Enforce logon
Hi,
We ran a Perl program via Discoverer Viewer to generate a report. Once the report is generated, other users can view this report by simply copied the URL and pasted in their browser (basically copied the whole lines from the address bar) and they can see the report without having to logon to the Discoverer Viewer.
The url is in the format of
https://server.domain/cgi-bin/folder/program.pl?report=abc&userlogon=user
Are there any configuration on the Oracle AS side or Discoverer side to enforce a MUST LOGON in order to execute a program or view an already generated reports.
Hi,
with session timeout I mean: the lifetime of a portal session.
When your currently security policy is set to a 30 minute limit for locking the session and you want to trim it down to 5 minutes mainly because of the ESS/MSS log-in requirement, you should also consider lowering the session timeout to a similiar value.
It doesn't make sense to set an automatic timeout of 5 minutes to the workstation, when the lockout is set to 8h in the portal.
A user can hijack the computer after 4 min 59 sec. When the timeout of the portal session is set to 8h, he can still access the ESS/MSS data. If the timeout of these is set to <5 minutes (consider the thinking time of ESS/MSS), the hijacker / hacker can't gain access to the ESS/MSS in the portal.
But this will only work when your users don't write their passworts down and pin them next to the computer.
BTW: smartcards and thin clients will resolve almost all of your security concerns. I think the portal also supports smartcard authentication (not sure).
br,
Tobias
Similar Messages
-
Having trouble getting "Set action to take when logon hours expire" to work - Windows Server 2012
I have a Windows Server 2012 server that allows remote desktop users (sessions are hosted on the server itself). I'm trying to enforce logon hours for these remote desktop users.
I have specified logon hours for a user and confirmed that they work--they aren't allowed to logon when logon hours are disabled. However, they are allowed to continue a session past their logon hours limit if they are already signed in (which is fine, this
is the default behavior).
However, when I try to use the `Set action to take when logon hours expire` option (`User Configuration/Administrative Templates/Windows Components/Windows Logon Options/Set action to take when logon hours expire`), and set the behavior to "Logoff",
nothing happens--the user can continue their session happily. I've tried applying this policy both for the user's group and for the local computer. I've run `gpresult` for the user and confirmed that the policy is apparently in place.
I also naively tried the "Force logoff when logon hours expire" option, but that apparently doesn't apply to interactive logins (confusing!).
Am I misapplying this setting, or do I need to take some other steps to get it to work? I'd be grateful for any input. Thanks!Hi,
Sorry for the late response.
We can log off and log on again to see whether the setting gets applied.
According to
Policy Settings that require a reboot or logon section in the following article, this setting needs a logon.
Deploying Group Policy Using Windows Vista
http://technet.microsoft.com/en-us/library/cc766208(v=WS.10).aspx
Best regards,
Frank Shen -
Secured Internal Network (ASA 5510)
We have an internal subnet (Secured Server LAN) that requires network authorization. This subnet contains a separate AD forest with the servers as members of the domain. The Windows XP clients that access these resources are also members of the secure AD forest but are connected to the corporate LAN. We would want to configure RSA SecureID to provide two-factor authentication for the users. Can the ASA 5510 provide network authorization prior to attempting to login to Active Directory without configuring SSL VPN? Please see attachment...
You can able to configure authorization in your ASA device before accessing AD. The below URL presents example procedures for configuring authentication and authorization on the security appliance using the Microsoft Active Directory server. It includes the following use cases:
â¢User-Based Attributes Policy Enforcement
â¢Placing LDAP users in a specific Group-Policy
â¢Enforcing Static IP Address Assignment for AnyConnect Tunnels
â¢Enforcing Dial-in Allow or Deny Access
â¢Enforcing Logon Hours and Time-of-Day Rules
http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/extsvr.html#wp1572118 -
I have a Corsair Force 180g SSD (SATA3) in a MBP15, with the 2.2 i7 and 8g ram. Boot time seems long for a SSD. From button-on to Apple logo takes 35 seconds. After the logo, its less than 15 seconds to my desktop, which includes an enforced logon process. I'm ok with the <15 sec, and apps really run fast now, but the slow POST is concerning me. I can't find anything on a fast boot setting, etc... I understand the MBP uses SATA2.. is it possible I have a SATA3 - SATA2 issue that's slowing down the POST?
