Nexus_5000 policing

Could anyone help???
Is it possible to policing on the Nexus 5k - reading through the documents it seems it has been replaced with network-qos. But the regular command do not work. Such as;
ip access-list policing
permit ip any 172.20.0.0 0.0.255.255
class-map match-any limit_to_100Mb
match access-group 10
policy-map police_to_100Mb
class limit_to_100Mb
police 100000000 1000000 512000 conform-action transmit exceed-action drop
int vlan 101
service policy in police_to_100Mb
On the NEXUS 5k it doesn't even get that far..... could anybody
INTLMESW01(config)# ip access-list policing
INTLMESW01(config-acl)# perm ip any 172.20.0.0 0.0.255.255
INTLMESW01(config-acl)#
INTLMESW01(config-acl)# class-map match-any limit_to_100Mb
INTLMESW01(config-cmap-qos)# match access-group name policing
INTLMESW01(config-cmap-qos)# exit
INTLMESW01(config)# policy-map police_to_100Mb
INTLMESW01(config-pmap-qos)# class limit_to_100Mb
INTLMESW01(config-pmap-c-qos)# ?
no     Negate a command or set its defaults
set    Set attribute
end    Go to exec mode
exit   Exit from command interpreter
pop    Pop mode from stack or restore from name
push   Push current mode to stack or save it under name
where Shows the cli context you are in
INTLMESW01(config-pmap-c-qos)#
Software
BIOS:      version 3.5.0
loader:    version N/A
kickstart: version 5.0(3)N2(1)
system:    version 5.0(3)N2(1)
power-seq: Module 1: version v1.0
             Module 3: version v5.0
uC:        version v1.2.0.1
SFP uC:    Module 1: v1.0.0.0

Hi Adrian,
I am CCIP certified and also given CCIE RNS theory exam, I would like to know if i am eligible for below exams
642-973 Data Center Network Infrastructure Support -1
642-974 Data Center Network Infrastructure Support -2

Similar Messages

I am trying to download iTunes on my new desktop computer (Windows 7, 64 bit). It starts installing, and then stops with the message- "The System Administrator has set policies to prevent this installation." I am the sole user- please help.

I am trying to download iTunes on my new desktop computer (Windows 7, 64 bit). It starts installing, and then stops with the message- "The System Administrator has set policies to prevent this installation." This is a stand alone computer and I am the sole user.   Please help.

This is a Microsoft Windows Issue.
From a MS Support Engineer:
"Hi,
·        Is the computer on a domain?
·        Is the issue isolated to only this software or you get the same error message with other software’s as well?
Try the steps below and check if it helps.
Step 1:
Run the software setup file as an administrator and check if it helps.
a. Right click on the setup file of the software that you are trying to install.
b. Select “Run as administrator”.
Step 2:
Temporarily disable the antivirus software running on the computer and check if you are able to install the software.
Disable antivirus software
Warning:
Antivirus software can help protect your computer against viruses and other security threats. In most cases, you shouldn't disable your antivirus software. If you have to temporarily disable it to install other software, you should re-enable it as soon as you're done. If you're connected to the Internet or a network while your antivirus software is disabled, your computer is vulnerable to attacks.
Step 3:
a. Click Start, type "Local Security Policy" (without quotes) and press enter.
b. Click on Software Restriction Policies.
c. In the right pane, double click on the "enforcement".
d. Select “All users except local administrators”.
e. Click Ok and restart the computer and check if the issue is fixed."

SCCM Policies and SCEP Deployment Issues

I'm having several issues with SCCM 2012 R2.
I have inherited an existing SCCM 2012 R2 installation. The company does not want me to rebuild it from the ground using best practices, so I'm doing what I can with it.
Issue #1: SCEP does not auto deploy to new systems;
Issue #2: Client policies do not update;
Issue #3: Anti-malware policies do not update.
Starting out, I guess I need to look at issue #2 before I look at the others.
The client is auto-deploying as far as I can tell. I do not have any GPO’s that push the software to the clients, so it appears that the system wide deployment of the client is working correctly.
As for the policies not being updated, I have created a new policy that is assigned to newly defined device collections.
I have check the membership of the collections and it is populating/selecting the assets correctly.
I have picked a handful of computers out of the collection to use for information gathering.
Looking at the log files, it shows that it is applying policies, but it does not identify which policy from the SCCM server.
With the new policies that I’ve created, I’ve enabled ‘Endpoint Proection’, ‘Hardware Inventory’, ‘Power Management’, ‘Remote Tools’, ‘Software Deployment’, ‘Software Metering’, and ‘User and Device Affinity’.
After 13 days, the options within the policy have not taken effect as I have check the clients and the settings from the ‘Remote Tools’ and ‘Power Management’ haven’t been applied. I waited this long since several of the settings were set at 7 days before
re-evaluation.
I’m not sure where to go next on this issue.
On the issue #1 & 3, the computers that did get the initial config push and SCEP install, before I came on, are operating and reporting back to the SCCM manager that they are in a managed state, which is fine, but they are not applying any newly defined
policies. Checking the logs on the clients show that they are applying the Default Client Settings and not any of the other policies that are set to deploy to All systems or any other collection I’ve defined.
Also checking the anti-malware policy logs on the clients, they are also still applying the Default Client Antimalware Policy, not any of the custom policies, just like the SCCM client issue. In the EndpointProtectionAgent.log, i have several lines
showing "Deployment WMI is NOT ready." The same is in several of the other log files, so I've check that all the WMI services are running and I have tested management with the PoshCat utility and all of the commands are working in there and
the output reports all seem to be reporting correctly.
Any pointers or starting points would be greatly appreciated.

