Is it possible to disallow RDP for one member of local admins group?

Similar Messages

• Cisco MeetingPlace One or More Local Admin Group

  Hi All UC Experts,
  I have a MeetingPlace 8.5 audio only, that is using in Hong Kong only. Now I want to share the MeetingPlace to my USA users to use too.
  But I am thinking the administrative problem as below:
  Can I create a USA local group for the USA users only? That should be a local USA admin, who can manage their USA users only.

  Hi All UC Experts,
  I have a MeetingPlace 8.5 audio only, that is using in Hong Kong only. Now I want to share the MeetingPlace to my USA users to use too.
  But I am thinking the administrative problem as below:
  Can I create a USA local group for the USA users only? That should be a local USA admin, who can manage their USA users only.

• Hi, my free trial license has expired, and I am wondering if it's possible to only pay for one month for after effects without locking for a year with monthly fee. I only need this for a project that is ending next week.

  Hi, my free trial license has expired, and I am wondering if it's possible to only pay for one month for after effects without locking for a year with monthly fee. I only need this for a project that is ending next week.

  Creative Cloud Plans
  https://creative.adobe.com/#plans

• DPM 2012 still requires put end users into local admin groups for the purpose of end user data recovery?

  On client computers that are protected by DPM 2010 and prior versions, you had to put the end users account in the local administrators group. If you did not add the end user account to the local administrators group you would get this error after opening
  the recovery tab in the DPM client: “DPM found no recovery points which you are authorized to restore on the specified DPM server. You can restore only those recovery points for which you were an administrator at the time the
  backup was taken. To restore other recovery points, contact your DPM administrator, or attempt to restore from another DPM.”  This is not ideal on many networks because the end users are not allowed to have local administrator access.
  Ths fix to this was included in hotfix 2465832 found here: http://support.microsoft.com/kb/2465832.
  This hotfix (a hotfix rollup package for DPM 2010) resolves other issues with DPM 2010 as well. You can find the full list of what this hotfix corrects on that link.
  One would think this issue should have been resolved in DPM 2012, however I am encountering the same exact issue, had to include end-users into the workstation local admin group before they can search for recovery points on the DPM server. This is not acceptable
  practice.
  Is there a new hotfix for the same issue on DPM 2012? I am hesitated to apply KB2465832 since it also includes many other fixes for DPM 2010, which may not appicable for version 2012.
  Please help.
  Thanks,

  This is a hands off solution to allow all users that use a machine to be able to restore their own files.
  1) Make these two cmd files and save them in c:\temp
  2) Using windows scheduler – schedule addperms.cmd to run daily – any new users that log onto the machine will automatically be able to restore their own files.
  <addperms.cmd>
  Cmd.exe /v /c c:\temp\addreg.cmd
  <addreg.cmd>
  set users=
  echo Windows Registry Editor Version 5.00>c:\temp\perms.reg
  echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Data Protection Manager\Agent\ClientProtection]>>c:\temp\perms.reg
  FOR /F "Tokens=*" %%n IN ('dir c:\users\*. /b') do set users=!users!%Userdomain%\\%%n,
  echo "ClientOwners"=^"%users%%Userdomain%\\bogususer^">>c:\temp\perms.reg
  REG IMPORT c:\temp\perms.reg
  Del c:\temp\perms.reg
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT] This
  posting is provided "AS IS" with no warranties, and confers no rights.
  That's a good one! Thanks for that.
  I've been scripting on KIX for some time, so here is mine, hope it helps to someone... (it's probably not the best, but it works)
  ========================================================================
  $RC=setoption("WOW64AlternateRegView","on") 
  $DPMkey = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Data Protection Manager\Agent\ClientProtection"
  $uservariable = "%userdomain%\%username%"
  If KeyExist ($DPMkey)
  $Userstring=ReadValue($DPMkey, "ClientOwners")
  If $Userstring == ""
  WriteValue($DPMkey,"ClientOwners", $uservariable, "REG_MULTI_SZ")
  ? "Key created"
  else
  If not instr($Userstring,$uservariable)
  $Userstring = "$Userstring,$uservariable"
  WriteValue($DPMkey,"ClientOwners", $Userstring, "REG_MULTI_SZ")
  EndIf
  Endif
  EndIf
  ==========================================================================
  The problem actually is that you still need to use an admin account to write on the registry, so ensure you configure it properly on the schedule task.
  In case you use a service account on the schedule task... the "$uservariable" will get populated with that account. As a work around to this... I changed it for the following line:
  =========================================================
  $uservariable = ReadValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI", "LastLoggedOnSAMUser")
  =========================================================
  The only problem with that, is that key gets created/updated only if user gets logged phisically on that PC, but will not work for anyone connecting through RDP.

