NCS Admin User Group / Permissions

Similar Messages

• ACL to handle admin & user vlans (permit/deny rdp, icmp, smb, etc.)

  Hi guys,
  I have a a simple setup:
  VLAN 20 = basic users (192.168.20.0/24)
  VLAN 30 = admin vlan (192.168.30.0/24)
  I want to use ACLs to grant/deny access to the different vlans. Basically admins are allowed to access all services in the client network, i.e. RDP, file share access (smb), ping to basic users. Vice versa basic users are not allowed to access the admin network except echo-replies and smb.
  My first approach was to deny everything and just open the specific protocols & ports.
  So, for the admin vlan the ACL is quite simple: permit ip any
  For VLAN 20 clients I tried:
  permit icmp 192.168.20.0 0.0.0.255 any echo-reply
  permit tcp 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255 eq 445
  permit udp 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255 range netbios-ns netbios-ss
  deny ip 192.168.20.0 0.0.0.255 any
  That didn't work. I only got the ICMP-replies.
  My second approach was to grant everything and deny the specific ports & protocols.
  permit icmp 192.168.20.0 0.0.0.255 any echo-reply
  deny icmp 192.168.20.0 0.0.0.255 any echo
  deny tcp 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255 eq 3389
  permit ip 192.168.20.0 0.0.0.255 any
  With the second approach there is everything open except the explicitly denied ports which is no really my preferred solution.
  So, I'd be happy if you guys could help me out with my first approach.
  cheers

  I give you the whole config, just deleted some crypto stuff and unused interfaces.
  Admin-PC is connected to Gi1/0/2, vlan 30
  Client-PC is connected to Gi1/0/4, vlan 20
  Current configuration : 7474 bytes
  ! Last configuration change at 09:37:32 UTC Mon Nov 10 2014
  version 15.0
  no service pad
  service timestamps debug datetime msec
  service timestamps log datetime msec
  service password-encryption
  service compress-config
  hostname nucl3us
  boot-start-marker
  boot-end-marker
  vrf definition Mgmt-vrf
  address-family ipv4
  exit-address-family
  address-family ipv6
  exit-address-family
  enable secret 5 xyz
  username xyz password 7 xyz
  no aaa new-model
  switch 1 provision ws-c3850-48p
  ip routing
  ip device tracking
  qos wireless-default-untrust
  diagnostic bootup level minimal
  identity policy webauth-global-inactive
  inactivity-timer 3600
  spanning-tree mode pvst
  spanning-tree extend system-id
  redundancy
  mode sso
  class-map match-any non-client-nrt-class
  match non-client-nrt
  policy-map port_child_policy
  class non-client-nrt-class
  bandwidth remaining ratio 10
  interface GigabitEthernet0/0
  vrf forwarding Mgmt-vrf
  no ip address
  negotiation auto
  interface GigabitEthernet1/0/2
  description admin-pc
  switchport access vlan 30
  switchport mode access
  interface GigabitEthernet1/0/4
  description VoIP
  switchport access vlan 20
  switchport mode access
  ip access-group 120 in
  interface Vlan1
  no ip address
  shutdown
  interface Vlan20
  description clients
  ip address 192.168.20.1 255.255.255.0
  interface Vlan30
  description management
  ip address 192.168.30.1 255.255.255.0
  no ip http server
  ip http authentication local
  ip http secure-server
  ip access-list standard admin
  permit any
  ip access-list extended deny_admin_rdp
  deny tcp any 192.168.30.0 0.0.0.255 eq 3389
  permit ip any 192.168.30.0 0.0.0.255
  ip access-list extended vlan20
  permit icmp 192.168.20.0 0.0.0.255 any echo-reply
  permit tcp 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255 eq 445
  permit udp 192.168.20.0 0.0.0.255 192.168.30.0 0.0.0.255 range netbios-ns netbios-ss
  deny ip 192.168.20.0 0.0.0.255 any
  line con 0
  stopbits 1
  line aux 0
  stopbits 1
  line vty 0 4
  login
  line vty 5 15
  login
  wsma agent exec
  profile httplistener
  profile httpslistener
  wsma agent config
  profile httplistener
  profile httpslistener
  wsma agent filesys
  profile httplistener
  profile httpslistener
  wsma agent notify
  profile httplistener
  profile httpslistener
  wsma profile listener httplistener
  transport http
  wsma profile listener httpslistener
  transport https
  ap group default-group
  end
  client -> admin: smb works, ping and rdp denied -> this is ok
  admin -> client: ping works, but no smb or rdp -> this is not ok :-)
  I would like the admin network access everything in the client network
  cheers

• How to diable only one field enabled and other fields disabled for one user group?

