Limit Administrator Access to only OS Level functions on a Windows 2003 (and up) Domain Controller Server

<p>I have read several articles such as:</p><p>1.&nbsp; <a href="http://social.technet.microsoft.com/Forums/windowsserver/en-US/9c723f4a-51a7-4844-9dc6-0017355d694c/limited-administrative-on-domain-controller?forum=winserverDS">http://social.technet.microsoft.com/Forums/windowsserver/en-US/9c723f4a-51a7-4844-9dc6-0017355d694c/limited-administrative-on-domain-controller?forum=winserverDS</a></p><p>2.&nbsp;
Active_Directory_Delegation.doc</p><p>Consider that a domain controller, doing no other functions than domain based functions (ie no file server, printer or app server) - is managed in two parts:&nbsp; The OS-only level, to read log files,
server health monitoring, install OS-level Micrsoft security patching and the second part being Domain management level - Users and Computers, Domains and Trusts, etc).</p><p>For a given domain controller server, an outsourced support&nbsp;group&nbsp;needs
to be responsible for the OS-only level access - they need no access to the Domain management level functions so they can fufill contractual obligations (SLAs) for server uptime, patching etc.&nbsp; </p><p>For the same given domain controller
server above, there is an internal (non-outsourced) support group that will perform all Domain management level functions only.&nbsp; They want to manage the Domain on the Domain Controller servers, want the Outsourcer to manage the VM and OS-related tasks,
but DO NOT want them to be able to access and change information in Users and Computers, Domains and Trusts etc.&nbsp; </p><p>With that explaination, would putting the Outsourcer's AD-based account IDs in the Server Operators group alone be
sufficient to allow OS-level management, like patching, reboots, etc but disallow access to Domain Management functionality (Users and Computers etc) - or does it need to be a combination of built in groups and delgated rights?</p><p>Please consider
that I am seeking a technical solution here&nbsp;- do not respond with "either trust your Domain Administrators or keep your junior admins from the server" as that is not a viable solution.&nbsp; </p>
Jason B. Allen

Hi Jason,
According to your description, you want to assign the OS-level management and Domain management rights to two groups separately, right?
Based on my research, members of Server Operators group don’t have sufficient rights to install updates for Domain Controllers, you can refer to this article below:
Default groups
http://technet.microsoft.com/en-us/library/cc756898(v=WS.10).aspx
You can configure Allow non-administrators to receive update notifications group policy so that non-administrative users will be able to install all optional, recommended, and important updates content for which
they received a notification, except some updates which contain User Interface, End User License Agreement and so on, which still require domain admin credentials.
To enable non-administrator users the ability of logging onto and shutting down DCs,
Allow logon locally and Shut down the System rights should be granted.
In addition, reading logs and monitoring server performance rights are included on Performance Log Users and Performance Monitor Users groups.
More information for you:
Step 5: Configure Group Policy Settings for Automatic Updates
http://technet.microsoft.com/en-us/library/dn595129.aspx
User Rights Assignment
http://technet.microsoft.com/en-us/library/cc780182(v=WS.10).aspx
I hope this helps.
Amy Wang

Similar Messages

  • Remote desktop connection limit in windows 2003 administration as well as in the mixed environment of windows 2003 and 2008 servers

    RDP protocol i.e. Remote desktop connection is configured to perfrom and manage  software administration of ORACLE application and database servers which runs on windows 2003 server.   Two sessions are allowed on each of these servers for database
    administrators. The question is: 
    a) if network administrators who perform window server administration (50+) are included in
    2 sessions limit or do they manage all these servers through Console Session which is separate from the remote desktop connection limits of 2 sessions.  
    b) How is the 2 sessions  limit prescribed by microsoft (more of a licensing limit) handled in the mix environment of windows 2003 and 2008 server where all these servers are managed on the VMWARE?
    avnish sharma

