How to Design User Accounts and Groups for Human Task

Similar Messages

• AUDIT action (create, delete, privilege escalation, set and change password from users account and group) users and admins in Solaris 10

  Hello.
  in Solaris 10 i need auditing process create, delete, privilege escalation, set and change password and etc... from users account and group.
  I set settings:
  in file syslog.conf:
  *.info;mail.none;cron.none;audit.notice            @IP-Remote-syslog-server-SIEM
  in file   /etc/security/audit_control:
  dir:/var/audit
  flags:lo,ad,ex,cc,am,no,fc,fd
  minfree:20
  naflags:lo
  plugin:name=audit_syslog.so;p_flags=lo,ad,ex,cc,am,no
  in file   /etc/security/audit_user:
  root:lo,ad:no
  Now I see in the logs only the fact of a connection via SSH and run processes on behalf of users. Creation. delete users, change passwords for some reason do not is logged.
  Many users. For each individual write permissions in the file /etc/security/audit_user not possible, it is likely to forget any new user (or there is a possibility in this file one line to describe the audits for all accounts?)
  Where is the mistake?

  You are most likely hitting Bug 15779000 user/role/groupadd/mod/del don't audit their use.
  And the fix is only available in S11.2.
  -- Renaud

• Mapping NT user accounts and groups in BOXI 3.1.i'm getting below error

  Mapping NT user accounts and groups in BOXI 3.1.i'm getting below error
  In BOXI 3.1 CMC
  .NT Authentication is enabled check box is selected.
  In the Mapped NT Member Groups area, entered the NT domain\group in the Add NT Group text box.
  like : secWindowsNT:
  BLRKEC148827D\BusinessObjects NT Users
  getting error like
  "The secWindowsNT security plugin is not enabled. Contact your system administrator for details. (FWB 00002) "

  You shouldn't be using the NT plugin in 3.1, is there a reason you are using this plugin over AD? If you really want to use it you may need to open a case with support and trace the CMS. Are there any groups currently mapped? if you hit update without adding/removing what happens? What if you remove the NT users group and hit update?
  Regards,
  Tim

• How to delete user accounts and free up space on my macbook air?

  How can I delete a user account and free up space on my macbook air ridding of all their details/info/app/software?

  Go into system preferences and click on users & groups click the lock icon to unlock it, then select the user click the minus sign. 

• How to hide user id and password for auto login in Analyzer 6.5?

  Could anyone tell me is it possible to hide the user id and password for auto login in Analyzer version 6.5 and how?Thanks in advance...

  Sainath,
  Referring admin guide as mentioned by Craig is good option.
  Let me give you few steps that I did in one of my projects.
  Open command prompt and navigate to the path "C:\Oracle\Middleware\EPMSystem11R1\products\DataRelationshipManagement\client\batch-client".. here you can see many see other utilities as well.
  drm-batch-client-credentials.exe is the one used to encrypt the userid and password.
  open this in command prompt and then choose the application to which you want to encrypt the password.
  then remove userid and password from batch script then run it... it does what you want

• How to recover user accounts and email after clean (not upgrade) server reinstall

  I  have a OSX Mavericks Server 3.1.2 that has developed issues than only a clean install will resolve. I have a large number of user accounts and email data that needs to be reinstated after the the clean install and I am not sure if Migration from a backup is the best way to reover the  user data. Someone p[lease tell me that I dont have to recreate all the user accounts and restore the email directories manually! Any help would be greatly appreciated.

  Helloo,
  I know that it is not the same issue but you might try the steps below listed since it is the same error message and there seems to be a fault in the registery of XP
  http://support.microsoft.com/default.aspx?scid=kb;en-us;314060
  hope it helps
  Cheers

• How to manage user account and management through AMS

  Hi all,
  I’m in the process of designing a new mobile app that requires user registration, login and password reset. Basically all the standard user self service activities that public apps provide. Imagine Instagram for example.
  We’re already looking at Azure Mobile Services and Facebook, Live, etc. authentication. But I’m a bit unclear on how to best handle manual user registrations. How would you best handle a user who decides that they want to register
  without their social account?
  User table in the custom application DB with user name, password, etc. and custom user management pages for registration, login, password reset
  Azure Active Directory and OAuth same as with facebook, etc. Then build custom user management pages for registration, login, password reset, etc.
  Some other Azure service that I don't know about?
  Something else?
  I noticed there is already another related question here:
  https://social.msdn.microsoft.com/Forums/azure/en-US/ca5527f6-1130-4ebb-b335-2d4d6eda7734/create-new-account-and-reset-password-options-on-aad-signin-page?forum=azuremobile
  The 2 important aims for this app are to require minimal maintenance and support overhead and high security at the same time.
  Thanks,
  Kia

  I am not saying that, but with your question it looks like you want a custom auth.
  Did you saw these article:
  Register your apps to use an Azure Active Directory Account login
  Authenticate your app with Active Directory Authentication Library Single Sign-On
  Sara Silva - Microsoft Visual C# MVP
  My blog |
  My Windows 8 Store Apps Samples |
  More Samples
  Follow me in Twitter @saramgsilva
  My Windows 8 Store Apps:
  Female Pill |
  Galinho (Tic tac Toe) |
  24 |
  My Snake
  My Windows Phone Apps

• How to maintain different account assignment group for a material

  One of our items in plant A was extended in B to use in an business scenario.
  Since the item was extended using the copy function every change
  made in A seems to affect our Item master in B . What governs this?
  Since the item is manufactured in A the Acct. assignment Group in
  Sales Org. 2 is set to 01 manufactured item, while for B it is a
  purchased item and so 03.
  Please let me know how to go a head with this.

