FIM Portal not taking users. They delete right away
I'm trying to flow user objects that were brought in from our HR service (an ASP web system) into the FIM Portal. The FIM Service MA is simply exporting them and then deleting them. Why can't they persist in the portal?
Also, just trying to move a few attributes at the moment.. First, Last, Display (a concat), Employee number.. I have these configured in the attribute flow for the FIM Service MA. The Connected Space for the HR has all of the proper attributes and they are
in the MV.
A Full Sync will have 1416 Provisioning Adds
An Export then has 1416 Adds
But then the Full Import has 1416 Deletes
Are you sure they are getting successfully exported? It would be useful to know if they made it to the FIM Service and something deleted them or if they never made it to the FIM Service at all. After you run your export look in the FIM Portal and see if
the records are there. If they are, then focus on why the import process is not seeing them. If they are not, determine if they never made it in or if they made it in and then were deleted -- you should be able to determine this by looking at the request history
in the FIM Portal. It might be simpler to diagnose if you test with a single record. Also look at the Windows event logs on the FIM Service machine and see if there is anything interesting there.
Any chance you have some business logic in the FIM Service that is deleting the records? (You would see this in the request history.)
Rex
Similar Messages
-
FIM Portal Self Service User Provision Frequency
Hi All,
I have a question about fim portal self service.If a user updates their AD attributes (i.e telephone number) in the portal, how long before it appears in AD? Presumably it's dependent on a management agent run profile? If so can this be automatically triggered?
On the other hand, I assume automatic triggerring in a production environment is a bad idea due to load and frequency?
thanksHello,
my shedule is currently not the optimal, best way should be:
1: AD MA Import
2: FIM MA Import
3: AD delta sync
4: FIM delta sync
5: AD export & delta import (confirm)
6: FIM export & delta import (confirm)
I will also bring my shedules to this order in near future. Currently I am in the process to run imports and export in paralell to speed up things using PowerShell Jobs or Workflows.
Regards
Peter
Peter Stapf - Doeres AG - My blog:
JustIDM.wordpress.com -
Help with laptop not coming out of sleep right away
when i leave my macbook pro alone for a little and the screen goes a little dark to prepare for sleep, i click the mouse pad and it doesnt come out right away. whats wrong? it also does this sometimes when i close the laptop and open it.
push the power button lightly and if that doesn't do the trick manually shutdown the computer by holding the power button for 10-15 seconds then power ON and try running sw update
-
How to logon in Portal administration which user have a right
Hi
I installed a EP 7.0 with PI. How to logon in Portal Contant Administrator. what is default user and password in Portal Contant Administration
abdul HameedHello!
There is no default user dedicated to Content Administration in EP as far as I know. After installation you should be able to log on with 'Administrator' (Java-only) or 'J2EE_Admin' (Double-Stack) and the master password you set during the installation.
Regards,
Jörg -
Submit button not taking user to the next slide...
Hi there,
Hopefully this is a simple one!...
The submit button in my quiz does not take the user to the next slide, it just seems to lock and you have to click on the forward button at the bottom of the screen. Does anyone know why this is and how to fix it? I cant use a submit all button as that seems to take away the Action section from the master slide.
ThanksHi there,
Swift reply as usual!
I actually solved this one.. I just had to add "go to next slide" in the advanced action!
I did have to copy and paste all my work into a new project though.. must have had my second bug of the week!
Thanks anyway -
CUSTOM FIM PORTAL for a user(test123)
I have one user (test123)
i want him to see (User & My Profile) from Navigation bar + (All users) from Search Scope.
I created 2 sets for Usage keyword and @ MPRs for both.
I can see these options in Navigation Bar and of Search scope as well.
But in All users its showing only curtrent User...
why its happening.I found the answer.
Enable the Below mentioned MPR-
User Management: Users can read selected attributes of other users -
Why do my calendars not always update 9or update right away?)
I am not sure i am following APPLE's instructions correctly as I don't get consistent results. Can someone help? Thanks.
I have the newest IPOD TOUCH. And some things I have entered on my MACs and even work PCs (me.com calendars eventually showed up on my ipod touch. Vice versa too.) Problem is that this is not consistent. I occasionally find something does not make it, especially from internet (me.com) to the IPOD.
I THINK my IPOD TOUCH settings may be the problem.
They are
PUSH--> ON
FETCH --> MANUAL
I have tried other ways, and the results are always unclear. I thought to save the battery PUSH should be off, or is it only FETCH?
I have wifi on AT HOME. But only to get mail sent to my IPOD. Out on the street and at work there IS no wifi. But anyway, on or off, it seems like I need to have my usb connector plugged in to sync. So I do that too.
SO, Calendar--> PUSH ON OR OFF? FETCH ON OR OFF? WIFI ON OR OFF?
Now Push on, wifi on.
MAC settings too are confusing. There is SYSTEM PREFERENCES and Itunes.
Here they are for my PPC G5 running 10.5.5 and Intel Macbook Pro running 10.4.4)
MOBILE ME (SYSTEM PREFERENCES)
Sync (all items checked except, on the desktop, the mysteriously named "com.panic.transmit.favorites". So that includes calendars. And set for AUTOMATICALLY.
NOTE!!
---> THIS ONE ---WAS-- SET FOR AUTO, BUT JUST NOW I SWITCHED TO MANUAL AND IT DID WORK!!
-> DOES THIS MEAN I FOUND THE SOLUTION? OR A FLUKE???
ADVANCED shows the two machines being synced
ITUNES SETTING
Contacts and Calendars are synced "OVER THE AIR" from Mobile ME. That implies wifi? But regardless, with or without, plugged in or not, I do not always get things synced.
Mail account--only have me.com. before I had the other email I use, but it seemed to create multiple instances of Mobile me on my IPOD and also multiple calendars "On my Ipod" and UNTITLED Account" So now I leave only mobile,me checked. (see below ADVANCED)
Advanced:
REPLACE INFO ON THIS IPOD.... Or, THIS may have been the culprit, so now I leave this off
So, now I am left wondering if any of my settings are less than desired. And is the syncing, when it happens, occurring over wifi or over the USB? So far, the one setting that seems to MAYBE make a difference is in SYSTEM preferences-->changing to SYCH WITH MOBILE ME MANUAL (whereas before it was AUTO).
Thankstokyoprogressive wrote:
Thank very much for your answer. Let me see if I understand.
I have Mobile Me (this mac account and a set of calendars: home and work)
Fairly similar to my set up.
Ok...I have PUSH ON and FETCH MANUAL. But then in ADVANCED it says MOBILE ME CONTACTS AND CALENDARS --> PUSH. And MAIL also PUSH.
Though I am not sure what this actually means. So far, I seem to get things to happen
Rule 555: if it ain't broke, don't fix it.
Stuff from Mobile Me comes down automatically. That was supposed to be Push (instant), but Apple had to admit that in reality for now, there is going to be some delay. Even so, if I time it well, mail and calendar changes arrive elsewhere as soon as I make them on the computer or the touch or even the cloud.
Some apps do not support Push, so that Manual (or the times) cover that situation.
automatically IF I have wifi on at home and the calendar app is open. In other words, do PUSH And FETCH settings work if using USB and NO WIFI (on my home computer?)
No. By selecting the Mobile Me method, the USB syncs are closed off.
This works with wifi if you have Mobile Me (but then subscribed calendars do not sync).
Ok.
You mean other things sync but not calendars? I am not sure how I actually subscribe them. I just see the same info now on the web and on my TOUCH.