My SysPref refers to a Start-up disk only; I assume the Volume is assumed. Only this SSD list listed and selected. Below is the list of properties. Is the Disk ID and maybe even the name an issue? Should it be disk0s1? the drive was built while attached to another machine.. its a long story as to why I had to do that... Is it possible the system is looking for the first drive and eventually falling back to this drive? I would think the being the target boot disk in SysPref would deal with this....
Disk Identifier : disk0s2
Mount Point : /
System Name : Mac OS X
System Version : 10.7.2
System Build : 11C74
System Copyright : 1983-2011 Apple Inc.
File System : Mac OS Extended (Journaled)
Connection Bus : SATA
Device Tree : IODeviceTree:/PCI0@0/SATA@1F,2/PRT0@0/PMP@0
Writable : Yes
Universal Unique Identifier : 1B6F86E0-2BF2-34A3-9F1B-E67DED66C86F
Capacity : 179.19 GB (179,186,008,064 Bytes)
Free Space : 124.16 GB (124,158,898,176 Bytes)
Used : 55.03 GB (55,027,109,888 Bytes)
Number of Files : 428,517
Number of Folders : 97,889
Owners Enabled : Yes
Can Turn Owners Off : Yes
Can Repair Permissions : Yes
Can Be Verified : Yes
Can Be Repaired : Yes
Can Be Formatted : Yes
Bootable : Yes
Supports Journaling : Yes
Journaled : Yes
Disk Number : 0
Partition Number : 2 -
SqlException was caught: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
Hi,
I have deployed an On-Premise SharePoint solution with event receiver to update external SQLDB. I'm using Visual Studio 2013 to create a SharePoint 2013 project on the same machine where SharePoint 2013 server is running. I was able to create
new items, but unable to update/delete. My event were fired accordingly however got choked on sqlConnectionlOpen() when attempting to update/delete with the following exception:
SqlException was caught: Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
Why would SharePoint uses SharePoint web application account my admin created to create and assumes NT AUTHORITY\ANONYMOUS LOGON account for update\delete? Any idea how to fix?
Appreciate your help.I'm new to SharePoint development. I'm not familiar with SharePoint object model. Do I need to use it for working with external data? I used SPSecurity.RunWithElevatedPrivileges
block like you have suggested and is now working fine for both update/delete =)
My project is to develop a SharePoint site to work off external SQL DB. I tried BCS approach to work with external data but that didn't allow workflow/task feature.
Besides, there is no delete event where I can manually sync with external data when an item gets deleted when using SharePoint 2013 Designer. So using event receiver with SharePoint solution in VS2013 is the solution. Now that I am able to
propagate changes to external data store on item events, the new challenge is how do I over come SharePoint deployment conflict resolution (default? enforcement?) as each publish automatically deletes existing items in my lists and recreate? In another word,
I'm trying to replicate SharePoint list to external data store each transaction to keep them sync. Any thought would be greatly appreciated. -
How to make "check for multiple logons" mandatory in webdynpro application.
Hi SDN members,
Im having a problem with an application developed in webdynpro abap.
We require that end-user only have a session per computer (ip address),
I already tried to achieve this by configuring the webdynpro application throguh SICF and going to Error Pages -> Logon Errors --> System Logon and mark the checkbox Check for multiple logons.
This configurations give only a warning when the user logs multiple times, and show a checkbox letting the user decide to end or not the previous sessions.
How to make end previuos sessions mandatory ??
Regards,
Franklin CedilloYou would have to enforce this at the application level. You can get the IP address of the current client from the framework - IF_WD_APPLICATION method GET_REMOTE_ADDRESS.
You could write an entry with the IP address into a temporary table during WDDOINIT. You could clear the entry in the WDDOEXIT. Also during the WDDOINIT, check to see if there is already an entry for this IP address. If so, then fire an exit nagivation plug to a static MIME object or BSP page that explains why the user can only be logged in once. -
Two policies which one is enforced
Win7 64 bit using 11.2.3a pushing policies via Zen. I have a policy that is
restrictive assigned to a folder that generic login for students live in. I
have a unique login for a user that I directly assigned a less restrictive
admin policy to that is in the same folder. These users live in eDirectory.
when checking the properties of ZCM under policies both the restrictive and
less restrictive both show success. Unfortunately the more restrictive
policy that the user is inheriting from the folder level is what is being
enforced. My question is does a more restrictive inherited policy have
precedence over a directly assigned less restrictive policy? Is this proper
behavior?Thanks. That’s probably the issue. The admin policy is an open policy that
probably as you say is not expressly enabling the disabled features that the
restrictive policy is closing. I'll check it out. Thanks.
