Grant access to help desk users to add members to distribution and security groups

Similar Messages

• Any way to give Help Desk Users access to tickets by Category?

  As far as I know, there's just no way to do this.  The user roles are not very flexible and really don't provide any middle ground by design.  You can either see all tickets or you can see only tickets assigned to you.

  So we have our first level Help Desk people that get ALL the tickets that come in.  They are Help Desk Admins as they route things around and manage the system.
  We also have our Database team that we sometimes have to assign tickets to.  We don't want them to see all the tickets so I think I have to set them as Help Desk Users.
  Based on the documentation, this means they won't see anything except what's already assigned to them personally.
  What we'd like to be able to do is create a Category called Database and set the Database users up so they can see their own tickets and any ticket that's assigned to the Database Category.  Is there any way to do this or an alternative way that we can accomplish the same end result?
  Thanks.
  This topic first appeared in the Spiceworks Community

• HT5312 PLZ help!    I forgot my rescue e-mail and security question. What can i do?

  PLZ help!    I forgot my rescue e-mail and security question. What can i do?

  You need to ask Apple to reset your security questions; ways of contacting them include clicking here and picking a method for your country, phoning AppleCare and asking for the Account Security team, and filling out and submitting this form.
  (99891)

• Help Desk - Project Management Add-on

  Background:  We currently offer a third party e-commerce solution for our clients called Four51.   Four51 is integrated into our SAPB1 platform.   We provide comprehensive print managment and marketing fulfillment programs for medium and large sized organizations.  ( We have 20 associates and about 6MM in sales - size perspective )   
  1st Problem:  In support of about 100 e-commerce sites for our end clients we receive multiple help desk request daily.   We have found the B1 core does not quite fit the need to track help desk service request etc....
  2nd Problem:  In addition to the help desk service ticket issue....we also have a scheduling requirement for our ebusiness group. Example:  we have 4 site builds....I need to be able to track the estimated FTE hours to build 4 sites and then benchmark against project completed and actual FTE hours deployed.
  Sought solution:   Is there a SAPB1 Add-on that will handle help desk service request...and project scheduling....integrated of course to my Business Partner data in B1.....and provide reporting etc....
  If there is not an Add-on is there a software solution that is recommended.   Any recommendations or information would be very helpful.

  The customers might benefit from using salesforce.com and using the netweaver integration which works with 2007 SP1 and 8.8.
  Also you can suggest that they use SAP by-design if available in your market as it tends to be a very modular version of All-in-One with some nifty features and lots of flexiblity.

• Powershell Script: Add users from an OU to an AD security Group

  Hi
  can anybody point me to a link or have a script which I can get a list of users from an OU then put them into an AD security group
  Regards

  Hi - thanks for the info the script didn't run as expected.
  What we are trying to achieve is that we have an OU with several child OU's below and we need to capture all user accounts from al OU's and then either be able to export to a CSV or pipe the out put to an AD group
  dsquery user "OU=organizationalunit,DC=name,dc=com" -limit 0 >>
  filename.txt
  with the filename.txt you can do this:
  for /f "tokens=* delims= " %i in (filename.txt) do dsmod group "CN=groupname,OU=organizationalUnit,DC=name,DC=com" -addmbr %i
  or, just pipe the initial results into the dsmod command:
  dsquery user "OU=organizationalunit,DC=name,dc=com" | dsmod group "CN=groupname,OU=organizationalUnit,DC=name,DC=com" -addmbr

• People Picker can resolve users and security group from another domain but no validation for groups

  Dear all,
  Here is the scenario of our issue:
  We are migrating from Domain A to Domain B and in Domain A we currently have a SharePoint 2013 on which we want to set permissions for users and groups that have already migrated to Domain B.
  A bi-directional trust exist between the two domains and all applications relying on trust and resolving IDs from on domain to another are working fine (Windows RDS for instance)
  The "bug" that we have is when using the PeoplePicker, it can resolve without any issue a user account in Domain A or B, and a security group (type global, I haven't tried local or universal yet) from domain A or B. But for the security groups
  only (it works well for users), when I click on "Save" to validate the add of the group to the site permissions, I have the following error:
  I have seen a lot of similar issues on the web but no answer so far that work :( 
  Example: https://social.technet.microsoft.com/forums/sharepoint/en-US/74e8d14b-a0f4-4e21-8cfa-b1a937247160/cant-provision-security-to-old-domain-users
  If you have any question that could help you to understand it, do not hesitate. 
  Thanks a lot in advance for your help ! :)

