Logged in Workstations

Similar Messages

• Logged in workstations - attribute in user object

  When we go into a user object, and find the ZENWorks tab, there's a
  "Logged in Workstations" sub-section of that tab.
  Why is that blank, but when your right-click on the user to remote
  control, it shows the workstation IP?
  It seems that the ZEN 7 agent is not updating eDirectory correctly.
  And this is happening on thousands of users "randomly"
  And the user has been logged in and the workstation registered for hours
  today.

  m_jonis,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://support.novell.com/forums)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://support.novell.com/forums/faq_general.html
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• Application Explorer won't start unless logged into workstat

  Since upgrading all our XP workstations to Zenworks Desktop Management Agent to 7.0.173.90519 (Zenworks7 Sp1R4) some computer's Application Explorer is failing to start properly.
  The Application Explorer system tray icon is defective, it does not respond to anything and no application folders are loaded. However it does work ok if you use Workstation Only first then log into Edirectory afterwards
  I have tried reinstalling the Desktop Management client, Novell Client, re-registering the workstation and clearing the NAL Cache. The only thing that fixes it is reloading Windows

  If you are able to open an SR, I would recommend doing so.
  What happens if you set "Application Explorer" so that is does NOT load
  automatically.
  Login Normally.
  Then load "Application Explorer" manually.
  If that helps, how are you loading "Application Explorer".
  Craig Wilson - MCNE, MCSE, CCNA
  Novell Knowledge Partner
  Novell does not officially monitor these forums.
  Suggestions/Opinions/Statements made by me are solely my own.
  These thoughts may not be shared by either Novell or any rational human.
  "Patrick Farrell" <[email protected]> wrote in message
  news:YvXFm.357$[email protected]..
  > neil france wrote:
  >> Since upgrading all our XP workstations to Zenworks Desktop Management
  >> Agent to 7.0.173.90519 (Zenworks7 Sp1R4) some computer's Application
  >> Explorer is failing to start properly.
  >>
  >> The Application Explorer system tray icon is defective, it does not
  >> respond to anything and no application folders are loaded. However it
  >> does work ok if you use Workstation Only first then log into Edirectory
  >> afterwards
  >>
  >> I have tried reinstalling the Desktop Management client, Novell Client,
  >> re-registering the workstation and clearing the NAL Cache. The only
  >> thing that fixes it is reloading Windows
  >>
  >>
  > Sounds like you're having the same issue that I am having. See the
  > thread "ZFD agent hangs after splash screen". Please post there so that
  > Jared can get info from you as well to determine if it's the same issue.
  >
  >

• Tracking change log by workstation ID along with username

  Hi All users,
  I am using SAP business one 8.8 and want to track changes in the system in such a way that along with user name I want to know, from which workstation (or PC) the user has made changes or created any document? Every PC has its unique IP or ID, can I see this in change log in any way? that from which workstation or client PC, the user has made changes?
  Any help is highly appreciated.
  Thanks in advance,
  Farhan Sufi

  Dear Gordon,
  Thanks for your reply, Actually I need only workstation ID along with user name when tracking transaction log from the tools option "change log".
  I am calling it workstation ID, but you can tell me about any thing from which I can track, from which client or PC the user made any transaction. Whether It gives me computer IP or computer name or any identity of PC by which I can know which PC (among server and clients) is used by user to make any transaction.
  Any help is appreciated
  Thanks,
  Farhan

• Enable syslogd - to receive logs from workstations

  i'm having problems trying to get syslogd to work on our new xserver. i read the latest command line 10.4 manual (and i called apple who don't support command line). page 284 says:
  To configure Mac OS X Server as a log server that accepts log messages from other
  systems on the network:
  1 Open /etc/rc and locate the following line:
  /usr/sbin/syslogd -s -m 0
  2 Replacing the IP address after -a with your network information, change the line to:
  /usr/sbin/syslogd -n -a 192.168.1.0/24
  The -n option disables DNS lookups.
  3 Insert this command as the next to last line of the file, right before the “exit 0” line:
  killall -HUP syslogd #re-load configuration
  exit 0
  syslogd contains features not documented in its man page. A more recent man page
  that fully describes its features is available at www.freebsd.org/cgi/
  man.cgi?query=syslogd.
  the /etc/rc file does not have this entry:
  /usr/sbin/syslogd -s -m 0
  ...i called apple and they don't support command line for premium service and support.
  don

  > i'm trying to get the xserver to receive syslog output from workstations scattered across several subnets
  I realize what you're trying to do.
  >is your suggestion going to enable xserver to accept workstation syslog output?
  Once the above change is made, the server will accept syslog output from any device on the network that is configured to send logs to this server. This includes not just other Macs, but switches, routers, printers, and anything else that supports syslog.

