GPP assigned to Users OU but use Item-Levewl targeting with Computers?

Similar Messages

• I'm trying to download vm Fusion 5 so I can run Windows 7 on my new iMac. But I am very inexperienced with computers and was wondering if anyone could help walk me through the process.

  I'm trying to download vm Fusion 5 so I can run Windows 7 on my new iMac. But I am very inexperienced with computers and was wondering if anyone could help walk me through the process.

  post in the vmware forum or call vmware customer support.

• [solved] Bash shell... does not start with user name, but used to...!

  when I start a console, logged in as user, it always used to start with
  user@hostname ~$
  Suddenly, and I cannot recall having done anything that could lead to the issue, konsole will always start as
  bash3.2$                                                     
  even after many reboots, this is still the case.
  whoami shows my user name. I can su to root, and from there to my username, but never directly from bash.
  Occasionally, starting a program like KDE partition manager fails with the error message the program su could not be found. but it is as I said occasional.
  I am quite a newbie to Linux, so I am clueless. Can someone help me..? I tried googling, but I seem to be the only one in the WWW that goofed up to such an extent..! and searches are quite unrevealing.
  I am installing Linux From scratch using arch linux as base system, but I am just following The Book to the letter and don't think that caused the problem.
  Last edited by jaydoc (2009-01-26 09:12:56)

  @weasel8...
  That is THE trouble. And I take back my words, it was during the linux from scratch install that I botched that file...! I was supposed to make a new bashrc file in the LFS directory, but I went wrong on the commands and I think I ended up removing the Arch Linux file...!
  If it is to be found, it should be in the etc directory, right..? I looked there and could not find it. Did I look in the right place...?
  What can I do...?
  Last edited by jaydoc (2009-01-26 07:33:14)

• Users found, but not displayed in console with WL8.1 SP5 and iPlanet LDAP

  Hi all,
  I've just installed WL8.1 SP5 and have recreated my domain configuration, as happily used by SP4.
  All seems well until I add an iPlanetAuthenticator via the console. The console reports that it has been created successfully, but when I browse users, I am told that the console is displaying the first 51 of the 413 users found, but only six are displayed, those six being in the internal LDAP.
  If I re-order the configured authentication providers and put my iPlanet Authenticator first, entries from iPlanet are displayed, but a search to find users in the internal LDAP return nothing.
  When I say return nothing, it does not fail! No error is returned and on looking at the HTML I find that blank table row(s) are placed in the results page, their number corresponding to the number of users found in the 'invisible' LDAP directory.
  My application works - meaning that users are being found, but not being able to see them through the console is a show stopper. Has anyone else come across this problem? Can anyone help? At the moment, I'm stumped as to how to solve it!
  All the best,
  Tim.

  Hi all,
  This problem was raised with BEA support and a patch produced.
  All the best,
  Tim.

• Locked out with file vault. Did fix by setting up new user account but cannot access old account with files                           but I can't get back into my old account with all my doc's and pics

  I was locked out by File Vault. I set up a new account by fooling the notebook it was a new start up. Now I cannot access my old account with all of my files. I can see it in Accounts but it will not let me access. Help

  I managed to get a few Time Machine Back Ups  before I passed away
  I'm not sure whether a ghost can do this, but if you were still alive, you could do as follows.
  First make sure you have read & write access to the folder you're trying to restore to. You should be able to see its contents in the Finder, and to move files in and out of it.
  This is an exception to the rule that you should never make any changes to backup data. I've tested this procedure in OS X 10.8 only. It should work with later versions, but I don't know whether it works in earlier versions. Use it only for files that were backed up from your home folder, or a folder on another volume created by you, and would normally be writable by you. Do not touch backups of system or application files.
  In the Finder (not in the time-travel view), navigate to the backup volume, then to the folder named "Backups.backupdb", and then to the snapshot you want to restore from. The snapshots are folders labeled with the date when they were created. Inside each of those folders is a file hierarchy like the one on the volume that was backed up. Descend through the hierarchy until you come to a folder named "Users," and inside that, a folder with your user name. The procedure will be different if you're trying to restore files on another volume.
  Select the folder and open the Info dialog (command-I). Click the padlock icon in the lower right corner of the window and authenticate. In the Sharing & Permissions section, give your account Read & Write access. You may have to close the dialog and repeat this step in order for the change to show up. Then click the gear icon and select
            Apply to Enclosed Items
  from the popup menu.
  Try the restore operation again, in the time-travel interface.

• How to track activity for users logged in using solman to target systems?