For the 'Client Settings', I have 4 listed. Default Client Settings, EP Settings (existing that I have set to deploy to a group that only has 1 computer left in it), Server Policy, and Workstation Policy (applies to all clients that have 'workstation'
in the version name).
For SCEP, just 2. Default Client and Custom SCEP.
The inventory and software distribution... let's look at the inventory function. I have nothing showing in '\Assets and compliance\Overview\Asset Intelligence\Inventoried Software'.
As for software distribution, I am not sure how to check that -- I haven't set up any deployed software packages yet... but the SCEP and Windows Updates are the only things showing up. SCEP is not deploying to any new workstations, but it appears all
the Windows Updates are deploying correctly to all the workstations.
I just checked the SrcUpdateMgr.log on a client and I've found several lines of 'Instance of CCM_SourceUpdateClientConfig doesn't exist in WMI'
Checking the SoftwareCatalogUpdateEndpoint.log file, I have several lines that just repeat...
Software catalog update endpoint is starting
Logo event received
Logon user SID: [...]
Retrieving URL for software Catalog
Software Catalog update endpoint is loading
Received notification for client agent setting or portal information change
Retrieving URL for Softwware Catalog
Making call to determin whether catalog Url should be added to the trusted sites zone
Updating the registry for Software Catalog for user '[...]'
Notification system applicaton: C:\Windows\CCM\UpdateTrustedSites.exe
Started UpdateTrustedSites process
Making call to determine whether keys to enable Silverlight elevated trust should be added
Enable elevated trust is set to false. Setting the keys to 0
CSoftwareCatalogUpdateHandler::UpdateSilverlightRegistry: Successfully set elevated trust on this client for Silverlight
CSoftwareCatalogUpdateHandler::UpdateSilverlightRegistry: Successfully set elevated trust on this client for Silverlight
CSoftwareCatalogUpdateHandler::UpdateSilverlightRegistry: Successfully set elevated trust on this client for Silverlight
Received notification for client agent setting or portal information change
and it does show the Silverlight lines 3 times each time in the repeats. The repeat time stamp looks like it happens alternating 20 minutes, then 2 hours, then 20 minutes, then 2 hours, etc.
KW

Exchange/Return policies

What are Apple's exchange or return policies? I can't seem to find it anywhere in the support pages.

if you bought it directly from apple then...http://storeimages.apple.com/1704/store.apple.com/Catalog/US/Images/salespolicie s.html#topic-21
anywhere else, check the stores policy.

