Help needed restricting users admin access to devices using ACS 4.2

Similar Messages

• Controlling Access to devices using ACS

  I am using ACS 3.2 and on the NAR section,I have used a wildcard (*) to define all the network devices on my network.All my users are in one group. However,I have just realised there is the need for me to create another group and put some users in that group so they only have access to some routers and switches and not all as define by the wildcard.
  How do I achieve this goal.?

  Under NAR select the Per Group Defined Network Access Restrictions.
  Select the AAA clients you want the group to access.
  Use the wildcard mask in the port and the address field.
  You can also group the devices which you want to give access under a seperate NDG and in the NAR give permission to only this NDG for the group. In this way you may need not add individual AAA clients
  HTH, rate if it does
  Narayan

• User admin access

  Hi all,
  I have an issue that I'm not sure how to script in to resolve.
  I have a script that runs, binds them to AD, sets an AD group as admins to the machine, which the user is part of. That works, but when they shut down and go offline, they can login with their cached credentials, but they are no longer admins to their own machines. I have to login as local admin and set the user as admin. How do I add this to the script so that the user is always admin regardless if they are off or online and I don't have to touch every machine after they have logged in to add them as admins.
  Thank you in advanced!

  Jeremy Mlazovsky <[email protected]> wrote in
  news:zJI6h.4247$[email protected]:
  I guess I over simplified my example too much. In reality, I have
  several users who need admin access to one or two workstations each, but
  are essentially regular users elsewhere.
  > Why use DLU?
  >
  > Just make a local account for him on that one computer and add him to
  > the Administrators group.
  >
  > Brian Mantler wrote:
  >> I would like to give a user admin access to one specific workstation,
  >> but regular access to all other workstations.
  >>
  >> For example I want user John to have admin access to CPU1, but
  >> regular access to all other CPU's.
  >>
  >>
  >> I have a user policy package that has the appropriate group policy
  >> and DLU policy associated to John. The DLU has Enable Login
  >> Restrictions and inlcludes just CPU1.
  >>
  >>
  >> When John logs in to CPU1 he becomes a member of the local
  >> administrators and the appropriate group policy is placed in effect.
  >>
  >> If a regular user logs into CPU1 they receive our standard group
  >> policy and become members of the local users group.
  >>
  >> However, if John logs into a different computer, say CPU2 he does not
  >> get any DLU created. In this situation, I would like John treated
  >> like our regular uses and a local user created that has only regular
  >> user rights
  >>
  >> Any ideas?
  >>
  >> Thanks
  >
  >

• HT204074 I have just changed my iPad mini password a day ago when trying to log on today it worked fine until about 4:30 (GMT) when I could not access the device using the correct password. I am absoloutley 100% sure it's correct. Any help?

  I have just changed my iPad mini password a day ago, and when trying to access it today it worked fine until about 4:30 (GMT) when I could not access the device using the correct password. I am absoloutley 100% sure it's correct.Additional details:I was last using Kik messenger before it stopped working.I was sitting less than two foot away from the PS3 my brother was playing.I'm 14 but I'm not some spoilt kid who gets iPhones and iPads from his parents to mess around with, I have got important coursework and homeworks on there.Any help would be great Thanks.

  Hello ConfusedLlama
  If the password is not working to get into your iPad mini, you would need to follow the steps to restore it. If you have a back up through iCloud or through iTunes, you can restore from that back up and it would not bring back the passcode unless it is encrypted.
  iOS: Forgotten passcode or device disabled after entering wrong passcode
  http://support.apple.com/kb/ht1212
  Regards,
  -Norm G.

• Users cannot access removable devices after you enable and then disable a Group Policy setting in Windows 7 64 Bit

  Users cannot access removable devices after you enable and then disable a Group Policy setting on Windows 7 64 bit machines.
  on the 32 bit machines I was able to apply this hotfix
  http://support2.microsoft.com/kb/2738898
  But it will not install on 64 bit machines. 
  Is there a hotfix for 64 bit?  If not, what is the work around?
  Thanks!
  Robert

  Select "Show hotfixes for all platforms and languages", then download x64 hotfix:
  Please take a moment to Vote as Helpful and/or Mark as Answer where applicable. Thanks.

• AAA authentication for networking devices using ACS 4.1 SE

  Hi!!!
  I want to perform AAA authentication for networking devices using ACS 4.1 SE.
  I do have Cisco 4500, 6500,2960, 3750, 3560, ASA, CSMARS, routers (2821) etc in my network. I want to have radius based authentication for the same.
  I want telnet, ssh has,console attempt to be verified by radius server & if ACS goes down then it will be via local enable passwordf.
  For all users i need to have different privilege levels based upon which access will be granted.
  could u plz send me the config that is required to be done in the active devices as well as ACS!!!!

