Make users login to domain

Similar Messages

• User login with domain suffix possible?

  Hello everyone,
  I've implemented a Portal EP 7.0 SP18. The user management is mapped to 2 different LDAP-Domains.
  Everything works fine. Unfortunately there are several users with duplicate user over the 2 domains and they can't logon (as already described in the documentation).
  Now my question: is there a way to build the logon by LDAP with a user suffix e.g. @domain1 ?
  Best regards, Bernd Hülsebusch

  Dear Anja,
  I've red the help file and changed the system connector to
  Logon Method = UIDPW and
  User Mapping Type = admin
  So only the admin can set the user mapping in the UME UI. This works!
  Addionally I've set the UME property ume.usermapping.admin.pwdprotection to false, because normally the admin does not know the password of a user. I've restarted the server, but unfortunately it has no effect:
  Ii the user mapping of the UME the admin must still enter a password. What might be the reason?
  Best regards, Bernd Hülsebusch

• # How to get the system AD Domain user login name in portal?

  when a system user use AD Domain method login the system.
  and then the user open the portal web application page, but not use AD Domain name login in portal page, that time ,I want to catch the user system login name show in portal page?
  I hava try the sereval method with Java or Jsp, or User Cookies ActiveX pulg,I get only the name of the portal hostname.
  so Anyone will provider me a well method to get the user login name?

  Elobrate more on ur problem

• Office 2013 will not open unless user is a Domain Admin

  In order to get the Office 2013 suite to install from Office 365, I had to make all the users (115 in 4 offices) a domain admin, we then installed the software on everyone's computers and we have migrated our email.  However, I now need
  to remove all the users from being a domain admin, but when I do none of Office programs will open, no error message, just a spinning wheel for 10 seconds and nothing.   I need to remove the users from being a domain admin as they can now see
  network drives that they were previously restricted from.  All computers are Windows 7 Pro.  I have even installed the suite on a brand new computer, installed as admin, login as a domain user and nothing will open.
  Thanks

  What's the default right for the user in your domain, domain user?
  Can we open the Office application when the domain user is in local administrator group?
  Please turn off all of security programs and 3rd-party programs (Windows clean boot) and then launch Office component, such as Word.exe with safe mode. ("Winword.exe /safe") to check if it opens successful in non-domain user rights.
  Don't use Office shortcut to open Office but double click the .exe file under %programfiles%\Microsoft Office to check if the office process appears in Windows Task Manager. 
  In addition, please go to eventvwr to check if there is any errors regarding to permission or Office exist. If so, post it here for further checking. Thanks. 
  Tony Chen
  TechNet Community Support

• How can I filter a Sharepoint 2007 libarry list based on current user login?

  Hi all.
  I would like to know how I can filter a SharePoint library list based on current user login.
  Suppose I have created the followings:
  1) A SharePoint form library containing bunch of uploaded InfoPath form data.
  2) The InfoPath form template contains a promoted text field called "TargetUser" to store user domain login (ex: DOMAIN\JOE) and every InfoPath form file in the library has a valid domain name stored in the "TargetUser" field.
  I have created a custom view for the form library and would like to filter this view so only items whose "TargetUser" field matches current user's login ID are displayed.
  I went to Edit View page to customize the view and tried to use the [Me] function but I got a "Filter value is not a valid text string" message instead when clicking OK. Apparently [Me] returns a Person/Group data type and the filter cannot compare its value
  to that of "TargetUser".
  I tried using text functions (ex: TEXT([Me],"") hoping to extract default string value from [Me]. The filter accepts the parameter without any error but the resulting fitlered list does not display any items at all.
  I have googled this subject for hours but I have not found any solution.
  It would be greatly appreciated if anyone can help me to create a functional filtered list.
  FYI, my SharePoint 2007 installation is just WSS 3.0 + Form Server. I do not have MOSS 2007 (so no MOSS 2007 web parts or web services).
  Thank you.
  Jason