• User Logged In, Bogus Info in Console One

  This is an extension of the "But User IS logged in!" post. I want to elaborate on a few symptoms I'm getting when trying to Remote Control a client's PC.
  Review: Using Console One, when I select a user and right-click, the submenu shows "Remote Management". When I click on that I get the famous "1759: The selected user is not logged into any workstation " error.
  Here's what I find:
  First, when I examine the properties of the allegedly 'not logged in' user, the attribute 'Network Address', under General/Environment, is always empty.
  Second, if I look at the Zenworks tab, 'Logged in Workstations' shows multiple entries, noting that the person appears to be logged in to several PCs. But, again, this is bogus information. The person is only logged into one. As for the other PCs listed, that person logged into it or them a long time (a week or even months) ago and has long since logged out.
  Here's my questions. 1) How does the attribute 'Network Address' get populated? I don't find it in the registry and a colleague suggested that NDS has, or should have it. Where is it and how does it get into that field?
  Next, 2), when the user logs off a PC, shouldn't the entry for that PC in the 'Logged in Workstations' field go away? Or, are their some Persistence parameters in the client that may not be timing out? How does the 'Logged in Workstations' field get cleared?

  That's a good clue. We have no middle tier servers. Also, this sounds like a Windows server, we're running NW6.5sp6. I can find xtaddr.dll (mentioned it the TIDs) anywhere, not even on workstations. It must be Windows.
  Any more clues?
  >>> Rolf Lidvall<[email protected]> 10/2/08 1:32 AM >>>
  Just wanted to point you to this:
  "1 October 2008 - Novell ZENworks Desktop Management 7 SP1 Interim Release
  3a Hot Patch 1"
  <snip>
  Fixes (TID Pending):
  <snip>
  "User Object Properties, ZENworks Tab, Logged In Workstations doesn't update
  correctly "
  http://www.novell.com/support/viewCo...4245&sliceId=1
  Regards
  Rolf Lidvall
  Swedish Radio (Ltd)

• But User IS logged in!

  In ConsloleOne (running on NW65sp6, eDir ver 8.7.3.9) If I select (with
  a right-click) a user and choose "Remote Manage", I get a message that
  says the User Is not logged in to any workstation (error 1759).
  That's a lie.
  When I examine that User ID's properties, under the ZenWorks tab, under
  "Logged in Workstation", I see the name of the PC on which that person in
  logged in.
  If I select to view the Details of that workstation, from there I am
  able to Remote Control the PC and I find that very User ID logged in on
  that workstation.
  What's going on? Any clues?

  That's a good idea but on our network (via ZFD) a Workstation Only is disallowed on all clients. They must login to eDirectory or they don't get to use their PC. If they're using it, they're logged in to the network and have a valid IP address. I've verified this in person, not just remotely.
  Besides, if a PC is on, logged in or not, it MUST have a unique ip address assigned by DHCP.
  Also, as I describe in the last the third and fourth paragraphs of my original post, I can, via the workstation object, remote control where the user is logged in.
  I appreciate your response, Thomas. Any more ideas?
  >>> thsundel<[email protected]> 9/20/08 5:56 AM >>>
  Ronald Schow;1641721 Wrote: > In ConsloleOne (running on NW65sp6, eDir ver 8.7.3.9) If I select (with
  > a right-click) a user and choose "Remote Manage", I get a message that
  > says the User Is not logged in to any workstation (error 1759).
  >
  > That's a lie.
  >
  > When I examine that User ID's properties, under the ZenWorks tab,> under
  > "Logged in Workstation", I see the name of the PC on which that person> in
  > logged in.
  >
  > If I select to view the Details of that workstation, from there I am
  > able to Remote Control the PC and I find that very User ID logged in> on
  > that workstation.
  >
  > What's going on? Any clues?
  Maybe the user logged in with workstation only checked?
  Thomas-- thsundel------------------------------------------------------------------------thsundel's Profile: http://forums.novell.com/member.php?userid=128View this thread: http://forums.novell.com/showthread.php?t=344200

• Netlogon and Workstation Service will not start.