    Hi Avnish,
    Thank you for posting in Windows Server Forum.
    By default any windows server will provide 2 remote session for administration purpose only. No matter which administrator is accessing that server. If you will connect the console session then 3.One server is accessed by 3 Session (console + Remote +
    Remote). When the particular server reached this limit then any working administrator will receive a message to log out as other user trying to access the session or if we had provided the setting then new user is restricted to login.
    If you want more than 2 remote desktop session than you need to purchase TS\RDS CAL, install TS\RD Licensing role, activate it first and then configure CAL on it. There are 2 types of CAL available (USER & DEVICE). You can purchase CAL according to your
    company requirements.
    Hope it helps to understand!
    Thanks.
    Dharmesh Solanki
    TechNet Community Support
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • Windows 2003 and windows 7 access compability

    Hi,
    I am now using IBM server with windows 2003 32 bit operating system and clients are windows xp and windows 7. I want to know that if I convert all clients to windows 7. Is there any connectivity/accessing issues to server.
    Is there any compability / accessing issues within windows 2003 and windows 7?
    Thanks in advance

    Hello,
    Windows Server 2003 is going out of support 2015.
    Windows 7 works together with it without  problems.
    If this is a domain you have to be aware that GPO settings for Windows 7 should be configured from a Windows 7 machine with RSAT installed, otherwise lot of settings are not available within Windows Server 2003.
    Also you have to think about server stored profiles, if used, as the .V2 profiles are used with Windows 7 and the older profiles will not work for users logging on to the Windows 7 machines.
    Maybe there is more to consider but therefore the information you have provided is too less.
    Best regards
    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/
    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

  • Ok, taking the leap. Tossing out all Windows servers and going with Lion Server only!

    Help! We are retiring our Windows 2000 server (finally) and going with Lion Server only. We are transitioning from Windows to Mac and have 30 PC's running XP and a few scattered Windows 7 PC's (Lab). We have teachers and staff using Mac computers. Can I authenticate my windows pc's to Lion server?

    1. We are running lion on the old Xservs because we had them. Thought they still would be good file servers. And we thought Lion would work on them but know that mountain lion will not
    2. We have looked up some errors and they have to do with spotlight not getting index finnished with all the adobe files in folders, subfolders and subsubfolders. The vnode errors have something to do with lots ofmopen files but we do not know why. Maybe all these many directiries of files in deep hierarchy of adobe CS which the department does shared work directly on the server is issue. We have tried to get them tomuse as archive only but they do not habe a clue how to do shared work on separate clients. This deparment is not very savy in use but imtense Adobe CS users and my concern is these old file servers cannot take this kind of use.?
    Imposted the logs because i have no clue to why they keep filling up (the vnodes).

  • Visual administrator access - view only access

    Are there any roles available for just view access to Visaul Administrator tool? 
    We would like to give view access to the development team if that is possible...thanks..

    Hi,
    There no such type of Access providing to the developers
    We have to Login into VA with J2EE User itself. So no Chance
    Check with this Link if Helpfull
    http://www.erpgenie.com/sap/netweaver/xi/xiauthorizations.htm
    Regards
    Seshagiri
    Edited by: N V Seshagiri on Feb 19, 2008 5:26 AM

  • How to limit sharing apps to only two devices? because i have an iPod touch and an iPad. i just want to limit the sharing of apps to those two.

    how to limit sharing apps to only two devices? because i have an iPod touch and an iPad. i just want to limit the sharing of apps to those two. because my brother is using my apple id too on his ipod. i want to limit it to mine only. tnx!

    You can go into settings and turn sharing off in the programs on the device you don't want to share too.

  • The specified forest functional level is invalid. "Lync Server" requires forests running in Windows 2003 mode or higher.

    Dear Support Team,
    i am having the error ''The specified forest functional level is invalid. "Lync Server" requires forests running in Windows 2003 mode or higher'' from lync 2013 during the schema master prepare on windows server 2008r2 and my forest functional
    level are 2008r2.. so can you help me please...?

    Dear Support Team,
    in my network there are one forest and two domain controller (primary and secondary).. my domain functional
    level is windows server 2008r2.. but i am still receiving error.. when i hit the run button for schema prepare its says:
    ServerSchemaPrepareTask execution failed on an unrecoverable error.
    and when i open log it sasys: 
    Error: The specified forest functional level is invalid. "Lync Server" requires forests running in Windows 2003 mode or higher.
    kindly help me

  • Help - Administrator Access

    I have recently tried to update my MacBook and have been unable to as I seem to have lost administrator access!!
    I have tried a number of times and keep on getting locked out. Is there anyway you can 'start again' and reset administrator user name and password - I have all original discs etc. The problems seems to have happened since I installed Leopard.
    Any help gratefully received!!

