Filtering users

hi,
i am doing recon from csv file using GTC and i had two types of user like human and non human in the csv file feed. while recon that feed i have to filter all the non human resource and i have to recon only human users. please any one help me out with this problem very urgent....
thanks
Avinash

GTC Connector is not suitable for the requirements related to Trusted Reconciliation.
(a) Only Basic Transformations are available: The OOTB GTC Connector provides following types of Transformations only and these are only the most basic sorts of Transformations.
Create Mapping Without Transformation
Create Mapping With Concatenation
Create Mapping With Convert to Lower Case
Create Mapping With Convert to Upper Case
Create Mapping With Generate Status
Create Mapping With Translation
Remove Mapping
So, these basic transformations are inadequate to extract information (of First Name, Middle Name and Last Name) from Legal Name field of csv file.
Also, from Supervisory Organization field of csv file contains the Department name and within bracket the manager name of the user e.g. Admin (Anthony Hsieh). Again, these basic transformations won't be able to extract Department name.
Another bug is that sometimes the "*Reconciliation Field Mapping*" changes don't reflect and it makes the GTC a bit inflexible.

Similar Messages

Filtering Users in Who Does What Report

Hello! I'm using a shared resource pool, and we list out every staff member in the company. When I assign specific people from the pool to my project, and run the "Who Does What" report, I end up with people who are not allocated to my project
(they are part of other projects, but given the timeframe, they end up in the report).
Is there a way to filter out users so only allocated users will be shown in the report?
Thanks!

Assuming you have MSP2010,
The who does what report uses, or refers to, the Resources - Work filter. You can see this by clicking project, reports, custom, and you will see the complete list of available reports, then select the who does what report and click edit.
This is the same as for views, tables, filters, groups when you go to more views, more tables, more filters, more groups.
You get the full list and can edit, copy etc.
It is best not to change the original filter or report. Better housekeeping is to copy them both, give the copies new, distinctive names such as "AA My Resources - Work 01" and "AA My Who Does What 01". Then you can do what you like to
these, while the originals are preserved in their original state.

WebLogic Server 8.1 Integrating Active Directory Filtering Users by Group

I am trying to specify the User Base DN value with a Group. I only want users with in that group retrieved from AD. Any assistance would be appreciated.
Using AD examples from this site:
http://support.bea.com/support_news/product_troubleshooting/LDAP_Issues_Pattern.html
I attempted to enter LDAP config values in the following way. However, while users DO exist in the group Users, which is specified in the UserBaseDN parameter, no users from LDAP show up on the Admin Console's users screen. No error occurs on the lookup either, so this values agrees with the directory structure:
<weblogic.security.providers.authentication.ActiveDirectoryAuthenticator
ControlFlag="SUFFICIENT" Credential="{3DES}96Kl0euDFQQ="
GroupBaseDN="CN=Users,DC=supportLDAP,DC=example,DC=com"
GroupFromNameFilter="(&(cn=%g)(objectclass=group))"
Host=" HOST IP or NAME OF LDAP"
Name="Security:Name=myrealmActiveDirectoryAuthenticator"
Principal="CN=Administrator,CN=Users,DC=supportLDAP,DC=example,DC=com
Realm="Security:Name=myrealm"
StaticGroupDNsfromMemberDNFilter="(&(member=%M)(objectclass=group))"
StaticGroupNameAttribute="cn"
StaticGroupObjectClass="group"
StaticMemberDNAttribute="member"
UserBaseDN="CN=Users,DC=supportLDAP,DC=example,DC=com"
UserFromNameFilter="(&(cn=%u)(objectclass=user))"
UserNameAttribute="cn" UserObjectClass="user"/>

Hi
I didn't filter it on the provider configuration.
Instead I removed some presentation services prvileges from authenticated users and granted them only to some specific application roles. You don't have to remove authentiated users from much privileges just some basic ones as "see Dashboards" and so on.
Now everyone can authenticate on the login page but after logon they get a message that the don't have permissions to access answers, dashboards and so on.
Regards

Filtering users based on return of past query

Greetings!
We have a Users table with over 3 million user records in it (like a data warehouse). The requirement is to execute 2 queries on the Users table, where the return of the second query should not have any users that were returned in the first query.
For e.g. Consider a sweepstake user-list, where you want to send flyers to people, notifying them about prizes, but do not want to send two flyers to the same person, even if he fulfills the selection criteria for both the sweepstakes.
So -
Query.1. has conditions, which state: All Users from New York, with age=25 (independently run, returns 500,000 users)
Query.2. has conditions, which state: All Users of age=25 (independently run, returns 700,000 users)
Expected Output:
Query 1 should return 500,000
Query 2 should return 700,000 MINUS those users that were already returned in Query 1. i.e. Only return all users of age 25, but who are not from New York
Any inputs will be much appreciated!
Thanks,

Given that you know that the first query uses state = NY and age = 25, why can't you do the second query as:
SELECT * FROM table
WHERE age = 25 and
state <> 'NY'John

SQL Dev 2.1 - Performance Problem Filtering Users

Hi, we commonly want to apply a filter to our "Other Users" section in the connection window. We usually use where object count > 0 or >= 1. It appears to result in a query that looks like this:
<pre>
SELECT *
FROM (SELECT username
FROM sys.all_users au
WHERE au.username != USER)
WHERE (SELECT COUNT (1)
FROM all_objects
WHERE username = owner) >=1
</pre>
On our system, it is running for well over 3 minutes (sometimes 20 minutes). We have 2,400 rows in ALL_USERS and ALL_OBJECTS has 226,271 rows. The same roughly the same for DBA_* views as well.
Could the query that is generated be rewritten to be more like this?
<pre>
select *
from
(select username
from sys.all_users au
where au.username != USER)
where
username in (select owner
from all_objects
group by owner
having count(*) > 1)
</pre>
That query runs in less than 10 seconds on the same system and appears to be safe for any older versions of Oracle as well.
I realize that many systems don't have that many objects so maybe this is helpful feedback...