  I have a Windows 2012 R2 Standard guest installed on the HyperV Machine running windows 2012 R2 with SCVMM2012 R2.
  When I install the server the Workstation and Netlogon service will not start. I have only made a clean installation with no extras. I keep getting this error in th system event log:
  The Workstation Service depends on the Browser Support Driver service which failed to start because of the following error;
  Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be a malicious software from an unknown source.
  Event ID: 7001
  I have searched forums and I have not been able to locate a solution that worked for me.
  I have tried to install from another media but the result is the same every time.
  Have anyone some suggestion to what I can do to get this working?
  Thanks
  Jacob
  ______________________________________________ /Jacob

  Hi Jacob,
  In addition to Tim’s suggestion, although the following article focuses on the SBS 2008, we can refer to the method it provides to see whether it can be helpful for us to
  fix the issue.
  Error: "The Workstation service depends on the bowser service which failed to start because of the following error: Windows cannot verify the digital signature for this file."
  when you try to start Workstation service on SBS 2008
  http://support.microsoft.com/kb/2568759/en-us
  Hope it helps.
  Best regards,
  Frank Shen

• Assigning applications to Workstation Groups

  I would like to see if anyone else is experiencing this issue.
  If I use Consoleone 1.3.6e and:
  - create an application
  - open the application and assign the it to the Workstation group
  - apply the changes
  Then I log the workstation in and look in the application launcher; the
  application was never assigned.
  However, if I use consoleone and open the workstation group, make "any"
  change and apply that change, the application subsequently loads with no
  problem.
  Bug or my problem?

  Did you enable the reading of Workstation groups under the launcher
  configuration tab in the OU? Reading of Workstation Groups is disabled by
  default.
  Craig Wilson - MCNE, MCSE, CCNA
  Novell Support Forums Volunteer Sysop
  Novell does not officially monitor these forums.
  Suggestions/Opinions/Statements made by me are solely my own.
  These thoughts may not be shared either Novell or any rational human.
  "johnnyv5" <[email protected]_engineer.com> wrote in message
  news:[email protected]_engineer.com...
  >
  > Am having this same issue. Did you ever resolve it? I have 6.5 sp2...
  >
  > jv
  > Chris Silveira;2380418 Wrote:
  >> I would like to see if anyone else is experiencing this issue.
  >>
  >> If I use Consoleone 1.3.6e and:
  >> - create an application
  >> - open the application and assign the it to the Workstation group
  >> - apply the changes
  >>
  >> Then I log the workstation in and look in the application launcher;
  >> the
  >> application was never assigned.
  >>
  >> However, if I use consoleone and open the workstation group, make
  >> "any"
  >> change and apply that change, the application subsequently loads with
  >> no
  >> problem.
  >>
  >> Bug or my problem?
  >
  >
  > --
  > johnnyv5

• The Group Policy client-side extension Scripts failed ...

