IT Policy Removal
Full disclosure - I did post this question on another forum and I just want to make sure I have the correct response.
I just purchased BB8900 Curve from someone who works at a company.
I found out from my carrier that my device is IT Policy Enabled.
For example, under Options>Status and typing BUYR - the voice and data usage showed IT Policy Enabled. Under Options>Security Optoions>General Settings, it displayed the IT Policy with the company name.
I went to the blackberry website and found the following:
How to remove an IT policy from a BlackBerry smartphone
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB14202&sliceId=1&docTy... 0 399934056
There are 3 options - 2 of which involve the company's IT department. I didn't want to wait for vendor's IT department, so I used the 3rd option and I removed it myself (I believe).
When I type in BUYR under Options>Status, it shows the actual usage for voice and data (no IT Policy).
So it appears to be removed.
I have a data plan with the device but not a BES plan.
My questions:
1. Has the IT Policy been removed from my device?
2. Is it possible for whatever reason for the vendor's company to issue a IT Policy to my device remotely because they do have its info - PIN/IMEI? I hate to think that they could control my device remotely or see my emails/data?
Please help. Thank you!
Solved!
Go to Solution.
1. Yes.
2. No, you're not on their BES, you don't have a BES account, and the device is not even activated on their BES. That would require their giving you a password, and you're action to make the activation.
1. If any post helps you please click the below the post(s) that helped you.
2. Please resolve your thread by marking the post "Solution?" which solved it for you!
3. Install free BlackBerry Protect today for backups of contacts and data.
4. Guide to Unlocking your BlackBerry & Unlock Codes
Join our BBM Channels (Beta)
BlackBerry Support Forums Channel
PIN: C0001B7B4 Display/Scan Bar Code
Knowledge Base Updates
PIN: C0005A9AA Display/Scan Bar Code
Similar Messages
-
Portal password policy -- remove required numerics?
We are running OracleAS 10g (10.1.2) -- how can I change the password policy for Portal users? By default, the passwords require a numeric character, but we would like to remove that requirement...
The password policy for Portal users (or better : Single Signon Users) is stored in OiD. It can be changed through the Oracle Directory Administration Utility :
1. Start the console and login as admin user (cn=orcladmin)
2. Navigate to Password Policy Management entry
3. Click on the Password Policy for Realm <your realm>
4. Choose the Password Syntax tab
5. Change the value for 'Number of Numeric Characters in Password' to the value of your choice. -
Mail for exchange and domain group policy removing...
Hi,
I currently administer 2 domains, both server 2003 with exchange 2003. On the one domain I can configure any of our e series ( e51/e71/e72/e6) via MFE and permanently accept the untrusted SSL certificate. When I configure MFE to our other domain the option to accept the untrusted certificate has vanished..!
Anyone have any ideas? I'm sure that it's a group policy setting but I cannot spot it!turbominor wrote:
No certificates have been generated bar the ones that exchange installed by default
Hmm, I don't recall ever realizing that. Lol. In that case, what are you using as a root certificate? Nothing...which explains why the cert is untrusted? (As connections to your first Exchange server work normally, apparently you don't need a root cert for a secure connection?) I used to get mine from http://www.cacert.org/ and installed the root cert either manually or through a device management server.
I wasn't completely sure where I was going with my question, but just did a few web searches. Apparently Symbian phones don't like installing self-signed certificates. "Accepting a certificate permanently" does install the cert, although I'm not sure that's quite the same thing. You might skim http://discussions.nokia.com/t5/Eseries-and-Communicators/E72-Email-Accept-Certificate-Permanently/m... in case any of that is relevant. -
Group Policy won't apply, No mapping between account names and security IDs was done.
