F.19 without granting direct access to FBB1

Similar Messages

• Grant the access rights to manager run the work flow history report without edit /delete rights

  I found that only Team Member / Workspace creator / Administrator can run
  the work flow history report. However, we have a Purchase Order request
  which need ask the supervisor for 1st approval and manager for 2nd approval.
  But those managers want to see who prepare the P.O. and supervisor done the
  first approval before their 2nd approval. How can I can grant the access
  right to the manager to run the work flow history report for this purpose? I
  tried grant the role "team member" to those manager, however, it will also
  allow them to modify or delete the entry as they are the team member, but we
  only want allow those managers can approve the entry and view the work flow
  history without other acces such as add/delete/edit to prevent the human
  mistake.
  Pls advise how can I do this? Thanks!
  Regards

  Create a new role in teaming can fulfill this requirement. Thanks!
  "Joey" wrote in message news:_Cvqo.66903$[email protected]. .
  I found that only Team Member / Workspace creator / Administrator can run
  the work flow history report. However, we have a Purchase Order request
  which need ask the supervisor for 1st approval and manager for 2nd approval.
  But those managers want to see who prepare the P.O. and supervisor done the
  first approval before their 2nd approval. How can I can grant the access
  right to the manager to run the work flow history report for this purpose? I
  tried grant the role "team member" to those manager, however, it will also
  allow them to modify or delete the entry as they are the team member, but we
  only want allow those managers can approve the entry and view the work flow
  history without other acces such as add/delete/edit to prevent the human
  mistake.
  Pls advise how can I do this? Thanks!
  Regards

• Direct Access on Windows Server 2012 R2 and IPV6

  I have a question about IPV6 and Direct Access in Server 2012 R2. Without using UAG is it still mandatory to have IPV6 enabled in the intranet?
  Kristopher Turner | Not the brightest bulb but by far not the dimmest bulb.

  Hi,
  DirectAccess uses IPv6 with IPsec to create a secure connection between DirectAccess client computers and the internal corporate network.
  However, DirectAccess does not necessarily require connectivity to the IPv6 Internet or native IPv6 support on internal networks. Instead, it automatically configures and uses IPv6 transition technologies to tunnel IPv6 traffic across the IPv4 Internet (6to4,
  Teredo, IP-HTTPS) and across your IPv4-only intranet (NAT64 or ISATAP).
  For detailed information, please view the link below,
  Plan the DirectAccess Infrastructure
  http://technet.microsoft.com/en-us/library/jj574101.aspx
  Hope this helps.
  Steven Lee
  TechNet Community Support

• How so i get direct Access to the Music/pics stored on NAS

  How so i get direct Access to the Music/pics stored on a Buffalo Link Station Live with my iPad without using a App? The NAS is conected with a Router. Privatfreigabe (dont know the english Word) is ok. The iTunes Server on NAS is activated. Nö Problem to get Access from iTunes on PCs.
  I just want to use the preinstalled Musik/Photo App to Listen/watch my Music/pics stored on the NAS without losging them on the iPad. Streaming is what i think of.

  Have a look at FileBrowser.
  https://itunes.apple.com/sg/app/filebrowser-access-files-on/id364738545?mt=8

• How to directly access a SELECTED row in a table using MasterColumn

  I'm using a table with MasterColumn (TreeByNestingTableColumn) contains checkbox element.
  In order to get the selected row I have to navigate the whole tree which is a very expensive when the tree is big.
  I also tried without check box by just using MULTI ROW SELECTION property of the table but that didn't work.
  Is there a way to directly access selected row like we do in the standrard table control?
  Any help would be appretiated.
  regards
  Qamar

  hi, Qamar
  Just Check out the Following Link's
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/webdynpro/tutorial on creating a tree structure in a table - 27.htm
  and also if u had not seen it before...............
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/webdynpro/tutorial on creating tables in web dynpro - 11_0_.htm
  regard's
  Dheerendra