  Can you give the snippet from the ULS log where you're seeing this error?
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Trying to use a task sequence to add a computer to a security group

  I am using the following code to try to add a security group to a computer account when I am imaging using MDT 2012.  I get the following errors after the imaging process has completed.  
  Any help would be greatly appreciated.
  Thanks,
  Andy
  Exception calling "InvokeMember" with "5" argument(s): "Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))"
  TaskSequencePSHost 03/24/2015 8:45:29 AM
  0 (0x0000)
  At \\AOTWDS01V\DeploymentShare$\Scripts\dagroup.ps1:26 char:2
  +     $UserDN = $SysInfo.GetType().InvokeMember("ComputerName", "GetProperty", $Null, ...
  +    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  TaskSequencePSHost 03/24/2015 8:45:29 AM
  0 (0x0000)
  NotSpecified: (:) [], MethodInvocationException
  TaskSequencePSHost 03/24/2015 8:45:29 AM
  0 (0x0000)
  The following exception occurred while retrieving member "Get": "The specified domain either does not exist or could not be contacted.
  " TaskSequencePSHost
  03/24/2015 8:45:31 AM 0 (0x0000)
  At \\AOTWDS01V\DeploymentShare$\Scripts\dagroup.ps1:30 char:2
  +     $strDomainPath = $ORoot.Get("defaultNamingContext")
  +     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  TaskSequencePSHost 03/24/2015 8:45:31 AM
  0 (0x0000)
  NotSpecified: (:) [], ExtendedTypeSystemException
  TaskSequencePSHost 03/24/2015 8:45:31 AM
  0 (0x0000)
  Exception calling "Execute" with "1" argument(s): "An invalid directory pathname was passed
  " TaskSequencePSHost
  03/24/2015 8:45:32 AM 0 (0x0000)
  At \\AOTWDS01V\DeploymentShare$\Scripts\dagroup.ps1:38 char:3
  +         $oRs = $oConnection.Execute("SELECT adspath FROM 'LDAP://$strDomainPath' WHERE ...
  +    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  TaskSequencePSHost 03/24/2015 8:45:32 AM
  0 (0x0000)
  NotSpecified: (:) [], MethodInvocationException
  TaskSequencePSHost 03/24/2015 8:45:32 AM
  0 (0x0000)
  Param(
  [string[]]$GroupNames,
  [String]$Admin,
  [String]$Password
  if($GroupNames)
  [int] $ADS_PROPERTY_APPEND = 3
  #Get the computer DN
  $SysInfo = New-Object -ComObject "ADSystemInfo"
  $UserDN = $SysInfo.GetType().InvokeMember("ComputerName", "GetProperty", $Null, $SysInfo, $Null)
  $ComputerDN = "LDAP://$UserDN"
  #Get the Domain DN
  $ORoot = [ADSI]"LDAP://rootDSE"
  $strDomainPath = $ORoot.Get("defaultNamingContext")
  #Create ADODB connection
  $oConnection = New-Object -ComObject "ADODB.Connection"
  $oConnection.Provider= "ADsDSOObject"
  $oConnection.Open("Active Directory Provider")
  foreach($groupname in $GroupNames)
  #Get the specefied group
  $oRs = $oConnection.Execute("SELECT adspath FROM 'LDAP://$strDomainPath' WHERE objectCategory='group' AND  Name='$groupname'")
  If (!$oRs.EOF)
  $strAdsPath = ($oRs.Fields |  Select value ).value
  If($strAdsPath)
  If($Admin -and $Password)
  $objGroup = New-Object DirectoryServices.DirectoryEntry($strAdsPath,$Admin,$Password)
  Else
  $objGroup = [ADSI]$strAdsPath
  $objComputer = [ADSI]$ComputerDN
  #verify if the computer is a member of the Group
  If ($objGroup.ismember($objComputer.adspath) -eq $false) 
  #Add the the computer to the specefied group
  $objGroup.PutEx($ADS_PROPERTY_APPEND,"member",@("$UserDN"))
  $objGroup.setinfo()

  If you are using UserID UserDomain UserPassword those variables are base64 encoded.  You could decode them via something similar to this:
  https://social.technet.microsoft.com/Forums/en-US/6c11827f-982d-4fa1-a76d-70a615912d62/mdt-2012-automation-example-of-how-to-use-userdomainuserid-userpassword-in-a-script-move-ou?forum=mdt
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Help desk users reset port security

  I`m looking for a way through Cisco
  works for helpdesk users to be able to reset port-security

  You can create a user defined task that in RME that basically  does a shutdown and no shutdown to the interface under one job .
  Or use CiscoView --> Select the device ---> Right Click the network interface that is disabled.Choose configure --> a popup will appear,  select the interface and in the field labeled "Admin Status" choose "down" click apply. Do the steps again and in the admin status field, choose "up" and click apply. This should reset the port security.