Your ordinary calendars do, but those you subscribe to (for example I subscribe to a calendar that I found on a website that gives me Formula 1 schedule; and my boss at work gives me a calendar I subscribe to). My basic calendars are fine, but the subscribed calendars do not even appear in Mobile Me or on the touch.
Hm. So far with that specific computer I can ONLY get wifi and not USB. You said I can turn it off??? You mean by turing PUSH to off? So PUSH off, no sync. Push on, sync.
Right. The Sync would be via USB, but that only syncs the touch and the computer, the computer would also sync with the cloud. OK, if you only have one computer, I guess. Syncs from the touch wait until you come home and plug it in.
So turning on MOBILE ME (PUSH???) makes SYNC via USB stop working?
That is right. If you look in the information panel in iTunes when you have the touch connected, that is what is indicated.
Thanks you. As you see, I am still very foggy about this all. It seems like the USB is good for charging and Itunes stuff, but that the calendar only syncs with PUSH on and FETCH set to, so far for me, MANUAL.
You have that about right, Yes.
And yet on some of its pages Apple says you should turn off PUSH and/or FETCH to save battery life.
Right. If you are in a situation where Push is not going to work for a few hours (like on a plane, or in the middle of a desert) it makes no sense to discharge a battery unnecessarily. If you are in and out of Starbucks in the US, or somewhere that has wifi on that you can link to -- and you do update a lot, or read email -- then keep it on.
Glad to have been of help.
Graham -
Hi all. I had a quick search but couldn't find what I was looking for.
Easy question.
I've setup the following flows:
FIM MA
(FIM)employeeEndDate -> (MV)employeeEndDate
AD MA
(MV)employeeEndDate ->(AD)accountExpire (I have a rule extension to convert it to a UTC etc)
If I enter an enddate on a person object in the FIM portal it will flow to the MV and then flow to AD (via the AD CS/MA).
But (as with all attributes, this is just an example) if I remove the enddate on the person object in the FIM portal it will in turn delete the attribute (AD)accountExpire in the CS of AD.
This is normal and expected... My question is. How do I flow a NULL and still have the CS attribute retain a value?
I'm not wanting to flow a NULL to the destination but I am taking a NULL in as a source (I am working with rule extensions, I have tried a 'ispresent' but as there's no longer a 'space' to flow to it does nothing, I'm stuck with between flow NULL or do nothing,
depending on if I allow NULLs to flow).
The reason is the AD attribute accountExpire is never NULL, but either a date or "0" or "9223372036854775807"(Taken from the MSDN page: )
I had thought of using a RE on the import rule of the FIM MA but you can't use RE there.
I hope I've made the question clear, thank you for any help or tips in advanced.Try adding a second attribute for your rules extension when exporting from the MV that always has a value (Ctrl + click the other attribute). This will ensure that the rules extension is always fired, something like this:
(MV) accountName
(MV) employeeEndDate --> (AD) accountExpires
From there you should be able to use .IsPresent to check for a value, and flow out the correct value in your rules extension. -
Is there a setting so when I receive a text it will always make a sound- Even if I am in a conversation with someone? People do not always answer my text right away so I don't know that they respond because there is no sound notification.
It will make a sound if i receive a text from someone. The problem occurs when I am in a conversation with a person. It only makes a sound the first time. After that, no sound is made. If they don't answer me right away, i don't know that they have responded and I miss a lot of texts. I have the sound turned on and up and have a sound chosen for texts in settings.
-
Bhold attestation setup if FIM POrtal is already used for Group Membership
Background - We had a FIM 2010 deployment in production deployment. Few
months ago, we upgraded it to FIM R2. There are already about 4000 Criteria based Groups and Request Based Groups at FIM portal. FIM portal is used as an authoritative source for group membership.
Problem Statement - The requirement is to attest the existing and
ongoing Request Based group membership of users using BHold User Attestation module. We want to continue FIM portal (not Bhold UI) as the end user interface for requesting the group membership.
Hence, for metaverse' group object's member attribute, FIM Portal should have higher precedence than Bhold MA.
From available documentation of Bhold, I understand that BHold is more suitable in cases where FIM Portal is not already the Group Membership deciding system. However, in our already existing
deployment, both group membership is given by FIM portal. In fact this should be the case with all the FIM deployments before Bhold’ s release.
Please suggest on how to attest the group memberships.
Mayank VaishI would not expect to have to attest group membership where that membership is controlled programmatically. The idea of Attestation is for a responsible person to attest and confirm that the membership of a given group/role/permission is correct (and remove
users who don't need that permission). As long as someone responsible has attested that the rules that govern the automatic group membership are appropriate for the permission controlled by that group, then another round of attestation via BHOLD would seem
like overkill.
However, in the case where membership of FIM groups is managed via FIM's approval mechanism then there may well be a case for BHOLD attestation. It will depend on the business's audit requirements and how well the FIM logs are being maintained, and
also the sensitivity/importance of the permission being managed by the group. If it is not possible to prove who approved membership of what group - and to confirm that that membership is still appropriate - then regular attestation may still be required,
in which case BHOLD is an easier way of doing it than trying to build your own or do it manually.
Cheers,
Dave -
Group Policy - User Rights Assignments not taking effect on workstation`
Novell 5.1 SP7. ZenWorks 3.2 sp3. Windows XP Pro workstations.
In Group Policy, (Computer Configuration/Windows Settings/Security
Settings/Local Policies/User Rights Assignment), I have added Power Users to
the "Load and Unload device drivers" policy. However this setting is not
taking effect on my Windows XP workstations. My DLU policy for users is
configured to have the users members of the "Users" and "Power Users" groups
on the local PC.
Other parts of Group Policy (Computer Policy/Administrative Templates) are
taking effect on the workstation, so I'm wondering if the problem I am
having is related to Security Settings only.
I enabled Group Policy logging on the Windows XP workstation and include it
below:
WMHelperInitialization (Mar 4 2004) called! Flags: 0x8001002. Event:
0x1000. Impersonation: 0x2
Created Mutex.
Loaded userenv.dll
Mapped function RefreshPolicy
Mapped function RegisterGPNotification
Mapped function UnregisterGPNotification
Mapped function RefreshPolicyEx
Exiting WMHelperInitialization. Returning flags: 0x204
WMHelperSystemEntryEx called!
Entered GPCleanupEntry
Writing User Logged In to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x0 to User Logged In in key Software\Novell\Workstation
Manager\Group Policies
Reading Group Policy User Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Flags: 0x80000070 in key
Software\Novell\Workstation Manager\Group Policies
Reading Persist Workstation settings from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Reg key Software\Novell\Workstation Manager\Group Policies\Persist
Workstation settings not found. Assuming 0
Error 2 reading Persist Workstation settings
Entered RestoreOriginalGP.
Reading Group Policy Machine Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Reg key Software\Novell\Workstation Manager\Group Policies\Group Policy
Machine Flags not found. Assuming 0
Reading Group Policy User Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Flags: 0x80000070 in key
Software\Novell\Workstation Manager\Group Policies
Entered GPDel
Deleting C:\WINDOWS\System32\GroupPolicy\User
Deleting C:\WINDOWS\System32\GroupPolicy\Machine
Exiting GPDel 0
Restoring backup GP from C:\WINDOWS\System32\GroupPolicy.WMOriginal
Entered GPCopy(C:\WINDOWS\System32\GroupPolicy.WMOriginal,
C:\WINDOWS\System32\GroupPolicy, 0, handle, 0x80000070)
Warning: C:\WINDOWS\System32\GroupPolicy.WMOriginal\GPT.ini does not exist
Copied file
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Machine \Microsoft\Windows
NT\SecEdit\IPS1.dat to
C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\IPS1.dat
Copied file
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Machine \Microsoft\Windows
NT\SecEdit\XPSec.dat to
C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\XPSec.dat
GP_FLAG_APPLY_SECURITY_SETTINGS (0x40), not set, or security file already
copied. Will not copy security file
Exiting GPCopy 0x0
Writing Group Policy Machine Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x4000 to Group Policy Machine Status in key
Software\Novell\Workstation Manager\Group Policies
Exiting RestoreOriginalGP 0x0
Entered AppendSecuritySettings
Inf path: C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\XPSec.dat
Restoring GP settings
Loading Account Policies...