• Direct Access 2012 R2 - Problems with Force Tunneling and other questions

  I have just setup a Direct Access 2012 R2 server in my network, 2012 domain and all Windows 8 clients. 
  Internal CA environment (no external CRL) using a public issued cert for IPHTTPS tunnel, 2 interfaces for the DA server, 1 internal and 1 in the DMZ behind a NAT firewall (1 public IPv4 address) and my test clients are connecting fine to internal resources.
  1.  When I enable Force Tunneling the clients no longer are able to access the external internet.  Is there anything I need to add to make this work?
  2.  I am having trouble with our Remote Desktop Session Hosts.  I can only assume it has something to do with the DNS  as we have our AD domain performing internal DNS of the int.contoso.com domain and public DNS performing for the external
  Contoso.com domain (RDWA etc).  DA has only int.contoso.com set as a DNS Name Suffix in the Infrastructure Setup.  Should I add the external contoso.com Name Suffix in there too?
  3.  I have a Kaspersky Security Center server for centralized AV admin, can I still push out AV updates to the clients that connect with DA.  Do I add my KSC server to the Management Servers list in the Infrastructure Server Setup page on the DA
  setup.   Does that list allow those servers to access the DA clients?

  Hi,
  Let's solve problems one by one. Force tunneling. When enabled, all network trafic from DirectAccess clients goes throught IPSEC tunnels. Just configure a proxy on your DirectAccess clients (with a FQDN of course) and your clients should be able to surf
  internet again.
  RDS : Depend. Where are your RDS servers registred internal zone DNS or external DNS zone. If a DirectAccess client cannot resolve a name it does not know if it has to go throught the tunnel. At last can you ping your RDS Server?
  Remote Management : Right. Adding servers in this list allow them to use the IPSEC infrastructure tunnel (computer established tunnel) without users being logged.
  BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

• Auto deploying branch office printers with Direct Access

  Hello there
  I am implementing my first Direct Access topology and have a question. We will have branch offices with workstations deployed using Direct Access for administrative purposes. We have staff moving around from branch to branch with the goal to
  make logging on to the network and accessing resources for users as automated as possible. One of the questions I have regards auto configuring branch printers for users using Group Policy. The branch offices have workstations, printers and NAT modem/routers
  with DHCP - but no servers.
  If we have a stand alone network printer, how do we list that printer in Active Directory allowing the user to auto-configure it using group policy? If we install it on a server at Head Office, would the print job travel there first and then back to
  the branch? Obviously this is not ideal. Or can it be directed straight to the printer using a script or something?
  Alternatively we can install and share it on a branch workstation and list it in the directory, but would this not be same the problem as above? This is not ideal either as it would depend on the workstation being always on and available.
  Any input Direct Access gurus?
  Thanks in advance
  MIS5000

  Hi,
  Thanks for your post.
  We could have 2 possible solutions for natively deploy printers using Group Policy without the need for any scripting:
  1) Group Policy Preferences – available in Windows Server 2008 and later
  2) Print Management – available in Windows Server 2003 R2 and later
  http://blog.powershell.no/2009/11/08/deploying-printers-using-group-policy/
  Did you try to use the Print Management? You can share printers on a network and centralize print server and network printer management tasks using the Print Management Microsoft Management Console (MMC) snap-in. Print Management helps you to monitor print
  queues and receive notifications when print queues stop processing print jobs. It also enables you to migrate print servers and deploy printer connections using Group Policy.
  https://technet.microsoft.com/en-us/library/cc731857.aspx
  Meanwhile, if you have any Direct Access related issue, I think you may ask in network forums:
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverNIS
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Is there a way to allow contributor users to add web parts to a page without granting them "Add and Customize Pages" permission?

  I am working on an enterprise wiki site collection, and when contributor users try to add web parts they will get the following error:-
  A Web Part or Web Form Control on this Page cannot be displayed or imported. You don't have Add and Customize Pages permissions required to perform this action.
  So I granted the Contribute Permission level an extra permission which is “Add and Customize Pages”. Now contributors will be able to add/edit/delete
  web parts. But they will have extra permissions that I do not want them to have , such as changing the design and customize some page layouts, also they can access the site settings and create site columns !!.
  So my question is basically if there is another way to allow users with contribute permission to be able to add web parts without granting any extra permission. In other words to treat adding web parts as normal content such as image, Text ,tables ?
  Thanks