"CRAIGDWILSON" wrote in message
news:Qopev.1828$[email protected] .com...
Make sure the Less Restrictive Policy Explicitly Removes any Restrictions.
"Unset" is the default and will not over-ride a previous Enable or Disable.
You need to Explicitly set it to "Enable or Disable" to override.
Alternately, if this is a user assigned policy, you could set a system
requirement such as "Logon Name" <> "HelpDesk", then the restrictive
policy would not apply in the 1st place.
However, for schools i generally would prefer a Student Accessible
device be locked down by default, and then unlocked via a policy that
grants rights. Just too many hackers who can figure out how to
interrupt the policy application process when a device is unlocked by
default.
On 5/19/2014 9:58 AM, CCPS wrote:
> Win7 64 bit using 11.2.3a pushing policies via Zen. I have a policy that
> is restrictive assigned to a folder that generic login for students live
> in. I have a unique login for a user that I directly assigned a less
> restrictive admin policy to that is in the same folder. These users live
> in eDirectory. when checking the properties of ZCM under policies both
> the restrictive and less restrictive both show success. Unfortunately
> the more restrictive policy that the user is inheriting from the folder
> level is what is being enforced. My question is does a more restrictive
> inherited policy have precedence over a directly assigned less
> restrictive policy? Is this proper behavior?
Craig Wilson - MCNE, MCSE, CCNA
Novell Technical Support Engineer
Novell does not officially monitor these forums.
Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human. -
Waiting for user logon...
Hi,
we're currently experiencing issues with random applications refusing to install with the message 'Waiting for user logon'. I'm seeing this in Software Center so obviously someone is logged on. It doesn't seem to matter if I'm logged in via RDP or directly
on the pc. I've gone through the basics with the deployment monitoring tool and skimmed through some logs but nothing jumps out.
I have to admit, I don't know a lot about sccm 2012 as it's no longer my area so my experience and training is mostly limited to sms / sccm 2007. I do know that the current guys running know very little and anything that doesn't work is a "known microsoft
issue" - only they can never point you to a KB. I now work mostly in remediation of legacy apps to win 7 / x64 but being as it's not installing it's considered broken so naturally it has become my problem.
Any help with this would be greatly appreciated!I attempted a CCMRepair on this client, and it didn't make a difference. I haven't yet uninstalled and reinstalled the client completely yet.
The CcmExec log shows (every time user logs in), that there's a login detected, and it shows it on session 2:
Registering for Logon/Logoff notifications.
Found user S-1-5-21-4083790691-3944967354-608316658-65900 on session 2
Added CCM (user, session) is: (S-1-5-21-4083790691-3944967354-608316658-65900,2).
No cached user during RegisterForLogon.
New CCM (user, session) is: (S-1-5-21-4083790691-3944967354-608316658-65900,2).
User 'S-1-5-21-4083790691-3944967354-608316658-65900' is logged on to session 2 during RegisterForLogon.
Watching the other sccm logs as it attempts to install this application that's currently Waiting for User Logon, it essentially does this several times a second for a while. This is 10 minutes after the login log noted above. It is showing the correct
user SID, but no session (-1). The logs were merged chronologically, and the log is noted at the end of each line where it came from.