    Thank you for the link to the article - I managed to get to the reset password link, however every time I clicked on it it partly opened and then defaulted back to the original problem stating there was a problem.
    Do you have any other ideas please?

  • Administration tool read only access

    I was wondering if there is a read only access to the administration tool.
    What i am trying to do is to test the repository Build with best practices since this repository is live and done by a group of developers -
    Since i joined recently and wanted to know what resources i need to get to view and test the repository.
    I was wondering if there is a read only access to admin tool , not sure about this and also do i need oracle BI installed on my local machine to view the repository.
    If not ,is there a way where i can get to see the repository without having the priviledges to do any modification or save changes to the repositoryin online or offline mode
    Thanks Deva ...
    Edited by: UOOLK on 01-Jun-2012 02:48

    Hi,
    If you want to switch your RPD read only mode to online/Offline mode
    try to re start your bi server and then try to access it RPD (online/offline mode)
    Setting rpd in read only mode:
    users wants to access the RPD in online mode then do below setting in NQSConfig.ini but this will refrain u developers as well to do any change in online mode...
    Refer Section: READ_ONLY_MODE
    http://download.oracle.com/docs/cd/E12096_01/books/AnyInConfig/AnyInConfigNQSConfigFileRef11.html
    otherwise you can give it copy of RPD(he can access it via offline mode)
    if your using obiee11g,
    Read-Only issues on a new install of OBIEE 11g:(always opens it in Read-Only mode)
    Login to Oracle Enterprise Manager Goto -> Business Intelligence -> coreapplication
    Click - Capicity Managment Tab in Right side -> Performance -> Check Disable Disallow Online RPD Updates
    Thanks
    Deva
    Edited by: Devarasu on Jun 1, 2012 6:01 PM

  • How am I to be able a user to grant access only to see a procedure / function without execute,compile,edit and drop?

    how am I to be able a user to grant access only to see a procedure / function without execute,compile,edit and drop?

    Sorry GregV but thank you, are you sure you can only be done by setting a PC? Can not by giving them certain privileges of a PC?
    PL \ SQL that we use a portable version.
    So actually like this, user A is only used by the X, user A wants to provide read-only access to user B is only used by Y (another PC) to the procedures / functions held user A. How do you?

  • Administrator access only

    I am going to be taking my Mac Pro to an Apple authorize repair dealer. I have files on my hard drive that I want to keep private so I have file vault turned on. I have two users configured on my Mac. One is the administrator that has full access to my computer. The second user that does not have administrator access (can't have access to my files). When I drop my Mac off at the Mac dealer to have a new battery installed, install more ram memory, diagnose why my computer is not starting properly when I push the start up button on computer, and find out why my computer is not awaking from sleep. Will the technician be able to do these proceeders logged on as an user of my computer, who does not have administrator access to my computer?

    They might need admin access. If you do a backup of your computer, turn File Vault off, and remove the files, the techs will be able to work much easier.

  • We have two users that have been using Creative Cloud for almost a year. Recently, sometime in the last 4ish weeks, the users can no longer run Creative Cloud apps. (Yes, our subscription is paid.) Error simply says administrator access is required

    We have two users that have been using Creative Cloud for almost a year. Recently, sometime in the last 4ish weeks, the users can no longer run Creative Cloud apps. (Yes, our subscription is paid.) Error simply says administrator access is required to install. The apps have already been installed. The users cannot run them unless they are in the local admin group.Using "Run as admin" does not work. It gives the same error.
    I have opened a case with adobe support and was basically told to suck it up and put the users in the admin group. Actually, what was said was that it is "mandated that the users have administrative rights". 
    There are a couple of things wrong with this. It was working for both users until recently - a recent required creative cloud update. The users have never been local admins yet the apps were working (poorly, but working).
    We are in an enterprise environment and users simply do not have administrative rights on the computers.
    I have changed permissions on all adobe folders, granting users or authenticated users modify or full control rights, did the same in whatever Adobe registry HKLM keys I could find. Nothing has allowed the users to run the apps - unless they are put in the local admin group.
    Someone has to have a fix for this. Adobe apps have proved to have far too many vunerabilities to even entertain the idea of elevating user rights. I can't imagine that enterprise environments are allowing this.
    Any help or suggestions are greatly appreciated.