Issue with multiple crypto isakmp policies

Hey folks,
I'm having an issue setting up multiple crypto isakmp policies on my 1921 router. Whenever I have only one crypto isakmp policy set up like so:
crypto isakmp policy 1
encr aes 256
group 5
It works perfectly fine with my certificate tunnel group in my ASA. When I debug crypto ipsec & debug crypto isakmp and watch the connection, I see this:
ISAKMP transform 1 against priority 1 policy
*Oct 7 20:04:09.263: ISAKMP:      encryption AES-CBC
*Oct 7 20:04:09.263: ISAKMP:      keylength of 256
*Oct 7 20:04:09.263: ISAKMP:      hash SHA
*Oct 7 20:04:09.263: ISAKMP:      default group 5
*Oct 7 20:04:09.263: ISAKMP:      auth RSA sig
*Oct 7 20:04:09.263: ISAKMP:      life type in seconds
*Oct 7 20:04:09.263: ISAKMP:      life duration (VPI) of 0x0 0x1 0x51 0x80
*Oct 7 20:04:09.263: ISAKMP:(0):atts are acceptable. Next payload is 0
This is showing me that the handshake is verifying the policy with the "auth RSA sig" type, which is what I expected and is what I want.
Here is where my issue actually comes up. When I add another crypto isakmp policy (2) the "authorization pre-share" over rides the "authorization rsa-sig" of policy 1. Here is what I have set up:
crypto isakmp policy 1
encr aes 256
group 5
crypto isakmp policy 2
encr aes 256
authorization pre-share
group 5
This is showing me that crypto isakmp policy 1 is set with the default authorization type of rsa-sig (in fact if I manually enter that command under the policy 1 configuration mode and it doesn't print in the show run output), and the crypto isakmp policy 2 is set to authorization pre-share.
When I debug crypto ipsec & debug crypto isakmp with this configuration, this is what I'm getting:
56:46.259: ISAKMP:(0): PKI->IKE Got configured TrustPoints state (I) MM_NO_STATE (peer 199.46.128.5)
*Oct 7 19:56:46.263: ISAKMP:(0):Checking ISAKMP transform 2 against priority 1 policy
*Oct 7 19:56:46.263: ISAKMP:      encryption AES-CBC
*Oct 7 19:56:46.263: ISAKMP:      keylength of 256
*Oct 7 19:56:46.263: ISAKMP:      hash SHA
*Oct 7 19:56:46.263: ISAKMP:      default group 5
*Oct 7 19:56:46.263: ISAKMP:      auth pre-share
*Oct 7 19:56:46.263: ISAKMP:      life type in seconds
*Oct 7
19:56:46.263: ISAKMP:      life duration (VPI) of 0x0 0x1 0x51 0x80
*Oct 7 19:56:46.263: ISAKMP:(0):Authentication method offered does not match policy!
*Oct 7 19:56:46.263: ISAKMP:(0):atts are not acceptable. Next payload is 0
*Oct 7 19:56:46.263: ISAKMP:(0):Checking ISAKMP transform 2 against priority 2 policy
*Oct 7 19:56:46.263: ISAKMP:      encryption AES-CBC
*Oct 7 19:56:46.263: ISAKMP:      keylength of 256
*Oct 7 19:56:46.263: ISAKMP:      hash SHA
*Oct 7 19:56:46.263: ISAKMP:
default group 5
*Oct 7 19:56:46.263: ISAKMP:      auth pre-share
*Oct 7 19:56:46.263: ISAKMP:      life type in seconds
*Oct 7 19:56:46.263: ISAKMP:      life duration (VPI) of 0x0 0x1 0x51 0x80
It looks like the first policy is being verified against "auth pre-share" and fails because "Authentication method offered does not match policy!". My question is, does anyone know how to correct this so that the first policy is set to authenticate via rsa-sig and the second policy is authenticated via pre-shared keys? Is there a bug that will not differentiate the authorization types between the two policies?
Just an FYI, here is the version information of the router:
Cisco IOS Software, C1900 Software (C1900-UNIVERSALK9-M), Version 15.2(4)M3, RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2013 by Cisco Systems, Inc.
Compiled Tue 26-Feb-13 02:11 by prod_rel_team
ROM: System Bootstrap, Version 15.0(1r)M16, RELEASE SOFTWARE (fc1)
System returned to ROM by power-on
System image file is "usbflash0:c1900-universalk9-mz.SPA.152-4.M3.bin"
Last reload type: Normal Reload
Last reload reason: power-on
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
[email protected].
Cisco CISCO1921/K9 (revision 1.0) with 491520K/32768K bytes of memory.
Processor board ID FTX171385L4
2 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
255K bytes of non-volatile configuration memory.
249840K bytes of USB Flash usbflash0 (Read/Write)
License Info:
License UDI:
Device#   PID                   SN
*0        CISCO1921/K9
Technology Package License Information for Module:'c1900'
Technology    Technology-package           Technology-package
              Current       Type           Next reboot
ipbase        ipbasek9      Permanent      ipbasek9
security      securityk9    Permanent      securityk9
data          None          None           None
Configuration register is 0x2102

Thanks for the input Walter. That isn't it though. I have plenty of sites with crypto map <name> 1 which map to crypto isakmp policy 2 settings. The debug is showing that the behavior is to try to authenticate through policy 1 first, and then progress to any other policies until there is a match. Since there is a match with policy 2 settings, the tunnel comes up.
My real question is, why would it change from "auth RSA sig" in the first debug out put to the "auth pre-share" in the second debug output. Judging by the config on the router, it appears to me that the line for "authorization pre-share" under policy 2 SHOULD only apply to policy 2 and SHOULD NOT override the "authorization rsa-sig" of policy 1.
Again, when I debug crypto ipsec & debug crypto isakmp, it shows clearly that the first policy is being verified, however the "auth" is now "pre-share" and no longer "RSA sig":
56:46.259: ISAKMP:(0): PKI->IKE Got configured TrustPoints state (I) MM_NO_STATE (peer 199.46.128.5)
*Oct 7 19:56:46.263: ISAKMP:(0):Checking ISAKMP transform 2 against priority 1 policy
*Oct 7 19:56:46.263: ISAKMP:      encryption AES-CBC
*Oct 7 19:56:46.263: ISAKMP:      keylength of 256
*Oct 7 19:56:46.263: ISAKMP:      hash SHA
*Oct 7 19:56:46.263: ISAKMP:      default group 5
*Oct 7 19:56:46.263: ISAKMP:      auth pre-share     <---This should read "auth RSA sig"
*Oct 7 19:56:46.263: ISAKMP:      life type in seconds
*Oct 7
19:56:46.263: ISAKMP:      life duration (VPI) of 0x0 0x1 0x51 0x80
*Oct 7 19:56:46.263: ISAKMP:(0):Authentication method offered does not match policy!
*Oct 7 19:56:46.263: ISAKMP:(0):atts are not acceptable. Next payload is 0
*Oct 7 19:56:46.263: ISAKMP:(0):Checking ISAKMP transform 2 against priority 2 policy
*Oct 7 19:56:46.263: ISAKMP:      encryption AES-CBC
*Oct 7 19:56:46.263: ISAKMP:      keylength of 256
*Oct 7 19:56:46.263: ISAKMP:      hash SHA
*Oct 7 19:56:46.263: ISAKMP:
default group 5
*Oct 7 19:56:46.263: ISAKMP:      auth pre-share
*Oct 7 19:56:46.263: ISAKMP:      life type in seconds
*Oct 7 19:56:46.263: ISAKMP:      life duration (VPI) of 0x0 0x1 0x51 0x80

