Exclude specific user from ACS logging ?

Similar Messages

• Exclude specific user from aaa authorization commands

  Hi there,
  I am trying to find a solution to exclude specific users from being authorized (AAA command authorization) when entering commands on the switch/router.
  We use an AAA setup with Cisco ACS. On the devices we use:
  aaa authorization config-commands
  aaa authorization commands 1 default group tacacs+ local
  aaa authorization commands 5 default group tacacs+ local
  aaa authorization commands 15 default group tacacs+ local
  is it possible, to exclude an  user, say User1, from being command authorized?
  In other words, when User1 logs on the switch/router, the switch/router shouldn't check the ACS if User1 is authorized to use this command.
  We tried this with method lists in combination with ACL's on the VTY's:
  line VTY 0
  access-class 1 in
  line VTY 1
  access-class 2 in
  Let's say, User1 always logs in from a specific IP, which is mentioned in access-list 2, the switch would use the method mentioned within the line vty 1.
  But apparently, when a remote connection is being established, the switch/router uses the first VTY which is available, instead of watching which ACL can be matched to the source IP from the User.
  Does anyone have some tips/tricks how to handle this?
  Maybe a custom attribute from the ACS?
  Kind Regards

  If that user belongs to a unique group then you can write a policy where "if the user is in group x then return "access_reject" Or return "access_accept" but set the privilege level to "1" and block all commands. 
  Thank you for rating helpful posts!

• Exclude a user from Shared Services LCM export

  How do I exclude a specific user from the Shared Services LCM export?  In the migration definition file I am trying to specify something like the following:
  pattern="*" and pattern<>"lcm_admin"

  What exactly you want to try after/by exporting users from Shared services?
  Regards,
  Santy.

• How to execute a transaction with a different user from the logged user?

  Hello Experts!
  I'm trying to find out a solution about this scenario: our users need to release a Purchase Order (ME28) and/or a Service Entry Sheet (ML85) in SAP from a WEB based application through TIBCO, but the requirement is to execute this operation with the same SAP User name of the user (with his authorization) and not with the TIBCO user that is logged to SAP.
  Is there someone that could suggest me a real time solution and how to develop it? I really appreciate your contribute and I'm at your disposal for any further information.
  Thank you very much!
  Alessandro

  Hi Rob!
  Thank you for your help, but I can't apply this solution, because we need to execute the transaction with a specific user name and not a generic user, besides our user have different authorization, for example the user Mr. Rossi can release only his Purchase Order but not the PO of another user Mr. Bianchi. Moreover we need to see the PO released/modified from a specif user name. So this is our constraint.
  Bye Ale.

• Is there a way to exclude specific calendars from Notifications and alerts?

  I have 4 calendars:  1 Exchange and 1 Yahoo that includes 2 shared calendars (wife and MIL).  I activate the Yahoo calendars only when I need them and do not need any yahoo reminders at all.  When I swipe down the Notifications page, it includes all four calendars including the shared Yahoo calendars. What's worse, I get alerts from all four calendars. 
  I only want Exchange alerts and notifications. Is there a way to exclude the Yahoo calendars from Notifications and alerts?
  Right now, the only way I can eliminate them is by deactivating the Yahoo account in Settings/Mail, Contacts, Calendars.

  Is there a way to only choose specific contacts from an existing group and add to a new group? 
   I mean there has be a faster way than typing everybody by hand..

• Access to Oracle Database by a specific user from a client system.

  Hi All,
  I need to restrict a particular client system to access the database only by a specific user credentials. I mean system A(hostname) can only connect the database PQR only and only by user U123. Any help is sincerely appreciated.
  Regards
  Swapan

  Hi,
  I solved it by a trigger at logon on V$SESSION which validates MACHINE like [HOSTNAME] and username not like [the_user_I_would_allow].
  It works now.
  Thanks for your reply.
  Regards
  Swapan

• Possible to delete Offline Files content for a specific user from the Client Side Cache (CSC) ?.