  Hi,
  I have a form contains many fields. A group of users can add items using that form.
  As per the user requirement I have created a filtered view and that filtered view can be seen by some other sharepoint user group but as per their further requirement the new sharepoint user group is only allowed to update Remarks field. All other fields
  should be disabled for them.
  In my idea, I have to create multiple forms and in one of it except Remarks field all should be disabled but I am unable to assign multiple forms to a single list.
  Or how to make Remarks field enable to this user group and for other admin user group all fields could be enabled.
  Hope I have expressed my question correctly.
  Any solution would be appreciated.

  There is no Out of the Box way to set permissions on each column, primarily due to the performance impact. The following thread provides some options,
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/c0794232-9bab-4cea-91d8-f311a793a863/how-to-set-column-wise-permission-in-sharepint-list-in-sharepoint-2010?forum=sharepointadminprevious
  Dimitri Ayrapetov (MCSE: SharePoint)

• Group Permissions using External Table

  I have a problem with using an external table for user group permissions.
  I am using OBI authentication but need to use an external table to manage the user’s group permissions. I created two RPD groups, GROUP1 and GROUP2. GROUP1 has access to TABLE1. GROUP2 has access to TABLE2. I created the initialization block with the following SQL:
  Select ‘GROUP’, groupname from groups_tab where username = ‘:USER’
  I also turned on row-wise initialization.
  I created a user, USER1, with access to both RPD groups. I also created corresponding Catalog Group (Settings  Administration  Manage Presentation Catalog Groups and Users  Create a new Catalog Group). I have two dashboard pages PAGE1 and PAGE2. GROUP1 has access to PAGE1 and GROUP2 has access to PAGE2. When I log in as USER1, I have a quick test on the My Dashboard page that displays the GROUP session variable (@{biServer.variables[‘NQ_SESSION.GROUP’]}). The variable displays that USER1 belongs to GROUP1; GROUP2. I still cannot see the dashboard pages PAGE1 and PAGE2. When I go to Answers I cannot see TABLE1 or TABLE2.
  Obviously, I must be missing a step somewhere. Any ideas?
  I have tried the Rittman Mead post (http://www.rittmanmead.com/2007/05/21/using-initialization-blocks-with-ldap-and-database-queries-to-control-authentication-and-authorization/) and I am still not getting the right results.
  Edited by: Canz on Feb 25, 2009 4:39 PM

  It's likely to be a permissioning setup issue rather than your Init Block setup which seems to be working. Start by granting your test user full permissions on the object you want and then start removing them gradually to see where you don't see the dashboard any more. I think you might be missing a Traverse privilege in your dashboard shared folders but I can't check all the possible conditions with seeing your web catalog. Also check the case of your Web Catalog groups and the ones you populate on the Init block.

• User is not present any sharepoint group,But user has permissions to all subsites(almost user has admin permissions)

  I am having sharepoint site.one of the user is not present in any sharepoint group and also not present in site collection administrators but user has all the permissions in the site.Some members who are in the owner group(full control) also
  does not have permissions to add new users to some groups but the user who is not present in any group has permission to add new users also.How this user is able to access?.But user is present in people and groups

  HI
  First find out from where user getting permission.
  Hi 
  You can use get-spuser for the same.
  Listing All the SharePoint Groups to Which a User Belongs
  To list all the SharePoint groups to which a user belongs, you first need to find that user's SPUser object:
  $user = Get-SPUser -Web http://server/sites/yoursite |
    Where {$_.LoginName -LIKE "*|DOMAIN\SAMC"}
  Once you have this object, you can scan all the site collections in the farm and find all the groups to which the user belongs:
  Get-SPSite -Limit All |
    Select -ExpandProperty RootWeb |
    Select -ExpandProperty SiteUsers |
    Where { $user.UserLogin -EQ $_.LoginName } |
    Select -ExpandProperty Groups |
    Select Name, {$_.ParentWeb.Url}
  below link refer the same.
  http://sharepointpromag.com/sharepoint-2013/exploring-sharepoint-users-groups-and-security-using-powershell
  Hope this help you to find out user group
  Regards, Rajendra Singh If a post answers your question, please click Mark As Answer on that ost and Vote as Helpful http://sharepointundefind.wordpress.com/