• Question to the Power Users RE: Time Capsule Disk Mgmt and Security

  I was real excited to get the Time Capsule, but now since I have it I have to say its lack of security and disk management features are disappointing.
  I am thinking of giving up on Time Machine backups completely (I have never been thrilled with TM) and using the Backup 3.0 that is available to .Mac users. If I backup one machine using TM to the TC, I can login from a different machine and modify/delete the backups, this is not secure from accidental or malicious access.
  What I am hoping to do is to create logical partitions on the drive and use a program like PGP to encrypt the disk. This so far has been a real pain in the @$$ because of the lack of disk mgmt with the TC.
  I have used the OS X disk utility to create a disk image (takes forever) and it does not automagically mount itself, so PGP will not recognize it is a disk. I then decided to start over and use the Airport Utility to erase the disk (this has been running for about 12 hours now, and is still flashing amber). I am not sure if this TC is DOA or just slow as cr@p.
  If anyone has any ideas on how to make an out of the box TC more secure, please share.

  darndawg wrote:
  Have you been able to get all of your applications to recognize the disk image as a place to save/create/modify files?
  All applications? Only tried some - but since I was able to copy 56GB of iTunes content to the drive and access it with TuneRanger - I am fairly certain it is universally available.
  With the encrypted disk image, can you decrypt that image from another machine with a passphrase? I believe the answer is no, which is why I want to use PGP to encrypt the disk image.
  I believe the image is not machine restricted. The only encrypted image I have is on a USB memory stick. I will have to try and open it on my other mac.
  I did create a 50GB disk image successfully, however I changed my mind and decided I wanted to create an image using the entire TC disk.
  I deleted the disk image I had created, as well as the TM backups on the disk. I then used the Airport Utility to do a "quick" erase of the disk, and now 36 hours later it is still erasing the disk.
  That sounds wrong.

• Why does my mac safari keep redirecting me to websites like Mackeeper and popping up with ads all over the websites i visit?Please help me get rid of this problem safely and securely

  Hey,
  My mac keeps redirecting me to pages like MacKeeper and stuff on safari.
  Its also popping up with a ton of ads like you just one and i phone 5 and crap.
  Also when i click somewhere on the page where I'm not supposed to click some times it
  redirects me to a new page please help!!!!:/ If u give me any websites to use
  please make sure there securer or u have used them before so i don't get anymore viruses!
  P.S i only got my mac this year
  Thanks if you can help

  You may have malware installed on the Mac. To remove it run this:
  Adwaremedic: Removes all known adware from your Mac

• GRANT ACCESS with sys user

  hi
  i have an user with objects, tables, views and procedures but it doesn't´t have dba privileges... how can i grant access to all the user to these objects? (with the sys or system user).
  thanks for your help.
  alex

  Hello,
  Every user in database has its objects and DBA privileges are not for everyone.
  how can i grant access to all the user to these objects? (with the sys or system user)<<<<<<Can explain these lines ?? What's your requirment ?? Please state clearly...
  As far as i got your problem, you require that all other users of databse should be able to access the objects of user (lets say A) which you specified in first line.
  For this purpose create public synonyms for all objects of user A and grant. So, everyone can use the objects of "A's" schema.
  Please update..... if you got the point or not...

• Allow help desk to manage open files on file server

  I am looking to delegate the ability to manage open files to our help desk users.  They are getting an increasing number of calls from users asking about files and who has them open, or to force close them..etc.
  The help desk users are not admins on our file server, therefore do not have access to RDP to the file server.  I was hoping they could do it from computer management RSAT tools on their local machine.  I just don't know how to allow them to do
  it.
  Thanks
  sb