  This is an error I've been seeing forever and it was always the impression that upgrading would resolve it, but it never has even in 10.3. 100% of our users get these errors in the Event Viewer:
  Event Type: Error
  Event Source: Userenv
  Event Category: None
  Event ID: 1085
  Date: 10/21/2010
  Time: 8:04:52 AM
  User: NT AUTHORITY\SYSTEM
  Computer: XXXXXX
  Description:
  The Group Policy client-side extension Scripts failed to execute. Please look for any errors reported earlier by that extension.
  For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
  We also seem to have flakey policy issues where once in awhile a user will not be able to logon to Windows with Workstation Only while getting the " not allowed to logon interactively" message, other times the users report not being able to access the Windows Date and Time Properties and further sometimes they are unable to make system changes.
  We have troubleshooted this and the only resolutions we've found are to run zac cc, zac ref, zac pl and sometimes it seems like deleting c:\windows\system32\grouppolicy will help.
  In regards to the Event Viewer entry I posted, on any given machine I can issue the command gpupdate and it will put another entry into the Event Viewer (sometimes multiple ones). I've learned through research that if I "clean up" c:\windows\system32\grouppolicy\gpt.ini the errors go away, but once the policy is refreshed they come right back.
  This is the version ZenWorks gives the users:
  [General]
  gPCFunctionalityVersion=2
  gPCFunctionalityVersion=2
  gPCMachineExtensionNames=[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}][{3610EDA5-77EF-11D2-8DC5-00C04FA31A66}{0F6B957D-509E-11D1-A7CC-0000F87571E3}][{42B5FAAE-6536-11D2-AE5A-0000F87571E3}{40B6664F-4972-11D1-A7CA-0000F87571E3}][{4CFB60C1-FAA6-47F1-89AA-0B18730C9FD3}{0F6B957D-509E-11D1-A7CC-0000F87571E3}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
  Version=6488106
  gPCUserExtensionNames=[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}][{42B5FAAE-6536-11D2-AE5A-0000F87571E3}{40B66650-4972-11D1-A7CA-0000F87571E3}][{4CFB60C1-FAA6-47F1-89AA-0B18730C9FD3}{0F6B957E-509E-11D1-A7CC-0000F87571E3}][{A2E30F80-D7DE-11D2-BBDE-00C04F86AE3B}{FC715823-C5FB-11D1-9EEF-00A0C90347FF}]
  This is the version I cleaned up:
  [General]
  gPCFunctionalityVersion=2
  gPCUserExtensionNames=[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}][{4CFB60C1-FAA6-47F1-89AA-0B18730C9FD3}{0F6B957E-509E-11D1-A7CC-0000F87571E3}][{A2E30F80-D7DE-11D2-BBDE-00C04F86AE3B}{FC715823-C5FB-11D1-9EEF-00A0C90347FF}]
  gPCUserExtensionNames=[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}][{A2E30F80-D7DE-11D2-BBDE-00C04F86AE3B}{FC715823-C5FB-11D1-9EEF-00A0C90347FF}]
  I'm not sure how to get Zenworks to use the cleaned up version nor and I too sure what those extra extensions are and how they got in there. I may need to contact Novell in regards to this, but since I'm already working on an SR with them I figured I'd go ahead and post here first.
  Any help or advice would be greatly appreciated.