  Here's what I usually do in order to accomplish this.  Ultimately you'll need to have 2 different fields.  There's the one you already have, with DOMAIN\username stored in it.  Then you'll need an additional field as a "person" column type. 
  Call it "TargetPerson" or something.
  Create a sharepoint designer workflow that runs each time an item is created or changed.  One action:
  Set FIELD to VALUE.
  The first FIELD is "TargetPerson", the VALUE is your "TargetUser" field. 
  Once this is done, then the person value is stored in the person field.  This is the field that you can filter by "TargetPerson" is equal to [Me]
  Laura Rogers, MCSE, MCTS
  SharePoint911: SharePoint Consulting
  Blog: http://www.sharepoint911.com/blogs/laura
  Twitter: WonderLaura

• Filtering report data based on user login and Parameter fields

  Post Author: mronquillo
  CA Forum: General
  Hi,I am running a report that filters data based on the user login. To do this, I created a formula called @user that compares the login name (using the CurrentCEUserName field) and returns the user's name. If the user login is not a login specified in the if statements, it returns the parameter field "user_name":For example: if CurrentCEUserName = "loginname1" then "User's Name 1"else if CurrentCEUserName = "loginname2" then "User's Name 2" else if CurrentCEUserName = "loginname3" then "User's Name 3"  else if CurrentCEUserName = "loginname4" then "User's Name 4".. .else {?user_name}   In select expert, I have a condition which filters data based on the string returned from that formula:{Table.Name} = {@user}  This works fine and when the users run the report they only their own data. However, they are still prompted to choose a parameter field regardless if of the value returned by the @user formula. Oddly enough, regardless of what parameter field they choose, they will still only see their own data (i.e. if John chooses "Bob" from the parameter list, he will still only see John's data.)If I remove the "else {?user_name}" line from the @user formula, then the users are not prompted anymore. However, if they are not a "valid" user - that is, if any of the if statements in the formula are not true for their login name - then they will see no data. What I want to do is make the report ONLY prompt the user to choose a parameter field if their login name is not "valid". That is, if the @user formula is able to return a string value for their login name, then they will jump right into the report without being prompted to choose a parameter - otherwise, the user will be prompted to choose a name from the parameter list. I thought my formula would allow this (hence the "else" clause), but it seems that if a parameter field is present in any formula, then the report automatically prompts the user to choose a parameter. Is what I am trying to accomplish possible in CR (I'm using CR v10.0) or is there a better way to do what I am trying to do?Thanks in advance.

  Post Author: sharonmtowler
  CA Forum: General
  try, or something like that
  (if CurrentCEUserName ={?user_name} then true else ({Table.Name} = {@user}) )

• Using Session Variables for User Login - sometimes they don't persist... what am I doing wrong?

  Hi all,
  I'm running a site that requires user login.  I approached the building of this site as almost a complete newb to CF (and dynamic coding in general), and it's been a great learing experience (with lots of help from you guys).
  However, I guess I never learned the correct way to handle a user login.  It seemed to me that I could just test the user-entered credentials against those stored in a database, then set a session variable containg that user's record number.  Then, not only would I have an easy way of knowing who this user was and therefore what info to serve him, but I could test for the existence of a valid login on every page in the protected folder, by adding this code to my application.cfc in that folder:
  <cfset This.Sessionmanagement=true>
  <cfset This.Sessiontimeout="#createtimespan(0,8,0,0)#">
     <cfif NOT isDefined ("session.username") or NOT isDefined ("session.password") or NOT isDefined ("session.storeID")>
       <cflocation url="../index.cfm" addtoken="no">
     </cfif>
  ...and it goes on to run a query and verify that the session.username and session.password match for the store defined by session.storeID.  If not, all session variables are cleared and it bounces you back to the login page.  When the user clicks Logout, all I do is delete all the session variables.
  This seemed to work great for like a year, but lately I've been getting reports that the login doesn't seem to persist for longer than approx. 20 minutes of inactivity.  You can see I specified session variables to remain active for 8 hours (I know that seems like a drastically long login, but it's what's necessary for this application).  I've only gotten this report from a few people, and I myself can't seem to duplicate it... I've tested an inactive login for 45 minutes now and it held.
  SO:  any reason you can think of why session variables would be spontaneously clearing for some people?  Would having your router reset its IP address invalidate the session or something?  Also, the problem seemed to begin appearing after my host upgraded all their servers to CF9... could there be any relation?
  And on a more general note... did I go about this completely the wrong way to begin with?  If so, what's the standard way to manage a login?
  Lots of questions, I know... thanks very much for any answers or suggestions!
  Joe