  Pradeep,
  Are you planning MAC authentication for some users while using EAP for others?
  For MAC authentication, just use the following in your AP.
  aaa authentication login mac_methods group radius
  In your AP, select the radius server for mac authentication. You must have already defined your ACS as a radius server.
  In your SSID configuration, under client authentication settings,
  check "open authentication" and also select "MAC Authentication" from the drop-down list.
  If you want both MAC or EAP, then select "MAC Authentication or EAP" from the dropdown.
  Define the mac address as the username and password in ACS. Make sure the format of the mac is without any spaces.
  You will not need to change anything in XP.
  NOTE: XP normally does not require user authentication if machine has already authenticated but it might behave differently. If it does, I can let you know the registry settings to force the behaviour change.
  HTH

• Need help getting multiple user accounts access an app and its data

  Hello All,
  We recently got a new iMAC. We set up 3 user accounts in it. Two are admin accounts (one for me and one for my husband). The third is a user account with parental controls turned on (for our kid). Here is the basic setup:
  1. Accnt1 - admin
  2. Accnt2 - admin
  3. Accnt3 - user
  Now, I installed the complete national geographic application on the iMAC along with all the data. This is a 6 CD set that took several hours to install. I installed it logged in with Accnt1 (please see above). This installed all the data (150 years worth of data) onto the Documents folder for Accnt1.
  The installation was successful and when I launch the application, I can view all the data from Accnt1.
  So what is the problem? I tried logging in from Accnt2 and Accnt3. While the applciation is visible and will launch from both those user profiles, no data gets displayed. My guess is that this is because the data from the 6 CD's got installed onto the Documents folder for Accnt1 which is not viewable/accessible from Accnt2 and Accnt3. Therefore, nothing gets displayed.
  How do I fix this issue without reinstalling the software so that ALL 3 user accounts on my iMac can access the application AND its data?
  My guess is that I will have to provide user permissions/access to the Documents folder for Accnt1 such that both Accnt2 and Accnt3 are read/write. I tried to do that via the Finder and 'More info' operation wherein I click on the tiny lock icon at the bottom of the screen and add Accnt2 and Accnt3 as read/write. But this does not fix the problem for ALL folders further down and I dont want to fix each and every folder.
  Is there a quick way to resolve this problem? Can I fix this issue via a terminal window with a command?
  Please do help me out.
  Thanks in advance
  Anonymous76

  Move the data folder out of A's documents folder and into /Users/Shared. Then, control-option-command-drag the data folder from its new location back to its original location in A's documents folder. This makes an alias. Log in to the other user accounts and repeat the process for making aliases, to each user's Documents folder.
  You might also contact the developer and politely suggest that they learn how to write programs properly for Mac OS X.

• How do I restrict access to 4 devices using ACS

  Currenlty in our ACS we have Group A configured to have access to all network devices-f with ull privilege level 15 access to all devies
  We are now trying to implement 4 new users, however we only want them
  to have access to 4 devices-routers (4 IP addresses)-and only have
  basic level 1 functions in the router
  Is this done under Network Access Filter or Network Access Group?
  Do I need to create a new group or can I somehow implent that into

  I'm using ACS v 4.2 on windows server-TACACS
  Under NAF I have configured the IP's of the server I want them to access under Selected Items
  Under NAR I have permitted calling point
  with the NAF and  *  *
  Under the Group Settings
  Network Access Restrictions (NAR)
    Shared Network Access Restrictions
  Only Allow network access when
  All selected NARs result in permi
  all selected NARs result in permit..with the NAR i just configured in the selected NAR list

• Restricting users in accessing project/project reports

  Hi,
  We are having various Projects created thru PS Module, which can be categorized thru Project Types "Large", "Medium", "Small", "Utility" etc.
  We need to block users from accessing certain projects (by Project Type or individual project itself) which they are not attached. Access should not be available for create,change,display of master data and viewing all reports to these projects. Whether it is possible within PS Module or is it possible by authorization restriction thru basis.
  Please provide your valuable update.
  Regards,
  Vinod

  Ketul,
  You are right. SAP gives hierarchical reports in controlling area currency.
  All hierarchical reports are report painter reports. You need to copy the report going into CJE0 and in form change the currency to company code currency for all key figures.
  Later you can assign an transaction code to access these reports in company code currency.
  Hope it helps.

• How can i give multiple users admin access?

  I would like to give another user on my macbook pro admin access, so that they can install programs without having to ask me for the password each time. I do not want the password to be the same for my profile, because I don't want them getting into my account. So is it possible to have a separate password for admin use only? This might be a dumb question and I know their is probably a simple way to do this, but I'm new to macs so any help would be greatly appreciated. Thank you.