Yes - the SQL for these internal queries are located in XML files, which you can modify - although, this means you are accepting the risks and consequences of getting it wrong. The XML file you want is oracle\dbtools\raptor\navigator\oracle\schema.xml which is in <SQL Developer Home>\sqldeveloper\extensions\oracle.sqldeveloper.jar (you need to extract it from the jar, modify it and then put it back in the jar). Unfortunately, I don't know enough about the structure of the filter components of the XML to know if you can get a filter that does the query you want.
theFurryOne

Customization/Filteration (User LOV,User Type) LOV attached with the role

Dear All
I want to Filter both Lov's attached with the custom attribute having Role type in Oracle Workflow.For example I want to restrict only Oracle Application User's appear on user type LOV and on second column i want to display user_id in Lov
Best Regards
Edited by: Muhammad Danish Younus on Jun 13, 2011 5:28 AM

if I use Validate From List property, the form is displaying the LOV everytime I query the block eventhough the correct value is populated
There is something wrong with your LOV or with the way you populate your block. An LOV should not pop up when you query data into the block.

Filtered Role

Can filtered role be used to filter users in the external ldap.
I hav added another datastore in access manager which is also used for authentication of users. Now i want to create a role for making policies. It is not possible to select individual users as the number of users is very high.
So i created a filtered role. But this filter role in not filtering users from the external ldap, its applying filter only on users listed in the AM's ldap.
Any suggestion for doing it?
Thanks in advance

Other LDAP just means Sun DS running on a separate machine, other than the Sun DS used by AM for its own DIT.
The AM is running in realm mode.
I couldn�t find the Access Manager Patch 1 on sun download site. Can you please provide me the URL?
I am getting the option of �Filtered Role� in Access manager but as posted in earlier in this thread, the filtered role in unable to filter users from the external ldap. The filter is only applied to the users which are there in AM DIT. I want to apply the filter on the users which are there in the �external ldap� added through data store.
Hope I am clear with my problem.
Please advice.
Thanks

Filter "Other users" to only show schems that have objects

I searched thru the forum, but didn't see this request anywhere. It would be nice to have a preference to only display "Other Users" who actually own objects in their schema.
In TOAD, there's a preference like this under Schema Browser->Data. Their preferences are:
* Show all users
* Only show users that own objects
* Only show users that own objects excluding Synonyms
* Only show users that own objects excluding Synonyms and Temporary Tables
This would be really useful for me, as our database has a ton of users that have no objects. :-)
Thanks for a cool product that works on my Mac!
--Leif

It is great to have this feature, but at our site it is VERY slow - so much so that I thought that SQL Developer had hung.
I assume that when this option is selected, the query is doing something like select distinct owner from all_objects and when the option is not selected it is querying user_name from all_users?
It takes only about a second to display our list of appoximately 1800 users (unsorted at the moment :( ) and it took 95 seconds to filter that list to the 235 users that have visible objects (we have ~ 240000 records in all_objects).
On another point, selecting this option effectively removes an already saved filtered user if it doesn't have any available objects. This seems to include checking against schemas with availble objects when expanding the "Other Users" node, which now takes significantly longer than when this option is not set - taking 60 seconds to expand the node which is filtered to just eight schemas out of the 235 with available objects.
Going back to the Other Users Filter to switch off this option appears to simply hang SQL Developer for the ~ 90 seconds that it takes to query the list of schemas with available objects.
I don't know whether it is possible to do something about this sort of performance, but with the performance I am getting at the moment, I won't be using this functionality.

Activating sort menu on user defined matrix.

Hi all,
How to activate the sort menu on user matrix? I filtered user matrix but not able to sort the user defiend matrix.
any help will be most appreciated..
Regards,
Mahendra.

I dont think, that user matrix should by sorted with sort menu. Im doing it so, that after dbl click on header of matrix I rerun the query with proper ORDER BY statement.
If is it complicated query, the normal result I have in user table and the matrix is bounded to this table - then the order by is quick.