  Ian,
  Thanks very much - very helpful information.
  Sounds like passing the tokens in every request is probably the way to go for this.  I don't think it's likely that any users will be sharing links, unless they actually intend for the recipient to see their info anyway.
  Is that all I would have to do, is add the tokens to every path?  Would that guarantee that all the session variables would remain valid until timeout or being cleared?
  Again, thanks, you've been really helpful.
  Joe
  On Jun 23, 2010 4:37 PM, Ian Skinner &lt;[email protected]&gt; wrote:
  Unfortunately this is the nature of HTTP web applications.  There is NO state maintained from HTTP request to request.  This is by design in the HTTP protocol specifications.
  ColdFusion provides two methods to circumvent this limitation.  Each method has limitations and caveats.  They both rely on the passing of tokens between the client and the server with every request.  These tokens can be passed as cookies OR URL (GET) variables.  You are using the cookie method, which is the simpler and most common. You may be experiencing the limitation of this method.  If something happens to the cookies the session can be lost.
  You could pass the (CFID &amp; CFTOKEN) OR JESSIONID tokens through the URL query string with every request.  This requires one to add these values to every link, form action, cflocation or other request path in our application.  ColdFusion provides the session.urltoken variable to make this easier to do.  The tokens will be visible to the user.  Also if the links with an individual token is share with other users, via e-mail, chat, social networks, etc and one of these users utilize the link during the life of a session (8 hours apparently in your case).  Then that user will access the session of the original user.
  Cookie session management is by far the most common choice by CF developers.  If these methods do not meet your needs you would need to go beyond the HTTP limitations of web applications.  One might be able to accomplish this with a Flex|Air|Flash applications that can be configured to use a continuous connection to the server.  Thus not suffer the stateless nature of the normal HTTP request-response cycle.
  I do not know if a router resetting would cause cookies to be discarded or otherwise invalidated.  But I would not think it is beyond the relm of possibilities.

• Prevent the same user login on multiple computers at the same time

  prevent the same user login on multiple computers at the same time

  Is there any way (currently running 2012 Servers) that we can prevent users from logging into multiple domain computers simultaneously with the same username?
  We still want them to log into those computers, just not simultaneously?
  LimitLogin utility not work in Windows 2012 server.
  Thanks.
  Babu
  Unfortunately Windows has never offered this feature as a built-in feature, but there are several possibilities discussed in these articles:
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/0103b5e7-0db5-4fb4-bfe7-d7132983880a/limit-concurrent-logins-on-a-ws-2008-environment
  http://www.edugeek.net/forums/windows-server-2008-r2/61216-multiple-logins.html
  http://windowsitpro.com/windows/prevent-multiple-logons-gpos
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• How can  I  restrain the user login portal once, in the same time ???