  If a person accesses a monitored system through solman, how can we track the user activity (including transactions viewed and changes made etc)?
  Thanks
  Prasad

  Hi Prasad,
  Please refer the following similar threads to get more detailed Information:
  STAD parameter
  STAD Historical Data - How Long?
  STAD -  data for last  30 days
  Also check this useful Blog about STAD(/people/andreas.vogel/blog/2007/01/12/statistical-records-part-1-inside-stad) and SAP Note 139418 - Logging user actions.
  You can also configure and activate the Security Audit Log (SM19) and then analyze its entries through SM20. You can configure exactly what needs to be tracked...
  Useful transactions:
  SM19 (config)
  SM20 (analyze) (SM20N , depending on release)
  SM18 (delete old logs)
  Other SAP Note which is helpful in this case 539404 - FAQ: Answers to questions about the Security Audit Log
  Hope this helps.
  Regards,
  Shyam.

• How to Use Item - Price (ITM1) with SDK ?

  Hi All,
  I have issued, Please help me.
  I want to create Item like this:
  Item (OITM):
  Item no: 1001
  Item Detail (ITM1):
  Item no : 1001
  Item Type : S
  Price : $200
  Item no : 1001
  Item Type : T
  Price : $220
  Item no : 1001
  Item Type : R
  Price : $400
  Can I create like that ?

  Hi,
  If by item type, you mean price list, than following is the way
          Dim oItem As SAPbobsCOM.Items
          Dim Flag As Integer
          oItem = oCompany.GetBusinessObject(SAPbobsCOM.BoObjectTypes.oItems)
          oItem.ItemCode = "1001"
          oItem.Add()
          For Flag = 0 To oItem.PriceList.Count - 1
              If oItem.PriceList.PriceListName = "S" Then
                  oItem.PriceList.Price = 100
              ElseIf oItem.PriceList.PriceListName = "R" Then
                  oItem.PriceList.Price = 200
              ElseIf oItem.PriceList.PriceListName = "T" Then
                  oItem.PriceList.Price = 300
              End If
          Next
          oItem.Update()

• Using a calibration target with a waveform monitor to get the right contrast?

  I was wondering if I am using this target correctly with the waveform monitor to achieve the right amount of contrast.

  Dave
  You are doing it kind of wrong.
  What you should use that Black /Grey White TOOL  for is to set an exposure at the camera.  (NOT in Post Production..but it does have an application in post)
  If your Camera has the Zebras set at 95-100% White...you would point camera at the "TOOL" and adjust exposure so that the zeras display on the white section.  You can not do anything about the black. (It will fall into place from the exposure on the white)
  Now the above assumes that as a photographer...you actuall want the white level to photograph as white for the particular shot that you are taking.
  Exposure is all about tones.  Black to white thru grey tone actually.  (Forget about color)
  Hope this helps but I am happy to expand if you wish.

• I've a e7 and i like to have the best for my mobile. But i'am not smart with computers

  latest version. Upgrade's. The best of the best please

  Sorry but the Nokia e7 uses the Symbian OS which is not supported by mobile Firefox and Nokia is also moving on to Windows mobile now anyways.
  https://wiki.mozilla.org/Mobile/Platforms
  mobile Firefox is for Android 2.2+(with a ARMv7 cpu) and can run on Maemo/Meego.

• Updating Administrators(built-in) with item-level targeting on an enforced policy

  I need help with this. 
  In our Computers OU, we have an enforced GPO with a computer policy that adds local admins to the computers on our network. The policy is Computer Configuration >> Policies >> Windows Settings >> Security Settings >> Local Policies/User
  Rights Assignment >> Restricted Groups >> Group (BUILTIN\Administrators). For this example, we'll call this GPO #1.
  I need to add another user account as a local admin, but targeted to certain computers.
  I tried to edit GPO #1. I went into Computer Configuration >> Control Panel Settings > Local Users and Groups, and then added a Group with the settings >> Updating >> Administrators (built-in) & item-level targeting to the computers
  I wanted, but the setting always gets over-written by the setting that adds local admins. 
  I then tried to create a GPO with the Group update. Lets call this GPO #2. I enforced this rule, linked it to the OU, changed the order so that GPO #2 is above GPO #1, but this doesn't seem to be working.
  Is my inheritance order incorrect?
  1 is GPO #2
  2 is GPO #1
  Ideas anyone?