    Jeff,
    Thank you for your response. The users in question are "standard" domain users. We do not reduce users permissions below the standard level.
    The apps do not load with their current standard user permissions.
    The thing that makes this odd, is that up until recently they did this issue with cloud apps. The only way I can make it work for them now is to put them in the local administrator group on their pc's - which is not going to happen.
    This is what they now see. As I said before, this was not a problem up until recently they would see all their available apps. If I put them in the local admin group the apps are listed without having to install. Everything is there, just not accessible to the user.

  • Need thread safe way to access read-only objects

    I have been working on a lot of projects and all the developers agree that they want thread safe code when called by many threads. It's rare developers are making statement like: "Data are not corrupted often so don't bother" or "It's not thread safe, but that will not often create issues".
    In TopLink client session itself is thread safe but not the persistent object themselves. Via client session, if you want thread safe access you need to put a lock on CacheKey and it's not a public/supported API. So the only thread safe access is via unit of work.
    We would like fast access to objects. We have a batch process that just need read-only access to objects. We need to read via unit of work to get thread safe access. But we just need the clone when we read via unit of work, we don't need the backup for change detection.
    However, TopLink doesn't have a mean to do that.
    Please push implementation of Bug5998333[WANT THREAD SAFE AND CORRECT ISOLATION WITH OBJECTS FROM ADDREADONLYCLASS]
    In Hibernate, by design, all access are always thread safe. Accessing read-only object just create one copy (a clone), no backup needed.
    Oracle claims that TopLink is fast. I wonder if their performance testing code is thread safe, so access objects via unit of work or they take the shortcut of accessing objects from client session. Also, reliable performance comparison should use conform in unit of work.

    As you stated the UnitOfWork offers you your desired functionality, you would just like an improvement in performance.
    In TopLink 10.1.3 (or 11g preview) you have a few options:
    - Use a UnitOfWork an live with the slight overhead of the back copies (it will only add 5-30 % overhead to your processing)
    - Instead use an isolated client session, this will not require any cloning or backup clones, but also does not allow any caching.
    - Use change tracking, TopLink added attribute-level change tracking in 10.1.3, when used the UnitOfWork does not create backup clones. In 10.1.3 it was mainly used for CMP and requires code generation, but you could implement or weave the code yourself. In TopLink 11g, change tracking is weaved by default with JPA and the weaver can also be used with POJO objects.
    I agree that having a feature to mark an object as transactionally read-only would be desirable, it seems like you have logged the enhancement. You could try escalting the enhancement through Oracle support, but since it is an enhancement and not a bug, it is probably beyond what support offers. You may wish to investigate services, or potentially join the open source Eclipse EclipseLink project which the next version of TopLink is being developed under and take part in the feature yourself.

  • Looking for some best practice regarding Content Administrator access

    Hi. I am looking for some best practice or rule of thumb from SAP or from different companies how they address Portal Content Administrator access in Production environment. Basically, our company is implementing portal to work with SAP BW.  We are on SP 9. Basically, I am trying to determine if we should have 1-2 Portal Content Administrator in Production with 24/7 access or we should limit them from NOT having this.  Can you share with me some ideas of what is right? and what is not?
    Should we have access in Production? Or Should we have this access but limited? By the way, our users are allow to Publish BI reports/queries into Production.

    Hello Michael,
    Refer to this guide about managing initial content in portal.
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/00bfbf7c-7aa1-2910-6b9e-94f4b1d320e1
    Regards
    Deb
    [Reward Points for helpful answers]

