HT1863 AUTOMATIC  ENROLLMENT

Similar Messages

• I have just upgraded from Lightroom 5 standalone to Lightroom 6 standalone. I ppear to have been automatically enrolled for a 30 day free trial of Lightroom mobile and Creative Cloud. Reading the FAQ, it appears that after the expiry of the free trial I w

  I have just upgraded from Lightroom 5 standalone to Lightroom 6 standalone. I appear to have been automatically enrolled for a 30 day free trial of Lightroom Mobile and Creative Cloud. Reading the FAQ, it appears that after the expiry of the free trial, if I do not sign up and pay, I will only be able to view my pictures on the desktop but not edit them - surely this cannot be true. How do I un-enroll for the 30 day free trial of Lightroom Mobile and CC?

  When I was signed into Adobe (which was a requirement for installing the upgrade), Lightroom 6 told my at the top right corner that I had 30 days left of my free trial of Lightroom Mobile and Creative Cloud. In parallel with this forum posting, I am chatting with Adobe support. he is away to find out how to prevent any synching with Creative Cloud during the 30 day free trial. I do not think that Creative Cloud is an application that gets installed on your PC. I think Lightroom 6 has it built in, and can use it if if you are signed up to the Creative Cloud and Lightroom Mobile (which I am for 30 days)

• Was I automatically enrolled in Sync? If so, why?

  I have never enabled Sync or created an account, but after updating today I noticed that I was signed in to a Sync profile. The e-mail address of the Sync profile was the same as a g-mail address that I created while using Firefox on this computer. However, at no point did I ever actually sign into Sync or actively tell Firefox that I wanted to Sync my bookmarks, etc. I have actively told Firefox that I do not want to sync anything from this browser every time it has asked. The Sync account that I was signed in under used the same password as the g-mail account I created, which is incredibly disturbing since I never provided that password to Firefox. That would seem to indicate that Firefox somehow spied on the password I entered when creating a g-mail account, which is NOT acceptable behavior from a browser. Can someone please explain what's going on here? I've never told Sync that I wanted to Sync data, nor have I told Firefox that it could use that log-in information.

  There's nothing in Firefox to automatically enroll a user with the Sync feature.
  What in Firefox are you seeing that leads you to believe that you are enrolled in Sync? ''(and where are you seeing it?)''

• Always Access Denied when choosing Automatically Enrol and Retrieve Certificates from MMC

  I am using 2008 R2 Certificate Services to issue certs across multiple forests (although don't let that muddy the waters).
  I have a need to issue certificates for use with s/ldap, so I have duplicated the Kerberos cert and removed all Intended Purposes other than Server Authentication and configured appropriate security to allow Domain Controllers/Domain Admins to enrol. 
  The certificate also requires CA Manager Approval.
  Everything looks good - I am able to enrol for the cert via the MMC, the request goes into pending, and I am then able to issue the cert.  However, when I go back into the MMC on the Server that requested the cert and choose All Tasks | Automatically
  Enrol and Retrieve Certificates, I choose the pending cert and then get Access Denied.
  On the issuing Server, I get an Event 21 in the App Log:
  Active Directory Certificate Services could not process request 8466 due to an error: Access is denied. 0x80070005 (WIN32: 5).  The request was for CN=server.domain.com.
  On the Server that requested the cert, I get an Event 9:
  Certificate enrollment for Local system was denied by servername\Issuing CA when retrieving the pending request for a SecureLDAPCertificate certificate with request ID 8466.
  The strange thing is, if I follow this procedure but using the certsrv website, it works fine and I can install the certificate.
  What am I missing?  Or is this one of those random quirks of AD CS?
  Any help is appreciated.

  Hi,
  Thanks for posting in Microsoft TechNet forums.
  According to the error messages you provided, this can be a permission issue.
  The method of Autoenrollment for a certificate depends on an Active Directory. Considering using Certsrv website was successful, the problem can be that the requester does not have enough permission to access the certificate template in Active Directory
  To autoenroll a certificate template, a user or computer must belong to a security group that is assigned the read,enroll,and autoenroll permissions.
  Only groups that are assigned these permissions are enabled for autoenrollment.
  Could you please answer the following questions for us so that we can troubleshoot the issue more effectively?
  Are the issuing CA server and the requesting CA in the same forest/domain?
  regards
  Ted

• Benefits: Automatic enrollment of Dependants

  Hi,
  At the time of group processing of default plan, can the dependants eligible for the plan be enrolled automatically?
  Thanks and Regards,
  JP

  The way we have configured this as follows:
  -  We ask employees to first add all the dependents to the system before beginning their enrollment process.
  - Adjusted the Use cases for the Dependent infotype and subtypes accordingly.
  - Implemented the BADI (with custom logic for DEFAULT_DATE) HRXSS_PER_BEGDA to control the start date of the enrolled dependents.
  - We control the start date of the dependent records created in various ways (birth day of dependent, employee start date, adjustment reasons, ... )
  With this, we are able to provide employees with the ability to add dependents as of a past date and hence enroll dependents in Benefit plans as well.
  - Shanti

• Profile Manager - Why create Enrollment Profiles?