• Oracle BI Admin Tool: copying permissions from group to group

  Hi!
  I'm working with Oracle BI Admin Tool (10.1.3.4).
  I have a lot of groups in the repository.
  I want to create a seperate group for each department and set filter for each group. For example, group 'Market' should see data only from the Marketing department, group 'HR' should see data only from its department.
  The question is the following: if I have 100 groups, do I have to set permissions to each of them manually or is there any mechanism of quick copying (function 'duplicate' is not suitable as groups are already created)?
  Thank you,
  Natallia

  First about filtering data for specific user groups: you need to implement row level security by using session variables.
  Here are some links:
  http://oraclebizint.wordpress.com/2008/06/30/oracle-bi-ee-1013332-row-level-security-and-row-wise-intialized-session-variables/
  http://www.rittmanmead.com/2007/05/13/obiee-and-row-level-security/
  http://obieegeek.wordpress.com/2009/04/05/row-level-security-using-initialization-blocks-and-session-variables/
  (You can find these links by using google.. ;))
  Second about groups and copying privileges/permissions: I don't think it is possible to copy privileges/permissions (other than hardcoding UDML) but it is actually not necessary when you create a security model first. Let me explain: in OBIEE groups can be member of a group, and the underlying group will inherit all the permissions of the group it is member of.
  So what you need to do, is to create one group with common permissions and privileges and add all the department groups to this group. If you want, you can then set the specific permissions for each group.

• Setting workgroup backup permissions for server admin user

  I apologize in advance for what is probably a trivial question. At school I have set up a Tiger server on a PPC desktop. Open directory is implemented and managed remotely on my personal desktop machine using Workgroup manager. The local server admin account is different from the remote workgroup manager account. I have been backing up using rsync from my machine by logging in with ssh and the Workgroup manager account. Now I want to use ChronoSync on the server machine to set up a simple incremental backup routine. The problem is that ChronoSync runs under the server admin account which does not have permissions to access the group accounts. What is the best way for me to give the server admin account "global" permissions so it can backup the files and directories that were set up using Workgroup manager?
  iMac Intel Mac OS X (10.4.9)
  iMac Intel   Mac OS X (10.4.9)  

  Hi,
  User Account Control treats members of the Administrators group as standard users.
  With UAC enabled, members of the local Administrators group run with the same access token as standard users. Only when a member of the local Administrators group gives approval can a process use the administrator’s full access token. This process is the
  basis of the principle of Admin Approval Mode.
  When an administrator logs on to Windows Vista or newer, the Local Security Authority (LSA) creates two access tokens. If LSA is notified that the user is a member of the Administrators group, LSA creates the second logon that has the administrator rights
  removed (filtered).
  To work around this issue, use the net use command together with a UNC name to access the network location.
  Programs may be unable to access some network locations after you turn on User Account Control in Windows Vista or newer operating systems
  http://support.microsoft.com/kb/937624
  Regards,
  Mandy
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• What third party tools exist to show a user or groups permissions and access rights for an entire SharePoint 2010 site collection?

  Our admin crew has just inherited a 4 year old SharePoint site that was developed on SP 2007 and later migrated to SP 2010.  We are trying to determine which users and groups have access to the 150+ sub-sites of the site and at what permission levels.
  Research tells me SharePoint 2010 has no means to simply list out a user's permission levels over an entire site collection, but that it must be done at each sub-site, list & library that has permission inheritance broken to create a unique permissions
  object.
  Has anyone found a solution to this issue?  Without days of research at each sub-site, list & library, how would one more economically go about such an investigation of a user's permissions on an entire SharePoint 2010 site?