I am using Group Policy Preferences to remove users from the local admin group and add a local admin account. This GPO is working on 90% of the Win7 machines on the network, but three laptops are not accepting the GPO. I get the following error:
Log Name: Application
Source: Group Policy Local Users and Groups
Date: 6/24/2014 8:49:28 AM
Event ID: 4098
Task Category: (2)
Level: Warning
Keywords: Classic
User: SYSTEM
Computer: laptop1.internal.com
Description:
The user 'Administrators' preference item in the 'Local Admin Policy - Remove Permissions {593ACD77-3663-4023-BEB8-938D83F7862E}' Group Policy object did not apply because it failed with error code '0x80070534 No mapping between account names and security
IDs was done.' This error was suppressed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Group Policy Local Users and Groups" />
<EventID Qualifiers="34305">4098</EventID>
<Level>3</Level>
<Task>2</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2014-06-24T13:49:28.000000000Z" />
<EventRecordID>68771</EventRecordID>
<Channel>Application</Channel>
<Computer>laptop1.internal.com</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data>user</Data>
<Data>Administrators</Data>
<Data>Local Admin Policy - Remove Permissions {593ACD77-3663-4023-BEB8-938D83F7862E}</Data>
<Data>0x80070534 No mapping between account names and security IDs was done.</Data>
</EventData>
</Event>
I've searched high and low for an answer and nothing I find on-line seems to apply. I also notice that the option to 'Run as Administrator' does not work. If I right-click on cmd.exe and select 'run as administrator', the command box opens but
I am not prompted for credentials and the command box does not have admin rights. Not sure if this is related or not.
Any help on this would be greatly appreciated.
Thanks,
JoeHi,
Delete your remove action from the GPP and push it again, does this issue still occur?
If it still exists, let’s collect the GPP log for analysis:
Group policy Preference debug logging policy settings are located under:
Computer Configuration\Administrative Templates\System\Group Policy
Click Logging and tracing, select local users and group preference logging and trace.
Meanwhile, just a similar issue, but it is worth trying:
A user is added to the wrong group on a client computer that is running Windows 7 or Windows Server 2008 R2
http://support.microsoft.com/kb/2280515
If you have any feedback on our support, please click
here
Alex Zhao
TechNet Community Support -
REMOVING IPSEC VPN CONFIG FROM PIX 6.3 FIREWALL
Hey,
we have pix 6.3 serving as internet firewall and we are int process of replacing it with new ASA Device. currently there are several site to site and remote vpn are configured for access purposes.
i tried to remove one site2site ipsec vpn from pix and it starts acting like a loop generating the same error with qty that processor got 100% CPU, couldn't logged in through normal ssh so i connected via console and place back the isakmp and crypto map commands back in and the error stops.
My purpose of this question is that how can i remove vpn config from pix without generating any error is there any formal process or order of removing rules from pix or we can do it one by one no order is required.
MY PROCESS OF REMOVING CONFIG:
REMOVE THE ACCESS-LIST INSIDEOUT AND OUTSIDE IN COMMANDS
REMOVE THE OBJECTS AND OBJECTS GROUPS
REMOVE THE VPN DEFINED ACCESS-LIST FOR INTERESTING TRAFFIC
REMOVE CRYPTO MAP TRANSFORM-SET
REMOVE ISAKMP-POLICY
REMOVE CRYPTO MAP
WE DO USE ISAKMP SHARED KAY MECHANISM "I DID NOT REMOVE THAT "
BUT AS SOON AS I REMOVE THE CRYPTO MAP FROM THE PIX I GOT THIS ERROR
IPSEC(crypto_map_check): crypto map XYZ 20 incomplete. No peer or access-list specified.
20 IS THE ISAKMP POLICY NUMBER & Peer and Access-list was removed from pix
any help would great
regardsHi
You could do either of 2 things.
1) Enable NAT-Traversal on your ASA
2) Add the following on your pix :
fixup protocol esp-ike
This allows one IPSEC connection to run through PAT.
HTH
Jon -
can you please email me at [email protected] and let me know who to remove a posting - thank you
Hi,
Also I would like to suggest you to consider the following two workarounds:
1. There is a policy option “Remove Common Program groups from the start menu”, this policy removes Games as well as other folders in the All Users profile from the programs menu on the Start menu.
2. Create a Group Policy Preference to delete the folder "%systemdrive%:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Games"
Karen Hu
TechNet Community Support -
Step by step to disable Folder Redirection for a single user - Windows 7 and SBS 2011 Essentials
OK...I got chewed (by someone I have a lot of respect for) for pounding on an old thread, so I'm starting a new one. I've got the Windows 7 Value Pack Plugin for SBS 2011 Essentials and Folder Redirection is working for everybody. What I'm looking for is
exactly how to go into Group Policy and disable the FD for a single user. I'm not looking for quick, incomplete answers. If you don't have time to give me the 'For Dummies' version, don't bother. Sorry, but I've done all the Googling I can stand for one day
and I'm over it! (and a little grumpy)
Thanks in advance!