  Hello,
  Since they are not able to RDP the FS then they should need to access files using shared folders.
  For that, you will need to share the root folder where your files are. Please give Full Control permission on it. Here, to manage their permissions, you can grant them what you want using NTFS permissions.
  Note that NTFS and Share permissions are combined and the user will be have the minimum of privileges when he access the folder as a share. For that, I recommended using FC permission on the shared folder to avoid additional management tasks.
  This
  posting is provided "AS IS" with no warranties or guarantees , and confers no rights.   
  Microsoft
  Student Partner 2010 / 2011
  Microsoft
  Certified Professional
  Microsoft
  Certified Systems Administrator: Security
  Microsoft
  Certified Systems Engineer: Security
  Microsoft
  Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
  Microsoft
  Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
  Microsoft
  Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
  Microsoft
  Certified Technology Specialist: Windows 7, Configuring
  Microsoft
  Certified Technology Specialist: Designing and Providing Volume Licensing Solutions to Large Organizations
  Microsoft
  Certified IT Professional: Enterprise Administrator
  Microsoft Certified IT Professional: Server Administrator
  Microsoft Certified Trainer

• User won't add to an AD security group

  Hello,
       I've been scouring around the last few days and I've come up empty handed with an issue I'm having on a personal domain and I'm hoping someone here can point me in the right direction.
       I have a domain controller set up in a lab environment running Server 2012 RU with three computers and three users joined to the domain.  I'm currently attempting to apply group policy via AD security groups but I've hit a dead
  end.  I've created the users and moved them to a nested OU, we'll call it SiteA>Users.  I then created a global security group called Control Panel Restriction and placed it in a nested OU in SiteA>Groups, and joined one of the users to the
  security group.  I then created a group policy and configured it to restrict all access to the control panel and linked it to the SiteA OU.  In security filtering I've removed the authenticated users group and added the Control Panel Restriction
  group.
       The first time the user is joined to a security group it seems to work fine.  If I remove the user from the group and run gpupdate /force, the user can once again access the control panel.  From that point going forward,
  however, it's as if the user is never added to a security group again.  I can add the user directly to the security filtering section of the GPO and it works, but it's like security group membership will not update anymore for that user.
       Troubleshooting:  I've verified the permissions of the security group for the GPO and made sure it has read and apply group policy access, I've created a test user and placed it in the Control Panel Restriction security group
  and policy applied successfully (once), so I know the group works.  I ran a gpresult /r for the user and found the group policy IS being applied, but it's being denied through security filtering.  In the group membership section of the gpresult report
  it indicates the user is only a member of the default security groups in AD, not the custom made security group, even though a quick inspection of AD proves otherwise.
       Any advice?

  After you add, or remove, a user from a group, ensure that the changes have replicated/propagated across the DC's (waiting for your replication cycle time is usually enough), then, ensure that the user logs off, and then log the user on again.
  The logoff/logon cycle is typically important, since the user's security token is constructed at logon, and the token is constructed based on group memberships at the time of logon.
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Prompted for credentials when running the Recovery Audit Report on MBAM Help Desk web portal

  I am prompted for my credentials when I try to run the Recovery Audit Report on MBAM Help Desk web portal.  I am a member of the MBAM Read Only Reports group which I specified during the web portal configuration wizard.  I would like to suppress
  the prompt for credentials.

  Add the URL to the Local Intranet sites did not work.  The Help desk  web portal is on port 8088 and it does not allow you to specify the port when you add the URL to the Local Intranet sites.  I am able to access the Reports page from the
  Help Desk web portal when I open a browser on the IIS server, but the Reports page does not open without a prompt when I open a browser on a client.  Strange.

• Delegated Admin 7 - Delegating Administration (i.e. Help Desk Accounts)

  I need the ability to grant Help Desk folks the rights to use Delegated Administrator and give them rights to change user's passwords and possibly some other attributes. I can't seem to figure out how to accomplish this. The Help Desk users already exist in my Directory Server. I was hoping it was as easy as assigning a role to the Help Desk users.
  How do I accomplish this?

  sheger77 wrote:
  I need the ability to grant Help Desk folks the rights to use Delegated Administrator and give them rights to change user's passwords and possibly some other attributes.Delegated Administrator isn't designed for this type of scenario.
  The three roles available in DA are TLA (Top Level Admin), SPA (Service Provider Admin) and OA (Organization Admin). These are all "super-user" style roles for the creation and maintenance of Organizations, Users/Resources etc.
  DA doesn't provide the granularity to provide a very restricted set of rights to a given user base. If you want this kind of functionality then you should be looking at something like IDM (http://www.sun.com/software/products/identity_mgr/index.xml).
  Regards,
  Shane.