  Convert a standard user to an administrator
  Choose Apple menu > System Preferences, then click Users & Groups.
  Click the lock icon  to unlock it, then enter an administrator name and password.
  Select a standard user or managed user in the list of users, then select “Allow user to administer this computer.”
  http://support.apple.com/kb/PH18891

• How to restrict users to access the files directly from /irj/go/km/docs/doc

  Dear Experts,
  I have made a folder in KM where I have saved some files, and also I have made a application from where user can access those files.
  But the users are able to access the files by directly typing the path of the file in internet explorer, I have to restrict it that the user should not be able to access the files directly.
  Please give your helpful suggestions.
  Warm Regards
  Upendra Agrawal
  Edited by: Upendra Agrawal on May 15, 2009 4:49 PM

  Hello,
  You can have a link/button react to a mouse clic by reading the KM document and putting it on the htpp flux with the correct header (this is the same kind of code that is used when you generate the pdf). As the file access is in you server-code, user will not have access to the URL...
  an exemple for the WD Java (coming from this [PDF|https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/d0cc41cb-9576-2b10-99a6-ab90ef28c73b]), with slight modifications :
  public void exportToPDF( ) {
     //@@begin exportToPDF()
     ByteArrayOutputStream outputStream = null;
     outputStream = new ByteArrayOutputStream();
     // read the file with KM API and copy it to the outputStream
     showPopUp(WDWebResourceType.PDF, outputStream, "PDF Out Put");
     outputStream.close();
  //@@end
  regards
  Guillaume

• How can i restrict user to access database object (procedure) or JSP

  Hi
  I have 9ias infrastructure 902, on win2k box with 9i DB.
  and I have one PL/SQL web application and another J2EE application both are hosted by 9ias 902.
  Now we are looking forward to couple both with SSO.
  I have deloyed samples of both and works fine.
  Each application have different set of users, i mean there is no common user.
  How can i restrict user not to view the web page which is not authorised to them.
  as far as i understand from the Grocery demo is pick the role (which is a string only) from OID and programaticall apply security via if else endif construct.
  can any one through light upto my concern.
  regards
  [email protected]

  Hey Mary
  No i haven't try to do that via pl/sql....
  as the our application is j2ee app... deployed in oc4j.. with sso and ldap....
  still finding to do so....
  what i have realized that LDAP is just to store user information in inverted tree... and one have to build separated access security mechnisum that will be applicable to j2ee system....
  thanx...
  samir....

• Restrict user to access report of a specific layout

  Hello experts,
  We have a std. CJI3 report. In this report I have created a layout (see screen shot) and I want a user to access only that data of the report which comes with this layout.
  Kindly suggest if there is a way to control the access in this way.
  I though of creating z-report using call transaction function (to call cji3) and use screen variant for it.. but I dont want to go this way..
  Kindly suggest.
  Thank You.
  Regards
  Saurabh

  That would work nicely, if you also implemented note http://service.sap.com/sap/support/notes/1113939.
  However, I doubt this will be enough for CJI3, which has "Free Selections" as well as "Extended Selections" AND DB-Profiles.

• How to access Sharepoint List using a Different user. Access SharePoint List using some Authentication

  Hi,
  SharePoint version 2010
  I am building an application in Java and would want to accesss a SharePoint List through REST. I have been trying to find out how the authentication process would work once i want to deploy it into Production. 
  I am not able to find anything useful to send user detail / authentication. Can you please help me out here.
  Thanks,
  Bhaskar.
  Thanks, Bhaskar

  Hi,
  According to your post, my understanding is that you want to access SharePoint list from Java application through REST.
   In some cases you may need to create a new access token (this is somewhat akin to "running as a different user").
  Essentially, you are using a different user's security context. Typically, you would create an Active Directory account specifically for this purpose and then grant appropriate rights to the user account in SharePoint.
  http://sharepoint.stackexchange.com/questions/83440/authenticate-external-systems-against-sharepoint-rest-services
  There are some articles about this topic, you can have a look at them.
  http://stackoverflow.com/questions/10722215/authenticating-to-sharepoint-with-kerberos-from-a-java-httpclient
  http://ctp-ms.blogspot.com/2012/12/interoperability-between-java-and.html
  Thanks,
  Jason
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Jason Guo
  TechNet Community Support

• Accessing peripheral devices using NetWeaver Mobile 7.1 application

  Hi,
  I'm developing an occasionally connected application for handheld devices using NetWeaver Mobile 7.1. From my application how can I access other peripheral devices (for example: WebCam) to capture the pictures.
  Suggest me the ways to access the peripheral devices (WebCam) from my NetWeaver Mobile application.
  Thanks in advance.
  Regards,
  DVR.

  Hi Vinodh,
                 Please refer to SAP Note: 1057759 for getting the list of peripheral input/output device drivers supported in SAP Netweaver Mobile 7.1
  You can also go through the help portal link on how to use peripheral devices in mobile application.
  http://help.sap.com/saphelp_nwmobile71/helpdata/en/8F/0B674240449C60E10000000A1550B0/frameset.htm
  In case you want to use another peripheral device like Webcam not supported, then you will have to take care of this in the application code itself. You can use JNI etc to talk to drivers like in a normal java application.
  Regards,
  Nipun