  I dont think so.
  http://technet.microsoft.com/en-us/library/cc288074%28v=office.14%29.aspx
  Add and Customize Pages
  Add, change, or delete HTML pages or Web Part pages, and edit the Web site by using a Windows SharePoint Services-compatible editor.
  View Items, Browse Directories, View Pages, Open
  Design, Full Control 
  If this helped you resolve your issue, please mark it Answered. You can reach me through http://freeit-support.com/
  so there are not any workarounds or any custom settings which i can use to implement any of these:-
  - To force Contributor users to add web parts without granting them "Add and Customize Pages"
  - If i grant them "Add and customize Pages" permission, to stop the ability to access the site settings ?
  Please can any one advice on this , as it is causing a lot of confusion,,, and i can not live with the face that Contributor users can access and modify site settings. the other approach will be is that i will stop using web parts. but one of our main reasons
  we decide to use SharePoint is the ability to add web parts, especially the Visio & Excel web access web. thanks in advance for any advice ..

• BB Torch 9810 direct access mailbox Microsoft Exchange 2010

  Hi,
  Wanna check whether in anyway my BB could direct access mailbox Microsoft Exchange 2010 without BES (private and/or Company). Thanks
  BR

  Hi eddiesonka,
  "Why" is truly a difficult question for us end users to truly know the answer to. Typically, I shy away from those since, well, not being an insider, I can only have my own personal theories. But, this topic is one that I'm OK presenting my theories on.
  The basic answer is that different is different. Non-BB devices do things in their way, BBs do them in their way. Consequently, we all have choice, which is a good thing in a free market society, I think!
  Unlike other devices (e.g., ActiveSync), BBs do not technically have a full on-device email client. Other devices, with a full on-device client, conduct all device to email server activities directly. BBs use the carrier/RIM hosted BIS service as an intermediary between the BB and the email server. The main benefit is one of data plan consumption. With non-BBs, the full on device email client must check the server for new email on a periodic basis (yes, I know that some services have more PUSH, but many are still PULL), generating traffic over the carrier data network even when there is no new email on the server. With BBs, that "check for new email" is done by BIS, completely independent of the BB...so no traffic to the BB is generated unless BIS finds something on the server that needs to come to the BB. For folks on limited data plans and limited WiFi access, this can become important.
  So, it is up to the consumer to completely research the different choices available to them...and make their selection according to their own unique set of requirements and desires. RIM is advancing BIS...with GMail and Yahoo, there now are some calendar and contact OTA synchronization capabilities that did not exist in the past. With luck, they will continue to develop BIS and enable more and more OTA functions to BIS-level customers -- while, of course, at the same time, preserving their dominance in the mobile security world! And remember, for enterprises, RIM has made BES-X totally free...
  Hope that helps!
  Occam's Razor nearly always applies when troubleshooting technology issues!
  If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
  Join our BBM Channels
  BSCF General Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code

• Connect to the database straight from the direct access of form builder

  What do i have to put in the direct access of form builder and procedure builder to connect to the database without have to do it once i4ve enter into form or procedure builder, I know i have to put user/password and connect string but in which order or which characters do i have to use.
  Thanks in advance.

  thanks jdendas, that works with forms but not with procedure builder, if i put that it does not start the session with the procedure builder.
  Thanks anyway-

• Direct Access on windows 2012 with OTP

  Hello everyone,
  i've just finished setting up Direct Access 2012 with Gemalto's OTP solution for a client,
  i have an issue though, without OTP all is working fine, and when i activate OTP with all the certificates and stuff when i enter the OTP code on my client it looks like its not validating it.
  on the Direct Access Server i get this error:
  Erreur : Challenge returned.
  source: RemoteAccess-RemoteAccessServer
  ID: 10042
  i have absolutely no errors on my radius server... any idea on why the server is rejecting my requests ?
  thanks for the help
  Hitch Bardawil

  Hi
  I deployed this scenario for a Customer of mine a few months ago with GEMALTO. It's a little bit tricky but possible. For some trroubleshooting tips have a look at one of my blog posts :
  http://danstoncloud.com/blogs/simplebydesign/archive/2013/10/26/the-0x80040008-directaccess-otp-case.aspx.
  At last for your OTP operating in Challenge/response mode. It's not possible. It's a NPS limitation :
  http://technet.microsoft.com/fr-fr/library/jj618331.aspx"The OTP
  provider used requires the user to provide additional credentials in the form of a RADIUS challenge/response exchange, which is not supported by Windows Server 2012 DirectAccess OTP."
  BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx

• Direct Access for Non Domain Machines

  Hi,
  In My IT-infra, there is multiple machines that is out my Office network & Domain..
  Can we join these machines in domain via Direct Access implementation ? or for implementing Direct Access we required to join those non domain & out of office network machine to Domain first ?
  secondly, can we implement the Direct access without any public certificate purchase, and without any IPV6 configuring in internal network,machines and in servers .currently i am using IPv4  IP on all Machines & Servers.
  I have gone through the Direct Access Technet guide but i feel very complex document there ...can you please brief me about direct access implementation in simpale way, i want to implement direct access to join the internet based client machines  to
  domain and manage via/for SCCM ...
  Shailendra Dev

  Correct, DirectAccess clients must be domain joined. Also, only Windows 7 Ultimate, Windows 7 Enterprise, or Windows 8 Enterprise clients are able to be DirectAccess connected, so that may also make a difference to your situation. I see many customers deploy
  DirectAccess for those Win7/Win8 domain-joined systems, and then make use of the traditional (RRAS) VPN on the same DirectAccess server for connecting any other operating systems or non-domain-joined machines. Those would just have to launch a manual VPN connection,
  where the DirectAccess connections are of course automatically connected.
  You don't "have" to use an SSL certificate that you purchased from a public CA, but you really should. It is definitely a best practice to use a trusted public certificate on your DirectAccess server. Further, if you have Windows 8 client computers,
  you don't even need to distribute the machine certificates inside your network, but it is also a best practice that you do this anyway, to strengthen the authentication process.
  No, you do not need IPv6 inside your network at all for DirectAccess to work.
  Sounds like you might be interested in some additional reading on DA, here are the two books available on the subject:
  https://www.packtpub.com/virtualization-and-cloud/microsoft-directaccess-best-practices-and-troubleshooting
  https://www.packtpub.com/networking-and-servers/windows-server-2012-unified-remote-access-planning-and-deployment

• Cannot view history of direct access users connecting to Forefront UAG

  Hi, I'm trying to get a list of the users that have been connecting through UAG Direct Access for the past month. I've tried using the methods shown in the technet articles about monitoring of UAG Direct Access either using Powershell or the TMG event loggin
  console, using this links:
  http://technet.microsoft.com/en-us/library/gg313776.aspx
  http://technet.microsoft.com/en-us/library/gg313783.aspx
  Using the TMG event logging I see a lot of data from a few days back, even if the filter is set to 30 days, and the log is supposed to be up to 8GB in size before overwriting. The info that it shows is only about sessions to the portal trunk and not direct
  access. I know this because on the UAGModuleID column there is no there are no "connected" or "managed" sessions, all are SessionMgr, UserMgr, Filter and RDG mainly.
  Through powershell I tried running the following commands after importing the module according to the article:
  Get-Directaccessusers -showhistory $true and no results are shown.
  Get-Directaccessusers -showhistory $true -starttime "1/6/2015 8:00AM" and no results shown
  Get-Directaccessusers -showhistory $true -starttime "1/6/2015" no results
  Get-Directaccessusers -showhistory $true -starttime "1/2/2015 8:00AM" -Endtime "1/11/2015 8:00PM" no results
  Get-Directaccessusers -showhistory $true -username user = no results.
  Get-Directaccessusers -username user = no results
  the only command that shows any data is just Get-Directaccessusers but that shows the current Direct Access users, no history.
  I checked the Registry HKEY_LOCAL_MACHINE\SOFTWARE\WhaleCom\e-Gap\von\MonitorMgr\sql-builtin-log registry key and it is on 1.
  Any ideas on how can I get more history data on the direct access users connecting through UAG?
  Please let me know.
  Appreciated it.
  Thank you!
  Eduardo Rojas