Loading Audit Policies...
Loading user rights...
Restoring security options...
No data
No data
No data
No data
No data
No data
No data
No data
Renamed Administrator account: Administrator
Local Administrator's user name = Administrator
Administrator account names match, skipping.
Renamed Guest account: Guest
Local Guest's user name = Guest
Guest account names match, skipping.
LoadXPSecuritySettings returning 0
LoadHive entered
LoadHive exit : 0
Exiting AppendSecuritySettings 0x0
GPCleanupEntry releasing mutex.
Exiting GPCleanupEntry: 0
Exiting WMHelperSystemEntryEx ccode: 0x0
Closing log file.
WMHelperInitialization (Mar 4 2004) called! Flags: 0x0. Event: 0x0.
Impersonation: 0x0
Created Mutex.
Loaded userenv.dll
Mapped function RefreshPolicy
Mapped function RegisterGPNotification
Mapped function UnregisterGPNotification
Mapped function RefreshPolicyEx
Exiting WMHelperInitialization. Returning flags: 0x11
Entering WMHelperInteractiveUserEntry!
szFullDN = CN=wintest3.OU=Users.OU=Newcastle.O=OSG
DN is Typed convert it to TYPELESS
g_szUserDN = wintest3.Users.Newcastle.OSG
GinaGetUsersSIDInTextualForm ENTERED
Textual SID : S-1-5-21-1214440339-507921405-1708537768-1019
GinaGetUsersSIDInTextualForm EXIT : 0
Writing Don't reparse to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x0 to Don't reparse in key Software\Novell\Workstation
Manager\Group Policies
Writing User Logged In to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x1 to User Logged In in key Software\Novell\Workstation
Manager\Group Policies
Entered CheckForObsoleteWksCache .
No workstation. Exiting CheckForObsoleteWksCache
Applying user policies
Reading Don't reparse from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value Don't reparse: 0x0 in key Software\Novell\Workstation
Manager\Group Policies
Reading Group Policy User Status from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Status: 0x3000 in key
Software\Novell\Workstation Manager\Group Policies
Read reg. key Group Policy User Status: 0x3000
Entering ApplyPolicies
Reading Group Policy User Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Flags: 0x80000070 in key
Software\Novell\Workstation Manager\Group Policies
Read reg. key Group Policy User Flags: 0x80000070
Reading Group Policy User Status from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Status: 0x3000 in key
Software\Novell\Workstation Manager\Group Policies
Read reg. key Group Policy User Status: 0x3000
Writing Group Policy User Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x1000 to Group Policy User Status in key
Software\Novell\Workstation Manager\Group Policies
Impersonating logged on user.
Context : OU=Users.OU=Newcastle.O=OSG
Full Object DN CN=wintest3.OU=Users.OU=Newcastle.O=OSG
Calling WMGetAllAssociatedObjects(FALSE, MARITIME, 1,
CN=wintest3.OU=Users.OU=Newcastle.O=OSG, WINNT Workstation Package,
zenwmGroupPolicy, 512, pBuffer)
Reverting to system impersonation.
Found DN CN=XP User Package:WinNT-2000-XP:Windows Group Policy.OU=Policy
Packages.OU=Newcastle.O=OSG
WMCheckIfGroupPolicyObjectsChanged entered
Impersonating logged on user.
Reverting to system impersonation.
Group Policy object has NOT changed!
Exiting WMCheckIfGroupPolicyObjectsChanged 0x0
Entered ScheduleCleanup.
Loaded wmschapi.dll
Calling WMScheduleAction
Finished Calling WMScheduleAction. Returned 0x0
Exiting ScheduleCleanup 0x0
Entered BackupOriginalGP.
No backup exists. Creating one: C:\WINDOWS\System32\GroupPolicy.WMOriginal
Backing up original GP to C:\WINDOWS\System32\GroupPolicy.WMOriginal
Copied file C:\WINDOWS\System32\GroupPolicy\Adm\admfiles.ini to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Adm\adm files.ini
Copied file C:\WINDOWS\System32\GroupPolicy\Adm\conf.adm to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Adm\con f.adm
Copied file C:\WINDOWS\System32\GroupPolicy\Adm\inetres.adm to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Adm\ine tres.adm
Copied file C:\WINDOWS\System32\GroupPolicy\Adm\system.adm to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Adm\sys tem.adm
Copied file C:\WINDOWS\System32\GroupPolicy\Adm\wmplayer.adm to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Adm\wmp layer.adm
Copied file C:\WINDOWS\System32\GroupPolicy\Adm\wuau.adm to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Adm\wua u.adm
Copied file C:\WINDOWS\System32\GroupPolicy\GPT.ini to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\GPT.ini
Copied file C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\IPS1.dat to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Machine \Microsoft\Windows
NT\SecEdit\IPS1.dat
Copied file C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\XPSec.dat to
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Machine \Microsoft\Windows
NT\SecEdit\XPSec.dat
Entered SaveSecuritySettings
Inf path:
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Machine \Microsoft\Windows
NT\SecEdit\
Saving XP security settings
Saving Account Policies...
Saving Audit Policies...
Saving user rights...
Name: Administrator
Comment: Built-in account for administering the computer/domain
Full Name:
No rights.
Name: Guest
Comment: Built-in account for guest access to the computer/domain
Full Name:
Right: SeInteractiveLogonRight
Right: SeDenyInteractiveLogonRight
Right: SeDenyNetworkLogonRight
Name: HelpAssistant
Comment: Account for Providing Remote Assistance
Full Name: Remote Desktop Help Assistant Account
No rights.
Name: SUPPORT_388945a0
Comment: This is a vendor's account for the Help and Support Service
Full Name: CN=Microsoft Corporation,L=Redmond,S=Washington,C=US
Right: SeBatchLogonRight
Right: SeDenyInteractiveLogonRight
Right: SeDenyNetworkLogonRight
Name: vector
Comment: Account created by Novell's Workstation Manager
Full Name:
No rights.
Name: wintest3
Comment: Account created by Novell's Workstation Manager
Full Name:
No rights.
Name: None
Comment: Ordinary users
No rights.
Name: Administrators
Right: SeSecurityPrivilege
Right: SeBackupPrivilege
Right: SeRestorePrivilege
Right: SeSystemtimePrivilege
Right: SeShutdownPrivilege
Right: SeRemoteShutdownPrivilege
Right: SeTakeOwnershipPrivilege
Right: SeDebugPrivilege
Right: SeSystemEnvironmentPrivilege
Right: SeSystemProfilePrivilege
Right: SeProfileSingleProcessPrivilege
Right: SeIncreaseBasePriorityPrivilege
Right: SeLoadDriverPrivilege
Right: SeCreatePagefilePrivilege
Right: SeIncreaseQuotaPrivilege
Right: SeChangeNotifyPrivilege
Right: SeUndockPrivilege
Right: SeManageVolumePrivilege
Right: SeImpersonatePrivilege
Right: SeCreateGlobalPrivilege
Right: SeInteractiveLogonRight
Right: SeNetworkLogonRight
Right: SeRemoteInteractiveLogonRight
Name: Users
Right: SeShutdownPrivilege
Right: SeChangeNotifyPrivilege
Right: SeUndockPrivilege
Right: SeInteractiveLogonRight
Right: SeNetworkLogonRight
Name: Guests
No rights.