• I have an iPod classic that syncs my entire library, I'd like to buy a smaller iPod, a nano maybe for the gym. Can I use the same library or do I need to set up a new library for the 2nd iPod? Is that possible? I mean for one to have 2 iTune librarys?

  I have an iPod classic that syncs my entire library, I'd like to buy a smaller iPod, maybe a Nano for the gym. Would I need a 2nd iTunes library? Is that possibly, I mean for one person to have 2 iTune librarys/accounts?

  Woodblock 3 wrote:
  Would I need a 2nd iTunes library? Is that possibly, I mean for one person to have 2 iTune librarys/accounts?
  In other words, no. You don't need another iTunes Library for your new iPod
  Another iTunes Library, that's only if someone elses music is mixed in with yours and you want to create another Windows user account with their music in it.
  The iTunes Library is the master vault containing all your content, from there you create playlists or smart playlists specially tailored for the smaller iPod's storage requirements.
  For instance if the iPod can hold only 2,000 songs, then you create a smart playlist based upon those rules/limitation. Plus what type of music you like.
  You have a incredible degree of control with smart playlists, they update automatically so you only set the conditions for what goes into them. Including content from other created playlists and smart playlists.
  Then, when you hook up the smaller iPod, it has it's own sync options, "all of your music and playlists" or "only select playlists"  So you use the second option to select just the smart playlist you tailored for the new iPod.
  When you hook up the iPod Classic, only it's sync options are used, not the new iPod ones.
  I hope I explained it better this time.

• Is it possible to find out for one universe in which reports is used?

  Hi,
  Can we find out for one universe in which reports is used?
  We have universes that we used to create different reports, InfoView reports. And we need to find out in which of them.
  Regards,

  Hi Valdete,
  You can run a query for the universe using QueryBuilder:
  http://servername:port/AdminTools
  You can find out the CUID of the universe by viewing its properties. Note this CUID down.
  CUID is the longer, alpha-numeric value.
  In query builder, run the following:
  select si_name, si_webi from ci_appobjects where si_cuid='Cuid of the Universe'
  OR
  select * from ci_appobjects where si_cuid='Cuid of the Universe' (then look for SI_WEBI.
  SI_WEBI stores the object IDs of all the reports that this universe points to.
  You can then query the table ci_infoobjects, using si_id to find details of the report.
  I would also recommend you to go through the links that Ajay has posted as this provides a better insight into QB.
  Hope this helps.
  -Sid

• Is it possible to have filters for one account on 3 devices ? And have the same results/folders.

  I have one email account on 3 devices and I need to filter all received emails, on all 3 devices. Same folders and same filters.
  If I create a filter rule on one PC then I can't find the filtered emails ( that are in the new created folder on PC no.1 ) on the other devices. What can I do?