  Hi
  As per standards and logics a material can be created only once in MM01
  In MM01 we create a material say pen under some organizational data and that includes plant, storage location,sales org,DC,warehouse etc
  If you are extending the same material to another plant the same can be done in MM01 with the new organizational data and after that if you hit enter you will get a message that the material is already created and extended to such and such data
  In that exept the basic data 1 and 2 many or most of the fields can be changed
  I have checked account assignment category in sales org data 2 can be changed
  Say for plant 1000 for material pen assignment category can be 01 and
  plant 1001 for the same  material pen assignment category can be 02  like that
  The extra keys for account assignment categories are defined in t code OVK5
  img-sd-basic functions-account assignment and costing-revenue account determination---check master data relevant for account assignment
  Relevant VKOA settings to be done
  Then based on plant (in sales order) diffrerent GL accounts will be picked
  So a same material with respect to the organizational data can have different account assignment categories
  Regards
  Raja

• How close an user account and maintain the accessibility of orders

  Hello,
  I have a question about HRMS.
  I would like to close a user while still being able to see the commands created by this user.
  For example, I have a user "A", he created orders "COM_01", "COM_02" and "COM_03". I fill out an end date for closing this user.
  Then, in a second time with the user "B" (user still active) I want to see the orders "COM_01", "COM_02" and "COM_03".
  But, it's not possible.
  What should I do to enable the consultation of these orders?
  Thank you in advance for your help.
  regards,
  Antoine.

  That's what I meant. My original plan was:
  1) Create a new account with admin privileges.
  2) Make the original account a standard account.
  Unfortunately, this does not work because the name of the original account is: "admin". And for whatever reason, it is impossible to remove admin privileges from an account named: "admin". The checkbox for doing so is grayed out.

• OSD: How to add user account to group administrators

  I has a variable named "AdminAccount", I want to add "AdminAccount" to inbuilt administrators Group.
  How to do it? Script?
  Thanks in advance!

  Hi,
  Net add command should do it.
  What format do you have it in the variable?
  net localgroup administrators contoso\AdminAccount /add would do the trick just replace the either accountname or the domain\accountname and you should be fine.
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• HT4796 I used migration to transfer iTunes from pc to mac book. It had me set up another user account. Now i have 2 user accounts and i have the iTunes on the wrong one. How do i get the iTunes on the original account.

  I used migration to transfer iTunes from pc to mac book. It had me set up another user account. Now i have 2 user accounts and i have the iTunes on the wrong one. How do i get the iTunes on the original account.

  In Mail Preferences/Accounts/each GMail account, set up the SMTP Outgoing Server for each account separately, going into SMTP name/edit/Advanced and specify the Username of each account.  The Outgoing servers must be two different servers, authenticated by the Username and Password of each.
  Otherwise, the GMail SMTP server will change the from address to that of the account where the SMTP server was setup.
  Ernie

• How can I find the user that created a user account and the user who last updated the account

  How can I find out who created a user account and who last updated the account. I think that this is the same information that is displayed in the description field on the General tab.
  I am using ADO commands and vbscript
  ug3j

  I should point out that there are two attributes of all AD objects that can help you track down the correct information in the system logs. These are the whenCreated and whenChanged attributes. This will tell when the object was created and when it was last
  modified, which should help when you search the logs. Also, while whenCreated is replicated to all DC's, so they will all have the exact same creation time, the whenChanged attribute is technically not replicated. The date/time on each DC reflects when
  the last modification was replicated to that DC. The values will differ slightly on each DC, reflecting how long it took for the change to replicate.
  Richard Mueller - MVP Directory Services

• I have one imac. my wife and i each have our own user accounts and itunes library.  How do we share selected music between user accounts?

  i have one imac. my wife and i each have our own user accounts and itunes library.  How do we share selected music between user accounts?

  To give other users read-only access to your library, use the Sharing features of iTunes. Sharing works over the local network as well as on the same computer. See the built-in help for details.
  If you want to give full read/write access to more than one user, see the support article linked below.
  iTunes: How to share music between different accounts on a single computer

• How to stop the removing a user account and saving the home directory  to a disk image?

  I tried to delete one of two administers on my iMac (10.10.1). After more than 12 hours it will not let me quit System Preferences for it "is removing a user account and saving the home directory to a disk image". How do I finish deleting the administer and quit System Preferences?

  I would recommend asking them in C# forums: https://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=csharpgeneral&filter=alltypes&sort=lastpostdesc
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• How to exclude user account for auditing.

  I would like to know how to exclude user account from the audit policy, such as below.
  AUDIT SELECT TABLE BY ACCESS WHENEVER NOT SUCCESSFUL ;
  thanks in advance.
  May

  Security team request to reduce the amount of the audit data based on the user account. Can I use FGA to implement it?possible as it lets you specify the conditions necessary for an audit record to be generated:
  FGA policies are programatically bound to the object (table, view) by using the 'dbms_fga' package. It allows you to create any desired condition,
  for example: Audit an event only when the following conditions are true:
  A table is accessed between 6 p.m. and 6 a.m. and on Saturday and Sunday.
  An IP address from outside the corporate network is used.
  A specific column has been selected or updated.
  A specific value for this column has been used.
  more detail available on Oracle by example
  http://www.oracle.com/technetwork/articles/idm/fga-otn-082646.html