Applocker policies are not refreshed when client is not connected to the domain

Hello all,
We have a customized solution where a domain gpo applies applocker rules to block almost all applications. We have a software to enable some features on the client computer's (Win8.1) local policy, whenever it is needed. The enabling process is executed
through powershell commandlets. So far there is no problem we can manage these points very well.
The problem is, when this software enables access to a software on the client, if the user disables the network connection, our software cannot switch the local applocker policy back to the blocked state. Actually the local policy will not be re-evaluated
by Applocker services on the client, so the application cannot be blocked again until client is connected back to the domain.
Is this the designed behaviour of Applocker? Do we always need to have a domain connection, even to apply the modified local security policies on the client?

http://technet.microsoft.com/zh-cn/library/ee449480(v=ws.10).aspx
We don't need to have a domain connection, even to apply the modified local security policies on the client.
Please check event view to se if ther is any erros in it.

New Dial plan & Voice policies not taking effect with Polycom CX 600 Desktop Phone in production deployment, Worked fine in Testing

Hi,
We are in the process of Migrating Cisco CUCM & Voice Gateway (From another vendor to Cisco).
The requirement is all internal calls between Cisco IP Phones & Lync to be flown through CUCM. Means internal extension to extension. Remaining all calls like Mobile, National, International, Toll Free, Emergency, Shared numbers calling to be routed
to Cisco Voice Gateway.
We created the test dial plan, Voice policies, Route and assigned it to couple of user from Lync (2 extensions) and from Cisco side we have taken 2 IP Phones which is pointed to new CUCM. We tested all below scenarios,everything was working fine.
Lync to Lync Call using internal Extension number – Routed through Cisco new CUCM
Lync to Cisco Call using internal Extension number – Routed through Cisco new CUCM
Cisco to Lync Call using internal Extension number – Routed through Cisco new CUCM
Lync to Hotline Numbers (66XX, 68XX Numbers) – Routed through Cisco Gateway
Lync to Shared Numbers starting with 600 (Verified the number 600535353) - Routed through Cisco Gateway
Lync to Emergency numbers & Toll Free Numbers (Not verified the emergency Number as we decided to do it at end) - Routed through Cisco Gateway
Lync to Landline Numbers – Any 7 digit numbers - Routed through Cisco Gateway
Lync to National Numbers – Starting with 3,4,6,7,8 followed by 7 digits - Routed through Cisco Gateway
Lync to Mobile Phones – Starting with 05 contains exactly 10 digits - Routed through Cisco Gateway
Lync to International Numbers – Starting 00 contains at least 11 digits - Routed through Cisco Gateway
All Incoming calls – From Landline, Mobiles, International Numbers - Routed through Cisco Gateway
Call Transfer – To another Lync Extension, Cisco Extension, Landline, Mobiles, International Number
Conference – with another Lync Extension, Cisco Extension, Landline, Mobiles, International Number
Call Forwarding – To another Number, Voice mail
Response Groups
Click to call – As if user try to place a call by directly click the number from Outlook, Websites will be in E.164 format
Dial in meeting – Conference calls are works fine
But when we roll out to the production we are facing issues listed below
1) The phones we used during testing are working which is using same dial plan, Voice policy, Route, PSTN Usage. But from production most of the phones are not working (using the same dial plan, voice policy, Route). Also Problem is only with external calls
as the internal calls are working fine between Cisco & Lync even in production (Routed through CUCM) NOTE: All incoming calls are working fine (From international, local, national, extension)
2) How long its going to take for Lync to push the new voice policies, Dial plans to the Phones?
3) Is there a way to forcefully update the policies, dial plans to the Phone?
4) Also the environment is using over 100 dial plans, so I just copied and pasted the Normalization rules that we tested and working fine. Most of the dial plans are assigned to individual users as every dial plan contains a normalization rule for
international calling with Unique Prefix (Example: User John international Normalization rules says #1234#00#CountrycodePhonenumber, means if John has to place the international call he need to dial #1234# followed by 00 and then country code, then actual
phone number). In this case how long its take for the users / phones to get updated with new dial plans?
6) Is it recommended to use multiple dial plans ? What are the best practices?
5) Also calls are working fine one & failing on subsequent tries. Means when I dial first 1 or 2 times. Call fails, but when I try 3rd time and subsequently it works. After some again there will be failure during 1 or 2 attempts. Why is it so?
6) After updating the dial policies, voice Route, Voice policies If i reboot all the phones from Switch, Will the changes take effect immediately?
7) Also when some one calling from mobile or external number to Lync extensions they cant here any Dial tones or caller tunes? Its working fine when they call Cisco Extensions. Also to Lync its working if we dial in E.164 Format, if we dial like 023XXXXX
format its not working. Any guess about this issue?
Waiting for some one to help,
Best regards
Krishna
Thanks & Regards Krishnakumar B

Hi,
1. As all incoming call worked normally, please double check outgoing ports for Lync FE Server and Mediation Server.
You can refer to the link of “Ports and protocols for internal servers in Lync Server 2013” below:
http://technet.microsoft.com/en-us/library/gg398833.aspx
2. When an administrator makes a change to Lync Server (for example, when an administrator creates a new voice policy or changes the Address Book server configuration settings) that change is recorded in the Central Management store.
In turn, the change must then be replicated to all the computers running Lync Server services or server roles.
So it may not replication completely immediately.
3. You can run the following cmdlet with Lync Server Management Shell on FE server to
forcibly replicate information to a computer: Invoke-CsManagementStoreReplication
4. As you used over 100 dial plans, it may be the issue of multiple dial plans. Would you please tell us why you created different dial plan for individual user with unique prefix?
5. Multiple dial plans and undue normalization rules may cause call fail. You can double check the normalization rule.
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support