  Here are the groups I'm using. NOTE: These have been in affect throughout the issues experienced. Users will work perfectly fine then suddenly the problem will start happening without any policy change on our side.
  -Member of-
  Network Configuration Operators+
  Remote Desktop Users+
  Users+
  -Assigned Rights under a group I called "Other Rights"-
  Access this computer from network
  Change the system time
  Log on locally
  Shut down the system
  The only condition I have is that these issues happen when logging in Workstation Only and I'm not able to recreate the problem on demand with tests.
  Originally Posted by craig_wilson
  The "Interactive Logon" is a Windows Security Permission.
  It is generally assigned to certain local groups such as "User".
  Which groups are assigned this right can be changed manually and
  controlled by local security policies.
  When user's get this error, it generally means their account is not in a
  local group that has been assigned that right.
  If using "DLU", make sure the user accounts are a member of "Users".
  And If anyone was messing with security policies, make sure they did not
  take away "Interactive Logons" from anyone.
  On 10/29/2010 7:06 AM, jcsmith1 wrote:
  >
  > Thanks for replying craig.
  >
  > My policy woes have only grown since my first post. We are currently
  > testing the removal of administrative rights and now we're having
  > teleworkers (who login Workstation Only) getting the message "policy
  > does not allow interactive login". What -seems- to fix it is a zac cc,
  > zac ref and zac pl, however we just started getting call backs from
  > users.
  >
  > I seem to have no further leads and Novell's ZenWorks tech supports
  > seems to be going through some kind of painful-to-the-customer
  > transition as one of my thoughts on resolving the issue is to go to 10.3
  > or 10.3.1, but my Satellites appear to be upgrading but in reality do
  > not upgrade (but the primary servers upgraded) (See SR 10655976331).
  >
  > Does anyone knows how to troubleshoot policy issues when the users
  > aren't loggin into ZCM?
  >
  > craig_wilson;2036646 Wrote:
  >> See: 'Group Policy Error: The Group Policy client-side extension Script
  >> failed to execute.'
  >> (Group Policy Error: The Group Policy client-side extension Script failed to execute.)
  >>
  >> This would never be fixed in any patch, since it would be the job of
  >> GPEDIT to properly maintain the GPT.INI.
  >>
  >> Most of the Time these errors are cosmetic and caused by stray script
  >> extensions.
  >>
  >> You may want to create an Enhancement Request to allow the creation of
  >> "Filters" so certain errors are discarded and not sent to the DB/ZCC.
  >> This way an Admin could choose to filter out various error messages
  >> that
  >> they deem are not actually of concern.
  >>
  >> On 10/21/2010 9:36 AM, jcsmith1 wrote:
  >>>
  >>> This is an error I've been seeing forever and it was always the
  >>> impression that upgrading would resolve it, but it never has even in
  >>> 10.3. 100% of our users get these errors in the Event Viewer:
  >>>
  >>> -Event Type: Error
  >>> Event Source: Userenv
  >>> Event Category: None
  >>> Event ID: 1085
  >>> Date: 10/21/2010
  >>> Time: 8:04:52 AM
  >>> User: NT AUTHORITY\SYSTEM
  >>> Computer: XXXXXX
  >>> Description:
  >>> The Group Policy client-side extension Scripts failed to execute.
  >>> Please look for any errors reported earlier by that extension.
  >>>
  >>> For more information, see Help and Support Center at
  >>> http://go.microsoft.com/fwlink/events.asp.
  >>> -
  >>> We also seem to have flakey policy issues where once in awhile a
  >> user
  >>> will not be able to logon to Windows with Workstation Only while
  >> getting
  >>> the " not allowed to logon interactively" message, other times the
  >> users
  >>> report not being able to access the Windows Date and Time Properties
  >> and
  >>> further sometimes they are unable to make system changes.
  >>>
  >>> We have troubleshooted this and the only resolutions we've found are
  >> to
  >>> run zac cc, zac ref, zac pl and sometimes it seems like deleting
  >>> c:\windows\system32\grouppolicy will help.
  >>>
  >>> In regards to the Event Viewer entry I posted, on any given machine
  >> I
  >>> can issue the command gpupdate and it will put another entry into
  >> the
  >>> Event Viewer (sometimes multiple ones). I've learned through
  >> research
  >>> that if I "clean up" c:\windows\system32\grouppolicy\gpt.ini the
  >> errors
  >>> go away, but once the policy is refreshed they come right back.
  >>>
  >>> This is the version ZenWorks gives the users:
  >>>> [General]
  >>>> gPCFunctionalityVersion=2
  >>>> gPCFunctionalityVersion=2
  >>>>
  >> gPCMachineExtensionNames=[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-509E-11D1-A7CC-0000F87571E3}][{3610EDA5-77EF-11D2-8DC5-00C04FA31A66}{0F6B957D-509E-11D1-A7CC-0000F87571E3}][{42B5FAAE-6536-11D2-AE5A-0000F87571E3}{40B6664F-4972-11D1-A7CA-0000F87571E3}][{4CFB60C1-FAA6-47F1-89AA-0B18730C9FD3}{0F6B957D-509E-11D1-A7CC-0000F87571E3}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A0D0-00A0C90F574B}]
  >>>> Version=6488106
  >>>>
  >> gPCUserExtensionNames=[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}][{42B5FAAE-6536-11D2-AE5A-0000F87571E3}{40B66650-4972-11D1-A7CA-0000F87571E3}][{4CFB60C1-FAA6-47F1-89AA-0B18730C9FD3}{0F6B957E-509E-11D1-A7CC-0000F87571E3}][{A2E30F80-D7DE-11D2-BBDE-00C04F86AE3B}{FC715823-C5FB-11D1-9EEF-00A0C90347FF}]
  >>>>
  >>>>
  >>>
  >>> This is the version I cleaned up:
  >>>> [General]
  >>>> gPCFunctionalityVersion=2
  >>>>
  >> gPCUserExtensionNames=[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}][{4CFB60C1-FAA6-47F1-89AA-0B18730C9FD3}{0F6B957E-509E-11D1-A7CC-0000F87571E3}][{A2E30F80-D7DE-11D2-BBDE-00C04F86AE3B}{FC715823-C5FB-11D1-9EEF-00A0C90347FF}]
  >>>>
  >> gPCUserExtensionNames=[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957E-509E-11D1-A7CC-0000F87571E3}][{A2E30F80-D7DE-11D2-BBDE-00C04F86AE3B}{FC715823-C5FB-11D1-9EEF-00A0C90347FF}]
  >>>>
  >>>>
  >>>
  >>> I'm not sure how to get Zenworks to use the cleaned up version nor
  >> and
  >>> I too sure what those extra extensions are and how they got in there.
  >> I
  >>> may need to contact Novell in regards to this, but since I'm already
  >>> working on an SR with them I figured I'd go ahead and post here
  >> first.
  >>>
  >>> Any help or advice would be greatly appreciated.
  >>>
  >>>
  >>
  >>
  >> --
  >> Craig Wilson - MCNE, MCSE, CCNA
  >> Novell Knowledge Partner
  >>
  >> Novell does not officially monitor these forums.
  >>
  >> Suggestions/Opinions/Statements made by me are solely my own.
  >> These thoughts may not be shared by either Novell or any rational
  >> human.
  >
  >
  Craig Wilson - MCNE, MCSE, CCNA
  Novell Knowledge Partner
  Novell does not officially monitor these forums.
  Suggestions/Opinions/Statements made by me are solely my own.
  These thoughts may not be shared by either Novell or any rational human.