  Hi
  I need to restrain the user can't repeat to login portal ....
  to reduce portal loading
  How can I restrain the user login portal once, in the same time???
  Which attributs in Identity Manager or amconsole I can do it to restrain the user ??
  tks

  Does your portal support anonymous access? If so, make sure you are using the authlessanonymous mode. This mode only creates one session that is shared for all anonymous users. This is much more efficient than anonymous access, which creates a session for each anonymous user.
  I have no other recommendation for limiting users to a single login. In general, web applications do not behave like this. What if a user closes their browser without logging out? Does the user have to wait until the session times out in order to log back in again?
  The same thing is true for users that are mobile. If a user leaves their office without logging out and then attempts to log in with a laptop in the conference room, then access will be denied in your implementation. Users do not expect this type of limitation being built into the system.
  If you are having problems scaling, then you need to look at your architecture and perhaps add some more resources. Also, make sure you are making efficient use of the authlessanonymous access mode as stated above.
  - Jim

• How to  restrain the user login portal once, in the same time??

  Hi
  I need to restrain the user can't repeat to login portal ....
  to reduce portal loading
  How can I restrain the user login portal once, in the same time???
  Which attributs in Identity Manager or amconsole I can do it to restrain the user ??
  tks

  Does your portal support anonymous access? If so, make sure you are using the authlessanonymous mode. This mode only creates one session that is shared for all anonymous users. This is much more efficient than anonymous access, which creates a session for each anonymous user.
  I have no other recommendation for limiting users to a single login. In general, web applications do not behave like this. What if a user closes their browser without logging out? Does the user have to wait until the session times out in order to log back in again?
  The same thing is true for users that are mobile. If a user leaves their office without logging out and then attempts to log in with a laptop in the conference room, then access will be denied in your implementation. Users do not expect this type of limitation being built into the system.
  If you are having problems scaling, then you need to look at your architecture and perhaps add some more resources. Also, make sure you are making efficient use of the authlessanonymous access mode as stated above.
  - Jim

• 802.1X wirelss restriction on User Login policies

  Hi all,
  Seeking some technical idea on Wireless 802.1x setup.
  Business requirement is:
  "User login policy: to limit the number of concurrent login by a single user only apply to one device at any given time. "
  There is no problem on PEAP/MSCHAPv2 login, only thing is the same user credential able to be use and login on multiple device, in the same time.
  On the NAD part, we configure these on WLC but still cannot achieve our objective
  - advanced eap max-login-ignore-identity-response disable
  - netuser maxuserLogin 1
  Seeking technical solution on this case, please advice. Is there anything need to tweak on the directory server or ACS part?
  The components using as below:
  Supplicant 1: Window 7, authentication method using PEAP/MSCHAPv2
  Supplicant 2: iPhone iOS version 6.x
  Authenticator: Cisco Wireless Controller 5800 Series on code version 7.2
  Authentication server: Cisco secure server ACS 5.3.0.40
  Identity Source : Microsoft server 2008 R2 ADDS, single forest single domain.
  attached the network diagram: topo1.png

  http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/112175-acs51-peap-deployment-00.html

• GRC AC 10.1 - End User Login - Request issue

  Hi experts!
  Im working in GRC AC 10.1 SP07. I have configured END USER LOGIN services; the idea is that end user from ECC system could submit request without having user in GRC box, this is working fine but i´m experimenting next problem.
  When i go to search request, those request submited by end user appears like created by Z_END_USER, this is the user in GRC that i have configured in services GRAC_UIBB_END_USER_LOGIN and GRAC_OIF_REQUEST_SUBMISSION_EU.
  ¿Is possible to configure that request appears "Created By" the requester and not the service´s user? I don´t think so, but if not, ¿is there any way to add the column User ID in Result screen? because it is avaible in parameters search but im not being able to add this in result screen (it´s not like hidden neither).
  Parameters "Created by user ID" would be service´s user and "User ID" would be the requester.
  Thanks!
  Emiliano

  Hi Emiliano,
  Your understanding is correct, request created by UserID will always show GUEST UserID configured in the End User Logon service.
  In search requests there is option to search requests by UserID but the same field has not been enabled to be available in Search Request result screen. This is as per standard functionality. You can check with SAP or can work with ABAPer to make the UserID column as display field in Search Request results.
  Regards,
  Madhu.