  • Bulk collect limit 1000 is looping only 1000 records out of 35000 records

    In below code I have to loop around 35000 records for every month of the year starting from Aug-2010 to Aug-2011.
    I am using bulk collect with limit clause but the problem is:
    a: Limit clause is returning only 1000 records.
    b: It is taking too much time to process.
    CREATE OR REPLACE PACKAGE BODY UDBFINV AS
    F UTL_FILE.FILE_TYPE;
    PV_SEQ_NO NUMBER(7);
    PV_REC_CNT NUMBER(7) := 0;
    PV_CRLF VARCHAR2(2) := CHR(13) || CHR(10);
    TYPE REC_PART IS RECORD(
    PART_NUM PM_PART_HARSH.PART_NUM%TYPE,
    ON_HAND_QTY PM_PART_HARSH.ON_HAND_QTY%TYPE,
    ENGG_PREFIX PM_PART_HARSH.ENGG_PREFIX%TYPE,
    ENGG_BASE PM_PART_HARSH.ENGG_BASE%TYPE,
    ENGG_SUFFIX PM_PART_HARSH.ENGG_SUFFIX%TYPE);
    TYPE TB_PART IS TABLE OF REC_PART;
    TYPE REC_DATE IS RECORD(
    START_DATE DATE,
    END_DATE DATE);
    TYPE TB_MONTH IS TABLE OF REC_DATE;
    PROCEDURE MAIN IS
    /* To be called in Scheduler Programs Action */
    BEGIN
    /* Initializing package global variables;*/
    IFMAINT.V_PROG_NAME := 'FULL_INVENTORY';
    IFMAINT.V_ERR_LOG_TAB := 'UDB_ERR_FINV';
    IFMAINT.V_HIST_TAB := 'UDB_HT_FINV';
    IFMAINT.V_UTL_DIR_NAME := 'UDB_SEND';
    IFMAINT.V_PROG_TYPE := 'S';
    IFMAINT.V_IF_TYPE := 'U';
    IFMAINT.V_REC_CNT := 0;
    IFMAINT.V_DEL_INS := 'Y';
    IFMAINT.V_KEY_INFO := NULL;
    IFMAINT.V_MSG := NULL;
    IFMAINT.V_ORA_MSG := NULL;
    IFSMAINT.V_FILE_NUM := IFSMAINT.V_FILE_NUM + 1;
    IFMAINT.LOG_ERROR; /*Initialize error log table, delete prev. rows*/
    /*End of initialization section*/
    IFMAINT.SET_INITIAL_PARAM;
    IFMAINT.SET_PROGRAM_PARAM;
    IFMAINT.SET_UTL_DIR_PATH;
    IFMAINT.GET_DEALER_PARAMETERS;
    PV_SEQ_NO := IFSMAINT.GENERATE_FILE_NAME;
    IF NOT CHECK_FILE_EXISTS THEN
    WRITE_FILE;
    END IF;
    IF IFMAINT.V_BACKUP_PATH_SEND IS NOT NULL THEN
    IFMAINT.COPY_FILE(IFMAINT.V_UTL_DIR_PATH,
    IFMAINT.V_FILE_NAME,
    IFMAINT.V_BACKUP_PATH_SEND);
    END IF;
    IFMAINT.MOVE_FILE(IFMAINT.V_UTL_DIR_PATH,
    IFMAINT.V_FILE_NAME,
    IFMAINT.V_FILE_DEST_PATH);
    COMMIT;
    EXCEPTION
    WHEN IFMAINT.E_TERMINATE THEN
    IFMAINT.V_DEL_INS := 'N';
    IFMAINT.LOG_ERROR;
    ROLLBACK;
    UTL_FILE.FCLOSE(F);
    IFMAINT.DELETE_FILE(IFMAINT.V_UTL_DIR_PATH, IFMAINT.V_FILE_NAME);
    RAISE_APPLICATION_ERROR(IFMAINT.V_USER_ERRCODE, IFMAINT.V_ORA_MSG);
    WHEN OTHERS THEN
    IFMAINT.V_DEL_INS := 'N';
    IFMAINT.V_MSG := 'ERROR IN MAIN PROCEDURE ||IFMAINT.V_PROG_NAME';
    IFMAINT.V_ORA_MSG := SUBSTR(SQLERRM, 1, 255);
    IFMAINT.V_USER_ERRCODE := -20101;
    IFMAINT.LOG_ERROR;
    ROLLBACK;
    UTL_FILE.FCLOSE(F);
    IFMAINT.DELETE_FILE(IFMAINT.V_UTL_DIR_PATH, IFMAINT.V_FILE_NAME);
    RAISE_APPLICATION_ERROR(IFMAINT.V_USER_ERRCODE, IFMAINT.V_ORA_MSG);
    END;
    PROCEDURE WRITE_FILE IS
    CURSOR CR_PART IS
    SELECT A.PART_NUM, ON_HAND_QTY, ENGG_PREFIX, ENGG_BASE, ENGG_SUFFIX
    FROM PM_PART_HARSH A;
    lv_cursor TB_PART;
    LV_CURR_MONTH NUMBER;
    LV_MONTH_1 NUMBER := NULL;
    LV_MONTH_2 NUMBER := NULL;
    LV_MONTH_3 NUMBER := NULL;
    LV_MONTH_4 NUMBER := NULL;
    LV_MONTH_5 NUMBER := NULL;
    LV_MONTH_6 NUMBER := NULL;
    LV_MONTH_7 NUMBER := NULL;
    LV_MONTH_8 NUMBER := NULL;
    LV_MONTH_9 NUMBER := NULL;
    LV_MONTH_10 NUMBER := NULL;
    LV_MONTH_11 NUMBER := NULL;
    LV_MONTH_12 NUMBER := NULL;
    lv_month TB_MONTH := TB_MONTH();
    BEGIN
    IF CR_PART%ISOPEN THEN
    CLOSE CR_PART;
    END IF;
    FOR K IN 1 .. 12 LOOP
    lv_month.EXTEND();
    lv_month(k).start_date := ADD_MONTHS(TRUNC(SYSDATE, 'MM'), - (K + 1));
    lv_month(k).end_date := (ADD_MONTHS(TRUNC(SYSDATE, 'MM'), -K) - 1);