Need Help on powershell Script to send mails in different languages

Hello, Just wanted to use the script below to remind users of password expiry date (I got it from internet New-Passwordreminder.ps1). We have companies in many countries, so the email should be in the language of that country. So since our users are in different
OU's according to countries, I thought some one could help me edit this script and say if the user is in AB ou then email in english will be sent, if in BC ou then the email will be in Russian....So in the script I will have all the languages I need
to have written.
<#
.SYNOPSIS
  Notifies users that their password is about to expire.
.DESCRIPTION
    Let's users know their password will soon expire. Details the steps needed to change their password, and advises on what the password policy requires. Accounts for both standard Default Domain Policy based password policy and the fine grain
password policy available in 2008 domains.
.NOTES
    Version           : v2.6 - See changelog at
http://www.ehloworld.com/596
    Wish list      : Better detection of Exchange server
              : Set $DaysToWarn automatically based on Default Domain GPO setting
              : Description for scheduled task
              : Verify it's running on R2, as apparently only R2 has the AD commands?
              : Determine password policy settings for FGPP users
              : better logging
    Rights Required   : local admin on server it's running on
    Sched Task Req'd  : Yes - install mode will automatically create scheduled task
    Lync Version    : N/A
    Exchange Version  : 2007 or later
    Author           : M. Ali (original AD query), Pat Richard, Exchange MVP
    Email/Blog/Twitter :
[email protected] http://www.ehloworld.com @patrichard
    Dedicated Post   :
http://www.ehloworld.com/318
    Disclaimer       : You running this script means you won't blame me if this breaks your stuff.
    Info Stolen from   : (original)
http://blogs.msdn.com/b/adpowershell/archive/2010/02/26/find-out-when-your-password-expires.aspx
              : (date)
http://technet.microsoft.com/en-us/library/ff730960.aspx
            : (calculating time)
http://blogs.msdn.com/b/powershell/archive/2007/02/24/time-till-we-land.aspx
http://social.technet.microsoft.com/Forums/en-US/winserverpowershell/thread/23fc5ffb-7cff-4c09-bf3e-2f94e2061f29/
http://blogs.msdn.com/b/adpowershell/archive/2010/02/26/find-out-when-your-password-expires.aspx
            : (password decryption)
http://social.technet.microsoft.com/Forums/en-US/winserverpowershell/thread/f90bed75-475e-4f5f-94eb-60197efda6c6/
            : (determine per user fine grained password settings)
http://technet.microsoft.com/en-us/library/ee617255.aspx
.LINK
    http://www.ehloworld.com/318
.INPUTS
  None. You cannot pipe objects to this script
.PARAMETER Demo
  Runs the script in demo mode. No emails are sent to the user(s), and onscreen output includes those who are expiring soon.
.PARAMETER Preview
  Sends a sample email to the user specified. Usefull for testing how the reminder email looks.
.PARAMETER PreviewUser
  User name of user to send the preview email message to.
.PARAMETER Install
  Create the scheduled task to run the script daily. It does NOT create the required Exchange receive connector.
.EXAMPLE
  .\New-PasswordReminder.ps1
  Description
  Searches Active Directory for users who have passwords expiring soon, and emails them a reminder with instructions on how to change their password.
.EXAMPLE
  .\New-PasswordReminder.ps1 -demo
  Description
  Searches Active Directory for users who have passwords expiring soon, and lists those users on the screen, along with days till expiration and policy setting
.EXAMPLE
  .\New-PasswordReminder.ps1 -Preview -PreviewUser [username]
  Description
  Sends the HTML formatted email of the user specified via -PreviewUser. This is used to see what the HTML email will look like to the users.
.EXAMPLE
  .\New-PasswordReminder.ps1 -install
  Description
  Creates the scheduled task for the script to run everyday at 6am. It will prompt for the password for the currently logged on user. It does NOT create the required Exchange receive connector.
#>
#Requires -Version 2.0
[cmdletBinding(SupportsShouldProcess = $true)]
param(
[parameter(ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true, Mandatory = $false)]
[switch]$Demo,
[parameter(ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true, Mandatory = $false)]
[switch]$Preview,
[parameter(ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true, Mandatory = $false)]
[switch]$Install,
[parameter(ValueFromPipeline = $false, ValueFromPipelineByPropertyName = $true, Mandatory = $false)]
[string]$PreviewUser
Write-Verbose "Setting variables"
[string]$Company = "Contoso Ltd"
[string]$OwaUrl = "https://mail.contoso.com"
[string]$PSEmailServer = "10.9.0.11"
[string]$EmailFrom = "Help Desk <[email protected]>"
[string]$HelpDeskPhone = "(586) 555-1010"
[string]$HelpDeskURL = "https://intranet.contoso.com/"
[string]$TranscriptFilename = $MyInvocation.MyCommand.Name + " " + $env:ComputerName + " {0:yyyy-MM-dd hh-mmtt}.log" -f (Get-Date)
[int]$global:UsersNotified = 0
[int]$DaysToWarn = 14
[string]$ImagePath = "http://www.contoso.com/images/new-passwordreminder.ps1"
[string]$ScriptName = $MyInvocation.MyCommand.Name
[string]$ScriptPathAndName = $MyInvocation.MyCommand.Definition
[string]$ou
[string]$DateFormat = "d"
if ($PreviewUser){
$Preview = $true
Write-Verbose "Defining functions"
function Set-ModuleStatus {
[cmdletBinding(SupportsShouldProcess = $true)]
param (
  [parameter(ValueFromPipeline = $true, ValueFromPipelineByPropertyName = $true, Mandatory = $true, HelpMessage = "No module name specified!")]
  [string]$name
if(!(Get-Module -name "$name")) {
  if(Get-Module -ListAvailable | ? {$_.name -eq "$name"}) {
   Import-Module -Name "$name"
   # module was imported
   return $true
  } else {
   # module was not available (Windows feature isn't installed)
   return $false
}else {
  # module was already imported
  return $true
} # end function Set-ModuleStatus
function Remove-ScriptVariables {
[cmdletBinding(SupportsShouldProcess = $true)]
param($path)
$result = Get-Content $path |
ForEach { if ( $_ -match '(\$.*?)\s*=') {
   $matches[1] | ? { $_ -notlike '*.*' -and $_ -notmatch 'result' -and $_ -notmatch 'env:'}
ForEach ($v in ($result | Sort-Object | Get-Unique)){
  Remove-Variable ($v.replace("$","")) -ErrorAction SilentlyContinue
} # end function Get-ScriptVariables
function Install {
[cmdletBinding(SupportsShouldProcess = $true)]
param()
http://technet.microsoft.com/en-us/library/cc725744(WS.10).aspx
$error.clear()
Write-Host "Creating scheduled task `"$ScriptName`"..."
$TaskPassword = Read-Host "Please enter the password for $env:UserDomain\$env:UserName" -AsSecureString
$TaskPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($TaskPassword))