Wayne S. CompTIA A+ CompTIA Network+ Microsoft MCP... I've got the Windows 7 Value Pack Plugin for SBS 2011 Essentials and Folder Redirection is working for everybody. What I'm looking for is exactly how to go into Group Policy and disable the FD for a single user. I'm not looking for quick, incomplete
answers....
Hi Wayne,
Here's what I'd do.
1) create a Security Group in your AD environment. Call it 'Folder Redirection Members' or something like that. Put all the user accounts in your AD environment who you want to have their folders continue to be redirected to the server, do not include the
one user who you wish to exclude. in other words, you're going to use a specific security group to target the Folder Redirection policy (right now, it's Domain Users, which is everyone).
2) Edit the Group Policy that the W7PP created in your AD environment. It's likely called "W7PVP Folder Redirection". Start with verification under the Settings tab, expand Folder Redirection beneath User Configuration states that
Policy Removal Behaviouris set to Restore Contents. Then proceed using the Editor, to make adjustments under the Scope tab; verify membership in Security Filtering. Remove Domain Users,
add in Folder Redirection Members (or whatever you named your group in step 1).
3) on your workstation that your user you are applying the change to disable folder redirection, Log on to the domain account while connected to your network, elevate a command prompt, and perform a 'gpupdate /force' command and then reboot your computer.
Folder redirection configuration should be removed from the system and redirected contents should be restored back to your local path. Verify with inspection of the My Documents or other folders.
Hope this helps. Keep in mind, no warranty implied or expressed in this advice.
Try not to be so darn grumpy. :-/
Jason Miller B.Comm (Hons), MCSA:Win7, MCITP, Microsoft MVP -
I need a script to invert the page order of selected pages for cs5.
Hello,
I am a graphic designer and i am trying to create a easier way to make multiple page folders, By using the multiple page size feature in inDesign CS5. But my problem is that i can create the front side of the folder easier than before, the backside is my problem I need to inverse the page order manual, this creates a lot of mistakes and errors along the way. Thats why I need a script to invert the page order of the pages I select. I hope to hear from someone soon.
My best regards,
Gijs van RoijIn /gateprd/ARCHIVE/*.arc
This is the script to remove the archives after it has been backup by the netbackup policy named Archive. This policy removes the archives that have been backed up.
/home/oracle/dba/scripts> more rmovarch.sh
#!/bin/ksh
# compress /gateprd/ARCHIVE/*.arc
find /gateprd/ARCHIVE/*.arc -type f ! -exec echo {} > /home/oracl
e/dba/lists/ARCHIVElist \;
if test $(cat /home/oracle/dba/lists/ARCHIVElist|wc -l) -gt 0
then
echo "Hay archives. Se corre script de borrar"
/home/oracle/dba/scripts/ARCHIVE_BACKUP.sh ARCHIVE
else
echo "No archives!!"
fi -
I need a script to reduce the size of the Fra which has used 34 gb in space
I need an rman script to reduce the size of the Fra:
SQL> select * from v$flash_recovery_area_usage;
FILE_TYPE PERCENT_SPACE_USED PERCENT_SPACE_RECLAIMABLE NUMBER_OF_FILES
CONTROL FILE 0 0 0
REDO LOG 0 0 0
ARCHIVED LOG 0 0 0
BACKUP PIECE 0 0 0
IMAGE COPY 0 0 0
FLASHBACK LOG 69.99 19.33 2357
FOREIGN ARCHIVED LOG 0 0 0
7 rows selected.