• How to make Webgate redirect to a specific resource based on AD Attributes?

  My client has already purchased Oracle Fusion Middleware 11g, which contains the OID 11g suite. They have an initiative to enable SSO based access to their business apps for both internal and external users. They have already implemented AD and also FMW 11g with OID integrated with AD.
  We need to provide a path way for legacy portals to integrate into this environment. One the goals is to have a single URL (let's call it one.company.com) by which employees, customers & business partners access all business applications. The long term goal is to leverage WebCenter to be the portal framework, which provides access to all business app. However, the client has prioritized the SSO integration over the portal framework integration at this point.
  So the interim solution needs to address the following use case:
  Internal User:
  1. Log into workstation via MS AD DC, get Kerberos token set on workstation.
  2. Open browser and navigate to https://one.company.com, browser either silently authenticates via Windows Native Authentication (IE for example) or presents user a challenge box asking for authen&author creds (FF for example).
  3. WebGate installed on OHS works with OAM (which works with OID) to authenticate the user, assume Auth OK
  4. <Some Component> works with OAM to obtain user's roles. If user has role 1 redirect to site 1 (assume this is the legacy portal, which has been modified to work with Oracle SSO), otherwise if user has role 2, then redirect to site 2 (assume this is web center)
  The reference to <Some Component> in #4 is what we need help answering. We suspect it is WebGate, and from some reading I have done I know that there are apache directives that can be used to do conditional redirects. I'm just missing the link between getting the roles out of OAM and instructing the web server which resource to redirect to based on OID role.
  We also have a very similar use case for external access (to the same site, https://one.company.com). It will be assumed that all users are AD enabled even external ones. For external access, all users will first land on a company wide common login page, which will ask for AD user name & pwd. After submitting credentials, the same scenario plays from above, starting at step 3. All applications will be programmed to read the obssoToken (via browser cookie or server headers) to understand user details.
  Has anyone had to architect this kind of deployment before? If so, how did you deal with it? Was it as simple as the whole WebGate/Apache redirect setup I am thinking of?
  Thanks,
  FM

  I choked on my mango lassi while reading this..but as our chinese brothers and sisters say, A journey of a thousand miles begins with a single step.
  user8214884 wrote:
  2. Open browser and navigate to https://one.company.com, browser either silently authenticates via Windows Native Authentication (IE for example) or presents
  user a challenge box asking for authen&author creds (FF for example).FF can deal with Kerberos just like IE can via SPNEGO although getting it to work like IE is a different story. But let's say FF doesn't do Kerberos or let's say it's an external user. Have you tried implementing this mechanism with OAM 11g? I would start there. You may not get to your next steps.