# need to fix the issue with spaces in the path
schtasks /create /tn $ScriptName /tr "$env:windir\system32\windowspowershell\v1.0\powershell.exe -psconsolefile '$env:ExchangeInstallPath\Bin\exshell.psc1' -command $ScriptPathAndName" /sc Daily /st 06:00 /ru $env:UserDomain\$env:UserName /rp
$TaskPassword | Out-Null
if (!($error)){
  Write-Host "done!" -ForegroundColor green
}else{
  Write-Host "failed!" -ForegroundColor red
exit
} # end function Install
function Get-ADUserPasswordExpirationDate {
[cmdletBinding(SupportsShouldProcess = $true)]
Param (
  [Parameter(Mandatory = $true, Position = 0, ValueFromPipeline = $true, HelpMessage = "Identity of the Account")]
  [Object]$accountIdentity
PROCESS {
  Write-Verbose "Getting the user info for $accountIdentity"
  $accountObj = Get-ADUser $accountIdentity -properties PasswordExpired, PasswordNeverExpires, PasswordLastSet, name, mail
  # Make sure the password is not expired, and the account is not set to never expire
    Write-Verbose "verifying that the password is not expired, and the user is not set to PasswordNeverExpires"
    if (((!($accountObj.PasswordExpired)) -and (!($accountObj.PasswordNeverExpires))) -or ($PreviewUser)) {
    Write-Verbose "Verifying if the date the password was last set is available"
    $passwordSetDate = $accountObj.PasswordLastSet
      if ($passwordSetDate -ne $null) {
      $maxPasswordAgeTimeSpan = $null
        # see if we're at Windows2008 domain functional level, which supports granular password policies
        Write-Verbose "Determining domain functional level"
        if ($global:dfl -ge 4) { # 2008 Domain functional level
          $accountFGPP = Get-ADUserResultantPasswordPolicy $accountObj
          if ($accountFGPP -ne $null) {
          $maxPasswordAgeTimeSpan = $accountFGPP.MaxPasswordAge
     } else {
      $maxPasswordAgeTimeSpan = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
    } else { # 2003 or ealier Domain Functional Level
     $maxPasswordAgeTimeSpan = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
    if ($maxPasswordAgeTimeSpan -eq $null -or $maxPasswordAgeTimeSpan.TotalMilliseconds -ne 0) {
     $DaysTillExpire = [math]::round(((New-TimeSpan -Start (Get-Date) -End ($passwordSetDate + $maxPasswordAgeTimeSpan)).TotalDays),0)
     if ($preview){$DaysTillExpire = 1}
     if ($DaysTillExpire -le $DaysToWarn){
      Write-Verbose "User should receive email"
      $PolicyDays = [math]::round((($maxPasswordAgeTimeSpan).TotalDays),0)
      if ($demo) {Write-Host ("{0,-25}{1,-8}{2,-12}" -f $accountObj.Name, $DaysTillExpire, $PolicyDays)}
            # start assembling email to user here
      $EmailName = $accountObj.Name
      $DateofExpiration = (Get-Date).AddDays($DaysTillExpire)
      $DateofExpiration = (Get-Date($DateofExpiration) -f $DateFormat)
Write-Verbose "Assembling email message"
[string]$emailbody = @"
<html>
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<table id="email" border="0" cellspacing="0" cellpadding="0" width="655" align="center">
  <tr>
   <td align="left" valign="top"><img src="$ImagePath/spacer.gif" alt="Description: $ImagePath/spacer.gif" width="46" height="28" align="absMiddle">
if ($HelpDeskURL){
$emailbody += @"
   <font style="font-size: 10px; color: #000000; line-height: 16px; font-family: Verdana, Arial, Helvetica, sans-serif">If this e-mail does not appear properly, please <a href="$HelpDeskURL" style="font-weight:
bold; font-size: 10px; color: #cc0000; font-family: verdana, arial, helvetica, sans-serif; text-decoration: underline">click here</a>.</font>
$emailbody += @"
   </td>
  </tr>
  <tr>
if ($HelpDeskURL){
$emailbody += @"
   <td height="121" align="left" valign="bottom"><a href="$HelpDeskURL"><img src="$ImagePath/header.gif" border="0" alt="Description: $ImagePath/header.gif"
width="655" height="121"></a></td>
}else{
$emailbody += @"
   <td height="121" align="left" valign="bottom"><img src="$ImagePath/header.gif" border="0" alt="Description: $ImagePath/header.gif" width="655" height="121"></td>
$emailbody += @"
  </tr>
  <tr>
   <td>
    <table id="body" border="0" cellspacing="0" cellpadding="0">
     <tr>
      <td width="1" align="left" valign="top" bgcolor="#a8a9ad"><img src="$ImagePath/spacer50.gif" alt="Description: $ImagePath/spacer50.gif" width="1"
height="50"></td>
      <td><img src="$ImagePath/spacer.gif" alt="Description: $ImagePath/spacer.gif" width="46" height="106"></td>
      <td id="text" width="572" align="left" valign="top" style="font-size: 12px; color: #000000; line-height: 17px; font-family: Verdana, Arial, Helvetica, sans-serif">
if ($DaysTillExpire -le 1){
$emailbody += @"
  <div align='center'>
   <table border='0' cellspacing='0' cellpadding='0' style='width:510px; background-color: white; border: 0px;'>
    <tr>
     <td align='right'><img width='36' height='28' src='$ImagePath/image001b.gif' alt='Description: $ImagePath/image001b.gif'></td>
     <td style="font-family: verdana; background: #E12C10; text-align: center; padding: 0px; font-size: 9.0pt; color: white">ALERT: You must change your password today or you will be locked out!</td>
     <td align='left'><img border='0' width='14' height='28' src='$ImagePath/image005b.gif' alt='Description: $ImagePath/image005b.gif'></td>
    </tr>
   </table>
  </div>
$emailbody += @"
   <p style="font-weight: bold">Hello, $EmailName,</p>
   <p>It's change time again! Your $company password expires in <span style="background-color: red; color: white; font-weight: bold;"> $DaysTillExpire </span> day(s), on $DateofExpiration.</p>
   <p>Please use one of the methods below to update your password:</p>
   <ol>
    <li>$company office computers and Terminal Server users: You may update your password on your computer by pressing Ctrl-Alt-Delete and selecting 'Change Password' from the available options. If you use a $company laptop in addition
to a desktop PC, be sure and read #3 below.</li>
    <li>Remote Outlook Client, Mac, and/or Outlook Web App users: If you only access our email system, please use the following method to easily change your password:</li>
    <ul>
     <li>Log into <a href="$owaurl">Outlook Web App</a> using Internet Explorer (PC) or Safari or Firefox (Mac).</li>
     <li>Click on the Options button in the upper right corner of the page.</li>
     <li>Select the "Change Password" link to change your password.</li>
     <li>Enter your current password, then your new password twice, and click Save</li>
     <li><span style="font-weight: bold">NOTE:</span> You will now need to use your new password when logging into Outlook Web App, Outlook 2010, SharePoint, Windows Mobile (ActiveSync) devices, etc. Blackberry
Enterprise Users (BES) will not need to update their password. Blackberry Internet Service (BIS) users will be required to use their new password on their device.</li>
    </ul>