SQL> SELECT
2 ROUND((A.SPACE_LIMIT / 1024 / 1024 / 1024), 2) AS FLASH_IN_GB,
3 ROUND((A.SPACE_USED / 1024 / 1024 / 1024), 2) AS FLASH_USED_IN_GB,
4 ROUND((A.SPACE_RECLAIMABLE / 1024 / 1024 / 1024), 2) AS FLASH_RECLAIMABLE_GB,
5 SUM(B.PERCENT_SPACE_USED) AS PERCENT_OF_SPACE_USED FROM
6 V$RECOVERY_FILE_DEST A,
7 V$FLASH_RECOVERY_AREA_USAGE B
8 GROUP BY
9 SPACE_LIMIT,
10 SPACE_USED ,
11 SPACE_RECLAIMABLE ;
FLASH_IN_GB FLASH_USED_IN_GB FLASH_RECLAIMABLE_GB PERCENT_OF_SPACE_USED
50 34.99 11.14 69.99In /gateprd/ARCHIVE/*.arc
This is the script to remove the archives after it has been backup by the netbackup policy named Archive. This policy removes the archives that have been backed up.
/home/oracle/dba/scripts> more rmovarch.sh
#!/bin/ksh
# compress /gateprd/ARCHIVE/*.arc
find /gateprd/ARCHIVE/*.arc -type f ! -exec echo {} > /home/oracl
e/dba/lists/ARCHIVElist \;
if test $(cat /home/oracle/dba/lists/ARCHIVElist|wc -l) -gt 0
then
echo "Hay archives. Se corre script de borrar"
/home/oracle/dba/scripts/ARCHIVE_BACKUP.sh ARCHIVE
else
echo "No archives!!"
fi -
HELP! Emails in Mail are suddenly gone. How do I change this?
Hello -- Using Leopard 10.5.5 and Mail 3.5. Can I change it so that Mail does not automatically delete emails? In the Mail app on my iBook, the emails never go away (unless I delete them..) Yet on my G5 and my MacPro the emails get deleted after awhile. Thanks for any input.
What type of account is this -- is this your AOL IMAP account?
In Mail, there is no option to ever delete messages in the Inbox, so what you report does not fit any setting you would be able to change. However, AOL, by policy, removes messages from your Inbox folder after 27 days. To avoid this, the messages must be moved the Saved folder. This would not be different from earlier versions of Mail on other Macs, but perhaps the passage time has made a difference?
More Info, please.
Ernie -
Hi,
I'm having the problem where a redirected start menu appears empty. Using
server 2008 R2 and the clients are Windows 7 Professional; i am getting empty start menu.
Note:- Same is working perfectly fine with Windows
XP machines.
I believe the policy is set up correctly.
Setting: Basic (Redirect everyone's
folder to the same location)
Path: \\10.x.x.x\redirection\StartMenu
Options:
Grant user exclusive rights to Start Menu - Disabled
Move the contents of Start Menu to the new location - Disabled
Also apply redirection policy to Windows 2000, Windows 2000 server, Windows XP, and Windows Server 2003 operating systems - Enabled
Policy Removal Behavior - Leave contents
Start Menu and Taskbar
Policy
Setting
Comment
Clear history of recently opened documents on exit
Enabled
Clear the recent programs list for new users
Enabled
Do not keep history of recently opened documents
Enabled
Do not search for files
Enabled
Lock all taskbar settings
Enabled
Lock the Taskbar
Enabled
Prevent changes to Taskbar and Start Menu Settings
Enabled
Remove access to the context menus for the taskbar
Enabled
Remove All Programs list from the Start menu
Enabled
Remove common program groups from Start Menu
Enabled
Remove Default Programs link from the Start menu.
Enabled
Remove Documents icon from Start Menu
Enabled
Remove Downloads link from Start Menu
Enabled
Remove Favorites menu from Start Menu
Enabled
Remove frequent programs list from the Start Menu
Enabled
Remove Games link from Start Menu
Enabled
Remove Help menu from Start Menu
Enabled
Remove Homegroup link from Start Menu
Enabled
Remove links and access to Windows Update
Enabled
Remove Music icon from Start Menu
Enabled
Remove Network Connections from Start Menu
Enabled
Remove Network icon from Start Menu
Enabled
Remove Pictures icon from Start Menu
Enabled
Remove programs on Settings menu
Enabled
Remove Recent Items menu from Start Menu
Enabled
Remove Run menu from Start Menu
Enabled
Remove Search Computer link
Enabled
Remove Search link from Start Menu
Enabled
Remove See More Results / Search Everywhere link
Enabled
Remove the Action Center icon
Enabled
Remove user folder link from Start Menu
Enabled
Remove user's folders from the Start Menu
Enabled
Remove Videos link from Start Menu
Enabled
Please help !
