Locking users' PHD to specific computers

Similar Messages

• Deny user configuration for specific computers

  I have a GPO that has user configuration's in it that deletes and updates a ini file. I want to deny this GPO for 2 computers we use in QA, but the Advanced delegation that deny's apply group policy I assume only works for computer configurations. Is there
  a way to set this up, or do I have to move these computers to a different OU and block inheritance? 

  > I have a GPO that has user configuration's in it that deletes and
  > updates a ini file.
  How exactly do you do this?
  > I want to deny this GPO for 2 computers we use in
  > QA, but the Advanced delegation that deny's apply group policy I assume
  > only works for computer configurations. Is there a way to set this up,
  > or do I have to move these computers to a different OU and block
  > inheritance?
  No. Computers do not process user configuration, so you need to use one
  of the following methods:
  a) if you use group policy preferences, you can implement item level
  targeting for computer names or computer security group membership
  b) if you use a script or whatever, you can use a wmi filter with a
  query like
  select * from win32_computername where (name != "computera" and name !=
  "computerb")
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Network logins on specific computers

  I want to to have a specific user to be locked to certain computers.
  Basically I want to have one user's login to only work on specific computers in a Lab.
  I was thinking of select MAC address filtering for that user. But am unsure how.
  The login is shared by a class, it is for the Yearbook.
  The have had some issues with students logging in and deleting files for the yearbook outside of the classroom.
  I would also like to lock the Share Point (where are the files are stored for the yearbook) for this user account to these computer, if possible.
  I am running server 10.3.9, 10.3.9 for computers.

  Hi,
  In general, slow Internet performance can be caused by multiple reasons.
  I recommend you check the health of the computers to make sure that there are no spyware and
  viruses. In addition, you can also check the task manager to see if any program is using high CPU usage or not.
  Furthermore, what kind of low internet speed issue did you talked about, accessing website?
  Is there anything in common on the computers which encounter the performance issue?
  Best regards,
  Susie

• How do I view a list of locked users?

  Is there a way to view a list of currently locked users? I only see pages to show the count of locked users or to unlock a specific user.

  I've found a way through Terminal for AFP and Mail:
  https://discussions.apple.com/message/16155552#16155552

• Log in function locking users that introduce a wrong password many times

  I need to create a log in function that validates the username and the password and blocking or locking users that introduce a wrong password many times in a specific period of time. The idea is when it happens, the user has to call the administrator of the system to be unlock.
  Thanks for your help.
  Edited by: user13486053 on Jan 6, 2011 6:47 AM

  If your are using custom authentication,
  <li>There is an bultin table which contains the login acess attempts of users: APEX_USER_ACCESS_LOG , You might be interested in the columns APPLICATION,LOGINNAME,ACCESS_DATE,AUTHENTICATION_RESULT_ .
  However, inorder to set the authentication_result column(therby identify failed attempts), you would have to call the APEX_UTIL.SET_AUTHENTICATION_RESULT function in your authentication function. Otherwise it would be null both for success and failure cases.
  Try this, for finding failure count in last <failure check period>
  select count(1)
  from APEX_USER_ACCESS_LOG
  where application = [APP_ID]
  and   login_name = [username] --case sensitive
  AND   authentication_result = [failure status]
  and   SYSDATE - access_date <= [failure check period]For locking out you would have to flag some column in your custom table and show the user some message in the login page
  If you want to use your own table, here's an approach
     Have a table for logging user's login status and time.
     In ur authentication function, you can write to this table everytime a login fails if its succesful u can remove previous 'failure' entries and create a 'success' entry.
     Use count the number of failures within that time period u want say 24 hrs (SELECT count(1) from <table name> where SYSDATE - <DATE column> LESS THAN 1 Day).
      If the count is more than ur required no: flag the users record as locked(have some column updated)
      In your login page, have some conditional region with some text which says the user's account is locked out(the condition can be locked column status of the user who tried to login, use the username page item for identifying the user)Hope it helps

• User Policy Affected on computers

  Hi,
  I create an task scheduler policy (User configuration) to deploy on Users OU-A and Computers OU-A.
  login into computer (member OU-B) and find out the Scheduler policy is Apply.
  Way is Happening ?
  Thanks to the helper .