    <li>$company issued laptops: If you have been issued a $company laptop, you must be in a corporate office and directly connected to the company network to change your password. If you also use a desktop PC in the office, you must
remember to always update your domain password on the laptop first. Your desktop will automatically use the new password.</li>
    <ul>
     <li>Log in on laptop</li>
     <li>Press Ctrl-Alt-Delete and select 'Change Password' from the available options.</li>
     <li>Make sure your workstation (if you have one) has been logged off any previous sessions so as to not cause conflict with your new password.</li>
    </ul>
   </ol>
   <p>Think you've got a complex password? Run it through the <a href="The">http://www.passwordmeter.com/">The Password Meter</a></p>
   <p>Think your password couldn't easily be hacked? See how long it would take: <a href="How">http://howsecureismypassword.net/">How Secure Is My Password</a></p>
   <p>Remember, if you do not change your password before it expires on $DateofExpiration, you will be locked out of all $company Computer Systems until an Administrator unlocks your account.</p>
   <p>If you are traveling or will not be able to bring your laptop into the office before your password expires, please call the number below for additional instructions.</p>
   <p>You will continue to receive these emails daily until the password is changed or expires.</p>
   <p>Thank you,<br />
   The $company Help Desk<br />
   $HelpDeskPhone</p>
if ($accountFGPP -eq $null){
$emailbody += @"
   <table style="background-color: #dedede; border: 1px solid black">
    <tr>
     <td style="font-size: 12px; color: #000000; line-height: 17px; font-family: Verdana, Arial, Helvetica, sans-serif"><b>$company Password Policy</b>
      <ul>
       <li>Your password must have a minimum of a $MinPasswordLength characters.</li>
       <li>You may not use a previous password.</li>
       <li>Your password must not contain parts of your first, last, or logon name.</li>
       <li>Your password must be changed every $PolicyDays days.</li>
if ($PasswordComplexity){
Write-Verbose "Password complexity"
$emailbody += @"
       <li>Your password requires a minimum of two of the following three categories:</li>
       <ul>
        <li>1 upper case character (A-Z)</li>
        <li>1 lower case character (a-z)</li>
        <li>1 numeric character (0-9)</li>
       </ul>
$emailbody += @"
       <li>You may not reuse any of your last $PasswordHistory passwords</li>
      </ul>
     </td>
    </tr>
   </table>
$emailbody += @"
       </td>
       <td width="49" align="left" valign="top"><img src="$ImagePath/spacer50.gif" alt="" width="49" height="50"></td>
       <td width="1" align="left" valign="top" bgcolor="#a8a9ad"><img src="$ImagePath/spacer50.gif" alt="Description: $ImagePath/spacer50.gif" width="1"
height="50"></td>
      </tr>
     </table>
     <table id="footer" border="0" cellspacing="0" cellpadding="0" width="655">
      <tr>
       <td><img src="$ImagePath/footer.gif" alt="Description: $ImagePath/footer.gif" width="655" height="81"></td>
      </tr>
     </table>
     <table border="0" cellspacing="0" cellpadding="0" width="655" align="center">
      <tr>
       <td align="left" valign="top"><img src="$ImagePath/spacer.gif" alt="Description: $ImagePath/spacer.gif" width="36" height="1"></td>
       <td align="middle" valign="top"><font face="Verdana" size="1" color="#000000"><p>This email was sent by an automated process.
if ($HelpDeskURL){
$emailbody += @"
       If you would like to comment on it, please visit <a href="$HelpDeskURL"><font color="#ff0000"><u>click here</u></font></a>
$emailbody += @"
        </p><p style="color: #009900;"><font face="Webdings" size="4">P</font> Please consider the environment before printing this email.</p></font>
       </td>
       <td align="left" valign="top"><img src="$ImagePath/spacer.gif" alt="Description: $ImagePath/spacer.gif" width="36" height="1"></td>
      </tr>
     </table>
    </td>
   </tr>
  </table>
</body>
</html>
      if (!($demo)){
       $emailto = $accountObj.mail
       if ($emailto){
        Write-Verbose "Sending demo message to $emailto"
        Send-MailMessage -To $emailto -Subject "Your password expires in $DaysTillExpire day(s)" -Body $emailbody -From $EmailFrom -Priority High -BodyAsHtml
        $global:UsersNotified++
       }else{
        Write-Verbose "Can not email this user. Email address is blank"
} # end function Get-ADUserPasswordExpirationDate
if ($install){
Write-Verbose "Install mode"
Install
Write-Verbose "Checking for ActiveDirectory module"
if ((Set-ModuleStatus ActiveDirectory) -eq $false){
$error.clear()
Write-Host "Installing the Active Directory module..." -ForegroundColor yellow
Set-ModuleStatus ServerManager
Add-WindowsFeature RSAT-AD-PowerShell
if ($error){
  Write-Host "Active Directory module could not be installed. Exiting..." -ForegroundColor red;
  if ($transcript){Stop-Transcript}
  exit
Write-Verbose "Getting Domain functional level"
$global:dfl = (Get-AdDomain).DomainMode
# Get-ADUser -filter * -properties PasswordLastSet,EmailAddress,GivenName -SearchBase "OU=Users,DC=domain,DC=test" |foreach {
if (!($PreviewUser)){
if ($ou){
  Write-Verbose "Filtering users to $ou"
  $users = Get-AdUser -filter * -SearchScope subtree -SearchBase $ou -ResultSetSize $null
}else{
  $users = Get-AdUser -filter * -ResultSetSize $null
}else{
Write-Verbose "Preview mode"
$users = Get-AdUser $PreviewUser
if ($demo){
Write-Verbose "Demo mode"
# $WhatIfPreference = $true
Write-Host "`n"
Write-Host ("{0,-25}{1,-8}{2,-12}" -f "User", "Expires", "Policy") -ForegroundColor cyan
Write-Host ("{0,-25}{1,-8}{2,-12}" -f "========================", "=======", "===========") -ForegroundColor cyan
Write-Verbose "Setting event log configuration"
$evt = new-object System.Diagnostics.EventLog("Application")
$evt.Source = $ScriptName
$infoevent = [System.Diagnostics.EventLogEntryType]::Information
$EventLogText = "Beginning processing"
$evt.WriteEntry($EventLogText,$infoevent,70)
Write-Verbose "Getting password policy configuration"
$DefaultDomainPasswordPolicy = Get-ADDefaultDomainPasswordPolicy
[int]$MinPasswordLength = $DefaultDomainPasswordPolicy.MinPasswordLength
# this needs to look for FGPP, and then default to this if it doesn't exist
[bool]$PasswordComplexity = $DefaultDomainPasswordPolicy.ComplexityEnabled
[int]$PasswordHistory = $DefaultDomainPasswordPolicy.PasswordHistoryCount
ForEach ($user in $users){
Get-ADUserPasswordExpirationDate $user.samaccountname
Write-Verbose "Writing summary event log entry"
$EventLogText = "Finished processing $global:UsersNotified account(s). `n`nFor more information about this script, run Get-Help .\$ScriptName. See the blog post at
http://www.ehloworld.com/318."
$evt.WriteEntry($EventLogText,$infoevent,70)
# $WhatIfPreference = $false
# Remove-ScriptVariables -path $MyInvocation.MyCommand.Name
Remove-ScriptVariables -path $ScriptPathAndName