  Hello Everyone,
  We would like to implement a script to delete the offline files in the Client Side Cache (CSC) for a nominated user (on Windows 7 x64 enterprise).
  I am aware that;
  1. We can use a registry value to flush the entire CNC cache (for all users) next time the machine reboots.
  2. If we delete the user's local profile it appears that Windows 7 also removes their content from the local CSC.
  However, we would like to just delete the CSC content for a particular nominated user without having to delete their local user profile.
  In our environment we have many users that share workstations but only use them occasionally. We don't use roaming profile so we would like to retain all the users' local profiles but still delete the CSC content for any users that haven't
  logged on in a week.
  Any ideas or info would be appreciated !
  Thanks, Makes

  Hi,
  I don't think this is possible.
  If you want to achieve it via script, I suggest you post it in official script forum for more professional help:
  http://social.technet.microsoft.com/Forums/scriptcenter/en-US/home?category=scripting
  The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.
  Karen Hu
  TechNet Community Support

• Exclude specific songs from factoring into auto calculated Album Rating?

  I really like using the calculated (empty star) Album Rating system, however I was wondering if there was a way to exclude some songs on an album from being averaged into the Album Rating. My reasoning for this is that I don't want intros/outros/skits or bonus tracks to bring the overall rating of an album down (there are many albums in my library that drop down a star rating because of bonus tracks that I don't really like, but wish to keep a part of the album for collection purposes). Is there anyway to make this happen? Thanks.

  You do have a very complex looking site and may need several tables in mysql to handle all that data. If you knew to phpmysql I would suggest taking a look at this tutorial it will help get you started in understanding how to $_GET info from a database and also how to $_POST data to a database. I am no expert just learning myself and I found this very helpful. This is the link http://www.adobe.com/devnet/dreamweaver/articles/first_dynamic_site_pt1.html
  There are also many tutorials on Youtube to help build a CMS Content Management Site I would suggest the following: -
  http://www.youtube.com/user/phpacademy
  http://www.youtube.com/user/betterphp
  http://www.youtube.com/user/flashbuilding
  And many more on my channel here
  http://www.youtube.com/user/Whisperingonthewind
  CMS's are easier to maintain, add edit and delete content.
  I have also recently bought a Book by David Powers Training from the Source very helpful.
  Anyway hope you get it sorted.

• How to Write Path to Exclude Specific Folder From Scanning in Endpoint Antimalware policy

  Dears,
  I have configured endpoint protection antimalware policy to make scanning windows servers, and I have some specific folders which I need excluded from scanning because of they are critical folders, so, when I wants to excluded the folder, how do I write
  the path to add the path to excluded filed? is this correct path
  C:\MyFolder or there is s special path writing?
  Thanks..

  If that's the folder you want to exclude then your doing fine. For more information see (List of Antimalware Policy Settings):
  http://technet.microsoft.com/en-us/library/hh508785.aspx
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• Automating removal of Discovered Users from ACS

  I use ACS 4.1 on a Windows server that looks up unknown users in Active Directory. Users in AD are in various groups and ACS has these groups mapped to the ACS groups so that users are granted appropriate access to their needs. This has worked well.
  I am now seeing that users are are removed from one AD group and added to another group do not have this change reflected in the ACS system. This is because ACS only looks at the AD group for *unknown users*. The user who has moved AD groups was an unknown user, but, upon first logon, that user became a discovered user. From that point forward, only credentials are checked, not group membership.
  On the User Setup section in ACS, there is a button to *Remove Dynamic Users*.
  I would love to know the following:
  1. Is there a way to have ACS check the current group assignment in AD for *Discovered Users*?
  2. If not, is there a way to automate the *Remove Dyanmic Users* fucntion? I have used CSUtil in the past but it seems a little cumbersome for this feature in that I had to dump out the users, reformat the output, and then push the deletion back through. I don't recall it making distinctions of known versus discovered users. It just had users names in ACS groups.
  Any insights would be greatly appreciated!

  Right, I mention that in my original post. But it requires me to go in and do it. Not the automated process I am looking for.
  The other approach I mentioned is to script around the CSUTIL command. While it meets part of the automation requirement, it is not very robust and does not do exactly what I am looking for. It also becomes another complex script that I would have to support.
  Thank you.