  > In our Computers OU, we have an enforced GPO with a computer policy that
  > adds local admins to the computers on our network. The policy is
  > Computer Configuration >> Policies >> Windows Settings >> Security
  > Settings >> Local Policies/User Rights Assignment >> Restricted Groups
  >  >> Group (BUILTIN\Administrators).
  Restricted Groups has 2 operation modes: Members and Member of. The
  first one clears out any existing members, and that's what you use right
  now. The second simply adds a group to another group and keeps all
  existing members, that's what you want to use for your additional computers.
   > I need to add another user account as a local admin, but targeted to
   > certain computers.
  To do so, you need to create a domain group that contains the related
  account(s). This domain group is "member of" local admins. And make sure
  this second GPO is linked higher (so it is processed _after_ the first
  one that clears out existing members).
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))
  Yes I know I can do this, but I can't use item-level targeting with this setup. I don't want the user account to be local admins for all computers. I only want it to be local admins for 4 of them.
  Wouldn't precedence take place in this OU if I have the GPO that adds another member as #1, and the GPO that deletes and adds as #2? It isn't working as I had thought it would.

• GPP item-level targeting filter not working as expected

  I am trying to set the Internet Explorer homepage via user Group Policy Preferences (GPP) registry setting for a very specific group of users.  I am using item-level targeting to accomplish this but am having trouble getting the logic working as expected.
  Here is my item-level targeting filter:
  The user is a member of the security group CONTOSO\FireRescueDept
  AND this collection is false
       The user is a member of the security group CONTOSO\EmergencyManagementDept
       OR the user is a member of the security group CONTOSO\PublicSafetyDivision
  The user in question is a member of both CONTOSO\FireRescueDept and CONTOSO\EmergencyManagementDept.  I believe this means that this particular registry GPP setting should NOT apply to the user in question and that is the outcome I desire.
  Here is how I'm thinking about it:
  The user is a member of CONTOSO\EmergencyManagementDept; therefore, "The user is a member of the security group CONTOSO\EmergencyManagementDept" evaluates to TRUE.
  Since the other item in the collection is connected with the boolean OR operator, the collection evaluates to TRUE regardless of the evaluation of "The user is a member of the security group CONTOSO\PublicSafetyDivision."
  The item-level targeting filter is looking for the collection to evaluate to FALSE.  Since the collection has evaluated to TRUE, the evaluation "This collection is false" is FALSE.
  Because of the AND operator in front of "This collection is false", both "The user is a member of the security group CONTOSO\FireRescueDept" and "This collection is false" must evaluate to TRUE in order for the item-level targeting
  filter to determine that the user in question to apply the GPP setting the filter is attached to.  However, since "This collection is false" has already evaluated to FALSE, the filter as a whole should evaluate to FALSE and this GPP setting
  should not apply.
  However, according to gpresult it does apply.
  Please advise.  I want this particular setting to apply to users in the CONTOSO\FireRescueDept group unless they are a member of CONTOSO\EmergencyManagementDept and/or CONTOSO\PublicSafetyDivision.

  Am 21.05.2013 16:22, schrieb Scott W. Sander:
  > Does item-level targeting not work with Universal security groups
  > because the group policy client isn't able to determine that the user
  > is a member of groups of that type?
  In my experience, it DOES work with universal groups... Are you
  suffering from token bloat? How many groups is the user a member of?
  http://blogs.technet.com/b/shanecothran/archive/2010/07/16/maxtokensize-and-kerberos-token-bloat.aspx
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!

• Mapping drive using GPO does not obey to Item-level targeting

  Dear all,
  We are mapping drive using Item-level targeting based on security group (User Configuration > Preferences > Windows Settings > Drive Maps) with the following settings:
  Action: Replace
  Run in logged-on user's security context: <Checked>
  Item-level targeting: <Checked>
  So if user is member of Group_X then he/she will have drive X mapped on his computer.
  Problem now is that (even if reconnect is unchecked), drive will stay mapped when we remove a user from this group.
  Is this the normal behavior ? did I missed something ?
  or even worst, imho, should I add a new drive properties which would say to delete the drive if user does not belong to the relevant group ?
  -> double targeting query for a single drive
  -> what's the point of Replace / Reconnect then ?
  Thanks in advance for your opinions!
  /behd
  [EDIT: Forgot to specify Win2008R2 AD, Win7 Pro clients but doubt that it'll be of any interest for this case]

  Drive mapping should not remain after you remove the user from the group.
  What I suspect is, that at first, the "reconnect" was checked then the user got the policy and tattooed the reconnect value. after that it doesn't matter that "reconnect" was removed.
  Try the following:
  Logon with test user, make sure no drive mapping exist (disconnect if necessary).
  Create a new policy with drive map - make sure reconnect is not checked, and apply it for the test user.
  Make sure no other drive mapping policy exist for that user.
  Login with the test user, make sure drive was mapped.
  Log off that user, remove it from the group, wait for AD replication and log on again (sometimes another log off \ log on required).  
  Please take a moment to Vote as Helpful and/or Mark as Answer where applicable. Thanks.