  So a similar question was asked previously:
  Why use an enrollment profile?
  I've read through it and I don't think the answers provided tell the whole story, so I'd like to ask again adding some of my own thought and clarifications on the previous thread.  This may be considered a "primer" by some - though I am certainly not the expert on Profile Manager.  I'm laying it out there to explain my understanding and off of that, ask a question.  If you are an expert, and understand how all this works, please just skip to my question below!
  First, my experience and understanding.  (I urge others to correct/clarify where they see fit):
  The previous thread attempted to make a distinction between the 3 different types of profiles:  Trust, Enrollment.and Remote Management Profiles.
  I believe the proper 3 distinctions should be: Trust, Remote Management/Enrollment, and Configuration Profiles.
  - The Trust Profile is basically a Profile (.mobileconfig file) that contains the Server Certificate that needs to be present to validate other signed Profiles.  It's a fancy way of packaging up the Root certificates.
  - The Remote Management/Enrollment Profile is a Profile (.mobileconfig file) that delivers the Remote Management "connection".  It registers the device with the Profile Manager server and facilitates the ability to use PM/APNS to push various Configuration Profiles as well as commands (wipe/lock/etc).  It is *only* called an Enrollment Profile when you explicitly create one (more on that below).  Because an Enrollment Profile does not need to exist to enroll (or rather it will use the implicit "unseen" enrollment), this is the most confusing of the 3 Profile types.  It is further confusing because the term "Profile" is used almost elusively on the device and not within Profile Manager.  In fact the "Enrollment Profile" is the only one explicitly called a "Profile" within the management interface!
  IOW: While it is not shown anywhere in Profile Manager, I believe that "Remote Management" (called a Profile on the device) is basically the *default* Enrollment Profile that is only inferred and seen when you use the Enroll function on MyDevices.  This means you don't need to create any Enrollment Profile to enroll your devices interactively via the MyDevices page.
  - The Configuration Profile is a Profile (.mobileconfig file) that delivers specific settings.  These Profiles are applied to either Users, Groups, Devices, or Device Groups.  They can be automatically pushed to an enrolled device, or they can be manually downloaded from the MyDevices page (seems to apply to User configuration only) for devices even if they are not enrolled (this would allow the end user the 'choice' to pull down settings).
  Having outlined that, the simplest steps to enrollment...:
  When you setup Profile Manager, you can go right to the MyDevices page on your device, login, and choose "Enroll." (sample device is let's say an iPad)
  Doing so will prompt you to install the "Remote Management" profile.
  Note that when enrolling in this way it does not appear necessary to install the "Trust Profile" for your server, even when using a Self-signed Cert.  It would appear that this "Remote Management" profile contains not only the SCEP Enrollment Request and the Device Management payload, but also the Certificates that would be installed with the "Trust profile"
  So we have seen here that one can enroll a device without explicitly creating any "Enrollment Profile."
  So why use an Enrollment Profile?
  Well according to https://help.apple.com/profilemanager/mac/3.1/#apd6DD5E89E-2466-4D3C-987E-A4FF05 676EB7, the answer is pretty straightforward:
  "The user does not need to authenticate or log in to Profile Manager’s user portal"
  This is a great feature.  For one, you can create an Enrollment Profile and send it via e-mail and the user doesn't need to visit a web page and login to enroll a device.  In fact, based on my experience Enrollment Profiles can't even be accessed via the MyDevices page unless you are a Server Admin.
  However, when distributing an Enrollment Profile you seemingly *must* install the Trust Profile prior to this, or you will get an error about communicating with the server.  Several docs/tutorials you can google explain how to set up your deployment systems (specifically OSX machines) to deploy systems with both the Trust and Enrollment profiles to facilitate automatic enrollment when a new system is deployed so it can instantly be managed.
  However, since a device that is already deployed will/may not have the Trust Profile installed, one would have to visit the MyDevices page to install that prior to being able to import a delivered Enrollment Profile.  Because of that it seems that from a distribution approach (as opposed to a deployment scenario) there is not much advantage of using an explicit Enrollment Profile anyway since we already need to visit the MyDevices page to get the Trust Profile, we might as well just use the standard MyDevices implicit Enrollment.
  All devices that have enrolled themselves via a defined/explicit Enrollment Profile will be listed under that Profile in Profile Manager.  Devices that have enrolled via MyDevices will not be listed under any Profile, but rather just under Devices (where *all* devices will be shown regardless of how they enrolled).
  So, now the questions:
  So, the idea of an Enrollment Profile makes perfect sense - it is basically the only way to create an exportable profile that can be distributed and configured to automatically enroll a device without interactive enrollment via the MyDevices page.
  What I don't get is WHY is there the ability to create multiple Enrollment Profiles rather than simply providing a default exportable profile?
  The reason it makes no sense to me is there is absolutely no correlation (that I can deduce) between an Enrollment Profile and the devices that used it to enroll.  While I can see a (non-exportable) list of each device enrolled via each Enrollment Profile, it ends there.  I can't, for instance, create Configuration Settings that I link to an Enrollment Profile.  Or dynamically populate a Device Group with all devices enrolled from a specific Enrollment Profile.  If I could do these things, it might make sense to me and I have spent much time looking at the interface and scouring documentation to see where the connection is.  I have simply determined that there isn't one.
  I can go ahead and create several Enrollment Profiles such as:
  iPads
  Lab Systems
  Main Office Systems
  High Security Systems
  And I can deploy these Profiles (either via mail/file or via initial deployment) to the respective devices.  I can then see under each Profile which devices enrolled.  But, since I can't actually do anything to correlate those systems to a configuration, why would I want to do this segregation?  Sure it gives me a listing of iPads apart from OSX machines, but I can't do anything with this listing!
  Now, of course, I can still pre-stage devices and add them into particular device groups so that as soon as they are enrolled (via any Enrollment Profile) they will get the Configuration Profile(s) attached to them.  This makes the inclusion of multiple Enrollment Profiles even more suspect.
  Am I missing something?  Can someone enlighten me as to what the purpose of creating more than one Enrollment Profile would be?
  We can easily say "Well it's not hurting having them there" but, in terms of complexity and confusion I believe it is.  Had they simply provided a single Enrollment Profile ("Remote Management") that was downloadable/exportable it would have been sufficient.
  Thoughts?