  Hello,
  There is no direct way to see user and group broken permission within a site collection. However you can write powershell script to get the permission. You can modify the below script based on your need and export result in CSV. You may also need to add
  code to iterate all subsites within site collection.
  http://social.technet.microsoft.com/wiki/contents/articles/14242.sharepoint-2010-export-all-unique-permissions-from-site-collection-using-powershell.aspx
  http://en.community.dell.com/techcenter/windows-management/b/weblog/archive/2012/09/25/sharepoint-security-reporting-using-powershell
  Codeplex tool is also available to check permission but it is not always fulfill business need. You may also look at this if it suits you.
  https://permissionsmanager.codeplex.com/ 
  Hope it could help
  Hemendra:Yesterday is just a memory,Tomorrow we may never see<br/> Please remember to mark the replies as answers if they help and unmark them if they provide no help

• Sharing and Permissions for Admin Users Home Folder

  Staff user group deleted from Admin User home folder.  User groups listed are the user as read/write, admin as read and everyone as read.  If you create a new Admin user the group "staff" is listed instead of "admin"????  How do i get it back to how it was?  It also seems to be effecting stored passwords in my keychain and other apps.

  Hi, i think it depends who are you serving for, if you are just serving for a small office or home server or a big organization. The following quick thinking just came to me:
  I think cups set automatically a system  user of its own, and runs as it, so no trouble there. Cups also has the option to set users and it uses the system users as default, i think it depends in in how many printers/users your have in your server.Users that can manage cups are in the lp group. 
  For nfs every user should have their home, samba is also a good option if you have  windows computer in your network and it integrates better with graphical file  managers like nautilus in the clients side, but it is a hassle to configure.
  You should run the web server (owncloud ) as it own user, maybe you can manage to set something up for owncloud in the filesystem, but owncloud uses a database, and the users for owncloud are stored in there, and they are not system users.
  You can configure ssh for local use only enabling the corresponding subnets in your /etc/sshd.conf and optionally but recommended you can set a firewall and permissions. You can use iptables but i prefer ufw for simple setup.
  I think you should read the wiki:
  https://wiki.archlinux.org/index.php/users_and_groups
  and the other respective topics in the wiki.
  Also as an advice i know that arch linux is a great distribution, but you have to do more work to mantain a stable server. I would recommend debian or another more conservative distro, but of course it is your choice.
  Last edited by hydrosIII (2014-11-06 06:26:45)

• Is there a way to pull  User, Group , Other permissions of a file

  I wanted to know whether Java provides any API to pull up each and every permission associated with a file.
  For example: In Unix, a file has 3 sets of permissions as shown below:
  <UserPermissions><GroupPermissions><Others'Permissions>
  Example: -rwxrwxrwx
  r - for read
  w - for write
  x - for execute
  There are some methods provided in java.io.File, such as canRead() and canWrite(), which help in telling whether a file is readable or writable. But I did not find any API which tells whether a perticular user has read/write/execute permission or not. Also, I presume the canRead(),canWrite() methods pull up the permissions pertaining to the owner of the file, but not for the group and others part of a Unix File's permissions.
  Is there a way to pull up the read/write/executable permissions for all the 3 catergories namely, UserPermissions, GroupPermissions and Others'Permissions.
  I appreciate your note on this and appreciate your time too.

  In the java.io.File class, there's methods canRead() and canWrite().
  They will test the read/write permissions of the Unix user you are running your Java program with.
  They will not return a list of user names, user groups etc though.
  You'd have to get the permissions through some platform specific method, eg. via JNI.
  regards,
  Owen

• I have a Win7Pro SP1 PC locked down with a Group Policy as it is a public facing PC. PDF fillable forms cannot be completed when logged on as the restricted user. The forms work as a normal user. What are the user requirements/permissions needed to fill f

  I have a Win7Pro SP1 PC locked down with a Group Policy as it is a public facing PC. PDF fillable forms cannot be completed when logged on as the restricted user. The forms work as a normal user. What are the user requirements/permissions needed to fill forms?