    END LOOP;
    F := utl_file.fopen(IFMAINT.V_UTL_DIR_NAME, IFMAINT.V_FILE_NAME, 'W');
    IF UTL_FILE.IS_OPEN(F) THEN
    /*FILE HEADER*/
    utl_file.put_line(F,
    RPAD('$CUD-', 5, ' ') ||
    RPAD(SUBSTR(IFMAINT.V_PANDA_CD, 1, 5), 5, ' ') ||
    RPAD('-136-', 5, ' ') || RPAD('000000', 6, ' ') ||
    RPAD('-REDFLEX-KA-', 13, ' ') ||
    RPAD('00000000-', 9, ' ') ||
    RPAD(IFMAINT.V_CDS_SPEC_REL_NUM, 5, ' ') ||
    RPAD('CD', 2, ' ') ||
    RPAD(TO_CHAR(SYSDATE, 'MMDDYY'), 6, ' ') ||
    LPAD(IFSMAINT.V_FILE_NUM, 2, 0) ||
    RPAD('-', 1, ' ') || RPAD(' ', 9, ' ') ||
    RPAD('-', 1, ' ') || RPAD(' ', 17, ' ') ||
    RPAD('CD230', 5, ' ') ||
    RPAD(TO_CHAR(SYSDATE, 'MMDDYY'), 6, ' ') ||
    LPAD(IFSMAINT.V_FILE_NUM, 2, 0) ||
    LPAD(PV_REC_CNT, 8, 0) || RPAD(' ', 5, ' ') ||
    RPAD('00000000', 8, ' ') || RPAD('CUD', 3, ' ') ||
    RPAD(IFMAINT.V_CDS_SPEC_REL_NUM, 5, ' ') ||
    RPAD(IFMAINT.V_GEO_SALES_AREA_CD, 3, ' ') ||
    RPAD(IFMAINT.V_FRANCHISE_CD, 2, ' ') ||
    RPAD(IFMAINT.V_DSP_REL_NUM, 9, ' ') ||
    RPAD('00136REDFLEX', 12, ' ') || RPAD(' ', 1, ' ') ||
    RPAD('KA', 2, ' ') || RPAD('000000', 6, ' ') ||
    RPAD('00D', 3, ' ') ||
    RPAD(IFMAINT.V_VENDOR_ID, 6, ' ') ||
    RPAD(IFSMAINT.V_FILE_TYPE, 1, ' ') ||
    RPAD('>', 1, ' ') || PV_CRLF);
    /*LINE ITEMS*/
    OPEN CR_PART;
    FETCH CR_PART BULK COLLECT
    INTO lv_cursor limit 1000;
    FOR I IN lv_cursor.FIRST .. lv_cursor.LAST LOOP
    SELECT SUM(A.BILL_QTY)
    INTO LV_CURR_MONTH
    FROM PD_ISSUE A, PH_ISSUE B
    WHERE A.DOC_TYPE IN ('CRI', 'RRI', 'RSI', 'CSI')
    AND A.DOC_NUM = B.DOC_NUM
    AND B.DOC_DATE BETWEEN TRUNC(SYSDATE, 'MM') AND SYSDATE
    AND A.PART_NUM = LV_CURSOR(i).PART_NUM;
    FOR J IN 1 .. 12 LOOP
    SELECT SUM(A.BILL_QTY)
    INTO LV_MONTH_1
    FROM PD_ISSUE A, PH_ISSUE B
    WHERE A.DOC_TYPE IN ('CRI', 'RRI', 'RSI', 'CSI')
    AND A.DOC_NUM = B.DOC_NUM
    AND B.DOC_DATE BETWEEN lv_month(J).start_date and lv_month(J)
    .end_date
    AND A.PART_NUM = LV_CURSOR(i).PART_NUM;
    END LOOP;
    utl_file.put_line(F,
    RPAD('IL', 2, ' ') ||
    RPAD(TO_CHAR(SYSDATE, 'RRRRMMDD'), 8, ' ') ||
    RPAD(LV_CURSOR(I).ENGG_PREFIX, 6, ' ') ||
    RPAD(LV_CURSOR(I).ENGG_BASE, 8, ' ') ||
    RPAD(LV_CURSOR(I).ENGG_SUFFIX, 6, ' ') ||
    LPAD(LV_CURSOR(I).ON_HAND_QTY, 7, 0) ||
    LPAD(NVL(LV_CURR_MONTH, 0), 7, 0) ||
    LPAD(LV_MONTH_1, 7, 0) || LPAD(LV_MONTH_2, 7, 0) ||
    LPAD(LV_MONTH_3, 7, 0) || LPAD(LV_MONTH_4, 7, 0) ||
    LPAD(LV_MONTH_5, 7, 0) || LPAD(LV_MONTH_6, 7, 0) ||
    LPAD(LV_MONTH_7, 7, 0) || LPAD(LV_MONTH_8, 7, 0) ||
    LPAD(LV_MONTH_9, 7, 0) || LPAD(LV_MONTH_10, 7, 0) ||
    LPAD(LV_MONTH_11, 7, 0) ||
    LPAD(LV_MONTH_12, 7, 0));
    IFMAINT.V_REC_CNT := IFMAINT.V_REC_CNT + 1;
    END LOOP;
    CLOSE CR_PART;
    /*TRAILER*/
    utl_file.put_line(F,
    RPAD('$EOF-', 5, ' ') || RPAD('320R', 4, ' ') ||
    RPAD(SUBSTR(IFMAINT.V_PANDA_CD, 1, 5), 5, ' ') ||
    RPAD(' ', 5, ' ') ||
    RPAD(IFMAINT.V_GEO_SALES_AREA_CD, 3, ' ') ||
    RPAD(TO_CHAR(SYSDATE, 'MM-DD-RR'), 6, ' ') ||
    LPAD(IFSMAINT.V_FILE_NUM, 2, 0) ||
    LPAD(IFMAINT.V_REC_CNT, 8, 0) || 'H' || '>' ||
    IFMAINT.V_REC_CNT);
    utl_file.fclose(F);
    IFMAINT.INSERT_HISTORY;
    END IF;
    END;
    FUNCTION CHECK_FILE_EXISTS RETURN BOOLEAN IS
    LB_FILE_EXIST BOOLEAN := FALSE;
    LN_FILE_LENGTH NUMBER;
    LN_BLOCK_SIZE NUMBER;
    BEGIN
    UTL_FILE.FGETATTR(IFMAINT.V_UTL_DIR_NAME,
    IFMAINT.V_FILE_NAME,
    LB_FILE_EXIST,
    LN_FILE_LENGTH,
    LN_BLOCK_SIZE);
    IF LB_FILE_EXIST THEN
    RETURN TRUE;
    END IF;
    RETURN FALSE;
    EXCEPTION
    WHEN OTHERS THEN
    RETURN FALSE;
    END;
    END;