State message(State ID : 2002) with TopicType 1702 and TopicId MyVendorId/RequiredApplication_4a14ecbe-f411-41a6-b096-d0625d462d25/5 has been recorded for S-1-5-21-4083790691-3944967354-608316658-65900
StateMessage
The target instance path is CCM_Application.Id="MyVendorId/Application_4a14ecbe-f411-41a6-b096-d0625d462d25",Revision="5",IsMachineTarget=0
CCMSDKProviderRaising client SDK event for class CCM_Application, instance CCM_Application.Id="MyVendorId/Application_4a14ecbe-f411-41a6-b096-d0625d462d25",Revision="5",IsMachineTarget=0,
actionType 23l, value , user S-1-5-21-4083790691-3944967354-608316658-65900, session 4294967295l, level 0l, verbosity 30l
CIAgentState message with TopicType 1702 and TopicId MyVendorId/Application_4a14ecbe-f411-41a6-b096-d0625d462d25/5 has been updated
StateMessage
The action type is 23
CCMSDKProvider
The user SID is S-1-5-21-4083790691-3944967354-608316658-65900
CCMSDKProviderThe logon session ID is -1
CCMSDKProvider
The message level is 0
CCMSDKProvider
The verbosity is 30
CCMSDKProvider
The value is
CCMSDKProviderJob({E9FD9460-DC59-434D-9661-45C96253174E}): Setting
priority to 5 : Task(MyVendorId/RequiredApplication_4a14ecbe-f411-41a6-b096-d0625d462d25.5.Enforce)
CIAgent
CCIStateStore::SendStateMessages - ModelName: MyVendorId/RequiredApplication_4a14ecbe-f411-41a6-b096-d0625d462d25, Version:5 UserID:S-1-5-21-4083790691-3944967354-608316658-65900, Priority: 5
CIStateStore
CIStateStore
An existing CI state is changed
CIStateStore
[MyVendorId/RequiredApplication_4a14ecbe-f411-41a6-b096-d0625d462d25:5] CIEnforceState changed: Enforcing --> WaitingForUserLogon
CIStateStore
[MyVendorId/RequiredApplication_4a14ecbe-f411-41a6-b096-d0625d462d25:5] AreDetailsUpdated: No
CIStateStore
CIStateStore
GetAllInstances - 1302 instance(s) of 'CCM_StateMsg' found
StateMessageProvider
State message with TopicType 1701 and TopicId MyVendorId/RequiredApplication_4a14ecbe-f411-41a6-b096-d0625d462d25/5 has been updated
StateMessageGetAllInstances - 1302 instance(s) of 'CCM_StateMsg' found
StateMessageProvider
Job({2C94A554-48CE-4CB6-9B70-6AC79B8A6B58}): Already Completed : Task(MyVendorId/RequiredApplication_4a14ecbe-f411-41a6-b096-d0625d462d25.5.Enforce)
CIAgentCCIStateStore::SendStateMessages - ModelName: MyVendorId/RequiredApplication_4a14ecbe-f411-41a6-b096-d0625d462d25,
Version:5 UserID:S-1-5-21-4083790691-3944967354-608316658-65900, Priority: 5
CIStateStore
CIStateStore
An existing CI state is changed
CIStateStore[MyVendorId/RequiredApplication_4a14ecbe-f411-41a6-b096-d0625d462d25:5]
CIEnforceState changed: WaitingForUserLogon --> Enforcing
CIStateStore[MyVendorId/RequiredApplication_4a14ecbe-f411-41a6-b096-d0625d462d25:5]
AreDetailsUpdated: No
CIStateStore -
Logout/logon for password change
Hello,
We have an old 6i form in which we allowed the user to change his/her password and the form then did a logout followed by a login with the new credentials. This seem to fail on 9i/10g, however. Have any new rules been enforced regarding this?
Thanks in advance,
-NikNicklas,
the default Forms behavior is to show a logon screen to renew the expired password in case the used one isn't valid anymore.
The online help doen't describe how to re-new passwords because this is nothing Forms provides natively. All that Forms provides is a logon built-in and a logout built-in.
I did a test in SQL*PLUS with
alter user Scott identified by tiger2;
to change the user password while being connected. Though I changed the password, the session still was active and I did not have to re-authenticate. I guess the same is true from Forms. If e.g you can a database program unit that executes this command then you shouldn't have to logout/logon in Forms. The next time you connect you have to use the new user password though.
One reason to use the password expiry and have Forms re-newing the password is if you use Single Sign-On in Forms10g, because in this case Forms also updates teh RAD entry in OID.
Frank -
PEAP with Windows logon to domain
Hello everybody,
We are looking for a document about how to setup PEAP with Windows logon to domain that it also has logon script or group policy enforcement from the domain controller machine.
We have seen the following topic but we could not access the example implementation document that he recommended (replied by verdann)
http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Wireless%20-%20Mobility&topic=Security%20and%20Network%20Management&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.eead8c5
We are using wireless LAN controller with lightweight access points. Could anyone please advice us?
Thanks in advance,
NitassHi,
I recommend the following 2 Documents for PEAP-Konfiguration with whole microsoft environtment. The first one is to get PEAP running very simple, the socond one adds group policies etc.
http://www.microsoft.com/downloads/details.aspx?FamilyID=0f7fa9a2-e113-415b-b2a9-b6a3d64c48f5&DisplayLang=en
http://www.microsoft.com/downloads/info.aspx?na=47&p=3&SrcDisplayLang=en&SrcCategoryId=&SrcFamilyId=0f7fa9a2-e113-415b-b2a9-b6a3d64c48f5&u=details.aspx%3ffamilyid%3d269902E8-FC41-4EB1-9374-44612E64F0FB%26displaylang%3den -
GP logon script with PowerShell
We have a Windows Server 2012 domain and would like to create a GP logon script with PowerShell.