Name: Power Users
Right: SeSystemtimePrivilege
Right: SeShutdownPrivilege
Right: SeProfileSingleProcessPrivilege
Right: SeChangeNotifyPrivilege
Right: SeUndockPrivilege
Right: SeInteractiveLogonRight
Right: SeNetworkLogonRight
Name: Account operators
No rights.
Name: System operators
No rights.
Name: Printer operators
No rights.
Name: Backup operators
Right: SeBackupPrivilege
Right: SeRestorePrivilege
Right: SeShutdownPrivilege
Right: SeChangeNotifyPrivilege
Right: SeInteractiveLogonRight
Right: SeNetworkLogonRight
Name: Replicators
No rights.
Name: RAS servers
No rights.
Name: Pre2000 compatible access
No rights.
Exiting SaveUserRights (0)
Saving Security Options
Found: MACHINE/Software/Microsoft/Driver Signing/Policy
Data type is 3
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Setup/RecoveryConsole/SecurityLevel
Data type is 4
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Setup/RecoveryConsole/SetCommand
Data type is 4
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Winlogon/AllocateCDRoms
Data type is 1
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Winlogon/AllocateDASD
Data type is 1
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Winlogon/AllocateFloppies
Data type is 1
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Winlogon/CachedLogonsCount
Data type is 1
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Winlogon/ForceUnlockLogon
Data type is 4
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Winlogon/PasswordExpiryWarning
Data type is 4
Found: MACHINE/Software/Microsoft/Windows
NT/CurrentVersion/Winlogon/ScRemoveOption
Data type is 1
Found:
MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/DisableCAD
Data type is 4
Found:
MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/DontDisplayLastUserName
Data type is 4
Found:
MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/LegalNoticeCaption
Data type is 1
Found:
MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/LegalNoticeText
Data type is 7
Found:
MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/ScForceOption
Data type is 4
Found:
MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/ShutdownWithoutLogon
Data type is 4
Found:
MACHINE/Software/Microsoft/Windows/CurrentVersion/Policies/System/UndockWithoutLogon
Data type is 4
Found: MACHINE/SOFTWARE/policies/Microsoft/windows
NT/DCOM/MachineAccessRestriction
Data type is 1
Found: MACHINE/SOFTWARE/policies/Microsoft/windows
NT/DCOM/MachineLaunchRestriction
Data type is 1
Found: MACHINE/System/CurrentControlSet/Control/Lsa/AuditBaseObjects
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/CrashOnAuditFail
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/DisableDomainCreds
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Control/Lsa/EveryoneIncludesAnonymous
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/FIPSAlgorithmPolicy
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/ForceGuest
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/FullPrivilegeAuditing
Data type is 3
Found: MACHINE/System/CurrentControlSet/Control/Lsa/LimitBlankPasswordUse
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/LmCompatibilityLevel
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/MSV1_0/NTLMMinClientSec
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/MSV1_0/NTLMMinServerSec
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/NoDefaultAdminOwner
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/NoLMHash
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/RestrictAnonymous
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/RestrictAnonymousSAM
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Lsa/SubmitControl
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Print/Providers/LanMan Print
Services/Servers/AddPrinterDrivers
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Control/SecurePipeServers/Winreg/AllowedPaths/Machine
Data type is 7
Found: MACHINE/System/CurrentControlSet/Control/Session
Manager/Kernel/ObCaseInsensitive
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Session Manager/Memory
Management/ClearPageFileAtShutdown
Data type is 4
Found: MACHINE/System/CurrentControlSet/Control/Session
Manager/ProtectionMode
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/AutoDisconnect
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/EnableForcedLogOff
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/EnableSecuritySignature
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/NullSessionPipes
Data type is 7
Found:
MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/NullSessionShares
Data type is 7
Found:
MACHINE/System/CurrentControlSet/Services/LanManServer/Parameters/RequireSecuritySignature
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/LanmanWorkstation/Parameters/EnablePlainTextPassword
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/LanmanWorkstation/Parameters/EnableSecuritySignature
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/LanmanWorkstation/Parameters/RequireSecuritySignature
Data type is 4
Found: MACHINE/System/CurrentControlSet/Services/LDAP/LDAPClientIntegrity
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/DisablePasswordChange
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/MaximumPasswordAge
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/RefusePasswordChange
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/RequireSignOrSeal
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/RequireStrongKey
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/SealSecureChannel
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/Netlogon/Parameters/SignSecureChannel
Data type is 4
Found:
MACHINE/System/CurrentControlSet/Services/NTDS/Parameters/LDAPServerIntegrity
Data type is 4
Administrator's user name = Administrator
Guest's user name = Guest
SaveHive entered
SaveHive exit : 0
Exiting SaveSecuritySettings 0x0
Backup path: C:\WINDOWS\System32\GroupPolicy.WMOriginal
Exiting BackupOriginalGP 0x0
Entered RestoreCachedGP.
Reading Group Policy User Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Flags: 0x80000070 in key
Software\Novell\Workstation Manager\Group Policies
Reading Group Policy Machine Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Reg key Software\Novell\Workstation Manager\Group Policies\Group Policy
Machine Flags not found. Assuming 0
No gpt.ini detected, aborting RestoreCachedGP.
Checking whether OriginalGP exists
Entered GPDel
Deleting C:\WINDOWS\System32\GroupPolicy\User
Deleting C:\WINDOWS\System32\GroupPolicy\Machine
Exiting GPDel 0
Restoring original GP.
Entered RestoreOriginalGP.
