
  setInt, index: 0, value: 0. <--Dynamic
  Copy and drop that into SQL Query Analyser, plug in the value provided and save it to a spreadsheet or just copy and paste it.
  If you want find dynamic groups - there is a similar query in the PTspy log - look for the /*QUERY_DYNAMIC_USERGROUPS:ANSI
  in PTSpy log
  If anyone has anything else to add - please do!
  Thanks,
  V
  Computers are like Old Testament gods; lots of rules and no mercy. ~Joseph Campbell

  Hi,
  To identify members of a local group by using a command line, refer to:
  1. Open Command Prompt.
  2. To list members of a group, type: net localgroup "groupname"
  Note: You must include the quotation marks.
  For example, export the members of the local group Administrators to a text file named group.txt, refer to:
  net localgroup “Administrators” > C:\group.txt
  You can also write a script as you want.
  Best Regards,
  Nina Liu
  TechNet Subscriber Support in forum
  If you have any feedback on our support, please contact
  [email protected]  
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
  Thanks this does seem to work. It does seem that just copying the command does not work because of the quotes, and that you have to manually type the quotation marks into the command prompt, I'm thinking they are picked up as a different character when you
  copy paste from a html page or other document.