So if you execute the .ps1 file, the specified logon script settings (including parameters) would be applied automatically in the GP.
Any idea of such command line?Thanks for the tips!
May not be the easiest solution, but it works:
I created a backup of the GPO set fully graphical interface, and I've copied ps1 file in the same folder.
#Start
#Create GPO
$gponame = "Program_AutoStart"
Write-Host ""
$ou = Read-Host "What is your Organisational Unit name?"
Write-Host ""
$enforce = Read-Host "Do you want enforce Group Policy link? (Yes/No)"
$dc1 = $env:userdnsdomain
$dc1length = $env:userdnsdomain.Length
$dc1s = $env:userdnsdomain.Split(".")
$dc1count = $dc1s[$dc1s.Count-1].Length+1
$dc1max = $dc1length-$dc1count
$dc1 = $dc1.Substring(0,$dc1max)
$dc2 = $env:userdnsdomain.Split(".")
$dc2 = $dc2[$dc2.Count-1]
Write-Host ""
Write-Host -Object "Create a new Group Policy Object..."
#replace GPO settings
##backup.xml file
$backupFilePath = ".\backup\{2F708EB2-F154-4739-8F6D-1F16C954649C}\Backup.xml"
$content = Get-Content -path $backupFilePath
$content | foreach { $_.Replace("mydomainname","$env:userdnsdomain") } | Set-Content $backupFilePath
$content = Get-Content -path $backupFilePath
$content | foreach { $_.Replace("mycomputername","$env:COMPUTERNAME") } | Set-Content $backupFilePath
$content = Get-Content -path $backupFilePath
$content | foreach { $_.Replace("mynetbiosname","$env:userdomain") } | Set-Content $backupFilePath
##backup.xml file
$bkupinfoFilePath = ".\backup\{2F708EB2-F154-4739-8F6D-1F16C954649C}\bkupinfo.xml"
$content = Get-Content -path $bkupinfoFilePath
$content | foreach { $_.Replace("mydomainname","$env:userdnsdomain") } | Set-Content $bkupinfoFilePath
$content = Get-Content -path $bkupinfoFilePath
$content | foreach { $_.Replace("mycomputername","$env:COMPUTERNAME") } | Set-Content $bkupinfoFilePath
$content = Get-Content -path $bkupinfoFilePath
$content | foreach { $_.Replace("mynetbiosname","$env:userdomain") } | Set-Content $bkupinfoFilePath
##gpreport.xml file
$gpreportFilePath = ".\backup\{2F708EB2-F154-4739-8F6D-1F16C954649C}\gpreport.xml"
$programexe = "$env:logonserver\$share\My_Program\program.exe"
$content = Get-Content -path $gpreportFilePath
$content | foreach { $_.Replace("mycommand","$programexe") } | Set-Content $gpreportFilePath
Write-Host ""
$parameters = Read-Host "Add your parameters"
$content = Get-Content -path $gpreportFilePath
$content | foreach { $_.Replace("myparameters","$parameters") } | Set-Content $gpreportFilePath
##scripts.ini file
$gpreportFilePath = ".\backup\{2F708EB2-F154-4739-8F6D-1F16C954649C}\DomainSysvol\GPO\User\Scripts\scripts.ini"
$content = Get-Content -path $gpreportFilePath
$content | foreach { $_.Replace("mycommand","$programexe") } | Set-Content $gpreportFilePath
$content = Get-Content -path $gpreportFilePath
$content | foreach { $_.Replace("myparameters","$parameters") } | Set-Content $gpreportFilePath
#Import GPO and link
Write-Host ""
Write-Host -Object "Import Group Policy settings..."