Reading Group Policy Machine Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Reg key Software\Novell\Workstation Manager\Group Policies\Group Policy
Machine Flags not found. Assuming 0
Reading Group Policy User Flags from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Flags: 0x80000070 in key
Software\Novell\Workstation Manager\Group Policies
Entered GPDel
Deleting C:\WINDOWS\System32\GroupPolicy\User
Deleting C:\WINDOWS\System32\GroupPolicy\Machine
Exiting GPDel 0
Restoring backup GP from C:\WINDOWS\System32\GroupPolicy.WMOriginal
Entered GPCopy(C:\WINDOWS\System32\GroupPolicy.WMOriginal,
C:\WINDOWS\System32\GroupPolicy, 0, handle, 0x80000070)
Copied C:\WINDOWS\System32\GroupPolicy.WMOriginal\GPT.ini to
C:\WINDOWS\System32\GroupPolicy\GPT.ini
Copied file
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Machine \Microsoft\Windows
NT\SecEdit\IPS1.dat to
C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\IPS1.dat
Copied file
C:\WINDOWS\System32\GroupPolicy.WMOriginal\Machine \Microsoft\Windows
NT\SecEdit\XPSec.dat to
C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\XPSec.dat
GP_FLAG_APPLY_SECURITY_SETTINGS (0x40), not set, or security file already
copied. Will not copy security file
Exiting GPCopy 0x0
Writing Group Policy User Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x4000 to Group Policy User Status in key
Software\Novell\Workstation Manager\Group Policies
Exiting RestoreOriginalGP 0x0
Writing Group Policy User Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x4000 to Group Policy User Status in key
Software\Novell\Workstation Manager\Group Policies
Entered GPCopy(C:\WINDOWS\System32\GroupPolicy.UserCache,
C:\WINDOWS\System32\GroupPolicy, 0, handle, 0x80000070)
Copied C:\WINDOWS\System32\GroupPolicy.UserCache\GPT.ini to
C:\WINDOWS\System32\GroupPolicy\GPT.ini
Copied file
C:\WINDOWS\System32\GroupPolicy.UserCache\User\MIC ROSOFT\IEAK\install.ins to
C:\WINDOWS\System32\GroupPolicy\User\MICROSOFT\IEA K\install.ins
Copied file C:\WINDOWS\System32\GroupPolicy.UserCache\User\Reg istry.pol to
C:\WINDOWS\System32\GroupPolicy\User\Registry.pol
Copied file
C:\WINDOWS\System32\GroupPolicy.UserCache\Machine\ Microsoft\Windows
NT\SecEdit\IPS1.dat to
C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\IPS1.dat
Copied file
C:\WINDOWS\System32\GroupPolicy.UserCache\Machine\ Microsoft\Windows
NT\SecEdit\IPS2.dat to
C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\IPS2.dat
Copied file
C:\WINDOWS\System32\GroupPolicy.UserCache\Machine\ Microsoft\Windows
NT\SecEdit\IPS3.dat to
C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\IPS3.dat
Copied file
C:\WINDOWS\System32\GroupPolicy.UserCache\Machine\ Microsoft\Windows
NT\SecEdit\XPSec.dat to
C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\XPSec.dat
Copied file C:\WINDOWS\System32\GroupPolicy.UserCache\Machine\ Registry.pol
to C:\WINDOWS\System32\GroupPolicy\Machine\Registry.p ol
GP_FLAG_APPLY_SECURITY_SETTINGS (0x40), not set, or security file already
copied. Will not copy security file
Exiting GPCopy 0x0
Writing Group Policy User Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x3000 to Group Policy User Status in key
Software\Novell\Workstation Manager\Group Policies
Entered MergeGptFile(C:\WINDOWS\System32\GroupPolicy.UserC ache, 0x80000070)
g_dwVersion: 0x0.
Reading GPT Version from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value GPT Version: 0x70007 in key Software\Novell\Workstation
Manager\Group Policies
Found machine extensions...
Found user extensions...
Exiting MergeGptFile 0x0
Reading user's user settings.
Entered AppendPolicy
C:\WINDOWS\System32\GroupPolicy.UserCache\User\Reg istry.pol
Entered parseRegFile
Val: 'BlockExeAttachments'
Added: Software\Microsoft\Outlook Express\BlockExeAttachments
Val: 'NoHTMLWallPaper'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \ActiveDesktop\NoHTMLWallPaper
Val: '**del.NoChangingWallPaper'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \ActiveDesktop, val:
NoChangingWallPaper
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \ActiveDesktop\**del.NoChangingWallPaper
Val: 'ForceClassicControlPanel'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\ForceClassicControlPanel
Val: 'NoSMMyPictures'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoSMMyPictures
Val: 'NoStartMenuMyMusic'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoStartMenuMyMusic
Val: 'NoDesktopCleanupWizard'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoDesktopCleanupWizard
Val: 'NoWelcomeScreen'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoWelcomeScreen
Val: 'NoActiveDesktop'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoActiveDesktop
Val: '**del.NoInternetIcon'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val:
NoInternetIcon
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.NoInternetIcon
Val: '**del.NoNetHood'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val: NoNetHood
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.NoNetHood
Val: 'NoAutoUpdate'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoAutoUpdate
Val: 'NoSMBalloonTip'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoSMBalloonTip
Val: 'NoSMConfigurePrograms'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoSMConfigurePrograms
Val: 'NoComputersNearMe'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoComputersNearMe
Val: 'MaxRecentDocs'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\MaxRecentDocs
Val: 'NoSharedDocuments'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoSharedDocuments
Val: '**del.NoStartMenuEjectPC'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val:
NoStartMenuEjectPC
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.NoStartMenuEjectPC
Val: 'NoActiveDesktopChanges'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\NoActiveDesktopChanges
Val: '**del.NoAddPrinter'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val:
NoAddPrinter
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.NoAddPrinter
Val: '**del.NoDeletePrinter'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val:
NoDeletePrinter
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.NoDeletePrinter
Val: '**del.NoToolbarsOnTaskbar'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val:
NoToolbarsOnTaskbar
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.NoToolbarsOnTaskbar
Val: '**del.NoSetTaskbar'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer, val:
NoSetTaskbar
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\**del.NoSetTaskbar
Val: 'ForceStartMenuLogOff'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Explorer\ForceStartMenuLogOff
Val: '{20D04FE0-3AEA-1069-A2D8-08002B30309D}'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}
Val: '**del.{450D8FBA-AD25-11D0-98A8-0800361B1103}'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \NonEnum, val:
{450D8FBA-AD25-11D0-98A8-0800361B1103}
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \NonEnum\**del.{450D8FBA-AD25-11D0-98A8-0800361B1103}
Val: '**del.{645FF040-5081-101B-9F08-00AA002F954E}'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \NonEnum, val:
{645FF040-5081-101B-9F08-00AA002F954E}
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \NonEnum\**del.{645FF040-5081-101B-9F08-00AA002F954E}
Val: '**del.Wallpaper'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \System, val: Wallpaper
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \System\**del.Wallpaper
Val: '**del.WallpaperStyle'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \System, val:
WallpaperStyle
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \System\**del.WallpaperStyle
Val: 'NoDispScrSavPage'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \System\NoDispScrSavPage
Val: 'NoAddFromNetwork'
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\NoAddFromNetwork
Val: '**del.NoAddRemovePrograms'
Trying to delete key:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall, val:
NoAddRemovePrograms
Added:
Software\Microsoft\Windows\CurrentVersion\Policies \Uninstall\**del.NoAddRemovePrograms
Val: 'ListBox_Support_Allow'
Added: Software\Policies\Microsoft\Internet Explorer\New
Windows\ListBox_Support_Allow
Val: '*.fleetviewonline.com'
Added: Software\Policies\Microsoft\Internet Explorer\New
Windows\Allow\*.fleetviewonline.com
Val: '*.osg.com'
Added: Software\Policies\Microsoft\Internet Explorer\New
Windows\Allow\*.osg.com
Val: 'NoHelpItemTutorial'
Added: Software\Policies\Microsoft\Internet
Explorer\Restrictions\NoHelpItemTutorial
Val: 'NoHelpItemNetscapeHelp'
Added: Software\Policies\Microsoft\Internet
Explorer\Restrictions\NoHelpItemNetscapeHelp
Val: 'NoHelpItemSendFeedback'
Added: Software\Policies\Microsoft\Internet
Explorer\Restrictions\NoHelpItemSendFeedback
Val: 'PreventAutoRun'
Added: Software\Policies\Microsoft\Messenger\Client\Preve ntAutoRun
Val: ''
Added: Software\Policies\Microsoft\SystemCertificates\Tru st\Certificates\
Val: ''
Added: Software\Policies\Microsoft\SystemCertificates\Tru st\CRLs\
Val: ''
Added: Software\Policies\Microsoft\SystemCertificates\Tru st\CTLs\
Val: 'ScreenSaverIsSecure'
Added: Software\Policies\Microsoft\Windows\Control
Panel\Desktop\ScreenSaverIsSecure
Val: 'ScreenSaveActive'
Added: Software\Policies\Microsoft\Windows\Control
Panel\Desktop\ScreenSaveActive
Val: 'ScreenSaveTimeOut'
Added: Software\Policies\Microsoft\Windows\Control
Panel\Desktop\ScreenSaveTimeOut
Val: 'SCRNSAVE.EXE'
Added: Software\Policies\Microsoft\Windows\Control
Panel\Desktop\SCRNSAVE.EXE
Val: 'ListBox_Support_ZoneMapKey'
Added: Software\Policies\Microsoft\Windows\CurrentVersion \Internet
Settings\ListBox_Support_ZoneMapKey
Val: '*.osg.com'
Added: Software\Policies\Microsoft\Windows\CurrentVersion \Internet
Settings\ZoneMapKey\*.osg.com
Val: 'osgintranet'
Added: Software\Policies\Microsoft\Windows\CurrentVersion \Internet
Settings\ZoneMapKey\osgintranet
Val: '1A00'
Added: Software\Policies\Microsoft\Windows\CurrentVersion \Internet
Settings\Zones\1\1A00
Val: '1809'
Added: Software\Policies\Microsoft\Windows\CurrentVersion \Internet
Settings\Zones\1\1809
Val: '1803'
Added: Software\Policies\Microsoft\Windows\CurrentVersion \Internet
Settings\Zones\1\1803
Val: 'DontPromptForWindowsUpdate'
Added:
Software\Policies\Microsoft\Windows\DriverSearchin g\DontPromptForWindowsUpdate
Val: 'NC_RenameLanConnection'
Added: Software\Policies\Microsoft\Windows\Network
Connections\NC_RenameLanConnection
Val: 'PromptPasswordOnResume'
Added:
Software\Policies\Microsoft\Windows\System\Power\P romptPasswordOnResume
Val: 'NoAUAsDefaultShutdownOption'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\NoAUAsDefaultShutdownOption
Val: 'NoAUShutdownOption'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\NoAUShutdownOption
Val: 'BehaviorOnFailedVerify'
Added: Software\Policies\Microsoft\Windows NT\Driver
Signing\BehaviorOnFailedVerify
Val: 'MovieMaker'
Added: Software\Policies\Microsoft\WindowsMovieMaker\Movi eMaker
Exiting parseRegFile
Exiting AppendPolicy
C:\WINDOWS\System32\GroupPolicy.UserCache\User\Reg istry.pol 0x0
Reading user's computer settings.
Entered AppendPolicy
C:\WINDOWS\System32\GroupPolicy.UserCache\Machine\ Registry.pol
Entered parseRegFile
Val: 'NoUpdateCheck'
Added: Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions\NoUpdateCheck
Val: 'NoSplash'
Added: Software\Policies\Microsoft\Internet
Explorer\Infodelivery\Restrictions\NoSplash
Val: 'PreventAutoRun'
Added: Software\Policies\Microsoft\Messenger\Client\Preve ntAutoRun
Val: 'NV PrimaryDnsSuffix'
Added: Software\Policies\Microsoft\System\DNSClient\NV PrimaryDnsSuffix
Val: ''
Added: Software\Policies\Microsoft\Windows\Safer\
Val: 'WUServer'
Added: Software\Policies\Microsoft\Windows\WindowsUpdate\ WUServer
Val: 'WUStatusServer'
Added: Software\Policies\Microsoft\Windows\WindowsUpdate\ WUStatusServer
Val: 'NoAutoRebootWithLoggedOnUsers'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\NoAutoRebootWithLoggedOnUsers
Val: 'AutoInstallMinorUpdates'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\AutoInstallMinorUpdates
Val: 'DetectionFrequencyEnabled'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\DetectionFrequencyEnabled
Val: 'DetectionFrequency'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\DetectionFrequency
Val: 'UseWUServer'
Added: Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\UseWUServer
Val: 'RescheduleWaitTimeEnabled'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\RescheduleWaitTimeEnabled
Val: 'RescheduleWaitTime'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\RescheduleWaitTime
Val: 'NoAutoUpdate'
Added: Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\NoAutoUpdate
Val: 'AUOptions'
Added: Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\AUOptions
Val: 'ScheduledInstallDay'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\ScheduledInstallDay
Val: 'ScheduledInstallTime'
Added:
Software\Policies\Microsoft\Windows\WindowsUpdate\ AU\ScheduledInstallTime
Val: 'RegistrationOverwritesInConflict'
Added: Software\Policies\Microsoft\Windows
NT\DNSClient\RegistrationOverwritesInConflict
Val: 'SearchList'
Added: Software\Policies\Microsoft\Windows NT\DNSClient\SearchList
Val: 'PreventIISInstall'
Added: Software\Policies\Microsoft\Windows NT\IIS\PreventIISInstall
Val: 'SecurityCenterInDomain'
Added: Software\Policies\Microsoft\Windows NT\Security
Center\SecurityCenterInDomain
Exiting parseRegFile
Exiting AppendPolicy
C:\WINDOWS\System32\GroupPolicy.UserCache\Machine\ Registry.pol 0x0
Entered GenerateGptFile(C:\WINDOWS\System32\GroupPolicy)
g_dwVersion: 0x70007.
Writing GPT Version to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x70007 to GPT Version in key Software\Novell\Workstation
Manager\Group Policies
Exiting GenerateGptFile 0x0
Exiting RestoreCachedGP 0x0
Writing Group Policy User Status to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x3000 to Group Policy User Status in key
Software\Novell\Workstation Manager\Group Policies
Bumping GPT version...
Entered SetGptVersion(0x0, TRUE).
Reading GPT Version from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value GPT Version: 0x70007 in key Software\Novell\Workstation
Manager\Group Policies
Read file C:\WINDOWS\System32\GroupPolicy\GPT.ini
Found version 0x70007 in gpt.ini
Using version: 0x70007
Saving GPT version: 0x80008
Writing GPT Version to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x80008 to GPT Version in key Software\Novell\Workstation
Manager\Group Policies
Exiting SetGptVersion 0x0.
Entered AppendSecuritySettings
Inf path: C:\WINDOWS\System32\GroupPolicy\Machine\Microsoft\ Windows
NT\SecEdit\XPSec.dat
Restoring GP settings
Loading Account Policies...
Loading Audit Policies...
Loading user rights...
Restoring security options...
No data
No data
No data
No data
No data
No data
No data
No data
No data for Administrator account name.
LoadXPSecuritySettings returning 0
LoadHive entered
LoadHive exit : 0
Exiting AppendSecuritySettings 0x0
Signalling OS to refresh policies
RegQueryValueEx returned 2
Policies are set to apply asynchronously
Policies will be processed asynchronously
Entered SetGptVersion(0x0, TRUE).
Reading GPT Version from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value GPT Version: 0x80008 in key Software\Novell\Workstation
Manager\Group Policies
Read file C:\WINDOWS\System32\GroupPolicy\GPT.ini
Found version 0x80008 in gpt.ini
Using version: 0x80008
Saving GPT version: 0x90009
Writing GPT Version to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x90009 to GPT Version in key Software\Novell\Workstation
Manager\Group Policies
Exiting SetGptVersion 0x0.
Entering RunGPUpdate
Exiting RunGPUpdate 0
Exiting ApplyPolicies 0x0
Writing Last Run Time High to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x1c58076 to Last Run Time High in key
Software\Novell\Workstation Manager\Group Policies
Writing Last Run Time Low to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x34349ce0 to Last Run Time Low in key
Software\Novell\Workstation Manager\Group Policies
Apply user policies releasing mutex.