  So a similar question was asked previously:
  Why use an enrollment profile?
  I've read through it and I don't think the answers provided tell the whole story, so I'd like to ask again adding some of my own thought and clarifications on the previous thread.  This may be considered a "primer" by some - though I am certainly not the expert on Profile Manager.  I'm laying it out there to explain my understanding and off of that, ask a question.  If you are an expert, and understand how all this works, please just skip to my question below!
  First, my experience and understanding.  (I urge others to correct/clarify where they see fit):
  The previous thread attempted to make a distinction between the 3 different types of profiles:  Trust, Enrollment.and Remote Management Profiles.
  I believe the proper 3 distinctions should be: Trust, Remote Management/Enrollment, and Configuration Profiles.
  - The Trust Profile is basically a Profile (.mobileconfig file) that contains the Server Certificate that needs to be present to validate other signed Profiles.  It's a fancy way of packaging up the Root certificates.
  - The Remote Management/Enrollment Profile is a Profile (.mobileconfig file) that delivers the Remote Management "connection".  It registers the device with the Profile Manager server and facilitates the ability to use PM/APNS to push various Configuration Profiles as well as commands (wipe/lock/etc).  It is *only* called an Enrollment Profile when you explicitly create one (more on that below).  Because an Enrollment Profile does not need to exist to enroll (or rather it will use the implicit "unseen" enrollment), this is the most confusing of the 3 Profile types.  It is further confusing because the term "Profile" is used almost elusively on the device and not within Profile Manager.  In fact the "Enrollment Profile" is the only one explicitly called a "Profile" within the management interface!
  IOW: While it is not shown anywhere in Profile Manager, I believe that "Remote Management" (called a Profile on the device) is basically the *default* Enrollment Profile that is only inferred and seen when you use the Enroll function on MyDevices.  This means you don't need to create any Enrollment Profile to enroll your devices interactively via the MyDevices page.
  - The Configuration Profile is a Profile (.mobileconfig file) that delivers specific settings.  These Profiles are applied to either Users, Groups, Devices, or Device Groups.  They can be automatically pushed to an enrolled device, or they can be manually downloaded from the MyDevices page (seems to apply to User configuration only) for devices even if they are not enrolled (this would allow the end user the 'choice' to pull down settings).
  Having outlined that, the simplest steps to enrollment...:
  When you setup Profile Manager, you can go right to the MyDevices page on your device, login, and choose "Enroll." (sample device is let's say an iPad)
  Doing so will prompt you to install the "Remote Management" profile.
  Note that when enrolling in this way it does not appear necessary to install the "Trust Profile" for your server, even when using a Self-signed Cert.  It would appear that this "Remote Management" profile contains not only the SCEP Enrollment Request and the Device Management payload, but also the Certificates that would be installed with the "Trust profile"
  So we have seen here that one can enroll a device without explicitly creating any "Enrollment Profile."
  So why use an Enrollment Profile?
  Well according to https://help.apple.com/profilemanager/mac/3.1/#apd6DD5E89E-2466-4D3C-987E-A4FF05 676EB7, the answer is pretty straightforward:
  "The user does not need to authenticate or log in to Profile Manager’s user portal"
  This is a great feature.  For one, you can create an Enrollment Profile and send it via e-mail and the user doesn't need to visit a web page and login to enroll a device.  In fact, based on my experience Enrollment Profiles can't even be accessed via the MyDevices page unless you are a Server Admin.
  However, when distributing an Enrollment Profile you seemingly *must* install the Trust Profile prior to this, or you will get an error about communicating with the server.  Several docs/tutorials you can google explain how to set up your deployment systems (specifically OSX machines) to deploy systems with both the Trust and Enrollment profiles to facilitate automatic enrollment when a new system is deployed so it can instantly be managed.
  However, since a device that is already deployed will/may not have the Trust Profile installed, one would have to visit the MyDevices page to install that prior to being able to import a delivered Enrollment Profile.  Because of that it seems that from a distribution approach (as opposed to a deployment scenario) there is not much advantage of using an explicit Enrollment Profile anyway since we already need to visit the MyDevices page to get the Trust Profile, we might as well just use the standard MyDevices implicit Enrollment.
  All devices that have enrolled themselves via a defined/explicit Enrollment Profile will be listed under that Profile in Profile Manager.  Devices that have enrolled via MyDevices will not be listed under any Profile, but rather just under Devices (where *all* devices will be shown regardless of how they enrolled).
  So, now the questions:
  So, the idea of an Enrollment Profile makes perfect sense - it is basically the only way to create an exportable profile that can be distributed and configured to automatically enroll a device without interactive enrollment via the MyDevices page.
  What I don't get is WHY is there the ability to create multiple Enrollment Profiles rather than simply providing a default exportable profile?
  The reason it makes no sense to me is there is absolutely no correlation (that I can deduce) between an Enrollment Profile and the devices that used it to enroll.  While I can see a (non-exportable) list of each device enrolled via each Enrollment Profile, it ends there.  I can't, for instance, create Configuration Settings that I link to an Enrollment Profile.  Or dynamically populate a Device Group with all devices enrolled from a specific Enrollment Profile.  If I could do these things, it might make sense to me and I have spent much time looking at the interface and scouring documentation to see where the connection is.  I have simply determined that there isn't one.
  I can go ahead and create several Enrollment Profiles such as:
  iPads
  Lab Systems
  Main Office Systems
  High Security Systems
  And I can deploy these Profiles (either via mail/file or via initial deployment) to the respective devices.  I can then see under each Profile which devices enrolled.  But, since I can't actually do anything to correlate those systems to a configuration, why would I want to do this segregation?  Sure it gives me a listing of iPads apart from OSX machines, but I can't do anything with this listing!
  Now, of course, I can still pre-stage devices and add them into particular device groups so that as soon as they are enrolled (via any Enrollment Profile) they will get the Configuration Profile(s) attached to them.  This makes the inclusion of multiple Enrollment Profiles even more suspect.
  Am I missing something?  Can someone enlighten me as to what the purpose of creating more than one Enrollment Profile would be?
  We can easily say "Well it's not hurting having them there" but, in terms of complexity and confusion I believe it is.  Had they simply provided a single Enrollment Profile ("Remote Management") that was downloadable/exportable it would have been sufficient.
  Thoughts?