    Try this:
    OPEN CR_PART;
    loop
    FETCH CR_PART BULK COLLECT
    INTO lv_cursor limit 1000;
    exit when CR_PART%notfound;
    FOR I IN lv_cursor.FIRST .. lv_cursor.LAST LOOP
    SELECT SUM(A.BILL_QTY)
    INTO LV_CURR_MONTH
    FROM PD_ISSUE A, PH_ISSUE B
    WHERE A.DOC_TYPE IN ('CRI', 'RRI', 'RSI', 'CSI')
    AND A.DOC_NUM = B.DOC_NUM
    AND B.DOC_DATE BETWEEN TRUNC(SYSDATE, 'MM') AND SYSDATE
    AND A.PART_NUM = LV_CURSOR(i).PART_NUM;
    FOR J IN 1 .. 12 LOOP
    SELECT SUM(A.BILL_QTY)
    INTO LV_MONTH_1
    FROM PD_ISSUE A, PH_ISSUE B
    WHERE A.DOC_TYPE IN ('CRI', 'RRI', 'RSI', 'CSI')
    AND A.DOC_NUM = B.DOC_NUM
    AND B.DOC_DATE BETWEEN lv_month(J).start_date and lv_month(J)
    .end_date
    AND A.PART_NUM = LV_CURSOR(i).PART_NUM;
    END LOOP;
    utl_file.put_line(F,
    RPAD('IL', 2, ' ') ||
    RPAD(TO_CHAR(SYSDATE, 'RRRRMMDD'), 8, ' ') ||
    RPAD(LV_CURSOR(I).ENGG_PREFIX, 6, ' ') ||
    RPAD(LV_CURSOR(I).ENGG_BASE, 8, ' ') ||
    RPAD(LV_CURSOR(I).ENGG_SUFFIX, 6, ' ') ||
    LPAD(LV_CURSOR(I).ON_HAND_QTY, 7, 0) ||
    LPAD(NVL(LV_CURR_MONTH, 0), 7, 0) ||
    LPAD(LV_MONTH_1, 7, 0) || LPAD(LV_MONTH_2, 7, 0) ||
    LPAD(LV_MONTH_3, 7, 0) || LPAD(LV_MONTH_4, 7, 0) ||
    LPAD(LV_MONTH_5, 7, 0) || LPAD(LV_MONTH_6, 7, 0) ||
    LPAD(LV_MONTH_7, 7, 0) || LPAD(LV_MONTH_8, 7, 0) ||
    LPAD(LV_MONTH_9, 7, 0) || LPAD(LV_MONTH_10, 7, 0) ||
    LPAD(LV_MONTH_11, 7, 0) ||
    LPAD(LV_MONTH_12, 7, 0));
    IFMAINT.V_REC_CNT := IFMAINT.V_REC_CNT + 1;
    END LOOP;
    end loop;
    CLOSE CR_PART;