Regards Zargar MuneerHi Zargar,
>>Using server 2008 R2 and the clients are Windows 7 Professional; i am getting empty start menu.
This is normal, for we disabled the option
Move the contents of Start Menu to the new location. This option is enabled by default and it will automatically move the existing content to the new location.
At this moment, we can manually copy the files we want from the local locations.
Best regards,
Frank Shen -
Security manager & mention "Java Applet Window"
A simple program that displays a frame with one button in it.
The frame displays, no problem.
When a security manager is added "System.setSecurityManager(new SecurityManager());"
and the program is run again a "status bar" is added at the bottom of the frame
mentioning "Java Applet Window".
Why is that, and can it be suppressed ? (I am working in JDK 1.4)
Any tip greatly appreciatedI was dealing with this myself and just discovered that the adding the following line to my security policy removed the message:
permission java.awt.AWTPermission "showWindowWithoutWarningBanner"; -
Carrier sign still showing after wiping and reloading OS?
Hello dear users, In my thread of "application installation issues", it seems to be determined that my carrier who I got the phone from, is blocking the install of applications as I get a 910 error, application authorization failure, when i try to install an application from: www.blackberry.com/screenreader/ After some searching, I've come across BBSAK, which I use to wipe the phone and reload the oS. I've also come across the tool "vendelete" which deletes the vendor.xml files. So I do the following: 1. uninstall the original carrier OS from pc. 2. Install OS from different carrier to pc. 3. Use vendelete to get rid of the xml files which it says no xml files were found. 4. Use bbsak to wipe the oS. 5. reload the OS. But when the phone boots up, it still shows the sign of the carrier which I don't want, so i presume nothing has been updated? since when I try to install the application again, I still get the 910 error. What am i doing wrong here? Help would be much appreciated. Regards,
Solved!
Go to Solution.Pith wrote:
Hello,
Ok, is there anything else that is not being wiped apart from the splash screen?
I mean anything else that would be the cause for not being able to get passed the 910 error? apart from the IT policy which was mentioned.
Actually, the IT Policy is another thing that is not removed by other Wipe methods, nor is it removed when you install a different carriers OS to the BB. See this for the proper IT Policy removal process:
KB18998 How to reset the BlackBerry smartphone to factory defaults
If, when you do this, you take a backup first, then you MUST NOT do a wholesale restore afterwards...if you do, the IT Policy will dutifully be put back on. You must do a selective restore of only those specific databases that you require, being 100% certain to EXCLUDE from the restore any that deal with the IT Policy:
KB03974 BlackBerry smartphone database list
Also, see this for the official document from RIM regarding the 910 error.
KB12230 "Download Failed: 910 Application authorization failure" appears on the BlackBerry smartphone when installing an application
From all of your symptoms, a latent IT Policy on board the BB could be the root cause of everything, so I recommend you use the above methods and truly cleanse your BB of the IT Policy. I think I'd suggest the following steps, just to be sure that things are truly clean...also insert plenty of reboots of your PC...not just restarts, but full power down reboots. Also, it is advised that you be logged into the PC on an account with full admin rights. Further, under Vista/Win7, use the "Run As Administrator" option for everything.
1) Remove all device OS update packages from your PC (add/remove programs)
2) Cleanly uninstall the RIM Desktop Software:
KB02206 How to perform a clean uninstall of BlackBerry Desktop Software
Some have reported that manually cleansing the registry of all keys related to RIM, BB, and Puma to also be helpful
Others have reported the use of a registry cleansing tool to also be helpful
Still others have reported the use of your original PIM (e.g., Outlook, NOTES, etc.) installation CD, running the "repair" process, to be helpful in some situations
3) Get a fresh download of the RIM Desktop Software:
http://us.blackberry.com/apps-software/desktop/
4) Download (to your PC) a fresh copy of your currently installed (on your BB) device OS package from your carrier (if it's not the original carrier, then you know already to delete all copies of VENDOR.XML after installing to the PC):
http://na.blackberry.com/eng/support/downloads/download_sites.jsp
5) Install the Desktop Software to your PC
6) Install (also to your PC), the device OS package
7) If you need a backup from the BB, take a full one now:
KB23680 Backup BlackBerry smartphone data using BlackBerry Desktop Software 6.0 to 7.0
8) Perform the ResetToFactory
KB18998 How to reset the BlackBerry smartphone to factory defaults
9) If you want a different OS on the BB, then remove the OS Package from your PC and install the one you desire onto your PC (but not yet to your BB)...again, remove VENDOR.XML files if the package is not from the BB's original carrier.
