Managing Computer List's Via AD

Similar Messages

• RDS 2012 R2 - How do I lockdown access to Local Computer Management and Windows Backup via Group Policy

  Greetings all,
  I am needing assistance in how to lockdown access to Local Computer Management and Windows Backup via Group Policy for users that access RDS service. I have followed this awesome guide - h t t p://w w w.it.ltsoy.com/windows/lock-down-remote-desktop-services-server-2012/
    - but it is missing two important resources that I would like to lock down.Currently, I have successfully locked down Control Panel for users via Group Policy, but I cannot find any group policy or guide on how to restrict user access
  to Computer Management (different to Server Manager). When using Win-X shortcut to open the 'Administrator's shortcuts' near the windows icon, I have locked down everything except Computer Management. Computer Management gives direct access to Disk Management,
  Shares etc, which are locked down for users. But Windows Server Backup is still accessible. Can someone please guide me on how to restrict access to both Computer Management and Windows Server Backup.
  Thanks in advance.
  Terry.

  Prevent running of Windows Server Backup
  Computer Configuration\Policies\Windows Settings\Security Settings\File System
  Right click on File System - Add File - Drill down to \System32\wbadmin.msc
  On the Database Security ACL that pops up - Remove Creator Owner, Remove Users and check Adminstrators have Full Access.
  On the Object window - choose Propagate inheritable permissions to all... (Default)

• I downloaded songs to my phone at xmas and when i plugged in to my laptop it wiped the phone of new purchases when i try and download them to my computer in itunes via previous purchesses it wont load the list and i keep getting error 10053 can any1 help

  i downloaded songs to my phone at xmas and when i plugged in to my laptop it wiped the phone of new purchases when i try and download them to my computer in itunes via previous purchesses it wont load the list and i keep getting error 10053 can any1 help

  Syncing shouldn't trouch you photos unless you have photos in a Photo Library album.  These would be photos that were synced to your phone from your computer.  If you do have any, you'll need to use an app like PhotoSync to transfer them to your computer prior to syncing.
  If you prefer to backup your camera roll photos prior to syncing, open iTunes and go to Preferences>Devices and check "Prevent...from syncing automatically".  Then connect your phone to your computer and import them as explained here: http://support.apple.com/kb/HT4083.
  Then, to minimize data loss, follow the steps in this user tip: https://discussions.apple.com/docs/DOC-3141.  To follow the steps, first open iTunes and go to View>Show Sidebar.  Also, Transfer Purchases is now located in File>Devices.

• Managing the Mobility preference at the computer list level

  Hi,
  I'd like to get a confirm about my understanding of the role of the Mobility preference in computer lists.
  Since the Mobility preference could be managed at the computer list level, it has effect both on the clients' local and network accounts. I tried to manage the preference for a computer list that contains clients with only local accounts and set it to "Synchronize account for offline use".
  I saw no effect on clients' local account, but I think this is expected because portable home directories requires a network home folder to be set, and obviously local accounts cannot have it set.
  Could anyone confirm?
  If the above reasoning is correct, the only point of managing the Mobility preference at the computer lists level is to allow or disallow network users with network home folders to create mobile accounts on specific computers.
  Am I right?
  TIA.

  I tried to
  manage the preference for a computer list that
  contains clients with only local accounts and set it
  to "Synchronize account for offline use".
  I saw no effect on clients' local account,
  That is the expecetd behavior.
  If the above reasoning is correct, the only point of
  managing the Mobility preference at the computer
  lists level is to allow or disallow network users
  with network home folders to create mobile accounts
  on specific computers.
  Am I right?
  Yes, you are right.
  b.

• Can't add Computer or New Computer list on 10.3.9 Server Workgroup manager

  I have a 10.3.9 server with Open Directory running. I can manage user and group preferences (Workgroup manager v2.0.1) but can't add a computer or new computer list because the option is disabled. If I connect to it's open directory from another server running 10.3.9 and same version of Workgroup Mgr, the new computer list and adding computers is enabled. This other server is in another subnet and not typically available for use by the network admin of the problem server. Any ideas to get the computer management enabled?

  Hi,
  an additional discovery I made:
  Take the account "A", which is functioning on these two "problem-clients". I change the password from "123456" to "abcdef".
  I try to log in this account with one of these two Macs... -> does NOT work
  I try to log in this account with another Client (w/o problems) -> does work
  I change the password back to "123456"
  I try to log in this account with one of these two Macs -> does work
  I deleted the accounts and created new ones. The accounts work fine on every Mac despite these two machines.
  It looks like these two clients are not updating the directoryservice information.
  So I tried to get a look, which information is readable at the client machines (which are making the trouble):
  lookupd version 369.5 (root 2006.12.02 12:00:25 UTC)
  Enter command name, "help", or "quit" to exit
  userWithName: test
  Dictionary: "DS: user test"
  lookupagent: DSAgent
  lookupvalidation: 1195423412
  gid: 1025
  home: /Network/Servers/xserve/Volumes/DATA/HomeDir/test
  name: test testuser Test User
  passwd: ****** ******
  realname: Test User
  shell: /bin/bash
  uid: 1026
  + Category: user
  + Time to live: 43200
  + Age: 0 (expires in 43200 seconds)
  + Negative: No
  + Cache hits: 0
  + Retain count: 7
  I gathered this information on the client, which can NOT log into this account. I can try all new or changed accounts, all are visible to the client....
  Does anybody here unterstand this?
  • the used accounts are all ok
  • other accounts work fine on this two machines
  • the problem only occurs on changed or new accounts.
  • reverting the changed accounts to the old state: the accounts work again
  Regards
  svenc