ASA 5505 VPN Group Policies (RADIUS) and tunnel group

I have a single ASA firewall protecting a small private developing network, and I need it in order to access remotely to two distinct network spaces both of wich are VLAN tagged: 1 is LAN and 3 is management. Each net has its own IP address space and DNS server.
I'd like to set up Anyconnect to land on lan 1, and SSL VPN in order to see the IPMI and management websites sitting on VLAN 3. In order to make things "safer" I have found a free OTP solution, OpenOTP, and I decided to implement it on a virtual machine, setting up a radius bridge to allow user authentication for VPN. I can pass wichever attribute I'd like to using this radius bridge (for example "Class" or "Group-Policy" or whatever is included in the radius dictionaries).
Actually all I need is quite simple. I have to segregate my remote users in 2 groups, one for Anyconnect, and one for SSL based on the radius response from authentication. (I don't need authorization nor accounting) I'm no Cisco Pro, what I've learnt is based on direct "on the field" experience.
I'm using two radius users for testing right now, one is called "kaisaron78" associated to a group policy "RemoteAC" and a second one called "manintra" associated to a group policy called "SSLPolicy". "kaisaron78" after logging in should only see the Anyconnect "deployment portal", while "manintra" should see the webvpn portal populated with the links specified in the URL list "Management_List". However, no matter what I do, I only see the default "clean" webvpn page. This is an example of "sh vpn-sessiondb webvpn" for both users..
Session Type: WebVPN
Username     : kaisaron78             Index        : 1
Public IP    : 172.16.0.3
Protocol     : Clientless
License      : AnyConnect Premium
Encryption   : Clientless: (1)RC4     Hashing      : Clientless: (1)SHA1
Bytes Tx     : 518483                 Bytes Rx     : 37549
Group Policy : RemoteAC               Tunnel Group : DefaultWEBVPNGroup
Login Time   : 10:59:33 CEDT Mon Aug 18 2014
Duration     : 0h:00m:23s
Inactivity   : 0h:00m:00s
VLAN Mapping : N/A                    VLAN         : none
Audt Sess ID : c0a801fa0000100053f1c075
Security Grp : none
Asa5505# sh vpn-sessiondb webvpn
Session Type: WebVPN
Username     : manintra               Index        : 2
Public IP    : 172.16.0.3
Protocol     : Clientless
License      : AnyConnect Premium
Encryption   : Clientless: (1)RC4     Hashing      : Clientless: (1)SHA1
Bytes Tx     : 238914                 Bytes Rx     : 10736
Group Policy : SSLPolicy              Tunnel Group : DefaultWEBVPNGroup
Login Time   : 11:01:02 CEDT Mon Aug 18 2014
Duration     : 0h:00m:05s
Inactivity   : 0h:00m:00s
VLAN Mapping : N/A                    VLAN         : none
Audt Sess ID : c0a801fa0000200053f1c0ce
Security Grp : none
As you can see, it seems like the policies are assigned correctly by radius attribute Group-Policy. However, for example you'll notice no vlan mapping, even if I have declared them explicit in group policies themselves. This is the webvpn section of the CLI script I used to setup remote access.
! ADDRESS POOLS AND NAT
names
ip local pool AnyConnect_Pool 192.168.10.1-192.168.10.20 mask 255.255.255.0
object network NETWORK_OBJ_192.168.10.0_27
subnet 192.168.10.0 255.255.255.224
access-list Split_Tunnel_Anyconnect standard permit 192.168.1.0 255.255.255.0
nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.10.0_27 NETWORK_OBJ_192.168.10.0_27 no-proxy-arp route-lookup
! RADIUS SETUP
aaa-server OpenOTP protocol radius
aaa-server OpenOTP (inside) host 192.168.1.8
key ******
authentication-port 1812
accounting-port 1814
radius-common-pw ******
acl-netmask-convert auto-detect
webvpn
port 10443
enable outside
dtls port 10443
anyconnect image disk0:/anyconnect-win-3.1.05170-k9.pkg 1
anyconnect profiles AnyConnect_Profile_client_profile disk0:/AnyConnect_Profile_client_profile.xml
anyconnect enable
! LOCAL POLICIES
group-policy SSLPolicy internal
group-policy SSLPolicy attributes
vpn-tunnel-protocol ssl-clientless
vlan 3
dns-server value 10.5.1.5
default-domain value management.local
webvpn
url-list value Management_List
group-policy RemoteAC internal
group-policy RemoteAC attributes
vpn-tunnel-protocol ikev2 ssl-client
vlan 1
address-pools value AnyConnect_Pool
dns-server value 192.168.1.4
split-tunnel-policy tunnelspecified
split-tunnel-network-list value Split_Tunnel_Anyconnect
default-domain value home.local
webvpn
anyconnect profiles value AnyConnect_Profile_client_profile type user
group-policy SSLLockdown internal
group-policy SSLLockdown attributes
vpn-simultaneous-logins 0
! DEFAULT TUNNEL
tunnel-group DefaultRAGroup general-attributes
authentication-server-group OpenOTP
tunnel-group DefaultWEBVPNGroup general-attributes
authentication-server-group OpenOTP
tunnel-group VPN_Tunnel type remote-access
tunnel-group VPN_Tunnel general-attributes
authentication-server-group OpenOTP
default-group-policy SSLLockdown
!END
I had to set up DefaultWEBVPNGroup and RAGroup that way otherwise I couldn't authenticate using radius (login failed every time). Seems like in ASDM the VPN_Tunnel isn't assigned to AnyConnect nor to Clientless VPN client profiles. Do I have to disable both default tunnel groups and set VPN_Tunnel as default on both connections in ASDM ? I know I'm doing something wrong but I can't see where the problem is. I'm struggling since may the 2nd on this, and I really need to finish setting this up ASAP!!!!
Any help will be more than appreciated.
Cesare Giuliani