Hi petro_jemes,
Just a little claritification, you need to add the value to the variable "[string]$ou", and also change the language in the variable "$emailbody" in the function "Get-ADUserPasswordExpirationDate".
I hope this helps.

My macbook pro is running very slow and very very hot

hi everyone I have a 13 inch mid 2012 MacBook pro,
it is running very very slow and extremely hot, I downloaded a program called smc fan control and it is reading the internal temperature of my computer as 80 degrees Celsius. I was looking on the forums and saw that I should run an apple hardware test. which I have done and it is coming up with Error 4/MOT/4/40000002: EXHAUST-2003
what does this mean? is it something to do with my fan?
also there is a very strange clicking noise when I lift the mac up or if its on its side and sometimes it just randomly freezes, the computer does not respond and then it restarts.
what do I do?
please help!

" the fan didn't seem congested with dust, at least not enough to cause any malfunction."
The lint and crap builds up in the heat exchanger radiator. It's the grilled thing at the output of the fan.
https://www.ifixit.com/Guide/MacBook+Pro+13-Inch+Unibody+Mid+2012+Fan+Replacemen t/10367
Look at step 6. It's that grilled thing at the top of the fan. If you remove the fan that radiator is probably clogged with lint. Brush it all away and if possible blow out the fan with compressed air. Make sure the fan turns freely and doesn't feel stiff.
http://s291.photobucket.com/user/spudnuty/media/13%20inch%20MacBook%20Core%202%2 05-2007%20dirty%20rainstrm/MacBookHeatsinkinlet.jpg.html?filters[user]=68196367& filters[recent]=1&sort=1&o=21
This isn't a MBP radiator but the problem will look like this.

Do you trust the SAP standard rule set ?