Import-GPO -BackupGpoName "$gponame" -TargetName "$gponame" -Path ".\backup" -CreateIfNeeded
New-GPLink -Name "$gponame" -target "ou=$ou,dc=$dc1,dc=$dc2" -Enforced $enforce -LinkEnabled Yes
#Replace undo
##backup.xml file
$content = Get-Content -path $backupFilePath
$content | foreach { $_.Replace("$env:userdnsdomain","mydomainname") } | Set-Content $backupFilePath
$content = Get-Content -path $backupFilePath
$content | foreach { $_.Replace("$env:COMPUTERNAME","mycomputername") } | Set-Content $backupFilePath
$content = Get-Content -path $backupFilePath
$content | foreach { $_.Replace("$env:userdomain","mynetbiosname") } | Set-Content $backupFilePath
##backup.xml file
$content = Get-Content -path $bkupinfoFilePath
$content | foreach { $_.Replace("$env:userdnsdomain","mydomainname") } | Set-Content $bkupinfoFilePath
$content = Get-Content -path $bkupinfoFilePath
$content | foreach { $_.Replace("$env:COMPUTERNAME","mycomputername") } | Set-Content $bkupinfoFilePath
$content = Get-Content -path $bkupinfoFilePath
$content | foreach { $_.Replace("$env:userdomain","mynetbiosname") } | Set-Content $bkupinfoFilePath
##gpreport.xml file
$content = Get-Content -path $gpreportFilePath
$content | foreach { $_.Replace("$programexe","mycommand") } | Set-Content $gpreportFilePath
$content = Get-Content -path $gpreportFilePath
$content | foreach { $_.Replace("$parameters","myparameters") } | Set-Content $gpreportFilePath
##scripts.ini file
$content = Get-Content -path $gpreportFilePath
$content | foreach { $_.Replace("$programexe","mycommand") } | Set-Content $gpreportFilePath
$content = Get-Content -path $gpreportFilePath
$content | foreach { $_.Replace("$parameters","myparameters") } | Set-Content $gpreportFilePath
#End -
Hi,
I have a fully patched Windows 2008 SP2 Terminal Server and a fully patched Windows 7 client.
I have logged into the Windows 2008 SP2 Terminal Server server with a test account via RDC before.
When I try to log in via RDC to the 2008 TS with a test account which has been marked with the setting "User must change password at next logon" I get the RDC message "You must change your password before logging on the first time. For assistance, contact your system administrator or technical support." I need to force the user to change their password once it has been issued, any ideas on how this can be done?
Thanks,
DanThis does not resolve my issue all the way. I'm having the same problem; When i'm "deploying" users, i always want the users to set their own passwords. Ok, so I then set the auth mode to "RDP Security layer". It seemed to work fine, and it does for that
special purpose.
Just like Daniel, my clients are connecting to our terminal server from several/different "customer-domains" So, they can't logon locally(on their local computer) and change their password, it has to be done THROUGH the terminal server.
But if I turn on RDP Security Layer, users can't use remoteapp through tsgw they only get: "Your Remote Desktop Connection Failed because the remote computer cannot be authenticated" Any ideas?
Also, our terminal servers is round robin based in a farm. So users connect to: tsfarm.domain.com(yes, public a-record which resolves to two internal adresses) This is because, we're using a wilcard *.domain.com as SSL certificate.
But, when i'm using this, our clients sometimes get double auth when they login. I only get the double auth when tsfarm.domain.com resolves to server A, but the session broker wants the user to be on server B.(load balancing)
This does not occur when SSL is enforced, any ideas? -
Remote Desktop Connection Crashes after Interactive Logon
We have a GP on our domain with an interactive logon set. When using RDConnection to logon to a Win10 10074 machine on the doamin, as soon as I click the OK button to get past the interactive logon the RDC crashes and I am back to my desktop. If I take that
Win10 off of the domain and remove the interactive logon, I can use RDC like normal. Interactive logon is an enforced top level domain policy. It was fine in build 10041.
FYI? Suggestions? TY
(I updated a second Win10 to 10074 and the same thing is happening.)I found the answer here.
http://community.spiceworks.com/topic/926475-unable-to-rdp-to-windows-10-machine-after-latest-build-10074
Joey Kobra Apr
30, 2015 at 1:58 PM
1ST POST
This is probably due to the new LogonUI. Verify on the Event Manager if its failing. If that's your issue then try this in REGEDIT:
HKLM\Software\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\TestHooks
change Threshold from 1 to 0
This should revert back to the old login screen. -
Activating Security Policy at Portal Logon Page
Hi @ll,
Iu2019m not able to activate the password security policy check at portal logon page. For this purpose, I have already checked the Enforce Password Security Policy at Logon (System Administration->System Configuration->UME Configuration->Security Policy) and restarted the server too. But it is failed to appear at logon page.
Plesae suggest me to resolve this problem.