• Certificate Enrollment Problem

   I have a Windows Server 2008 Enterprise Root CA with a different Windows 2008 Server running the Cert Enrollment website (ussing SSL).  Any certificate that I attempt to request (Vista or XP) results in:
  ============================================
  Your request failed. An error occurred while the server was processing your request.
  Contact your administrator for further assistance.
  Request Mode:
  newreq - New Request
  Disposition:
  (never set)
  Disposition message:
  (none)
  Result:
  The RPC server is unavailable. 0x800706ba (WIN32: 1722)
  COM Error Info:
  CCertRequest::Submit: The RPC server is unavailable. 0x800706ba (WIN32: 1722)
  LastStatus:
  The operation completed successfully. 0x0 (WIN32: 0)
  Suggested Cause:
  This error can occur if the Certification Authority Service has not been started.
  =================================
  The Windows Firewall is off between the web enrollment server and the CA, but only 443 is open in to the web enrollment server from externally.
  What am I missing here?  This is rapidly becoming a showstopper.
  Thanks,
  BH

  I'm having a slightly related problem.  I have Certificate Services running on a Windows 2008 Enterprise Edition 64-bit.  I installed it as a Enterprise subordinate CA, using a certificate from the original enterprise CA.  It is set up as  I am trying to enroll a certificate on another computer.  When I use "Automatically Enroll and Retrieve Certificates",  I see the certificate I want.  However, when I try to enroll it I get the following error:
  The RPC server is unavailable.
  The certificate rquest could not be submitted to teh certificate authority
  There are no firewalls between the certificate authority and I tried using the certutil ping command as stated above and I got an 'is alive' reply from the CA.
  Any idea what my hang up could be?

• Certificate enrollment web servce GPO enablement failure

  2012 Std R2
  Added certificate authority role with web services
  configuring via library hh831625
  I have verified that IIS has the default site ADPolicyProvider_CEP_Kerbos and I copied the URI <a href="https:///ADPolicyProvider_CEP_Kerbos/service.svc/CEP">https://<server>/ADPolicyProvider_CEP_Kerbos/service.svc/CEP
  I added a domain GPO per directions Certificate Enrollment Policy Web Services. I am editing the GPO for Computer->Policies->Windows Settings-> Security Settings->Public Key Policies. I double click Certificate Services Client - Certificate
  Enrollment Policy. I enable the policy and ADD certificate enrollment policy list. I paste the above URI, Authentication type is "Windows Integrated". When I validate server I get the following error:
  An error occurred while obtaining certificate enrollment policy
  URI:https://<server>/ADPolicyProvider_CEP_Kerbos/services.svc/CEP
  Error: The remote endpoint does not exist or could not be located. 0x803d00d (-21434855939 WS_E_ENDPOINT_NOT_FOUND)
  Help with this final validation is appreciated. Logged on as administrator with domain admin rights and enterprise Admins rights
  John Lenz

  Hi,
  Please try to do the following steps at first. Thanks.
  Configuring the CEP web address in the client
  Before I go into the steps it is important to understand that this configuration is based on the security context. You have a CEP configuration for the user, and you have another configuration for the computer. Depending on what certificates you plan on
  issuing (user or computer certificates) you may only require one of these to be configured.
  Configuring user certificate enrollment
  Run CertMgr.msc.
  Expand Certificates, then Current User.
  Expand Personal.
  Right click on Personal, and select All Tasks, then
  Advanced Operations, then Manage Enrollment Policies…
  On the Manage Enrollment Policies dialog click the Add… button. See Figure 12
  Type in the URI for the CEP service in the field. This will be in the format of:
  https://<Internet FQDN>/ADPolicyProvider_CEP_UsernamePassword/service.svc/CEP
  In my example this would be:
  https://cert-enroll.fabrikam.com/ADPolicyProvider_CEP_UsernamePassword/service.svc/CEP
  NOTE: the only thing that will be unique to your environment is the Internet FQDN of the URI.
  In the Authentication type drop down select: Username/password
  Click the Validate button.
  Once the Validate button is pressed, you will be prompted to type in a domain user name and password. Supply these credentials.
  If everything goes correctly you should see that the validation test passed in the lower section of the dialog box see Figure 13.
  NOTE: You can see in Figure 13 that the only difference is the DNS portion of this URI. If you scroll down further in the validation output, you will see the friendly name you added under the website configuration being displayed also.
  Click the Add button.
  Uncheck Enable for automatic enrollment and renewal.
  NOTE: Failure to do so could cause users to be prompted for user name and password each time they logon to the computer. This occurs because Windows Autoenrollment runs immediately after the user has logged on. If the enrollment policy is configured for automatic
  enrollment and renewal, Windows Autoenrollment will attempt to contact the configured CEP server when it starts in order to determine if new certificates have been assigned. Since this will result in the users being prompted for credentials every time they
  log on your users may be annoyed.
  Click the OK button.NOTE: Follow the same procedures to configure the Enrollment Policy server for the computer personal store if you need to enroll for computer certificates.
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• AppleCare Auto Enroll Question

  I recently purchased a MacBook Pro and the AppleCare Protection Plan. On the box, the protection plan says it's an "auto enroll" type of plan. When I insert the disc, it asks me to register my AppleCare Protection Plan. When I go to register for the plan, it asks for an AppleCare Registration Number. I am then guided to the following website.
  http://support.apple.com/kb/HT1874?viewlocale=en_US
  The problem is no such page exists in my AppleCare Protection Plan booklet.

  Auto enroll on Apple care means you do not have an action to take on your part. You are automatically enrolled in Apple care if you purchase it at the same time as your computer. The box is just for info only. They track your warranty info by your computer's serial number so nothing to keep up with! If in doubt, you can check your product's warranty info here....
  https://selfsolve.apple.com/GetWarranty.do
  Congrats on the new computer!
  L