Hello all,
I have the impression that, too often, the SAP standard ruleset has been taken for granted : upload, generate and use. Here is a post as to why not to do so. Hopefuly, this will generate a interesting discussion.
As I have previously stated in other threads, you should be very careful accepting the SAP standard rule set without reviewing it first. Before accepting it, you should ensure that your specific SAP environment has been reflected in the functions. The 2 following questions deal with this topic :
1. what is your SAP release ? ---> 46C is different than ECC 6.0 in terms of permissions to be included in the function permission tab. With every SAP release, new authorization objects are linked to SAP standard tcodes. Subsequently some AUTHORITY-CHECK statements have been adapted in the ABAP behind the transaction code. So, other authorizations need to provided from an implementation point of view (PFCG). And thus, from an audit perspective (GRC-CC), other settings are due when filtering users' access rights in search for who can do what in SAP.
2. what are your customizing settings and master data settings ? --> depending on these answers you will have to (de)activate certain permissions in your functions. Eg. are authorization groups for posting periods, business areas, material types, ... being used ? If this is not required in the SAP system and if activated in SAP GRC function, then you filter down your results too hard, thereby leaving certain users out of the audit report while in reality they can actually execute the corresponding SAP functionality --> risk for false negatives !
Do not forget that the SAP standard ruleset is only an import of SU24 settings of - probably - a Walldorf system. That's the reason SAP states that the delivered rule set is a starting point.
So, the best practice is :
a. collect SAP specific settings per connector in a separate 'questionnaire' document, preferably structured in a database
b. reflect these answers per function per connector per action per permission by correctly (de)activating the corresponding permissions for all affected functions
You can imagine that this is a time-consuming process due to the amount of work and the slow interaction with the Java web-based GRC GUI. Therefore, it is a quite cumbersome and at times error-prone activity ...... That is, in case you would decide to implement your questionnaire answers manually. There are of course software providers on the market that can develop and maintain your functions in an off-line application and generate your rule set so that you can upload it directly in SAP GRC. In this example such software providers are particularly interesting, because your questionnaire answers are structurally stored and reflected in the functions. Any change now or in the future can be mass-reflected in all (hundreds / thousands of) corresponding permissions in the functions. Time-saving and consistent !
Is this questionnaire really necessary ? Can't I just activate all permissions in every function ? Certainly not, because that would - and here is the main problem - filter too much users out of your audit results because the filter is too stringent. This practice would lead too false negatives, something that auditors do not like.
Can't I just update all my functions based on my particular SU24 settings ? (by the way, if you don't know what SU24 settings are, than ask your role administrator. He/she should know. ) Yes, if you think they are on target, yes you can by deleting all VIRSA_CC_FUNCPRM entries from the Rules.txt export of the SAP standard rule set, re-upload, go for every function into change mode so that the new permissions are imported based on your SU24 settings. Also, very cumbersome and with the absolute condition that you SU24 are maintained excellent.
Why is that so important ? Imagine F_BKPF_GSB the auth object to check on auth groups on business areas within accounting documents. Most role administrator will leave this object on Check/Maintain in the SU24 settings. This means that the object will be imported in the role when - for example - FB01 has been added in the menu. But the role administrator inactivates the object in the role. Still no problem, because user doesn't need it, since auth groups on business areas are not being used. However, having this SU24 will result in an activated F_BKPF_GSB permission in your GRC function. So, SAP GRC will filter down on those users who have F_BKPF_GSB, which will lead to false negatives.
Haven't you noticed that SAP has deactivated quite a lot of permissions, including F_BKPF_GSB ? Now, you see why. But they go too far at times and even incorrect. Example : go ahead and look deeper into function AP02. There, you will see for FB01 that two permissions have been activated. F_BKPF_BEK and F_BKPF_KOA. The very basic authorizations needed to be able to post FI document are F_BKPF_BUK and F_BKPF_KOA. That's F_BKPF_BUK .... not F_BKPF_BEK. They have made a mistake here. F_BKPF_BEK is an optional auth object (as with F_BKPF_GSB) to check on vendor account auth groups.
Again, the message is : be very critical when looking at the SAP standard rule set. So, test thoroughly. And if your not sure, leave the job to a specialized firm.
Success !
Sam

Sam and everyone,
Sam brings up some good points on the delivered ruleset. Please keep in mind; however, that SAP has always stated that the delivered ruleset is a starting point. This is brought up in sap note 986996     Best Practice for SAP CC Rules and Risks. I completely agree with him that no company should just use the supplied rules without doing a full evaluation of their risk and control environment.
I'll try to address each area that Sam brings up:
1. Regarding the issue with differences of auth objects between versions, the SAP delivered rulset is not meant to be version specific. We therefore provide rules with the lowest common denominator when it comes to auth object settings.
The rules were created on a 4.6c system, with the exception of transactions that only exist in higher versions.
The underlying assumption is that we want to ensure the rules do not have any false negatives. This means that we purposely activate the fewest auth objects required in order to execute the transaction.
If new or different auth object settings come into play in the higher releases and you feel this results in false positives (conflicts that show that don't really exist), then you can adjust the rules to add these auth objects to the rules.
Again, our assumption is that the delivered ruleset should err on the side of showing too many conflicts which can be further filtered by the customer, versus excluding users that should be reported.
2. For the customizing settings, as per above, we strive to deliver rules that are base level rules that are applicable for everyone. This is why we deliver only the core auth objects in our rules and not all. A example is ME21N.
If you look at SU24 in an ECC6 system, ME21N has 4 auth objects set as check/maintain. However, in the rules we only enable one of the object, M_BEST_BSA. This is to prevent false negatives.
3. Sam is absolutely right that the delivered auth object settings for FB01 have a mistake. The correct auth object should be F_BKPF_BUK and not F_BKPF_BEK. This was a manual error on my part. I've added this to a listing to correct in future versions of the rules.
4. Since late 2006, 4 updates have been made to the rules to correct known issues as well as expand the ruleset as needed. See the sap notes below as well as posting Compliance Calibrator - Q2 2008 Rule Update from July 22.
1083611 Compliance Calibrator Rule Update Q3 2007
1061380 Compliance Calibrator Rule Update Q2 2006
1035070 Compliance Calibrator Rule Update Q1 2007
1173980 Risk Analysis and Remediation Rule Update Q2 2008
5. SAP is constantly working to improve our rulesets as we know there are areas where the rules can be improved. See my earlier post called Request for participants for an Access Control Rule mini-council from January 28, 2008. A rule mini-council is in place and I welcome anyone who is interested in joining to contact me at the information provided in that post.
6. Finally, the document on the BPX location below has a good overview of how companies should review the rules and customize them to their control and risk environment:
https://www.sdn.sap.com/irj/sdn/bpx-grc
Under Key Topics - Access Control; choose document below:
    o GRC Access Control - Access Risk Management Guide   (PDF 268 KB)
The access risk management guide helps you set up and implement risk
identification and remediation with GRC Access Control.