Exiting WMHelperInteractiveUserEntry ccode: 0x0
Closing log file.
WMHelperInitialization (Mar 4 2004) called! Flags: 0x2001. Event: 0x2000.
Impersonation: 0x1
Opened Mutex.
Loaded userenv.dll
Mapped function RefreshPolicy
Mapped function RegisterGPNotification
Mapped function UnregisterGPNotification
Mapped function RefreshPolicyEx
Exiting WMHelperInitialization. Returning flags: 0x11
Entering WMHelperInteractiveUserEntry!
szFullDN = CN=wintest3.OU=Users.OU=Newcastle.O=OSG
DN is Typed convert it to TYPELESS
g_szUserDN = wintest3.Users.Newcastle.OSG
GinaGetUsersSIDInTextualForm ENTERED
Textual SID : S-1-5-21-1214440339-507921405-1708537768-1019
GinaGetUsersSIDInTextualForm EXIT : 0
Writing Don't reparse to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x0 to Don't reparse in key Software\Novell\Workstation
Manager\Group Policies
Current time high: 0x1c58076
Reading Last Run Time High from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Last Run Time High: 0x1c58076 in key
Software\Novell\Workstation Manager\Group Policies
Previous time high: 0x1c58076
Writing Don't reparse to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x1 to Don't reparse in key Software\Novell\Workstation
Manager\Group Policies
Writing User Logged In to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x1 to User Logged In in key Software\Novell\Workstation
Manager\Group Policies
Entered CheckForObsoleteWksCache
CN=LT_VECTOR.OU=Workstations.OU=Newcastle.O=OSG.
Full Object DN
CN=LT_VECTOR.OU=Workstations.OU=Newcastle.O=OSG.OU =Users.OU=Newcastle.O=OSG
Calling WMGetAllAssociatedObjects(FALSE, MARITIME, 1,
CN=LT_VECTOR.OU=Workstations.OU=Newcastle.O=OSG.OU =Users.OU=Newcastle.O=OSG,
WINNT Workstation Package, zenwmGroupPolicy, 512, pBuffer)
WMGetAllAssociatedObject returned 2
No associated workstation policies. Deleting
C:\WINDOWS\System32\GroupPolicy.WksCache.
DeleteGPRegVal: Error 0x2 deleting Group Policy Machine Flags
Exiting CheckForObsoleteWksCache 2
Applying user policies
Reading Don't reparse from \HKLM\Software\Novell\Workstation Manager\Group
Policies
Read reg. value Don't reparse: 0x1 in key Software\Novell\Workstation
Manager\Group Policies
Reading Group Policy User Status from \HKLM\Software\Novell\Workstation
Manager\Group Policies
Read reg. value Group Policy User Status: 0x3000 in key
Software\Novell\Workstation Manager\Group Policies
Read reg. key Group Policy User Status: 0x3000
Policy applied at predesktop. Skipping reapplication at user login.
Writing Don't reparse to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x0 to Don't reparse in key Software\Novell\Workstation
Manager\Group Policies
Writing Last Run Time High to \HKLM\Software\Novell\Workstation
Manager\Group Policies
Wrote reg. value 0x1c58076 to Last Run Time High in key
Software\Novell\Workstation Manager\Group Policies
Writing Last Run Time Low to \HKLM\Software\Novell\Workstation Manager\Group
Policies
Wrote reg. value 0x38844da0 to Last Run Time Low in key
Software\Novell\Workstation Manager\Group Policies
Apply user policies releasing mutex.
Exiting WMHelperInteractiveUserEntry ccode: 0x0
Closing log file.
Thanks in advance
AliDUPLICATE
Answered in
novell.support.zenworks.desktops.3x.workstation-manager
Regards
Rolf Lidvall
Swedish Radio (Ltd)
NSC SysOp -
Hi,
***Problem
I encounter a problem with FIM (version 4.1.3441.0 and 4.1.3496.0) when I try to delete a User object (and only a User object) whatever if it is
manually/Expiration Workflow/Powershell.
Deleting a User object used to be perfectly functional and, without any product version modification, stopped working. I haven't neither deleted/modified or add a
"Grant" MPR or any of the corresponding Sets since last time I saw it working.
Displayed error is "Request could not be dispatched" in FIM Portal and is referencing a stored procedure in Event Viewer.
***Error details
When I try to delete a User object, here is the output :
Portal
"Processing error" on submit
with the following details
Request status is stuck at "Validating" until next restart of FIM Service (after what it becomes “Canceled”)
Request’s “Applied Policy” tab does not contain any MPR where, at least, a “Grant” MPR is expected
As SQL Timeout is relatively high and error happens quickly, I don’t think there is a Timeout problem under that.
Logs
« Application »
The Portal cannot connect to the middle tier using the web service interface. This failure prevents all portal scenarios from functioning correctly.
The cause may be due to a missing or invalid server url, a downed server, or an invalid server firewall configuration.
Ensure the portal configuration is present and points to the resource management service.
« Forefront Identity Manager »
Reraised Error 50000, Level 16, State 1, Procedure ReRaiseException, Line 37, Message: Reraised Error 1088, Level 16, State 12, Procedure CalculateRequestSetTransitionsAssembleStatements,
Line 332, Message: Cannot find the object "#calculateRequestSetTransitionsAssembleStatementsPartition" because it does not exist or you do not have permissions.
Transaction count after EXECUTE indicates a mismatching number of BEGIN and COMMIT statements. Previous count = 1, current count = 0.
Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> System.Data.SqlClient.SqlException: Reraised Error 50000, Level 16, State
1, Procedure ReRaiseException, Line 37, Message: Reraised Error 1088, Level 16, State 12, Procedure CalculateRequestSetTransitionsAssembleStatements, Line 332, Message: Cannot find the object "#calculateRequestSetTransitionsAssembleStatementsPartition"
because it does not exist or you do not have permissions.
Transaction count after EXECUTE indicates a mismatching number of BEGIN and COMMIT statements. Previous count = 1, current count = 0.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler,
TdsParserStateObject stateObj)
at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString)
at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async)
at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult
result)
at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(DbAsyncResult result, String methodName, Boolean sendToPipe)
at System.Data.SqlClient.SqlCommand.ExecuteNonQuery()
at Microsoft.ResourceManagement.Data.DataAccess.UpdateRequest(RequestType request, IEnumerable`1 updates)
--- End of inner exception stack trace ---
Requestor: urn:uuid:7fb2b853-24f0-4498-9534-4e10589723c4
Correlation Identifier: e7209633-46d0-4f4b-a59e-807649ef71ea
Microsoft.ResourceManagement.WebServices.Exceptions.UnwillingToPerformException: Other ---> System.InvalidCastException: Specified cast is not valid.
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.CreateRequest(UniqueIdentifier requestor, UniqueIdentifier targetIdentifier, OperationType
operation, String businessJustification, List`1 requestParameters, CultureInfo locale, Boolean isChildRequest, Guid cause, Boolean doEvaluation, Nullable`1 serviceId, Nullable`1 servicePartitionId, UniqueId messageIdentifier, UniqueIdentifier requestContextIdentifier,
Boolean maintenanceMode)
at Microsoft.ResourceManagement.WebServices.RequestDispatcher.CreateRequest(UniqueIdentifier requestor, UniqueIdentifier targetIdentifier, OperationType
operation, String businessJustification, List`1 requestParameters, CultureInfo locale, Boolean isChildRequest, Guid cause, Boolean doEvaluation, Nullable`1 serviceId, Nullable`1 servicePartitionId, UniqueId messageIdentifier)
at Microsoft.ResourceManagement.WebServices.ResourceManagementService.Delete(Message request)
--- End of inner exception stack trace ---
For information, a maintenance plan rebuild/reorganize indexes daily and this problem has occurred on servers with different performances.