• Computer Listed in Bold in Setup of Xsan Admin

  I have an Xsan (v1.4.2) with four (4) computers. One of these computers is the original MDC, and is named Thirty-Six. Another computer is named Xsan-PMDC, and is now the primary MDC (via cvadmin's fail <Volume_Name>). Even though Xsan-PMDC is now the MDC, the computer that used to be the MDC (Thirty-Six) is listed in bold in Xsan Admin-->Creative (name of SAN component)--> Setup-->Computers. I have been told that the computer listed in bold is the controller I am connecting to.
  On the computer that is the active MDC at the moment, I have a window with this prompt.
  "You have connected to a Xsan client computer. 'Thirty-Six.local' sees 4 disks (LUNs) that appear to be managed by the controllers listed below. To administer the corresponding SAN, select a controller and click Reconnect." The lone computer I can select from the Existing controllers menu is the active metadata controller (not Thirty-Six.local). If I select the active metadata controller and click Reconnect, will bad things happen? Will the data on the Xsan volumes be lost? Will service be interrupted?
  My goal is for the active metadata controller to be the one that is listed in bold in Xsan Admin, but I don't want to lose the data on the Xsan volumes or create an otherwise bad situation. If anyone can offer me guidance on this, it would be appreciated.
  Thanks for reading!
  -Jonathan

  I am sure you have figured it out by now, but in case you haven't try connecting to the Xsan controller in charge to run Xsan admin directly, or else try different Xsan clients.

• Controlling Preferences on Computer List Doesn't Work

  Hi All,
  I'm sure I am doing something dopey, but I can't figure out what.
  I have an Xserve running Server OS 10.4.11 and a lab on a subnet, 17 clients running OS 10.5.7. These computers are connected to en1 via a switch, and receiving IP addresses via DHCP (in the 192.168 range). Share points work fine, as does web accesses and network user accounts.
  There are two computer lists in the room - one is for a "teacher station," and the other 16 machines are on a seperate "Lab" computer list. On the "teacher station," when I open Directory Utility, I enter the name of the server, it finds it right away and preferences are controlled. All is well.
  However, the other clients' Directory Utility cannot find the OD master. Further, when I am in "Workgroup Manager," I note that if I browse for clients using the "..." button, none of those 16 iMacs appear in the list. I added the machines manually, entering their MAC addresses, but it does not appear to be effective.
  I am looking to see what is different between the teacher station and the 16 student machines and can only see one thing, which is the NetBIOS name - for the student machines, it is identical ("lab") but since there is no Windows anywhere to be found in the setup, I don't understand why this would be the issue. Nor do I understand where I would make this change if I needed to - changing it locally is not effective, and it is all "dimmed" or "greyed out" anyway.
  What am I missing?
  Many thanks!

  Can you reduce it down to a 20-line test case?  If so, post it.

• Automated updating of computer list

  I would like to use Automator or Applescript to scan all of the scanners I have set up in ARD and add any Macs found to the computer list.
  Has anyone done this? The automator actions for ARD don't seem to have a "refresh scanner" action.
  Thanks.

  My guess is that you'd have to have Applescript do it via the GUI, if possible.

• Force Clients to connect to my Mac and "join" my computer list

  Hi ARD users,
  I am not able to scan our network for ARD clients because the scanning only works in my vlan. But we have a lot of vlans here. I can not reach the Macs in all the other vlans with the scanner. Of course it is possible to get them one after another with their IP- address but I don't know the addresses of all those (few hundred) clients. So after scanning I have only 'round 20 macs there.
  So here is my question:
  Is it possible to force the clients (e.g. with a script that we could distribute via FileWave, or kickstart or task-server) to connect to MY computer and "jump" into my computer- list?
  Just an idea... But any comment would be appreciated, so
  Thank you in advance

  Hi, thanks for the reply,
  I' m not sure what you mean. I see that in the smart lists I will be able to sort/ filter macs that already are in my computer list. There' s an option to search for IP-addresses, but only for macs that are in the list already. I think that you mean I could sort them for the different vlans then. Of course, that would be possible, but doesn' t help with my problem.
  To scan ranges across subnets... I don' t see a solution. How do you mean I could do this? We have the vlans from 10.99.1.* to 10.99.150.*. In the scanner I can give a range from 10.99.1.1 to 10.99.1.254 and scan, although MY mac is in 10.99.104.x. But then I have to give the next range: 10.99.2.1 to 10.99.2.254 and so on. For 150 of such nets it' s not very cool. It' s not possible to give an "*" symbol or so, so, are you sure it should be possible?
  Thank you for your help

• SQL Server Config Manager, Windows Administration Tools, Manage Computer and Task Manager

  I want to cross check the
  SQL Server Config Manager, Windows Administration Tools, Manage Computer and Task Manager
  for running of SQL SERVER.
  I stop SQLEXPRESS instance in one of the above tools but the others become unaware of the latest changes except
  Task Manager.
  For example when I stop SQL EXPRESS from within SQL Server Congiguration Manager
  it still seems working in Windows Administration Tools, Manage Computer windows.
  What is the reason for this?