How to implement row-level security in Discoverer?

Dear all,
I have a scenario that I have 2 folders containing sales and inventory data stored by product lines.
The 2 folders are constructed by 2 SQL statements.
There exists a set of tables controlling which product line's sales and inventory data a person can read.
A function is written previously that returns the WHERE clause based on user_id, employee_id and the other parameter.
So, can you suggest how to integrate the 2 components in Discoverer?
thanks
George
My blog: http://hktour.blogspot.com

hi Rod,
Thanks for your suggestions.
I took your 1st option, ie.
"You can use VPD at the database level to secure the tables."
I have a view BUDGET_V with the following columns:
PERIOD_YEAR
PERIOD_MONTH
PRODUCT_LINE
BUDGET_AMOUNT
Every salesman can only read the budget amount of certain product lines.
I built the security function which will be binded to the view BUDGET_V (see below)
FUNCTION security_policy_function( p_schema in varchar2, p_object in varchar2)
return varchar2
as
begin
if (user = p_schema) then
return '';
else
return viewProductLine(FND_GLOBAL.USER_ID, FND_GLOBAL.EMPLOYEE_ID, 'BUDGET_V.PRODUCT_LINE');
end if;
end;
The security function actually calls my own security function viewProductLine(FND_GLOBAL.USER_ID, FND_GLOBAL.EMPLOYEE_ID, 'BUDGET_V.PRODUCT_LINE') which take the user id and employee id of the apps user and returns the predicate.
Then, I bind the security function security_policy_function() to the view BUDGET_V with
begin
dbms_rls.add_policy
object_schema => 'APPS',
object_name => 'BUDGET_V',
policy_name => 'MY_POLICY',
function_schema => 'APPS',
policy_function => 'security_policy_function',
statement_types => 'select',
update_check => FALSE,
enable => TRUE
end;
The problem now is that if I query the view in Discoverer as a Apps user (say "A"), it returns all the records in the view without any filtering (user "A" is supposed be able to read certain product lines).
I try to verify whether the security function work or not. So, I hardcoded FND_GLOBAL.USER_ID and FND_GLOBAL.EMPLOYEE_ID as 1234 and 6789 which are the user_id and employee_id of user "A". (see below)
FUNCTION security_policy_function( p_schema in varchar2, p_object in varchar2)
return varchar2
as
begin
if (user = p_schema) then
return '';
else
return viewProductLine(1234, 6789, 'BUDGET_V.PRODUCT_LINE');
end if;
end;
This time, Discoverer returns only the records with product lines visible to user "A".
So, I guess there is problem in the function call in viewProductLine(FND_GLOBAL.USER_ID, FND_GLOBAL.EMPLOYEE_ID, 'BUDGET_V.PRODUCT_LINE');
Can you give me some light on this issue?
thanks
George (HK)
My blog at http://hktour.blogspot.com

Photoshop Elements 11 Selection and brush tool not working right

I have this problem where I select parts of an image I am trying to draw, and I want to fill the selected regions of the image with color but whenever I use the brush or the paint bucket tool to fill it, little tiny regions outside of the selection are also painted, now I am not sure if I don't have the settings right, or if the software is broken. I have attached two screenshots that show the problem, please someone explain to me how I can fix this.
http://s1162.photobucket.com/user/Doctorwhofan2012/media/selections.png.html?filters[user] =126515962&filters[recent]=1&sort=1&o=1
http://s1162.photobucket.com/user/Doctorwhofan2012/media/thebrushtoolworksweird.png.html?f ilters[user]=126515962&filters[recent]=1&sort=1&o=0
Also when I am trying to attach images from my computer to a discussion here in the adobe forums I can't because the "insert image" remains greyed out even though I have selected the image file I would like to attach.

It appears that the selection is not accurate, i.e. the "marching ants" extend beyond the object. If you are using the selection brush for this purpose, on the tool's option bar, you will see icons via which you can add to, or subtract from, the selection.
Once you have created the selection with precision, go to Edit menu>fill selection. In this dialog there are several options which are self explanatory.
You can also place the selection on its own layer via CTRL+J, then use the eraser tool to touch up. I do this frequently. It helps to place a layer with contrasting color below the selection layer temporarily to facilitate visualization. Be sure to delete this layer when you are done.
To post a picture file, save it to disk, then click on the camera icon in the reply box here, click browse, and point to where the file is on disk, then insert.

Sort Filter Table Matrix

Hi,
I like to use the Sort Filter Table function (right click on the Matrix, plus the SAP icon to be activated) in my Add-On, Matrix.
Could you please provide me the code?
Thank you,
Rune

Hi Szymon Lipnicki,
I will open a new Forum ticket, because I cannot give you 10 points in this ticket anymore...
I will post a new ticket and please drop your answer in the new ticket. The Subject is "Filtering User Matrix"
Thank you very much, this is good news!!!
Thank you,
Rune

Filtering users

Similar Messages

Maybe you are looking for