• Whether a User can have ESS User ID but no R/3 ID

  Dear All,
  Can U Plz Let Me Know whether a User can Have an ESS User ID but no R/3 ID and in Such a Scenario how would the integration happen between ESS and R/3.Also in Such a Scenarios What Would be the Effect on ESS Licences and R/3 Licences.
  Thanks & Regards,
  Punam Jha

  Punam, yes, you could manage Portal's Users by using windows users (i mean from Active Directory) or even maintain directly in Portal (Portal Users).
  But, in order to work with information from your ERP about an employee, you need to do any mapping with SAP.
  You could do a mapping against SAP  with a different user that your Portal user (i mean with different name), by storing the user ID for the ABAP backend system in the user properties.
  [Check this link: User Mapping|http://help.sap.com/saphelp_nw04/helpdata/en/f8/3b514ca29011d5bdeb006094191908/frameset.htm]
  Also, i suggest you talk with your Basis the possibility of mappping multiple users to one (i never test this workaround, so be carefully in the tests), but also you must talk with your SAP Agent to ensure you're using the correct number and type of licenses.
  Best regards

• Item-level targeting failing intermittantly

  We have an OU with a GPP that pushes autologon keys for our KIOSKS.  The gpp works by initially logging in with a kiosk user account that matches the
  name of the computer account and then the GPP sets the autologon keys and after a reboot or logoff the machine auto-logs on after that.  It has worked great for many months.
  Since we recently increase our password security, we could no longer use the shorter password for
  new kiosks without a painful work-around for our enduser support group.
  To make things easy, we added an additional GPP reg key for defaultpassword and utilized “Item-Level Targeting” within the existing GPO/GPP (see images below).
  Last week we tested this change successfully by adding new kiosk and rebooting both new and existing PCs.   All existing kiosk accounts were members of
  the PasswordComplexityDisabled group.  This group is our Fine-grained password policy that permits legacy complexity and password length.
  On Monday we got flooded with calls that the autologon wasn't working.  I revert the item-level targeting entries and put the GPO back to its original state and the calls
  subsided.  Before doing so however, when we investigated problem machines, the strange thing we noticed was that we could login with the original shorter password if we supplied it manually and after that autologon worked fine.  We also check
  that the account in question was a member of the passwordcomplexitydisabled group.  We are at a loss as to why the key seems to have been blanked or set with the wrong key even though a member of the correct group and the ILT logic was correct. 
  Any ideas. 
  David W King

  > There is nothing in the computer scope of the GPO that could have
  > conflicted (we also link this same KIOSK GPO to the Computer OU) so I'm
  > at a loss at what could have affected this defaultpassword key.  Again
  > the strange thing is that once the older/shorter password was supplied
  > manually/interactively the GPP processed and then autologon resumed
  > working.
  One thing that comes to mind: The defaultpassword entry has to be
  written to the registry BEFORE the user logs on, so if you try to change
  it through a user policy, it will not really work...
  Maybe carefully examining a RSoP results or modeling report will reveal
  what was going on?
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Item level targeting not hitting nested security group

  Hi guys,
  Got two security groups (A & B). Group B is a member of A.
  We've applied item level targeting with security groups. We've chose a bunch of drive maps to apply to Group A (which I was hoping would apply to Group B also.
  The drive maps appear for the users of Group A but not Group B. Is this expected behaviour?
  Any help appreciated. Thanks

  Hi guys,
  Got two security groups (A & B). Group B is a member of A.
  We've applied item level targeting with security groups. We've chose a bunch of drive maps to apply to Group A (which I was hoping would apply to Group B also.
  What is your forest functional level? I am not sure, but if I recall correctly if your forest functional level is 2008 R2, I guess you should experience no problems. Otherwise you need a workaround solution like a custom script and etc.
  Mahdi Tehrani   |  
    |  
  www.mahditehrani.ir
  Please click on Propose As Answer or to mark this post as
  and helpful for other people.
  This posting is provided AS-IS with no warranties, and confers no rights.
  How to query members of 'Local Administrators' group in all computers?