• How to exclude FBA users from an audience

  I have the following situation (SharePoint 2013):
  I have an audience: internal users (rule is based on emailadress because internal users all have an email adress that ends the same)
  I created a navigation button which should only be visible for 'internal users' so I audience it at 'internal users'. When I'm testing this with an AD account that does not have an internal emailadress (so is not in the 'internal users' audience), this is
  working as I expected. The user does not see the navigation link/button
  Now the problem is that when I log in as FBA user, I can still see the navigation button, even though the FBA user does not have an emailadress that meets the rule of the audience. 
  Any suggestion on how te make this work? And if its not possible, does anyone have a workaround? 
  Help is much appreciated!

  Hi,
  if you already have the Local Net Users and if you want them to be used for other WLAN on thhe same WLC, then its simple..
  For each LNU that you have configured edit it by mapping the WLAN to ALL WLAN, this will help you in getting the migration done with ease!!
  Lemme know if this answered ur question and please dont forget to rate the usefull posts!!
  Regards
  Surendra

• Exclude task from workflow log

  I have had a client ask me to stop several tasks in a particular workflow from appearing in the workflow log. There does not appear to be an option that does this. The options I see are
  In all workflow logs
  Only in technacal workflow log
  Condition 'Complete Work Item ' True: Not in graf protocol
  The user doesn't want to see certain taks in the log displayed via SWI1. Anyone know how to achieve this?
  Cheers,
  Ross

  Dear Ross,
  I guess this is not something that is soft customizing. This needs to have a change done in the workflow template.
  As Rick mentioned, there are few steps where you have an option in the Outcomes tab "Not in Workflow Log" checkbox that is used to exclude that step from the log.
  But this would call for a workflow change and would require a transport request.
  Hope this helps!
  Regards,
  Saumya

• Block Users from specific Warehouses

  Hi,
  Can anyone tell me if it is possible to prevent specific users from transacting out of certain warehouses only?
  I know this can be done with a customized approval procedure, however the client would like this to be blocked comepletely wihtout anyone having to approve the document
  Please assist...
  Kind Regards
  Grant

  Hi Friend,
  I'm afraid there is no method here we can link or block certain users to certain WHs.
  That is why the approval procedure is used as a possible workaround.
  If the customer wants this work as you've mentioned, you have to develop your own SDK code to justify the user's permission.
  Kind Regards,
  Dani Zhao
  SAP Business One Forums Team

• Looking for Help with Active Directory Script to Remove a User from msExchDelegateListLink

  I'm struggling to put together an Active Directory Powershell script that will remove a specific user from the msExchDelegateListLink.
  It looks like Set-AdUser would do the trick. I would want to remove a user in the format of
  {CN=Wood\, Sandy,OU=Networking,OU=IT,DC=my,DC=domain,DC=com}
  Has anyone succeeded in doing this before?
  Orange County District Attorney

  I use this:
  $user = '<user name>'
  $userDN = Get-ADUser $user | select -ExpandProperty DistinguishedName
  $delegates = Get-ADUser $user -Properties msExchDelegateListBL |
  select -ExpandProperty msExchDelegateListBL
  foreach ($delegate in $delegates)
  Set-ADUser $delegate -Remove @{msExchDelegateListLink = "$UserDN"}
  Never quite got around to putting it into a function.
  [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "

• User is not logged on, but the system thinks it did!

  Hi,
  We're having a problem with one user. When you try to log on with his userid and password, this notification screan comes up: You have already logged in. Do you want to logout and login to a different Organization? "YES" "NO"
  Trying again, doesn't work.
  When you watch the logged on sessions with the admin console, you will see that there is a session with the user and that he is indeed logged on!
  BUT this is not how it is for real, cause he is NOT logged on, doesn't get further then this notification screen!!
  Someone knwos what's wrong? We still have to try to restart everything, but it's a production system so we'll have to wait till nobody is logged on :-S
  Thanks!
  Greetz,
  Miranda

  - it is possible to terminate the session and the user is logged of (also get's the message)
  - when the users answers no (to log of and log in to a new organization) you stay at the same screen notification
  and the admin console shows the user as logged on
  - when the users answers yes (to log of and log in to a new organization) it get's the logon screen (default logon screen)
  and the admin console shows the user as logged off
  - when i inactivate the user and it is logged on, it get's after trying to logon new this message: This user is not active.
  Contact your system administrator, but it stays logged on .. shows the admin console
  - i also can delete the user from the organization (after one time logged on it has a profile under the users from the logged on organization)