10) Use BBSAK to wipe the BB and then load the OS to the BB
11) If you took the backup in step 7, use that as source for a selective restore, including only the databases you require and excluding all databases that have anything to do with the IT Policy:
KB10339 How to use BlackBerry Desktop Software to restore data to a BlackBerry smartphone from a backup
12) Now see if you can proceed with installing apps
Good luck and let us know!
Occam's Razor nearly always applies when troubleshooting technology issues!
If anyone has been helpful to you, please show your appreciation by clicking the button inside of their post. Please click here and read, along with the threads to which it links, for helpful information to guide you as you proceed. I always recommend that you treat your BlackBerry like any other computing device, including using a regular backup schedule...click here for an article with instructions.
Join our BBM Channels
BSCF General Channel
PIN: C0001B7B4 Display/Scan Bar Code
Knowledge Base Updates
PIN: C0005A9AA Display/Scan Bar Code -
Custom Distribution Group management role (manager excpeiton)
My organization is medium size with multiple support groups (15+) that each support a subset of users (350+). I want to create a management role that is scoped so each support group can manage the distribution groups in their respective OU space.
By manage I mean edit the group membership. I realize I can achieve this with AD permissions but I’d like to achieve this in a way that leverages RBAC so the support groups can use OWA. I also want to leverage RBAC\OWA because not all my support groups are
technical, some are office admins. Anyways, below is what I’ve tried in my lab scoped to one of my support groups.
Using the cmdlets below I’ve created a custom management scope, role and group. However, this does not work. While it lets my sales support group view and edit some random attributes on the group, it fails when they try to edit the group membership. In other
words, they can logon to OWA, click options\see all options\manage your organization\distribution groups\open the group\edit description etc. but when they select “Add…” under membership then select the user and hit ok\save they get the error “you don’t have
sufficient permissions. this operation can only be performed by a manger of the group”.
New-ManagementScope -Name “Sales Support DG MScope” -RecipientRestrictionFilter {RecipientType -eq "MailUniversalSecurityGroup"} -RecipientRoot “lab.com/sales”
New-ManagementRole -name “Sales Support DG MRole” -Parent "Distribution Groups"
New-RoleGroup -name “Sales “Sales Support DG MGroup” -Roles "Sales Support DG MRole" -CustomRecipientWriteScope "Sales Support DG MScope"
When I do as the error asks (i.e. add my support user as a manager of the group via the EMC), then my support user is able to edit the group's membership in OWA. The problem with this solution is that it would require me to add my support users to my role
group “Sales Support DG MGroup” AND as a manager of the DG and every DG that is created down the line. Not ideal. Any ideas, some RBAC magic I’m missing?
Below confirms by scope.
Get-Group -OrganizationalUnit “lab.com/sales” | ?{$_.RecipientType -eq "MailUniversalSecurityGroup"}
Name DisplayName SamAccountName GroupType
distro1 distro1 distro1 Universal, SecurityEnabled
distro2 distro2 distro2 Universal, SecurityEnabled
distro3 distro3 distro3 Universal, SecurityEnabled
On a side note, I realize by sourcing my management role off of distribution groups gives me more cmdlets\access than my support group needs (see below). I’m first just trying to get it to work :).
Get-ManagementRole “Sales Support DG MRole” | Get-ManagementRoleEntry | select name
Name
Add-DistributionGroupMember
Disable-DistributionGroup
Enable-DistributionGroup
Get-ADServerSettings
Get-AcceptedDomain
Get-DistributionGroup
Get-DistributionGroupMember
Get-DomainController
Get-DynamicDistributionGroup
Get-Group
Get-MailUser
Get-Mailbox
Get-OrganizationalUnit
Get-Recipient
Get-ResourceConfig
Get-User
New-DistributionGroup
New-DynamicDistributionGroup
Remove-DistributionGroup
Remove-DistributionGroupMember
Remove-DynamicDistributionGroup
Set-ADServerSettings
Set-DistributionGroup
Set-DynamicDistributionGroup
Set-Group
Set-OrganizationConfig
Update-DistributionGroupMember
Write-AdminAuditLogHello,
I understand that you have create custom management scope for each group and assigned a custom role to it.