Thanks
Gautam SinghHi Gautam Singh,
You say you are customizing the portal logon screen. Are you doing a simple modification by just changing UME properties as described in [Logon Screen Customization|http://help.sap.com/saphelp_nw70ehp1/helpdata/en/43/fc3ae22adb025fe10000000a1553f7/frameset.htm] or are you actually changing .par files and creating your own logon application?
Are you using config tool, the user management configuration Web Dynpro UI, or visual admin to change the properties?
Have you assigned the UME actions Logon_Help and Selfregister_User to the Anonymous Users group?
-Michael -
Naturally, it's not needed to use listener service to establish the new connection to database server.
I am trying to configure oracle database server in such a way that enforce each connection to use service name. Logging each connection in listener log is the main objective for the configuration.
Let's consider the following alternavites to establish the connection for database server:
#1. [oracle@server folder]$sqlplus user/pwd@IP:port/sid (connecting to remove database server)
#2. [oracle@server folder]$sqlplus user/pwd@SID (connecting locally)
#3. Connecting to database server via link server
#4. [oracle@server folder]$sqlplus user/pwd@(.............connection description...........) connecting via jdbc think client.
#5. [oracle@server folder]$sqlplus / as sysdba (connecting locally)
#6. [oracle@server folder]$sqlplus user/pwd (connecting locally)
#5 and #6 doesn't use listener for database connection but listener is needed for #1 to #4.
Could you please suggest me to configure to enforce using listener so that all the connection will be logged to listener log?
I want to apply this approach in standalone and RAC environment.
Thanks in advance.
SureshHi Suresh,
You can force that via Logon Trigger at database level by putting the condition you like on UserENV using Sys_context.
Just for example when you connected using listener/Net8, Userenv will be having protocol and ip address. even though its coming from same as db server.You can always validate in logon trigger who can or can't connect.
Test1 : connect using NET8
[oracle1@gridcluster03 ~]$ sqlplus sys@DB as sysdba
SQL*Plus: Release 11.1.0.7.0 - Production on Fri Dec 18 15:49:57 2009
Copyright (c) 1982, 2008, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production
With the Partitioning, Real Application Clusters, OLAP, Data Mining
and Real Application Testing options
SELECT sys_context('USERENV', 'IP_ADDRESS') "IP_ADDRESS", sys_context('USERENV', 'NETWORK_PROTOCOL') "PROTOCOL" from dual ;
IP_ADDRESS PROTOCOL
10.10.12.3 tcp
TEST2 : Connect Locally :
[oracle1@gridcluster03 ~]$ sqlplus "/ as sysdba"
SQL*Plus: Release 11.1.0.7.0 - Production on Fri Dec 18 15:43:48 2009
Copyright (c) 1982, 2008, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production
With the Partitioning, Real Application Clusters, OLAP, Data Mining
and Real Application Testing options
SQL> column "IP_ADDRESS" format a20
column "PROTOCOL" format a20SQL>
SQL> SELECT sys_context('USERENV', 'IP_ADDRESS') "IP_ADDRESS", sys_context('USERENV', 'NETWORK_PROTOCOL') "PROTOCOL" from dual ;
IP_ADDRESS PROTOCOL
When connecting locally no information passed to environment.
=========================
Hope this is useful and answer your question.
Regards
Krishan JAglan
Maybe you are looking for
-
ITunes and Quicktime issue (Please Help)
So last night I download the update for iTunes. Everything seemed to be going fine, I didn't have any problems. This morning I turn on my computer and try to run iTunes and it gives me an error message, an dwon't even open iTunes. Not only that, I ca
-
How to set the size of combo box using jsf
I face problem when i set the size of a combo in jsf
-
HT201269 iPod to iPhone connection
Is it possible to download my music from my iPod directly to my new iphone5 without using iTunes or iCloud? I have a camera adapter that will fit into the iPod that has a USB port on the other side that the cord for the iPhone will plug into.
-
Folks - this might be a VERY simple question, but here goes. We have been trying to confirm the userid length available in ECC6/etc. Knowing that this has been constrained in previous releases to a shorter field length, i.e.?12? chars...we want to be
-
Windows media player 12 library is corrupted
I have a new HP p7-1236s with Windows 7 64bit OS. As I was setting up I needed to install the software for a Fuji Finepix A330 digital camera from a prior system. I installed from the CD which was not compatible with Win 7 and then used Fuji's Update