Ok, it makes sense.
Last question then I'll try and report any success / failure. In this Cisco webpage, http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/ref_extserver.html#wp1661512 there's a list of supported radius attributes. Actually I'm using number 25 Group-Policy, in order to get the correct group policy assigned to users. I see, in that list an attribute 146 Tunnel-Group-Name. Will it work out for the purpose you explained in the previous post ? I mean, if I set up two tunnel groups instead of 1, 1 for anyconnect with its own alias and its own url, and 1 for SSL VPN again with its own alias and url, do you think that using that attribute will place my users logging in into the correct tunnel group ?
Thank you again for your precious and kind help, and for your patience as well!
Cesare Giuliani

My iPhone was stolen and I have contacted the police who are using the meid number to locate. How does this work and what are my chances of getting the phone back?

My iPhone was stolen. I used Find My iPhone app to lock it and display a message. The phone has not connected to the internet to locate it. I contacted the police and they have taken my meid number. How does this work and what are my chances of getting the phone back? Are there other ways the theif can use it. I was told once they put in a new sim card and use it, whatever software the police have, it will show up.

Honestly? In the US (I can't speak to other countries, though I doubt it works much differently in a lot of the world) The police took your report and filed it either in their computers or, on paper. They will now not think of this again. The only time it will cross anyones mind is if, in the course of entering information into evidence about items recovered or seized at a crime scene, the serial number of an iPhone that was found/seized happens to match yours, in which case you will be contacted.
The police in the US can and will do nothing to 'blok' the phone and it's not worth their time to try and locate it unless you know for a fact that it was stolen by a big time drug lord, master criminal, or some other such prime target and they can get a court order to track the location of the phone in order to locate this individual for your own purposes. If they do that, they'll probably keep him under surveilance for a year or so before they act.
Basically, the police don't care about your phone. If they find it, they will give it back to you. They are not, however, going to go looking for it. They have better things to do.
I'm sorry, but that's the way it is.

Web-app scoped security policies not working in WL 8

Hi,
I can't get web-app scoped security policies working in WL 8.1
I have a simple web application. It defines a role(ROLE) and security
constraint (on *.jsp).
If I examine the web app in the administration console, I see that it
has created a role (scoped to /*) called "ROLE" just as you would
expect. It has also created a scoped policy (to *.jsp) with constraints
that the user be in the role ROLE. This is as expected, and it works.
However, if I proceed to create my own scoped policy (on *.html) with
constraints (on ALL methods) that the user be in role ROLE, then I get
no security at all. ie. I can go to server:port/foo.html and it will
work - it is not secured.
Any ideas?
On a completely unrelated issue, when I deploy an EAR (exploded) with a
WAR (exploded) and using the admin console expand the application
correpsonding to th EAR, right click on the WAR node, and try and define
a scoped role, then I get an error "There are no appropriate RoleEditor
providers configured". This sounds like a bug. Trying to define a
scoped policy works as expected.
TIA,
Jon

I can't get web-app scoped security policies working in WL 8.1Well, I can answer this one myself.
WebLogic 8 has a new optimisation (this wasn't present in 7 AFAIK),
available on the Security / Realm / myreal / General tab, which
determines whether or not weblogic considers authorisation of resources
protected by descriptors or not. (ie. it can force only
descriptor-protected authorisation, ignoring admin console policies).
It defaults to ignoring admin console policies, hence my problem.
Jon

Questions on MCX Policies for Laptop/Mobile Users:

Questions on MCX Policies for Laptop/Mobile Users:
I have several managed Macs running Leopard. Many of them are MacBook laptops. My main MCX policies involve mapping printers and mounting network volumes at login. These are simple computer and group policies to help make the users life a little easier when it comes to finding and using network resources such as file server volumes and network printers.
Since most of my users are laptops, they are expressing 2 major concerns involving their laptops when they are off the LAN (i.e.; on the road at a cafe, working at home, staying at a hotel or when they have no network at all)
1) When users are off our LAN, the Mac still tries to mount the network volumes in their OD/MCX login items when the user logs in (with cached mobile credentials). Can this be avoided? Windows PCs do not do this. If the PC laptop cant find an AD DC, they simply don't run the login scripts and thus dont try to mount/map network volumes. How can I make the Mac laptops only mount network volumes when they are on the LAN?
2) Most Mac users have a Cisco VPN client, and use it regularly to connect to the company's LAN from home, hotels etc. Of course when they log into the network via VPN, their network volumes are not mounted automatically. Is their a way to re-run the MCX managed login items script once they connect to the VPN and mount (i.e.; "map") their network drives? Sure, users can simple use the "Connect To Server" option in the FInder (or perhaps try and use the god-awful Leopard Finder side bar discovery browser thingy which I hate - never mind), but I need a consistent automated way to mount volumes quickly and easily for my mobile users. There must be a way to run (or re-run) the login items part of my MCX policies.