• EFS Recovery Agent not working on Windows 8.1

  I know EFS data recovery has been discussed so many times in the forums but I could not find anything useful in the other threads as I believe I have followed all the required steps but still cannot get EFS recovery agent to work.
  I have a Client1 (Win 8.1) and a DC1 (Windows Server 2012 R2) under beta.com domain.
  DC1 is a CA server as well as a domain controller.
  I logged into DC1 as beta.com\Administrator
  which is the Domain Administrator account.
  I duplicated the EFS Recovery Agent template on the
  DC1 and published it into Active Directory.
  Then I edited the Default Domain Policy GPO and under
  Computer Settings\Policies\Windows Settings\Security Settings\Public Key Policies
  I right clicked Encrypting File System and selected Create a Data Recovery Agent
  and a new file recovery certificate was generated for the Administrator account.
  I exported the newly-created Recovery Agent certificate and then logged into
  Client1 as beta.com\Administrator and imported
  it.
  I then logged off from Client1 and logged back in using a different account beta.com\johns
  and encrypted a folder (with a text file inside) using EFS. (The folder address on local disk is
  C:\Reports)
  Then I logged back into Client1 again using beta.com\Administrator
  but I am unable to open the file inside the folder and I get an
  Access is denied message.
  It is very strange to get an "Access is denied" message because on the text file when I right click and click Properties -> Advanced -> Details, under the Recovery Certificates, the Administrator account's certificate is listed
  and its thumbprint corresponds to the same recovery certificate which I created in step 3. But I am still unable to access the file.
  Do you have any idea why? Am I missing something?
  Thanks in advance.
  MCT, MCSA/MCSE Security
  http://esitech.spaces.live.com/

  Hi
  The Client1 user needs to enrol via GPO to get the recovery certificate normally via automatic enrolment
  Check the Personal Certificate store for Client1
  I think the policy needs to be applied before you encrypt any data
  To manually recover
  Did you export the Private key when you did the export ?
  Did you export to a .cer file

• HTML5 Wistia and Vimeo hosted videos are not playing correctly in Firefox (Choppy, hangs on frames, jittery audio)

  Hi, for some reason I can't get HTML5 videos hosted by Wistia or Vimeo to play correctly in firefox. I tried doing a fresh install of firefox, running version 35.0.1, and the videos still don't play correctly. They constantly load, videos hang on frames, and the audio gets jittery. However, if I switch to flash they do play correctly. Videos on youtube play fine. I can't figure this out. I tested the same videos with Safari, and they play correctly, which tells me there's something not right with Firefox and perhaps my system.
  I use a MacBook pro (Mid - 2010) with OS X Yosemite, 10.10.2.
  Any ideas?

  Try to disable all video player extensions in your Firefox and test the site that is giving playback issues. Turn on each one until there is an obvious difference.
  Some video formats/codecs may not be supported by one over the other.
  Right click on the HTML5 player and select: "About HTML5"
  It will tell you that youtube has automatically enrolled you in their beta testing and to opt out you click the link on the bottom to stop seeing HTML5 videos.

• Would you buy a license to listen to music on a commodore 64?

  I can't imagine buying a license to listen to my music on an Atari or a commodore 64, why should I for my mac?
  I just got burned at a wedding when my brand new 3k mac was not "authorized" to play music I had previously purchased from iTunes. There was no wifi so I was not able to fix the issue when it mattered. This policy is extremely inconvenient and the number of authorized computers seems arbitrary. Its no wonder people pirate music.
  Apple should automatically enroll new machines with itunes authorization or else others will have my experience.

  Syntrak, I believe you don't own one so you only know
  about the MBP by reading.
  I do own one, and my answer is an emphatic YES, but
  only IF the person asking really needs or wants such
  a powerful portable. A lot of power and features in
  such slim and small package comes with some
  drawbacks: Shorter battery life is one of them.
  I think I said it before, this MBP Rocks BABY!
  I could not agree more and couldn't have written this any better. I haven't felt this great about a new Mac in a long time. Can't wait for FCP Suite Universal to arrive to put through it's paces. Needless to say, the MBP is on all day and into the late evening hours. It Rocks! Don't have any second thoughts.

• Cannot claim points; Salesman might have messed it up.

  Yesterday I purchased a Macbook Pro from a Best Buy location. Never bought big from best buy before so I never had a credit card. Applied, got it, and put the laptop on the card. He asked before if i was a rewards member and i said no, but id like to be one so I can get the points for this big purchase as well. He said it would take a while in store so just do it at home and I can claim them on here. I tried to do that but this system said I cannot add the points as I was not a member before the purchase.'
  That was what I was attempting to do at the store, yet he said it would be better to do it online.
  Is there any way I can claim these points? It's obviously a hefty amount and would be disheartening to see them go to waste. I have the receipt, number, everything. 

  Hello jkdecke01,
  Welcome to the Best Buy forum.
  If you were approved for a Best Buy credit card when you purchased the MacBook Pro, then you would have been automatically enrolled in the My Best Buy program.   You in-fact might actually have two My Best Buy accounts if you went onto BestBuy.com to enroll in the program, as directed by the cashier.  We can look into merging any active accounts you may have if they share the same information (name, phone #, mailing address).
  With that having been said, I am going to send you a private message so that I can go over your My Best Buy account(s) with you to ensure the MacBook Pro you purchased is properly attached and to see about possibly merging any active accounts.  You can check your private messages by logging into the forum and clicking on the yellow envelope located at the top of the page.  I look forward to further speaking with you.
  My Best Buy™ Program Terms
  Thank you for posting and for being a My Best Buy™ member.
  Derek|Social Media Specialist | Best Buy® Corporate
   Private Message

• Benefits Module Configuration

  Hello All,
  I am new to learning the Benefits module and would like to know the steps and procedures involved in the configuration of the Benefits module in and out starting to beginning.
  Can anybody please help me with some good materials and information.
  You can also e-mail me at [email protected]
  Appreciate your valuable replies asap.
  Thanks in advance.
  Shivani.