• Crystal XI viewer does not install on XP desktop

  We are upgrading from Crystal 8.5 to Crystal XI (not enterprise server). We need to provide the XI Crystal Viewer to the agency's desktop image lab to push it out to all desktops when our application is rolled out. Following the instructions in SAP Note 1218519, I tried to install the CRViewer on an XP SP2 desktop to test it, but it did not load and it appeared that nothing at all happened. I checked the system32 folder and the old crviewer was still there. I was an admin on the machine, logged in workstation only. The Crystal 8.5 viewer is already loaded on the machine. Is an installation log created somewhere I can look at to diagnose the problem? Is there any potential issue with installing the XI viewer on top of the 8.5 viewer? I tried to uninstall the 8.5 viewer, but that wasn't very successful, as the files still remained in the folders and in the registry. Do you have another suggestion for troubleshooting this problem?
  Thanks

  Hi Rebecca,
  If you are locking the systems down then merge modules won't work either. You need permission to install and register activex controls etc. Right clicking on the inf and choosing install should work also. If the option is not available then it's because the user you are logged in under does not have permission.
  Only option is to check with your build team and IT department and see if Microsoft has a way to distribute runtime files without user interaction. Check MS's site and search on deployment packages. I believe there is an option the IT department can do that when the user logs in it will run install packages, all you need is the cab file, or extract them to build your own. Using the standard MSM files has all the runtime included which is way more than you need.
  Everything you need is in the CAB file.

• Single mailbox manage permissions issues full access/send as

  Exchange 2010 SP3 RU7
  I have a weird issue with one mailbox.  This user has 2 AD accounts.  Say "userprimary" and "usersecondary".  This user was set up by another admin that is no longer here.  "userprimary" is the actual mailbox
  account.
  User logs on to workstation using "usersecondary" AD credentials and manually sets up outlook 2010 to connect to "userprimary" mailbox.  The userprimary mailbox has manage full access permissions assigned to it for the usersecondary
  account.  The userprimary mailbox does NOT have "send as permissions" set up.  When the user logs in with "usersecondary" he can access the mailbox fine but can also send email.  In theory he shouldn't be able to send as
  there are no send as permissions set up on the "userprimary" mailbox.
  How is this happening and what can I check to resolve this.

  Userprimary account > manage full access > add usersecondary account.
  Userprimary account > manage send as > nothing exists here.
  Person logs onto workstation as usersecondary ad account
  Person configures outlook to use userprimary account. (supplies no additional credentials)
  Person launches outlook and is able to open userprimary account and send and receive emails.
  Both AD accounts are Domain Admins.
  Person doesn't need to have under the userprimary account, send as permissions with the usersecondary account specified.  Reason seems that in AD, domain admins have 'send as' and 'receive as' set for all accounts.

• How to create Service Monitor - best Way

  I have a task at hand : 
  Creating monitor to alert when a service is stopped.
  We are using SCOM 2012
  I checked and found various ways to do so http://www.bictt.com/blogs/bictt.php/2011/03/16/scom-monitoring-a-service-part1
  My requirement is : there are like 100 such services on 100 different windows computers that i need to monitor.
  The services are not common , so 2 computers have the same service , Maybe some service that i need to be monitored be on 2 computers but overall every service is unique.
  What is my best option:
  1.Create a basic unit monitor and target to Windows computer class ? Create is as disabled ? Override for just the machine that has it.
  Will it clutter my Windows Server class health explorer . (How bad is that as per performance)
  2.Create a Service monitor using Windows Service templates 
  Do i have to create 100 target groups , as i have to Target the monitor to specific computer only
  Since template service monitor create discoveries , targets etc on its own  (Am i going to clutter SCOM with a lot of those) 100 
  3.Do i create a attribute for each service , so as to extend the windows base class to discover the computer that has specific service (Using registry)
  too much work is it and how good of an option is this.
  4.MP Authoring ,Create new class discovery based on WMI / Registry to find computer and then target the monitor 
  What would you do in such a case.