Maybe you are looking for

  • I have an erra message on my officejet 8500 pro.

    HP Officejet Pro 8500 all in one printer, fax, scanner  Product #  CB022A Operating system:  Window XP Erra Message: Pump motor stalled I have made no changes.  I did follow the trouble shooting guide. I unpluged the unit from the wall and the machin

  • Why do Mac users have to pay for iCloud's photostream yet windows users get it free?

    Hi. I have an iPhone 4S as well as a MacBook pro upgraded to Lion, yet my iPhoto still runs from iLife 09. Windows users can use the photo stream feature for free by downloading the iCloud control panel, and yet I have to pay to upgrade my iPhoto to

  • Ios 7 - no longer able to open .wwf e-mail attachment

    I have some .wwf e-mail attachments that I was able to read prior to upgrading ios. (ipad mini and ipad4) (.wwf is a non-printable pdf) "Open In" does not give me enough options. I have Adobe installed.

  • Userid and password details

    hi all, i have created an ALV report, after execting the report the output comes correctly but my problem is while downloading the output to local file it should ask SAP user id and password,it should be password protected. please help me how to writ

  • Acrobat download issue

    I had purchased Adobe Acrobat 9 Standard and I still have the product key that was sent to me, but I no longer have the link in my email to re-download the software. Can you please help me with this issue?