  To answer the question as stated in your topic, it's possible but not easy.
  Obviously you can enter the same filters by hand on each installation of Thunderbird, but it's tedious and error-prone. You can set them up on one machine and copy the filter files over to the other machines. Also tedious and error-prone.
  The way you describe the messages vanishing from sight suggests strongly that you're currently using POP, and this has no way of making use of shared folders. To continue working in this way, all you could do is set each client to leave a copy on the server for the others and painstakingly manage a set of filters on each and every machine, keeping them in synch by hand and careful management. (And ditto for your folders.) You'd also have to attend to the POP server from time to time to remove accumulated messages left there by your clients.
  The real answer to this and your later question is to use an IMAP-connected account, where all your data lives in one place, on the email provider's server, and all your devices simply look at and work with one common set of data. Any filtering, editing, moving, etc you did on one machine would very quickly become visible on the other machines. In fact. the ability for more than one machine to be simultaneously be working on the same message becomes a somewhat worrying possibility. It's not clear if this is a likely event in your scenario.
  Even using IMAP, if you filter at the client then you'd still have the issue of managing multiple instances of your filters, and the final part of this is to make use of filtering offered by the server; then the filtering takes place "at source" and you have just one filter set to maintain.
  If your current email provider doesn't provide IMAP, and cannot offer it, then there are many alternatives who will. If it's for business then I think you should look for a paid-for service that includes guarantees, backups and an SLA. Your domain provider should be able to offer this.
  For personal use, many of the free suppliers are worth considering. Googlemail works well, but if you're uneasy about their pervasiveness, have a look at gmx/1&1. Microsoft's hotmail/live mail/outlook.com offers IMAP. Yahoo! probably does (please check in your locality) but they have a bad track record and a lamentable reputation and I wouldn't want to entrust them with any precious material.

• I received a New Ipad Mini 32gb with WIFI Only as a gift, Is it possible to exchange it for one with 3G and WiFi

  Any Help would be greatly appreciated.

  There is the no questioned ask 14/15 day return policy with apple stores.  Ask the person who gifted it to you.
  Other than that there is MiFi.
  I recently signed up for FreedomPop.com. http://www.freedompop.com
  FreedomPop provides 500meg of free 4g cellular data per month!  You do need to buy their wireless device at $39.   There are ways of getting bonus megs.  One gig of addition data costs $10 per month.  I used about 15megs per hour of lite internet surfing.
  When signing up, you need to be careful with your selections.  On some screens, the free option is a small link below the large button.  FreedomPop employs a Pavlovian Dog < Operant conditioning > thing of getting you used to clicking on the large button then they change the large button to a paid add-on.
  Once you setup your account, you need to go to your account options screen to turn off automatic paid data download once you exceed your quota.
  The performance seems a little slower than my DSL connection.
  http://www.freedompop.com/offers.htm?experience=organic.default
  http://www.freedompop.com/coverage
  Get it before they go broke.
  Robert

• How do I add an iTunes account? Is it possible to have multiple for one computer?

  So I just got an iPad 2 and I want to set it up, but the computer I'm going to be setting it up on isn't with my iTunes account. Is there a way to add my account to this computer/iTunes in order for my iPad to sync with MY library? Any suggestions will help Thank you!!!!

  You don't need an iTunes account to set up an iPad.
  natallyfromthelo wrote:
  So I just got an iPad 2 and I want to set it up, but the computer I'm going to be setting it up on isn't with my iTunes account. Is there a way to add my account to this computer/iTunes in order for my iPad to sync with MY library?
  How are you going to sync it with YOUR library if you are not going to connect to the computer with YOUR library?

• How do I add multiple emails for one contact to the same group list?

  When trying to set up a group email list using address book, is there a way to include multiple emails for the same contact to one group.  For example I'm trying to set up a baseball team group email.  Some kids want emails sent to both mom and dad which have different emails.  I currently have them in my address book as the boy's name with the emails listed as mom and dad.  I can add one "mom" to the list but when I compose the email, it will use the most recent email used.  I would like the group to contain both addresses for mom and dad without setting up to different contacts for the same player.

  var cToAddr = this.getField("saManager").value + ";" + this.getField("ManagerEmail").value;

• I'm running out of memory on my iPad mini. Can I trade up for one with more memory?