• User login report in Active Directory for specific date and time

  I want to get User login report in Active Directory for specific date and time e.g user logged in at15-01-2015 from 8:00am to 4:00pm
  Is any query, script or any tool available?
  Waiting for reply please

  You can identify the last logon date and time using my script here: https://gallery.technet.microsoft.com/scriptcenter/Get-Active-Directory-User-bbcdd771
  If you would like to get back in time and see when the user did a logon / logoff then you need to have auditing enabled. Once done, you can records from Security log in the event viewer: https://social.technet.microsoft.com/Forums/windowsserver/en-US/98cbecb0-d23d-479d-aa65-07e3e214e2c7/manage-active-directory-users-logon-logoff-events
  I have started a Wiki about how to track logon / logoff and it can help too: http://social.technet.microsoft.com/wiki/contents/articles/20422.record-logon-logoff-activities-on-domain-servers-and-workstations-using-group-policy.aspx
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Anonymous login doesn't show user login channel

  Recently i am doing some R&D work on portal server. Whenever the user logs in to portal server, it will bypass the authentication menus and login as anonymous user because i have set in the admin console to disable all the authentication methods except anonymous login. In order for the user to login again using membership login inside the anonymous login, at the advanced option under "Non Interactive Mode", i added "membership" as one of the variable. Now the problem comes when i added in a generic provider into my channel.I can't see the user login channel anymore whenever i log into the anonymous page. I have uncheck "the persistent cookies" at the advanced option in admin console but the problem still persist.Even if i never log in using the login channel at the anonymous user page, it will display "welcome new user" and bypass the page with "login channel". I hope you guys understand my question. :). Anyone out there knows what's going wrong here?

  Make sure the iwtLoginProvider is present in the selected channel list for the anonymous user.
  Go to the anonymous user profile /Manage_Domain/Role/Users and then anonymous user profile and check to see if you have the iwtLoginProvider added in your list of available and selected channels, if it is not present you have to add it.
  Below the available channel list box
  type iwtLoginProvider in the Channel Name text box. For the Class Name text box, type: com.iplanet.portalserver.providers.login.LoginProvider
  Click the add button
  Now move the channel to selected channel list and then click the submit button in the bottom of the page.

• Terminate Portal User Login with JSessionID or MYSAPSSO2 Cookie

  Dear All,
  I know using Visual Administrator , we can terminate the session.
  Is it possible for the administrator to terminate a logged in portal user with his/her  JsessionID or MYSAPSSO2 cookie value or User Id programmatically.?
  Is it possible for portal admin to forcibly exit (logoutl) an active user login  without logging onto visual administrator?
  Regards,
  Eben Joyson

  The only complete mitigation for session hijacking is to run the entire site as SSL. This is Oracle's recommendation if you need a complete mitigation solution. And example of an ATG site running in full SSL is Dennis Kirk (denniskirk.com).
  The problem with doing so is that SSL (a) takes more processing power in the system running the client's browser and (2) incurs latency that degrades the perceived page performance. This is particularly true for consumers running Internet Explorer, where speed-up measures like SPDY are either incomplete or don't work. And for a hard core eComemrce site, slower page performance means that you make less money.
  Most sites, including those that you mention, use a mixture of SSL and non-SSL pages to overcome this. They use non-SSL for those areas of the site where penetration does not have a material negative impact. Browsing catalog pages as an anonymous user, for example. If someone hijacks my session and I'm browsing the catalog anonymously, they're welcome to it. There's nothing private in my session. Even robots can access that content.
  Once I login or go to pages where private information is being exchanged, then you have to secure the session. That's where the protocol switcher servlet comes in. As you authenticate, you switch the user to SSL.
  I've tried a number of additional mitigation steps. Unfortunately I can't discuss them here at this time.
  And none of the servlets that you mention have any benefit with mitigating session hijacking.