  An example is the windows service monitoring from the Windows Management Packs. Microsoft does not discover any of these services. The MPs discover the Windows 2003  \ 2008 \ 2012 Operating System Class and the basic service monitors are targetted at
  this class. This means it is relatively light weight monitoring (less overhead on the agent and less discovery information in the databases) but it does mean that you can't add any of these services to a distributed application or report on their availability.
  You don't report on individual monitors but on objects which may have many monitors targetted at them.
  Windows Server 2003
  ü 
  Computer Browser Service
  ü 
  DHCP Client Service
  ü 
  DNS Client Service
  ü 
  Plug and Play Service
  ü 
  RPC Service
  ü 
  Server Service
  ü 
  TCP \ IP NetBios Service
  ü 
  Windows Event Log Service
  ü 
  Workstation Service
  Windows Server 2008 (including R2)
  ü 
  Computer Browser Service
  ü 
  DHCP Client Service
  ü 
  DNS Client Service
  ü 
  Plug and Play Service
  ü 
  RPC Service
  ü 
  Server Service
  ü 
  TCP \ IP NetBios Service
  ü 
  Windows Event Log Service
  ü 
  Workstation Service
  Windows Server 2012
  ü 
  Computer Browser Service
  ü 
  DHCP Client Service
  ü 
  DNS Client Service
  ü 
  Plug and Play Service
  ü 
  RPC Service
  ü 
  Server Service
  ü 
  TCP \ IP NetBios Service
  ü 
  Windows Event Log Service
  ü 
  Workstation Service
  If you want to actually report on the availability of this windows service (or add it to a Distributed Application) then you do need to discover it - either via the Authoring Template or authoring your own discoveries.
  Only you can decide what you need and you might have a different need for each service depending on what it is doing.
  Jonathan Almquist has a good walk through here about how to change service monitoring to allow for consecutive occurrences of a service being unavailable but it is deep authoring. 
  http://blogs.technet.com/b/jonathanalmquist/archive/2011/06/24/windows-service-monitoring-reduce-false-alerts-part-2.aspx
  Regards Graham New System Center 2012 Blog! -
  http://www.systemcentersolutions.co.uk
  View OpsMgr tips and tricks at
  http://systemcentersolutions.wordpress.com/

• SBS 2003 server admin rights dont work access denied on VSS and Network settings

  Hi I have just taken over support for a company and have inherited a SBS 2003 Server.
  The server has had no backup for over a year (when the last admin left).
  VSS does not work, so the back does not work, unable to install any other backup as no admin rights.
  I want to repair it so I can do a backup to move to a new server.
  I did not know the administrator account password (the last admin didn't tell anyone)
  So I used a password reset boot cd and then restarted Windows 2003 in Directory Service Restore Mode.
  Copied SRVANY and INSTSRV to a temporary folder, mine is called D:\temp. Copied cmd.exe to this folder too. Next ran at a command prompt instsrv PassRecovery "d:\temp\srvany.exe"
  next
  Started Regedit, and navigated to
  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\PassRecovery
   Created a new subkey called Parameters and added two new values:
  name: Application
  type: REG_SZ (string)
  value: d:\temp\cmd.exe
  name: AppParameters
  type: REG_SZ (string)
  value: /k net user administrator 123456 /domain
  "123456 is substituted for the password I used" Im not daft enough to publish it lol
  Next
  opened the Services applet (Control Panel\Administrative Tools\Services) and opened the PassRecovery property tab. Checked the starting mode is set to Automatic.
  to the Log On tab and enable the option Allow service to interact with the desktop.
  Restart Windows normally, SRVANY run the NET USER command and reset the domain admin password.
  OK so now I am logged in as administrator but guess what I still don't have admin rights???
  I can add new user with admin rights and log in as them but they still don't have admin rights Im totally lost??????????? Help please

  I'm thinking the previous tech may have renamed the built-in domain Administrator and then created a new account called 'administrator' with lesser rights?  He then used another domain admin account to manage the server. 
  If so, and given the fact that you don't know any domain admin account usernames or passwords, I think you may be in for a move to a new server without a proper NT backup of the SBS 2003. 
  However, If you can at least log into the SBS 2003, I wonder if you could download and run DIsk2VHD and create VHDs (not VHDX) of the current SBS 2003 drives, saving them to an external USB drive connected to the server. 
  You could then 'attach' the VHDs to a Win7 Pro computer and gain access to the files/folders, although not the Active Directory stuff.  Moving Exchange and Sharepoint would impose additional pain.  For Exchange, you could log
  onto workstations as each user and export their Exchange mailboxes as .PSTs.  I believe you could do the same with any Public Folders.
  Disk2VHD
  http://technet.microsoft.com/en-us/sysinternals/ee656415.aspx
  How to Mount a Virtual Hard Disk in Windows 7
  http://www.online-tech-tips.com/windows-7/mount-vhd-windows-7/
  Of course, the owner could also have his attorney contact the previous tech and threaten legal action unless he coughs up the correct domain admin username and password.  That username and password belong to the owner, not the
  tech.
  Merv Porter
  =========================