  Hello,
  use rsop.msc to see if the GPO is applied, then check the linking of that specific GPO.
  Best regards
  Meinolf Weber
  MVP, MCP, MCTS
  Microsoft MVP - Directory Services
  My Blog: http://blogs.msmvps.com/MWeber
  Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
  Twitter:  

• Lock User when enter password in wrong 3 times

  Hi,
  I user oracle E-Business Suite 11i .
  I want to Lock User(Disable Account) when enter password in wrong 3 times.
  Thanx
  Rafeek
  Edited by: reemax on Apr 20, 2010 4:19 AM

  Hi,
  you can set the profile value FAILED_LOGIN_ATTEMPETS to 3 to restrict that wrong password entry as folows
  sql>ALTER PROFILE default LIMIT failed_login_attempts 3;
  --Rathina                                                                                                                                                                                                                                                                                                                                                                                           

• Background job for auto lock user

  Dear Friends,
  Which background job i have to be schedule for auto locking user after every 30 days if then are not logged for last 30 days.
  Thanks,
  Regards,
  Sachin

  Hi, Sachin.
  Please check this thread.
  Locking users if they did not login for 15 days
  Best Regards.
  Sejoon

• Prevent the same user login on multiple computers at the same time

  prevent the same user login on multiple computers at the same time

  Is there any way (currently running 2012 Servers) that we can prevent users from logging into multiple domain computers simultaneously with the same username?
  We still want them to log into those computers, just not simultaneously?
  LimitLogin utility not work in Windows 2012 server.
  Thanks.
  Babu
  Unfortunately Windows has never offered this feature as a built-in feature, but there are several possibilities discussed in these articles:
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/0103b5e7-0db5-4fb4-bfe7-d7132983880a/limit-concurrent-logins-on-a-ws-2008-environment
  http://www.edugeek.net/forums/windows-server-2008-r2/61216-multiple-logins.html
  http://windowsitpro.com/windows/prevent-multiple-logons-gpos
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• Check if a user has a specific role

  Hello,
  Is it possible to check if a user has a specific role in MII 12.0?
  For example if the user has the role "xmii Developers" I would do something more in a transaction than if the user doesn't have this role.
  Thank you for your help.
  Regards,
  Matthias

  Hi Matthias Pröller ,
  Are u finding difficulty to trace which role user is assigned to? If so, then u can refer Abesh's Blog.
  OR
  If you are writing Transaction to get user list based on Role , then u can do following
  Create XML query.
  Configure above XML Query in Transaction, in links map (XML Query) URL like given below
  "https://Server:Port/XMII/Illuminator?service=admin&Mode=UserList&Content-Type=text/xml&group=XMII Administrators&IllumLoginName=loginId&IllumLoginPassword=pwd"
  Regards,
  Padma
  Edited by: Rao on Mar 31, 2009 11:52 AM

• How to create a Domain user in a Specific OU using System Center 2012 R2 Orchestrator and Service Manager

  Dear All,
  I have a simple Runbook with the following details:
  Initialize Data: (First Name, Last Name, Login Name, Deparment Name) --> Create User: Name:(Domain), Common Name, Display Name, First, Last Name, SAM Account Name (From Initialize Data) --> Enable
  User: Distinguished Name --> Add User to Group: Group Distinguished Name, User Distinguished Name 
  Active Directory Management Pack in place and the Prerequisites Configurations are added Too (Configuration User Name, Configuration Password, Configuration DC, Configuration Default OU.
  The Runbook is Synched with Service Manager, Request Offering/Service Offering and published to the portal.
  When I filled the 4 required values (First Name, Last Name, Login Name, Deparment Name), the Runbook will kick off and the user is created in Active Directory.
  The user is placed in the Default OU which is predefined in AD Prerequisites Configurations in Orchestrator.
  I need to add another Required Value to my Request Offering (SR) called User Level Enum List (Low, Medium, High).
  I need to place the user in a Specific OU based on the Level entered from SSPortal, If the user is Low, then Create the user in this OU, if the user is Medium then create it in this OU, etc...
  How can I do this in Orchestrator? What I want to modify in my runbook to accomplish this task?
  Thank you,

  I AM TRYING TO USER/MAILBOX CREATION PROCESS, FOLLOWING IS THE BUSINESS REQUIREMENT
  GET THE USER FROM ERP SYSTEM (SQL)
  CREATE USER IN SPECIFIC OU
  ENABLE THE MAILBOX IN SPECIFIC DATABASE BASED UPON USER ROLE
  CREATE A USER IN NAVISION SYSTEM WHICH IS AGAIN JUST CREATING SQL LOGIN.
  PLEASE ADVISE ME THE PROCESS AND PROCEDURE ILLUSTRATION IF IT ALL POSSIBLE IN SINGLE RUNBOOK.
  I AM ABLE TO CREATE USER/MAILBOX BUT STRUGGLING TO CREATE IN SPECIFIC OU/MAILBOX DB AND SQL LOGIN.
  FARRUKH
  [email protected]
  Farrukh Anwar

• How to find list of locked users & unlock them?