  Russel,
  the problem has been solved now! The final thing missing was just a check in a  checkbox.
  Below a comprehensive explanation that may help others.
  We basically did what you proposed:
  We sent a ping from one of the DA-Clients to the TS-Farm members. Since we got replies, we knew that IPv6 communication generally is okay. The answer received was an IPv6. In this scenario we had not yet given any IPv6 to the farm-members! Thus we knew it must
  be comming from the DA DNS-Proxy. There are a number of DA-GPOs and one of them is dictating the net portion of the IPv6 to be used in DA-communication, appended by a hex-translation of the target computers IPv4. Therefore the DA DNS-Proxy is taking the GPO-set
  IPv6-value, adds the IPv4 in hex and sends it  back as an ICMP echo.
  With this in place and working correctly one can ping any domain host from any DA-Client. This is configured when initially setting up DA and is handled by the wizzard. Once DA is installed this should all be in place without extra user interaction.
  We then took those IPv6 answeres and turned them into fixed IPv6es of the farm-members (each member its own IPv6). So far so good, but this is where it still did not work. Evaluation of the Connection Broker log showed that the redirect reply still included
  only the IPv4 of the target farm-member. With that (after a short while) we realized that one has to set a
  check in the Connection Brokers Settings, so that the IPv6 LAN-Connection will be used for redirects as well and not only the IPv4 LAN-connection..... How stupid is that? :-)
  But as we all know - in dealing with server configuration - you should always "know before you go". But even though you may think you do, when finally arriving you know you didn't.... And that's what we call experinece.
  Thanks to Russel for your interest and help.
  Brgds Ralf

• WIndows 8.1 Direct Access Client Needs to approve external wifi use before it connects - proxy not responding

  Ok So I have windows 8.1 with Direct Access Client and it works fine when I am able to check and uncheck proxy settings - which is a bit of a pain and seems unnecessary (I hope). If I take the laptop to a Starbucks I get the error that the proxy server is
  not responding so it never redirects for me to "accept" the rules.
  If I uncheck my proxy settings it then redirects and connects to their internet wifi and off I go - DA connects and all is well.
  I am using a GPO to configure the proxy settings as shown (all options are greyed out for the users)

  Hi,
  Your problem is a classic one when using that kind of proxy settings, unfortunately.
  To solve this without the need of user interaction, there are two solutions that will sort this out for you. In your case, if you want to use your corporate connection for internet traffic even over da, I'd opt for alternative 1 or 2 depending on what you are
  trying to achieve.
  1. WPAD (Web Proxy Auto Discovery protocol http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol) - it actually uses the Automatic browser configuration checkbox on your client and looks for the file wpad.dat on a specific web server that you Pointout
  with either dns-record called wpad or DHCP option 252.
  2. Auto configuration script (pac script http://en.wikipedia.org/wiki/Proxy_auto-config) - uses the same kind of file as above. The difference is that you get the possiblity, like you want in your scenario to target what users that should get the script.
  See this below article for more details on the options you have.
  http://technet.microsoft.com/en-us/library/dd361918.aspx
  http://techlib.barracuda.com/display/WSFLEXv41/How+to+Configure+Proxy+Settings+Using+Group+Policy+Management
  Let us know if you need further assistance!
  /Johan
  MCT | MCSE: Private Cloud/Server, Desktop Infrastructure

• Can midlet directly access a database?

  I'm creating a midlet that connects to a database. Do i need to go through a server and then access the database or can i directly access the database through the midlet?
  Does anyone have a sample code that have a midlet interacts directly with a database? Or is it impposible to do so without going through a web server.
  Blaise,

  Your message arrived at the rigth address :)
  I am experienced in J2ME programming and made several projects with it including my graduation thesis . (you can check http://2m.turkmenweb.com for my J2ME projects).
  You can directly acces from MIDlet DB, but it is not so reccomended, since mobile devices have certain limitations. When we had to use DB in our J2ME projects(with MIDP1.0 and MIDP2.0) we achieved it by collaboration of JSP with our MIDlet.. That is MIDlet was only sending a URL to Tomcat Server (JSP server) i.e. http://someurl.com/show?task=topusers, and this URL was parsed by a Servlet which was making all needed conenctions to DB.
  I also know that there are K editions (very small) of DBMS built especially for mobile devices. You can use them also .. I guess Oracle has such a thing..
  Good luck!
  Muhammed Mamedov
  [email protected]