  Hi
  In order to administer and maintain your plans separately, you will work in your own benefit area.
  1a.           Define the benefit areas
  Menu Path:
  IMG>Personnel Management>Benefits>Basic Settings>Define benefit areas.
  (Note:  This is not used for eligibility but administration.  It allows you to have separate administration or separate benefit plan pools.  A benefit area can be administered in one currency at a time only).
  Steps:
  - Hit the “New entries” button
  - Enter your own Benefit area and Country grouping
  - Hit the “Save” button
  1b.           Maintain BAREA feature
  Menu Path:
  IMG>Personnel Management>Benefits>Basic Settings>Define Benefit Areas
  Steps:
  - Click on “Feature” button and Maintain
  1c.           Set currency for the benefit areas
  Menu Path:
  IMG>Personnel Management>Benefits>Basic Settings>Assign currency to Benefit areas
  Steps:
  - Hit the “New entries” button
             - Enter your Benefit area and Currency          
  1d.           Set the current benefit area (IMG and user parameters)
  Menu Path:
  IMG>Personnel Management>Benefits>Basic Settings>Set current benefit area
  Steps:
  - Select your Benefit area and hit enter
             For User Parameter:
             - System > User profile > Own data > Parameters tab
             - Set parameter as BEN = XX
  2.           National is the provider for all benefit plans.  Within National, there is a provider for each health/spending, savings, and insurance plans.
  2a.           Define the benefit provider
  Menu Path:
  IMG>Personnel Management>Benefits>Basic Settings>Define benefit providers
             Steps:
  - Hit the “New entries” button
  - Enter your health/spending, savings, and insurance plans providers
  - Hit the “Save” button
  3.           QD allows members of the immediate family to be considered as dependents and beneficiaries.
  3a.           Define dependents and beneficiaries
  Menu Path:
  IMG>Personnel Management>Benefits>Basic Settings>Dependents and Beneficiaries>Define dependents and beneficiaries
  Steps:
  Note:  Here you will define employee’s relatives and close acquaintances are permitted dependents for health and miscellaneous plans, and beneficiaries for insurance, savings and miscellaneous plans. (i.e. spouse, divorced spouse, step-child, child).
  - Hit the “New entries” button
  - Select the dependent subtype from the drop down window
  - Check dependent box or beneficiary box or both
  - Hit the “Save” button
  4.           QD offers 8 types of benefit plans: medical, dental, basic life insurance, supplementary life insurance, 2 separate savings plans, credit, legal coverage, and a healthcare spending account.
  4a.           Define the benefit plan types
  Menu Path:
  IMG>Personnel Management>Benefits>Basic Settings>Plan attributes>Define benefit plan types
  Steps:
  Note:  The system does not allow for an employee to enroll in more than one benefit plan per plan type (i.e. employee can not enroll in both the Medical Indemnity and Medical HMO, but they do have a choice of one or the other).
                        - Enter a plan type identifier and its description
                        - Choose the corresponding benefit category code for the plan type.
  5.           QD’s plans are all active and able to be enrolled in, but they would like the option for closing and phasing out plans if needed.
  5a.           Define benefit plan status
  Menu Path:
  IMG>Personnel Management>Benefits>Basic Settings>Plan attributes>Define benefit plan status
  Steps:
  - Enter an identifier to represent each status
  - Enter a status description
  - Indicate if plan is active and if it is available for enrollment
  Status           Text            Active            Enroll
  CL           Closed                     
  LK           Locked           &#61654;          
  OP           Open           &#61654;           &#61654;
  6.           QD offers a basic insurance plan that has different costs depending on the age and salary of the employee.  Develop the salary and age as criteria for the plans.
  6a.            Define parameter groups.
             Menu Path:
  IMG>Personnel Management>Benefits>Basic Settings>Define employee groupings>Define employee criteria groups>Define parameter groups
  Steps:
             - Enter parameter group and description
             - Hit the “Save” button
             6b.  Define age, salary and seniority groups (read step 12 for the required groups)
             Menu Path: Salary group
  IMG>Personnel Management>Benefits>Basic Settings>Define employee groupings>Define employee criteria groups>Define salary groups
  Steps:
                        - Select “Salary criteria” in the “Select Transaction screen”
  - Enter the Salary group ID and its description
                        - Enter the Low and High values for the salary group
  Menu Path: Age group
  IMG>Personnel Management>Benefits>Basic Settings>Define employee groupings>Define employee criteria groups>Define age groups
  Steps:
  - Select “Age criteria” in the “Select Transaction screen”
  - Enter the Age group ID and its description
  - Enter the Low and High values for the age group
  Menu Path: Seniority group
  IMG>Personnel Management>Benefits>Basic Settings>Define employee groupings>Define employee criteria groups>Define age groups
  Steps:
  - Select “Seniority criteria” in the “Select Transaction screen”
  - Enter the Length of service ID and its description
  - Enter the Lowest and Maximum values
  7.           The legal plan covers employees in the executive organizational unit.  Create a coverage group for the executive legal plan.
  7a.           Define coverage groupings
             Menu Path:
  IMG>Personnel Management>Benefits>Basic Settings>Define employee groupings>Define coverage groupings
  Steps:
  - Hit the “New entries” button
  - Enter coverage group
  - Hit the “Save” button
  8.           For the 401k savings plan, full time employees (greater than 37.5 hours/week) may contribute a maximum of 16% of their pre-tax salary.  Part time employees may contribute a maximum of 10%.  Create groups to separate the part time and full time employees.
  8a.           Define Employee Contribution Groups
             Menu Path:
  IMG>Personnel Management>Benefits>Basic Settings>Define employee groupings>Define employee contribution groups
  Steps:
  - Hit the “New entries” button
  - Enter identification and description for employee contribution group
  - Hit the “Save” button
  9.           QD contributes to a retirement plan (RBAP) after one year of service for the salary employees only.  Create groups to distinguish the salary employees from the hourly employees.
  9a.           Define Employer Contribution Groups
  Menu Path:
  IMG>Personnel Management>Benefits>Basic Settings>Define employee groups>Define employer contribution groups
  Steps:
  - Hit the “New entries” button
  - Enter identification and description for employer contribution group
  - Hit the “Save” button
  10.           The 2 medical plans offered are an HMO and a traditional indemnity.  The company pays 50% of the provider costs for each.  The following costs are stated in monthly amounts:
  •           The provider cost for a nonsmoking HMO are $60 for employee only, $80 for employee and spouse, and $150 for employee and family.  Smoking adds an additional $20 to the provider cost.
  •           The traditional indemnity has a high deductible and a low deductible option.  The cost for a high deductible is $100 for employee only, $120 for employee and spouse, and $200 for employee and family.  Smoking adds an additional $20 and a low deductible an additional $10 to the provider cost.
  Menu Path:
  IMG >Personnel Management>Benefits>Plans>Health Plans
  Steps:
  - Define health plan general data                                
  - Define options for health plans
                        - Define dependent coverage options
                        - Define cost variants          
                        - Define cost rules
                        - Assign health plan attributes          
                        - Define evidence of insurability conditions
  11.           A dental plan is offered to all employees and is subject to no specific criteria.  The cost, regardless of number of dependents, is $5/month, paid for entirely by the employer.
  Menu Path:
  IMG >Personnel Management>Benefits>Plans>Health Plans
  Steps:
  - Define health plan general data                                
  - Define options for health plans
  - Define dependent coverage options
             - Define cost variants          
  - Define cost rules
  - Assign health plan attributes          
  - Define evidence of insurability conditions
  12.           The basic life insurance is subject to age and salary criteria.  The plan coverages offered are 1x base salary and 2x base salary, up to a maximum coverage of $500,000.  Costs are paid for by the employee and are, per $1000 coverage:
  •           for salary levels below $120,000:  $0.05 below age 50, $.08 above age 50
  •           for salary levels above $120,000:  $0.07 below age 50, $.10 above age 50
             Supplementary life insurance is not subject to criteria and is a flat $200,000 coverage and costs $7 month, paid for by the employee.
             There is a combined coverage limit of $500,000 for basic and supplementary insurance.
  Menu Path:
  IMG >Personnel Management>Benefits>Plans> Insurance Plans
  Steps:
                        - Define insurance plan general data                     
                        - Define coverage formula          
                        - Define coverage rules
                        - Define cost variants
                        - Define cost rules
                        - Assign insurance plan attributes          
                        - Define evidence of insurability conditions
  Menu Path: (combined coverage)
  IMG >Personnel Management>Benefits>Plans> Insurance Plans>Combined coverage
  Steps:
                        - Define combined coverage for insurance
                        - Define combined coverage limit expressions
  13.           A 401k savings plans is available and QD starts immediate matching.  QD matches at a rate of 100% of employee contribution up to $1000.  After this limit is reached, QD matches 50% of employee contribution to a maximum of 16% of the employee base salary.  The 401k is subject to employee contribution groups (step 8).  The maximum pre-tax employee contribution percents are explained in step #8 and the maximum dollar amount is $10,000.  The employee is 20% vested after one year, and an additional 40% each year after.
             QD contributes $4000 to an RBAP for the salary employees after 1 year of service.  Employees so not contribute to this plan and are 100% vested after 1 year.  The RBAP is subject to an employer contribution rule (step 9).
             Choices for investments are stock, mutual funds, or both.
  Menu Path:
  IMG >Personnel Management>Benefits>Plans> Savings Plans
  Steps:
  - Define savings plan general data
  - Define employee contribution variants
  - Define employee contribution rules
  - Define employer contribution variants
  - Define employer contribution rules
  Menu Path:
  IMG >Personnel Management>Benefits>Plans> Savings Plans>Vesting
  Steps:
  - Define vesting rules
  - Define vesting portions
  Menu Path:
  IMG >Personnel Management>Benefits>Plans> Savings Plans>Investments
  Steps:
  - Define investments
  - Define investment groups
  - Assign investments to groups
  Menu Path:
  IMG >Personnel Management>Benefits>Plans> Savings Plans
  Steps:
  - Assign savings plan attributes
  14.           QD offers a healthcare spending account with contribution limits of $100-$7000 per year.  Reimbursements for spending accounts can be obtained through QD in amounts of $50 or greater.  Valid reimbursements are doctor, dentist, vision, and prescription.
  Menu Path:
  IMG >Personnel Management>Benefits>Plans> Flexible Spending Accounts
  Steps:
                        - Define spending account general data
             - Define employer contribution variants
             - Define employer contribution rules
             - Assign spending account attributes
             - Define spending account claim types
  15.           QD gives each employee a monthly credit of $50 to offset the costs of benefit plans.
  Menu Path:
  IMG >Personnel Management>Benefits>Plans> Credit Plans
  Steps:
  - Define credit plan general data
  - Define credit variants
  - Define credit rules
  - Assign credit plan attributes
  16.           QD offers a legal plan for all employees in the executive organizational unit.  The coverage group was determined in step 7.  The legal plan has a coverage amount of $5,000,000 and costs the employer $100 per month.
  &#61482;           you will use coverage amount and cost formulas for the legal plan configuration
  Menu Path:
  IMG >Personnel Management>Benefits>Plans> Miscellaneous Plans
  17.           To enroll in a dental plan, the employee must be enrolling in either an HMO or the medical indemnity.  To enroll in supplementary insurance, the employee must be enrolling in the basic life insurance plan.
  17a.           Define prerequisite or corequisite plans
  Note:  Prerequisite plan is a plan the employee must first be enrolled in.
  Corequisite plan is a plan the employee must enroll in at the same time.
             Menu Path:
  IMG >Personnel Management>Benefits>Flexible Administration>Prerequisites and \Corequisites>Define prerequisites/ Define corequisites
  Steps:
  - Choose a plan requiring a pre/co requisite
  - Enter the plan or plans that are to be the pre/co requisite
  - Determine if the plan requires a requisite of “all” or “any”
  18.           Employees are eligible for all plans (except RBAP) immediately upon hire.  Salary employees are eligible for RBAP after one year of service.
  18a.           Define eligibility groupings
             Menu Path:
  IMG >Personnel Management>Benefits>Flexible administration>Programs>Employee Eligibility>Define eligibility groupings
  Steps:
  - Hit the “New entries” button
  - Enter Eligibility group and description
  - Hit the “Save” button
  18b.           Maintain ELIGR feature
  Menu Path:
  IMG >Personnel Management>Benefits>Flexible administration>Programs>Employee Eligibility>Define eligibility groups
  Steps:
  - Click on “Feature” button and Maintain
  18c.           Define eligibility variants
  Menu Path:
  IMG >Personnel Management>Benefits>Flexible administration>Programs>Employee Eligibility>Define eligibility variants
  Steps:
  - Hit the “New entries” button
  - Enter Eligibility rule variant and description
  - Hit the “Save” button
  18d.           Define eligibility rules
  Menu Path:
  IMG >Personnel Management>Benefits>Flexible administration>Programs>Employee Eligibility>Define eligibility rule criteria
  Steps:
  - Select the eligibility rule for which to define conditions
  - Enter the waiting period information
  - Enter the first day of enrollment after waiting period met
  - Enter minimum working time and age restrictions, if required
  - Hit the “Save” button
  19.           When employment ends, termination is classified as wither resigned or retired and benefit plans cease after 30 days, or cease immediately.
  19a.           Define termination groupings
  Menu Path:
  IMG>Personnel Management>Benefits>Flexible administration>Programs>Participation termination>Define termination groupings
  Steps:
  - Hit the “New entries” button
  - Enter Termination grouping and description
  - Hit the “Save” button
  19b.           Define termination variants
  Menu Path:
  IMG>Personnel Management>Benefits>Flexible administration>Programs>Participation termination>Define termination variants
  Steps:
  - Hit the “New entries” button
  - Enter Termination variants and description
  - Hit the “Save” button
  19c.           Define termination rules
  Menu Path:
  IMG>Personnel Management>Benefits>Flexible administration>Programs>Participation termination>Define termination rules
  Steps:
  - Select your Termination rule
  - Select Benefits termination rule criteria
  - Enter the appropriate Coverage continuation period and hit the “Save” button
  20.           Group plans together as an “offer” to active salary and hourly employees.
  20a.           Define benefit programs
  Menu Path:
  IMG>Personnel Management>Benefits>Flexible administration>Programs>Define benefit programs
  Steps:
  - Select your Benefit groups
  - Select your Employee status
  - Enter the Benefit plan, Eligibility rule and Termination rule and hit the “Save” button.
  21.           All active employees are defaulted into the traditional indemnity medical plan, low deductible, employee only if they do not elect benefits.  The RBAP, credit, and legal plans are all automatic enrollment.
  21a.           Define standard selections
  Menu Path:
  IMG>Personnel Management>Benefits>Flexible administration>Standard selections>Define Standard health selections
  Steps:
  - Select your Benefit groups
  - Select your Employee status
  - Hit the “New entries” button
  - Enter the Benefit plan type, Benefit plan, Health plan options and Dependent coverage for health plan
  - Select the processing type and hit the “Save” button.
  22.           Benefit events are classified as Hire (can add all relevant plans) or Other Event (marriage, birth of child and can delete, add, change and relevant plan)
  22a.           Define benefit adjustment groupings
  Menu Path:
  IMG>Personnel Management>Benefits>Flexible administration>Benefits adjustment reasons>Define benefit adjustment groupings
  Steps:
  - Hit the “New entries” button
  - Enter adjustment groupings and description
  22b.           Maintain EVTGR feature
  Menu Path:
  IMG>Personnel Management>Benefits>Flexible administration>Benefits adjustment reasons>Define benefit adjustment groupings
  Steps:
  - Click on “Feature” button and maintain EVTGR feature
  22c.           Define benefit adjustment reasons
  Menu Path:
  IMG>Personnel Management>Benefits>Flexible administration>Benefits adjustment reasons>Define benefit adjustment reasons
  Steps:
  - Hit the “New entries” button
  - Enter Benefit adjustment reasons and description
  - Hit the “Save” button
  22d.           Define permitted changes for adjustment (up to you!)
  Menu Path:
  IMG>Personnel Management>Benefits>Flexible administration>Benefits adjustment reasons >Define adjustment permissions
  Steps:
  - Select your Benefit adjustment
  - Select your adjustment group
  - Hit the “New entries” button
  - Enter the Benefit plan type,
  - Check the appropriate boxes for Benefit plan, Options, Dependent coverage and Dependents and save your records
  Edited by: Santhosh Kumar R on Feb 27, 2008 9:35 AM