Is any of you has already encounter this problem ?
Any help would be greatly appreciated,
Thanks in advance for your help,
MatthewWhile there are several SQL Agent jobs (FIM Temporal Events, Maintain Sets, and Maintain Groups among others)created by the FIM install only one of those is enabled and scheduled and it calls all of the same stored procedures that the other
jobs do. Step 2 is Maintain sets and Step 3 is maintain groups. So the Maintain sets and groups jobs never need to get enabled and scheduled, but if you want them to be maintained more frequently then you can.
David Lundell, Get your copy of FIM Best Practices Volume 1 http://blog.ilmbestpractices.com/2010/08/book-is-here-fim-best-practices-volume.html -
After deleting users they are not removed from portal30.wwsec_person
I am building a customized script to carry on users self registration.
the script is going great and user is created and i can log into portal
successfully with this new created user.
I relogin as portal administrator and delete this new user and now if i tried
to list portal users I cant see the user.
But when I try to rerun my script to recreate this user again it fails when I
investigated I found that it fails because the entry of this user is removed
from portal30_sso.wwsec_person while it still exists in portal30.wwsec_person
so the script fails as there is duplicate in primary key.
Is this a bug in portal 309 that when the user is deleted it is not removed
from portal30.wwsec_personThis is actually a combination of intended behavior/design and a bug.
Let me first explain why there is a user in both the PORTAL30_SSO schema as well as the PORTAL30 schema.
The definition of the user, that can log in, and defines the single sign-on account, is the user's entry in the
WWSEC_PERSON$ table in the PORTAL30_SSO schema. The SSO server actually just uses a subset of the
columns in this table -- those defined in the WWSSO_SSO_USER view.
The same table exists in the PORTAL30 schema, because there is a lot of common infrastructure code
shared by both applications (Login Server, and Portal). The Security and Session Management code
is common, and this code includes the dependency on the WWSEC_PERSON$ table.
Now, assuming that the code was independent (for the sake of argument), why do we still have an entry
for the user in both schemas? As I mentioned earlier, the user entry in the SSO schema is the "master".
The SSO server can have multiple partner applications connected to it. Indeed, on my.oracle.com, the
login server there has at least 4 portals hooked up to it, and a few other non-Portal partner applications,
such as Oracle Mobile.
Each partner application may have a local user profile that it uses to store application specific attributes
of the user. This is stuff that the Login Server is not interested in, and could in no way predetermine for
all conceivable partner applications. So, it is not unreasonable for each partner application to also have
a user record which stores additional attributes of the user (not related to user authentication), and which
can be used to reference other user-related data. For example in the Portal, all the user's privileges
and group memberships are tied to the Portal's user record (foreign key constraints). So, the Portal
being just one partner application of the Login Server, it adhere's to this model and has a user entry
in it's schema corresponding to the user entry in the Login Server.
When a user logs on and accesses a partner application for the first time, the partner application (read Portal)
is expected to automatically create a local profile entry for the user on demand. The Portal does this.
In 3.0.9 and previous versions, to delete a user, you need to delete the user in the Login Server AND the Portal.
The only way to do this is to first delete the user in the Login Server, using the User Portlet.
Then type the user's name into the Portal User Profile portlet (they won't be in the LOV anymore since
you just deleted them from the login server), and click Edit, then Reset To Defaults (this means delete).
You will then get a User Not Found error, since the page is trying to go back to show the details about this user.
(All this has been fixed in 9.0.2 v2, by the way). -
Custom resource/attribute not visible in FIM portal for non-admins
hi all
I have a problem I am not able to solve and hope somebody can help. We have created an custom Resource in the FIM portal called Customer. It is an User Resource Type and attribute type customer, data type=reference.
We have made this attribute visible in the Users Properties by editing the RCDC for Configuration for User Creation, Configuration for User Editing and Configuration for User Viewing. It is now visible for alle users in the FIM Portal.
But when an non-admin searches for an attribute in that Field, nothing shows up.... only member of the administrator set, are able to display the results.
I have added the Resource to Filter permission - Administrator Filter permission + non-administrator filter permission.
I have added the Resource to MPR - General: Users can read non-administrative configuration resources?
Can anyone help?
Best regards Andre
AndreHi,
To be clear,
You have create one new resource type 'Customer' and one attribute 'Customer' (Reference, binded to Person object)
Update RCDC for Person (create/edit/view) to add a picker attribute with those parameters
UsageKeywords: This is an optional string property. You can define a list of search scopes to be used in the Resource Picker by providing a list of the usage keywords that are supported by the SearchScopeConfiguration structure, where each keyword is separated by a (‘).
ResultObjectType: This is an optional string property. The resource type is used to render resources in the pop-up dialog-box list. This is used with the Filter to help the Identity Picker identify what resource type is returned by the Filter, and render the data accordingly. This property is mutually exclusive with the UsageKeywords property (see above). When the search scope is applied, this has no effect. The string that is accepted for this property is any single, valid, resource-type name, for example, Person. When the filter is expected to return multiple resource types, Resource is used.
Modify MPR "User management: Users can read attributes of their own" and "User management: Users can read selected attributes of other users" to add this new attribute
Create a new MPR to give the right of all users to view new resource 'Customer' on all attributes
Is that right?
Regards,
Sylvain -
Memebers of group not appear to Group Owner at FIM portal
In my distribution groups I have added some member via owner approval and that member appears added to me when i view that group from FIM admin portal but when i look at the same DG from Owner's FIM portal then user does not appear! strange !
Any suggestion pls why is this happening?Some MPRs are not enabled or they have non-default configuration.
Check if you have the following MPRs enabled:
Distribution list management: Users can read selected attributes of group resources
Distribution list management: Owners can read attributes of group resources
If you found my post helpful, please give it a Helpful vote. If it answered your question, remember to mark it as an Answer.
Maybe you are looking for
-
Remote Desktop no longer works after update
I have a computer lab at my school. I have updated Remote Desktop 3.1 to my G-5 and all of my computers in my lab. Now I have lost all contact with my computers in my lab. Not one computer is recognized by my G-5. These are brand new Imacs with the n
-
ISE 1.3 Multiple PSN's and Guest Credential Propagation
Hi There, I am struggling to find any information about Guest Credential Propagation in 1.3 I have 1 x Admin 1 x Backup admin Node 3 x PSN's In 1.2 Each PSN hosted a guest portal/guest admin portal. As far as I can see that's now changed with 1.3 wit
-
I have photo books I created on an older iMac that I need to order more copies of. When I click the purchase button a message appears stating I can no longer order books for this version of iPhoto. Can I transfer the books to my new iMac or do I nee
-
Can't sign out on iPad or iPhone (to use a different Apple ID)
I recently changed my Apple ID (did not create a new Apple ID account). On my MacBook Air I was able to sign out of iCloud to then start using the new ID. However, I cannot seem to do the same with my iPad or iPhone. Thus, I am constantly being asked
-
How to perform continous acq after two seperate AI config?
if i Configure for two set of channels say, channel 0 to 4 as group 1 and channel 5 to 15 as group 2 using AI group config, how do i perfrom continous acquisition?