  Well, try this (I was able to fix my with these steps):
  Go Utilities > Disk Utility
  Select your Startup Disk, e.g. Macintosh HD
  Then, under the First Aid Tab, click Verify Disk Permissions.
  If there are errors, then click repair Disk Permissions.
  After it is done, restart the computer and see if your problem is resolved.
  I hope this help.
  Zeke
  www.ZekeYuen.com/blog/

• Delegated Admin and non-flat user/group structures

  Hello, I am trying to build a directory structure with several containers under an organization used to store different portions of userdata and group data (i.e. not only ou=people and ou=group, but also a few ou's like them). Server software is from OUCS 7u2 release. Users in "other" containers are populated into LDAP (ODSEE 11) by replication, filling in all the same attributes as a freshly DA-created account has.
  The Delegated Admin interface and other parts of the software accept this and work okay with this setup, displaying user information, allowing logins and so on - except for attempts to edit user accounts in the alternate containers in the DA (i.e. add/remove service packages, change quotas, etc.). First I've verified that this is not an LDAP problem - I can use both command-line ldapmodify and an LDAPBrowser GUI to edit the entries with no hiccups.
  I tracked that when trying to save account information for accounts in non-standard containers, the DA still tries to use a hard-coded path (i.e. uid=USERNAME,ou=people,o=DOMAINNAME,dc=DOMAIN,dc=NAME) despite the fact that the user account is (and DA displayed it from) uid=USERNAME,ou=morePeople,o=DOMAINNAME,dc=DOMAIN,dc=NAME.
  Possibly, this "hardcoding" stems from DA configuration in WEB-INF/classes/sun/comm/cli/server/servlet/serverconfig.properties which does list components of the LDAP structure:
  # Ldap configuration.
  # List of ldap hosts. Form is <ldaphost>:<portnumber>. (Default port = 389)
  # add additional hosts with ldaphost-<consecutive number>
  # Schema type is either "1" or "2".
  # Reconnect interval is in seconds
  # Group and people container is dn from organization dn (e.g ou=people)
  ldaphost-1=oucsldap01:389
  ldaphost-2=oucsldap02:389
  ldaphost-suffix=dc=DOMAIN,dc=NAME
  ldaphost-dcsuffix=dc=DOMAIN,dc=NAME
  ldaphost-maxcount=50
  ldaphost-schematype=2
  ldaphost-reconnectinterval=60
  ldaphost-peoplecontainer=ou=People
  ldaphost-groupcontainer=ou=Groups
  ldaphost-orgadminrole=cn=Organization Admin Role
  While the organization root dn is not explicit here (and shouldn't be), the default people container is... I might guess a coding error logic like this: indeed, the "ou=People" container should be used by default when creating a user via DA; as a likely error, it might also be used when editing existing users - instead of their existing full DN/parent DN.
  Questions:
  1) Does anyone have a working configuration with several user/group containers within an organization like this? Would you care to share details and workarounds, if were needed?
  2) I think that possibly the "shared domain/organization hosting" mode might help here - at least it is expected to have several LDAP trees with their delegated administrators performing as a single e-mail domain. Before I go and reconfigure everything, I'd love to hear if there are any success stories with this route? Is it a proper solution (or THE solution) for such config?
  Thanks,
  //Jim Klimov

  I wanted to follow up that reconfiguring the directory structure according to shared domain hosting, with branches for ISW-synchronized accounts as one of the sub-organizations which share the domain, and manually created OUCS-only accounts being in another sub-organization. This works for both messaging components and the DA, as long as UIDs are in ou=People in their organization. Somewhat unfortunately, ISW config seems to allow only one DSEE target branch and puts groups (CN) there as well. Well, for our needs to edit user attributes and service packages via DA, this suffices. Sometimes there are hiccups (Can not save changes), but they are intermittent and harder to trace debug; usually go away with restart of the DA web container. The DSEE LDAP instances are configured with plugins to enforce uid uniqueness across the organization and uniqueness of values of messaging email address attributes (mail, mailAlternateAddress, mailEqiuvalentAddress) to avoid mixups between user accounts in different branches.
  Also, we had a problem with Calendar server after migrating the LDAP entries: since our deployment used the nsUniqueID for calendar user identification, relocation of entries (the way we did it) generated new values for new entries and users got new empty caledar databases. On this POC this was not a major problem, and newer OUCS releases with a davUniqueID attribute should specifically be immune to this problem. However, for others trodding this path I can suggest that they export the LDAP database into LDIF including the unique IDs, recreate the suffixes as needed (the ISW target organization in DSEE should be a separate LDAP database suffix), change the LDIF entry pathnames, and import the LDIF anew. This would wipe old LDAP data and should add old nsUniqueIDs to relocated entries (unlike recreation via ldapadd or relocation via ldapmodrdn).
  We have also hit a problem with DA refusing to render the list of accounts (returning 0 or 25 empty entries in a table). The LDAP logs showed that on the LDAP side all is ok, and expected amount of replies was located. Pattern searches often produced the proper table with a subset of users in DA. Ultimately, we linked the problem to ISW binary base64-encoded attributes (dspswuserlink et al; some of those values also garbaged output of commadmin queries in a terminal) and created an LDAP ACI which forbade our DA-admin user to read,search,compare these attributes. This solved the problem for us. I wonder if a more generic solution is possible, so as to apply this ACI not to an explicitly named admin user but to any users with DA admin privileges (by group or role? which string, to cover them all in advance)? Or, perhaps, nobody except the ISW user account should see these ISW attributes?
  Hope this report helps others who would try to pioneer this path of messaging integration
  //Jim Klimov