Ping!
I'm looking for this functionality too. Anyone have a solution to either of these? One that came to mind is to wrap the login items in a script which detects if the LAN is available.

I did a remote wipe after my ipad got robbed, I want it to be canceled because I want to LOCATE it. The wipe was an accident and the police can't help me. What do I do ?

Today I came back from a little out of town vacation for about 5 days. My iPad was robbed as was all my money a bunch of jewelry and much more. The police can't help me find the iPad, they said I have to go on iCloud.com and do everything from there. I went to the website and I accidently hit Remote Wipe, without warning the thing is now going to wipe my iPad 2 which I got about 2 months ago. If it gets wiped there's no way to trace it. What the f*ck do I do now? I am going to lose my new iPad because of an accidental click. I want to complain especially because of the fact that it doesn't warn you about anything that happens once you do the "Remote Wipe."

These links may be helpful.
How to Track and Report Stolen iPad
http://www.ipadastic.com/tutorials/how-to-track-and-report-stolen-ipad
Reporting a lost or stolen Apple product
http://support.apple.com/kb/ht2526
Report Stolen iPad Tips and iPad Theft Prevention
http://www.stolen-property.com/report-stolen-ipad.php
How to recover a lost or stolen iPad
http://ipadhelp.com/ipad-help/how-to-recover-a-lost-or-stolen-ipad/
How to Find a Stolen iPad
http://www.ehow.com/how_7586429_stolen-ipad.html
Apple Product Lost or Stolen
http://sites.google.com/site/appleclubfhs/support/advice-and-articles/lost-or-st olen
Oops! iForgot My New iPad On the Plane; Now What?
http://online.wsj.com/article/SB10001424052702303459004577362194012634000.html
If you don't know you lost/stolen iPad's serial number, use the instructions below.
How to Find Your iPad Serial Number
http://www.ipadastic.com/tutorials/how-to-find-your-ipad-serial-number
 Cheers, Tom

HT1391 Recently my iPod touch 4th gen. was stolen. I have had it for two years, so I don't have a warranty on it anymore. I reported it to the police, but what will apple do? This one kid reported to them that his was stolen and they gave him a new one.

Recently my iPod touch 4th gen. was stolen. I have had it for two years, so I don't have a warranty on it anymore. I reported it to the police, but what will apple do? This one kid reported to them that his was stolen and they gave him a new one. Will they do the same for me? Is there any other way I can get all my pictures from my iPod without iCloud set up? Would Apple be able to lock up my iPod so they cant use it at all? Please help me, thanks (:

ipod touch lover wrote:
Recently my iPod touch 4th gen. was stolen. I have had it for two years, so I don't have a warranty on it anymore. I reported it to the police, but what will apple do?
Nothing... why would they do anything?
Apple does not provide insurance and they are not law enforcement.

Error with group policies

Hello, im having an error when ever i try to do an gpupdate /force" through cmd
Error:
C:\Users\administrator>gpupdate /force
Updating Policy...
User policy could not be updated successfully. The following errors were encount
ered:
The processing of Group Policy failed. Windows attempted to read the file \\bank
a.com\SysVol\banka.com\Policies\{7E60CAFC-6077-4FBB-B30A-F5FEAF4A38F1}\gpt.ini f
rom a domain controller and was not successful. Group Policy settings may not be
applied until this event is resolved. This issue may be transient and could be
caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
Computer policy could not be updated successfully. The following errors were enc
ountered:
The processing of Group Policy failed. Windows attempted to read the file \\bank
a.com\SysVol\banka.com\Policies\{7E60CAFC-6077-4FBB-B30A-F5FEAF4A38F1}\gpt.ini f
rom a domain controller and was not successful. Group Policy settings may not be
applied until this event is resolved. This issue may be transient and could be
caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller
has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
rom the command line to access information about Group Policy results.
<html dir="ltr" xmlns:v="urn:schemas-microsoft-com:vml" gpmc_reportInitialized="false">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-16" />
<title>BANKA\administrator on BANKA\BA01S02</title>