But whenever user try to edit (add/remove membership ) ,it shows errors "you dont have sufficient permissions". I face similar problem when we move from 2007 to 2010, 2010 by default disabled editing options for Dl membership.
You can enable it by Graphic mode or powershell. Would suggest that you have created custom role, you follow powershell mode. I had written a blog on that.
Check below link. http://exchange2010cmd.blogspot.de/
You have created new management role “Sales Support DG MRole”, but you need to assign this role to users/administrators in your case through role assignment policy.
You can either use existing default policy or create new policy and assign this management role to it.
Use below cmd: New-ManagementRoleAssignment -Role “Sales Support DG MRole” –Policy “Default Role Assignment Policy”
NOTE: If you are creating new policy , place that name instead of default policy name".
I recommend you continue with defalut policy. After this check with any admin, he should have rights to edit membership.
Now, regarding your second concern, that your custon role has to many role entries.
You can remove unwanted role entries.
Use this cmd: Get-ManagemenRoleEntry “Sales Support DG MRole\*” | where{ $_.name –like “Set-distributionGroup” } | remove-managementroleentry
Before linking management role to email policy, remove unwanted role entry from role.
I tried to explain it in easy way, but still it is not understood, write back to me. I am new to technet forum, I started few days back replying to questions. If you get your answer,dont forget to propose it as answer. -
BW Hana Trial on AWS, not authorized
An error from Amazon Web Services occurred: AMAZON : User: arn:aws:iam::767900948628:user/SRI1 is not authorized to perform: iam:GetUser on resource: arn:aws:iam::767900948628:user/SRI1
Hi I'm getting this error when I tried to create the Instance on AWS, I have went through the FAQ's but not able to compelete this,
appreciate your response on this.
Thanks
Sriaknth MHello Dave,
i have made a test in CAL. I created a new group in IAM and then added the following four roles:
1 Groups Selected
Group: new
Users
Permissions
Summary
This view shows all policies that apply to this group.
Policy Name
Actions
AmazonEC2FullAccess-new-201404291610 Show
Manage Policy | Remove Policy | Simulate Policy
AmazonVPCFullAccess-new-201404291625 Show
Manage Policy | Remove Policy | Simulate Policy
AWSAccountUsageReportAccess-new-201404291625 Show
Manage Policy | Remove Policy | Simulate Policy
ReadOnlyAccess-new-201404291625 Show
Manage Policy | Remove Policy | Simulate Policy
Then created a new user inside this group and generated credentials for this user.
Added a CAL account and successfully started an instance in our UI.
The user has no polices attached to it. I did not get any errors in CAL.
Could you please tell us where did you get this error, on which action in CAL?
Is the process of creating IAM permissions the same, as mine?
Best Regards,
Aleksandar
Maybe you are looking for
-
Sharing itunes library among multiple computers?
Hey all, We are a Mac family. We have an iMac and a Powerbook, and I recently bought an iBook for my wife. We'd love to be able to share our iTunes library among the computers. Is there an easy way to set this up? Any help would be greatly appreciate
-
What replacement SSD should I get for iMac Model A1225
With a failed hard disk in my iMac, What is the best and most suitable replacement available. Disk space isn't really a factor, >120GB will suffice, my primary concern is getting the right make/model to fit my imac.
-
can I record a skype conversation on garageband? Is it just a question of opening it up setting the appropriate input and output settings and then recording?
-
A person can have multiple assignments as an employee.
I'm interested for the architecture using 2 PERNR. A person can have multiple assignments as an employee. To make a distinction between employment relationships (employees = 0EMPLOYEE) and real people (0PERSON), the person is an attribute of the empl
-
Intercompany STO Delivery Creation
Hi Experts Scenario: Intercompany STO Delivery creation. When delivery creation though Tcode - VL10B, in the shipping side if no enough stock, is it possible stop creating delivery orders and to throw error. I dont want to use the P.O side ATP chec