  Hello,
  Is there any method in portal to find the list of locked users? and unlock them.
  we can unlock single user at a time. 
  but if we want to unlock a group of users (for Ex:- 20 locked users), how can we unlock al the 20 locked users?
  Thanks in advance,
  Vila.

  Hi Vila,
  Go to user administration -> Identity management
  Click on advanced search. Go to account information tab. Check the use account locked field and then click on search. This will give you a list of all the users whose accounts are locked.
  Select all the users whose accounts you want to unlock, and then click unlock.
  Regards,
  Ankit

• Get OSX to retrieve users from a specific AD OU.

  Hi All,
  I work in a school with OSX and AD, two campuses (Secondary and Junior). On the Secondary campus we run the 'Golden Triangle' pretty well, but we just present a login box for users. On our Junior campus we run OSX as it's own directory master, with the WGM preference showing a list of names of network users.
  Now while I can quite easily point our Junior school OSX server to our AD and get all the users showing in a list, we don't need to have all the Secondary school users showing in the Junior school list.
  Is there a way to only show network users from a specific AD OU in the list of network users when we bind our OD to AD?
  Thanks,
  Dustin

  There are a number of ways to accomplish this, but AFAIK none of them is straightforward like writing a script to accomplish the task.
  This could be accomplished quite readily with the Essbase API.
  Unfortunately, when Maxl outputs tabular data such as what comes out after DISPLAY SESSION ALL; - it comes out as all one big string with lots of spaces.
  So to parse that output you would need to use a language that can tokenize the text into a collection and parse that for the users.
  Then you need to do the same sort of thing after running DISPLAY USER IN GROUP ALL; (or instead of all, use a specific group name);
  Then run ALTER SYSTEM LOGOUT SESSION BY USER <parsed_username>;
  What would be ideal (hello Oracle... <wink> ) is a MAXL command ALTER SYSTEM LOGOUT SESSION BY GROUP <GroupName>;
  The way I would approach this would be to write a little utility that does exaclty what you seek:
  - Scan the current session periodically (say, once every 5 mins)
  - for each user that belongs to group(s) <group>(<group>...)
  - if user has an open query running longer than n minutes, kill the user request.
  This way you're not kicking people, your just taking back resources. Of course you can be more aggressive and code it to kick the user by forcefully ending (invalidating) his session too.
  I can give you a hand with this offline if you want.
  Robb

• How to get no.of users in a specific client

  HI,
     I need to find the no of users in a specific client , but i don't have accounts to all the clients.  I tried from one client where i have the account and executed SE16N and table usr02  got only client specific users list. And as per my understanding USR02 is a client speicific table.
    What is the best to find the no of  users for all the clients  , is it possible from SQL query lik select count(*)from usr02 where mandt etc.. ? or is there any best way ?
  Regards
  Veeramalla.

  Hi venkatesh,
  Incase you can access the database you can take the dump of user count in all the clients using the below mentioned queries
  Select count(bname) from <schema>.usr02 where mandt='xxx';
  You need to run this for each client.
  Another alternative is to create an aBAP program in the client for which u have access to get the details.
  Code could have the following lines
  data: number(6); clientno(3);
  parameters: clientlist like t000-mandt;  //fill in this clientlist parameter with the list of clients u have in ur system
  clientno= 1
  loop
  if clientno < 40
     Select count(bname) into number from <schema>.usr02 where mandt= clientlist(clientno);
      clientno = clientno + 1
      clear number;
  else
    exit;
  endloop.

• FB60: how to restrict users to enter specific G/L ACCOUNTS in fb60

  hi experts,
  In FB60 - vendor invoice , i want to restrict end users to select  specific g/l ACCCOUNTS .
  document type is KR - VENDOR INVOICE
  kindly give any suggestions if it is possible.
  thanks & regards,
  Raghul

  If you have a one to one between GL accounts and Committment items, the commitment item has an authorization group field on the basic data tab. You can assign certain users an authorization group linked to committment items which correspond to GL accounts.
  Depending on the complexity of what you are trying to do and considering that you don't want to require a lot of maintenance, you may be able to use line item validation.
  Finanancial Accounting, General Ledger Accounting, Business Transactions, G/L Account Posting, Carry Out and Check Document Settings, Validation in Accounting Documents (i.e. if T-code is FB60...GL acct must be XXXX and something else must be YYYY etc...)