  Hi,
  Aprat from SQL Server configuration manager all other are windows tool and should not be used to manage SQL Server in anyway. Although I cannot completely understand list of tools you mentioned
  Please mark this reply as answer if it solved your issue or vote as helpful if it helped so that other forum members can benefit from it
  My Technet Wiki Article
  MVP

• Using Computer Lists

  This is my first time using "Computer Lists". I have added my computers, which are all macs, and have tried to manage the preferences for the list. (Clicking on the preferences icon at the top of Workgroup Manager.)
  One of my settings is the login window message, yet when I click "Apply Now", wait a few minutes and look at the computers, my changes haven't taken effect. Even after logging in the out, and restarting. Am I missing a step?

  LDAPv3.
  Delete the machines from the server.
  You'll need to configure your clients to bind to your server, using Directory Access. Use this document:
  http://docs.info.apple.com/article.html?path=ServerAdmin/10.4/en/c7od24.html
  Then, you'll see them show up again in your server's computer list. Now you can set preferences on them at will.

• Create Computer Lists Leopard Server - problem

  I can't add Computer lists in AD using workgroup manager.
  I'm logged into AD with WGM, the AD is extended, I have Inspector enabled. Also, I am a Domain Admin and Schema admin in AD.
  I go to the Inspector bullseye, select ComputerLists, and click the add button . I get "Not Authorized. The action failed because you are not authorized to perform the operation." I do not get the 'unexpected error' that is normal in this situation.
  Server version 10.5.8
  WGM 10.5.5 (on the server)

  I had to use ADSIEdit to create the objects. Once created, Workgroup Manager can see and manipulate them.

• Managing client list ??

  i am working on a project in which i need to keep a record that whcih clients are in working positions and which are not. simple explanation is that i am making a reservation system for a software lab. the system will reserve different available PCs for users. All PCs are linked through LAN. i have to keep track that out of all available PCs, which are working and whcih are not, so that list of only those PCs can be displayed that are working. one solution is two way RMI but it is only applicable in case that my application is running on all workstations also. what if all PCs are switched on but no one is logged on to them. in such case, all applications will be terminated, system will be working, but server will get no response. what to do now ? how to manage this list ???

  OK - I misunderstood your problem.
  You want to have a list of available PCs - PCs which are turned on, but not in use?
  You could do this with a program that
  o Started when a PC was powered on.
  o Registered immediately with a server as "available".
  o Notified the server when a user logged on ("busy").
  o Notified the server when a user logged off ("available").
  o Notified the server when it was being powered down ("unavailable");
  The powerup/powerdown are probably best handled by a service running in the background, started automatically.
  You didn't mention which OS you are running on the PCs, but this is doable under NT. (It is quite a bit of work to get services written in java to work.)
  The other finctions sound like they are trivial to implement in a separate program, run automatically when a user logs on/logs off.
  Holes: The biggest problem is what to do if a computer crashes and doesn't come back. One way would be to have the background service send in a keep-alive to the server. if it's not alive, then assume it is unavailable.
  This is all just brainstorming. If you keep thinking about it you can probably knock this design down to something simpler.

• HT3819 Can I transfer music from one computer to another via home sharing?

  Can I transfer my music from one computer to another via home sharing?

  So long as they are on the same wifi network, yes.
  Have both computers running and have iTunes open on both computers.
  Now, in the iTunes on the computer you want to transfer music to, select the library that you want to transfer music from, as per the following screenshot:
  Once the other library loads, go down to the bottom of the screen and in "Show:" select "Items not in my library":
  If you want to import all of the songs you can now see, head up to the iTunes menu bar and go "Edit > Select all". Then head down to the bottom of the screen again and click the "Import" button in the bottom-right-hand corner.
  If there's a lot of stuff in the library you're transferring from, the transfer may take some time.

• Iphone 4S - Windows Vista - 64 Bit (and photoshop elements 9.0) is not recognizing my iphone as a camera - therefore I cannot download pictures from my iphone. iTunes works fine with the iPhone, but I do not see it in "My Computer" when connected via USB

  iphone 4S - Windows Vista - 64 Bit (and photoshop elements 9.0) is not recognizing my iphone as a camera - therefore I cannot download pictures from my iphone. iTunes works fine with the iPhone, but I do not see it in "My Computer" when connected via USB.  I already tried uninstalling and reinstalling iTunes....still nothing.  Any ideas?

  Thank u verrrrrrrrrrry much FoxFifth u save my life thank u.