• How to set ENV:  ORALCE_SID + ORACLE_HOME

  Hi all,
  I am new to this company, just 2 weeks.
  We have lots of linux/aix/sun/unix envi and lots of databases in it, like 1000+
  The sysadmin is good in shell scripting, in managing the servers.
  One thing is setting environment variables to set your OracleHome and OracleSID choice.
  Since we have lots of databases and different versions in 1 server, I login as "oracle" , then at command prompt $ I just type SID PROD1 or
  $ sid prod1
  or
  $ SID PROD1
  Then I am set to the ORACLE_HOME and SID of my choice database which is "PROD1"
  My question is, how do I program similar to this? or where can I find the program that accept this paramter "SID PROD1".
  I am asking because I want to add my new database that I have cloned or installed. Say I created a new database named DEV020. How do I add this to the program?
  Or is it automatically enrolled?
  Thanks a lot

  KinsaKaUy? wrote:
  Hi all,
  I am new to this company, just 2 weeks.
  We have lots of linux/aix/sun/unix envi and lots of databases in it, like 1000+
  The sysadmin is good in shell scripting, in managing the servers.
  One thing is setting environment variables to set your OracleHome and OracleSID choice.
  Since we have lots of databases and different versions in 1 server, I login as "oracle" , then at command prompt $ I just type SID PROD1 or
  $ sid prod1
  or
  $ SID PROD1
  Then I am set to the ORACLE_HOME and SID of my choice database which is "PROD1"
  My question is, how do I program similar to this? or where can I find the program that accept this paramter "SID PROD1".
  I am asking because I want to add my new database that I have cloned or installed. Say I created a new database named DEV020. How do I add this to the program?
  Or is it automatically enrolled?
  Thanks a lotIt seems to be an alias. Check .bash_profile and .bashrc file (in the home directory), there should be alias called SID
  Kamran Agayev A.
  Oracle ACE
  My Oracle Video Tutorials - http://kamranagayev.com/oracle-video-tutorials/
  My ebook - http://kamranagayev.com/2011/10/19/step-by-step-oracle-installation-all-in-one-e-book/