  I have 32g memory & have removed a lot I don't need. Is it possible to trade up for one with more memory?

  Apple does not take trade ins as such. You could sell it outright and then purchase another model with more storage capacity. You might want to see what gazelle.com will give you for the device, but you always do better selling it outright.
  There are external WiFi drives that you can purchase to use with your iPad if that is of any interest to you.
  http://www.seagate.com/external-hard-drives/portable-hard-drives/wireless/seagat e-satellite/
  http://www.sandisk.com/products/wireless/flash-drive/
  http://www.airstash.com/

• Multiple destinations for one file?

  I'd like to have two destinations for one file - ie, local and on an FTP server. I ask because I've had the FTP fail, and can't find where Compressor stashed the render locally. Failing that, can I at least test the FTP connection (like in AfterEffects) before I commit to an hours-long encoding job?

  Too Bad compressor doesn't have more than 1 destination, but if you want to find the temp file, the files are normally kept in /var/spool/qmaster , you can reveal this from the finder using the GO > GO TO FOLDER command, then typing in the above path. Of course you can change this temp space in the qmaster preferences in the System Preferences pane to any other folder you like.

• How do i Buy an iCloud Plan, as organizer, for one of my Family group members?

  I am trying to use my Apple ID account, and the card associated, to buy an ICloud Plan, for a member in my Family group.  But when buying, the option asks for a credit card, on this family member account.
  How do I make the parchase, as promoted by the system (others used your card to make purchases)?
  Thank you.

  Hello manue_berrocal
  Is this when you try to upgrade on the device that needs the upgrade? Check out the article below for the steps to upgrade the iCloud storage.
  iCloud storage upgrades and downgrades
  http://support.apple.com/kb/ht4874
  Regards,
  -Norm G.

• Query for local admins

  What is the query for finding out who all has local admin access on there workstations?

  Here are some examples:
  http://portal.sivarajan.com/2011/09/search-ad-and-list-local-administrator.html
  http://portal.sivarajan.com/2011/10/search-ad-collect-local-admin-group.html
  http://portal.sivarajan.com/2011/04/list-local-administrator-group-members.html
  Santhosh Sivarajan | Houston, TX | www.sivarajan.com
  ITIL,MCITP,MCTS,MCSE (W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),Network+,CCNA
  Windows Server 2012 Book - Migrating from 2008 to Windows Server 2012
  Blogs: Blogs
  Twitter: Twitter
  LinkedIn: LinkedIn
  Facebook: Facebook
  Microsoft Virtual Academy:
  Microsoft Virtual Academy
  This posting is provided AS IS with no warranties, and confers no rights.

• Remove Send-As for domain admin groups

  With referring to below link.
  http://social.technet.microsoft.com/Forums/exchange/en-US/d2e97e64-536a-4c46-8e57-e0ac6a4ad64e/how-do-i-remove-domain-admins-send-as-settings-for-all-users?forum=exchangesvradminlegacy
  The solution work perfectly for normal user but for user whose member of Domain Admin as well, the send-as will revert back from Deny to Allow after a while.
  I have a user who member of domain admins group, say User A. Since we want to remove the send as for all users (including User A), I did followed the steps, Denied Send-As for Domain Admins group for User A.
  However, after for while it return back to Allow.

  The permissions on members of special groups is managed by the AdminSDHolder and SDProp.
  http://technet.microsoft.com/en-us/magazine/2009.09.sdadminholder.aspx
  The way to deal with this is to give your domain admins (and any other admins) a separate account and to remove their "normal" account from any privileged groups (and to reset the adminCount property and "allow inheritance" on the "normal" account). Do NOT
  give the admins a mailbox.
  If you can't do that, then deny the Domain Admins group the "Send As" and "Receive As" permission at the organization level in the AD's configuration container. Use ADSIEDIT to do that here:
  CN=<Organization>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<domain>,DC=<tld>
  --- Rich Matheisen MCSE&I, Exchange MVP