• Accidentally removed from,sharing and permissions the admin user,and now i do not when i find the home icon at my computer i do not have permmission,and the mac does not works properly,lots of question mark at the dock ,please help

  accidentally removed from,sharing and permissions the admin user,and now i do not when i find the home icon at my computer i do not have permmission,and the mac does not works properly,lots of question mark at the dock ,please help

  I'm going to assume that since you deleted your hard drive and all its files, you had a backup, yes? If the backup has an OS (bootable clone), then you can boot into it by holding down the option key when you start up you iMac and choose the backup drive. Then use Carbon Copy Cloner or Super Duper to copy the files back to your iMac.

• Read user groups from realm. Admin rights to each user ??

  Greetings to ALL,
  I am reading users, groups from realm. If I give the user admin priviliges I am
  able to get the information else I get the error weblogic.management.NoAccessRuntimeException:
  Access not allowed for subject: principals=[ruser1, B10AP01, B10MP01, B10MP03A,
  B10MP03], on ResourceType: Security:Name=myrealmDefaultAuthenticator Action: execute,
  Target: listGroups
  Is there more effective way to read the information.
  I can execute the program standalone ( from DOS PROMPT) and read all information
  if I do the following
  adminHome = (MBeanHome) Helper.getAdminMBeanHome (username,password,url);
  But when calling from the application I get the above error.
  Any code, suggestion will be very helpful.
  Fred

  "Fred Boon" <[email protected]> wrote in message
  news:3fa7cb98$[email protected]..
  >
  Greetings to ALL,
  I am reading users, groups from realm. If I give the user admin priviligesI am
  able to get the information else I get the errorweblogic.management.NoAccessRuntimeException:
  Access not allowed for subject: principals=[ruser1, B10AP01, B10MP01,
  B10MP03A,> B10MP03, on ResourceType: Security:Name=myrealmDefaultAuthenticatorAction: execute,
  Target: listGroups
  Is there more effective way to read the information.
  Commo mbeans require admin role in order to be able to invoke methods.
  I can execute the program standalone ( from DOS PROMPT) and read allinformation
  if I do the following
  adminHome = (MBeanHome) Helper.getAdminMBeanHome (username,password,url);
  But when calling from the application I get the above error.
  Try doing a runAs with a subject that has admin role.

• Admin user removed from Permissions

  After upgrading my wiki server to 10.6.4 I found the admin user was no longer part of the Administrative permissions for each users wiki. I check their metadata.plist file and sure enough the admin user ( and other users ) was missing from the admin access. After adding the admin back in and restarting the web service everything worked for that one wiki but I have over 1100 wikis. Anyone else run into this issue?

  Hi,
  To block IE from connecting to internet, you can create a deny outbound rule in Windows Firewall.
  Locate to Advanced settings in Windows Firewall.
  From the left pane, click Outbound Rules.
  Click Action, select New Rule option, and then perform step by step.
  Also you can set up a dummy proxy server.
  Go to Tools> Internet Options>
  Connections> LAN Settings.
  Uncheck “Automatically detect settings” and select the option to use a proxy server. 
  Set the address to a dummy IP (127.0.0.1) followed by port 80.
  Thanks!
  Andy Altmann
  TechNet Community Support