<style type="text/css">
body { background-color:#FFFFFF; border:1px solid #666666; color:#000000; font-size:68%; font-family:MS Shell Dlg; margin:0,0,10px,0; word-break:normal; word-wrap:break-word; }
table { font-size:100%; table-layout:fixed; width:100%; }
td,th { overflow:visible; text-align:left; vertical-align:top; white-space:normal; }
.title { background:#FFFFFF; border:none; color:#333333; display:block; height:24px; margin:0px,0px,-1px,0px; padding-top:4px; ; table-layout:fixed; width:100%; z-index:5; }
.he0_expanded { background-color:#FEF7D6; border:1px solid #BBBBBB; color:#3333CC; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:0px; margin-right:0px; padding-left:8px; padding-right:5em; padding-top:4px; ; width:100%; }
.he1_expanded { background-color:#A0BACB; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:20px; margin-right:0px; padding-left:8px; padding-right:5em; padding-top:4px; ; width:100%; }
.he1h_expanded { background-color: #7197B3; border: 1px solid #BBBBBB; color: #000000; cursor: hand; display: block; font-family: MS Shell Dlg; font-size: 100%; font-weight: bold; height: 2.25em; margin-bottom: -1px; margin-left: 10px; margin-right: 0px; padding-left: 8px; padding-right: 5em; padding-top: 4px; ; width: 100%; }
.he1 { background-color:#A0BACB; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:20px; margin-right:0px; padding-left:8px; padding-right:5em; padding-top:4px; ; width:100%; }
.he2 { background-color:#C0D2DE; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:30px; margin-right:0px; padding-left:8px; padding-right:5em; padding-top:4px; ; width:100%; }
.he3 { background-color:#D9E3EA; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:40px; margin-right:0px; padding-left:11px; padding-right:5em; padding-top:4px; ; width:100%; }
.he4 { background-color:#E8E8E8; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:50px; margin-right:0px; padding-left:11px; padding-right:5em; padding-top:4px; ; width:100%; }
.he4h { background-color:#E8E8E8; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:55px; margin-right:0px; padding-left:11px; padding-right:5em; padding-top:4px; ; width:100%; }
.he4i { background-color:#F9F9F9; border:1px solid #BBBBBB; color:#000000; display:block; font-family:MS Shell Dlg; font-size:100%; margin-bottom:-1px; margin-left:55px; margin-right:0px; padding-bottom:5px; padding-left:21px; padding-top:4px; ; width:100%; }
.he5 { background-color:#E8E8E8; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; height:2.25em; margin-bottom:-1px; margin-left:60px; margin-right:0px; padding-left:11px; padding-right:5em; padding-top:4px; ; width:100%; }
.he5h { background-color:#E8E8E8; border:1px solid #BBBBBB; color:#000000; cursor:hand; display:block; font-family:MS Shell Dlg; font-size:100%; padding-left:11px; padding-right:5em; padding-top:4px; margin-bottom:-1px; margin-left:65px; margin-right:0px; ; width:100%; }
.he5i { background-color:#F9F9F9; border:1px solid #BBBBBB; color:#000000; display:block; font-family:MS Shell Dlg; font-size:100%; margin-bottom:-1px; margin-left:65px; margin-right:0px; padding-left:21px; padding-bottom:5px; padding-top: 4px; ; width:100%; }
DIV .expando { color:#000000; text-decoration:none; display:block; font-family:MS Shell Dlg; font-size:100%; font-weight:normal; ; right:10px; text-decoration:underline; z-index: 0; }
.he0 .expando { font-size:100%; }
.info, .info3, .info4, .disalign { line-height:1.6em; padding:0px,0px,0px,0px; margin:0px,0px,0px,0px; }
.disalign TD { padding-bottom:5px; padding-right:10px; }
.info TD { padding-right:10px; width:50%; }
.info3 TD { padding-right:10px; width:33%; }
.info4 TD, .info4 TH { padding-right:10px; width:25%; }
.info TH, .info3 TH, .info4 TH, .disalign TH { border-bottom:1px solid #CCCCCC; padding-right:10px; }
.subtable, .subtable3 { border:1px solid #CCCCCC; margin-left:0px; background:#FFFFFF; margin-bottom:10px; }
.subtable TD, .subtable3 TD { padding-left:10px; padding-right:5px; padding-top:3px; padding-bottom:3px; line-height:1.1em; width:10%; }
.subtable TH, .subtable3 TH { border-bottom:1px solid #CCCCCC; font-weight:normal; padding-left:10px; line-height:1.6em; }
.subtable .footnote { border-top:1px solid #CCCCCC; }
.subtable3 .footnote, .subtable .footnote { border-top:1px solid #CCCCCC; }
.subtable_frame { background:#D9E3EA; border:1px solid #CCCCCC; margin-bottom:10px; margin-left:15px; }
.subtable_frame TD { line-height:1.1em; padding-bottom:3px; padding-left:10px; padding-right:15px; padding-top:3px; }
.subtable_frame TH { border-bottom:1px solid #CCCCCC; font-weight:normal; padding-left:10px; line-height:1.6em; }
.subtableInnerHead { border-bottom:1px solid #CCCCCC; border-top:1px solid #CCCCCC; }
.explainlink { color:#000000; text-decoration:none; cursor:hand; }
.explainlink:hover { color:#0000FF; text-decoration:underline; }
.spacer { background:transparent; border:1px solid #BBBBBB; color:#FFFFFF; display:block; font-family:MS Shell Dlg; font-size:100%; height:10px; margin-bottom:-1px; margin-left:43px; margin-right:0px; padding-top: 4px; ; }
.filler { background:transparent; border:none; color:#FFFFFF; display:block; font:100% MS Shell Dlg; line-height:8px; margin-bottom:-1px; margin-left:53px; margin-right:0px; padding-top:4px; ; }
.container { display:block; ; }
.rsopheader { background-color:#A0BACB; border-bottom:1px solid black; color:#333333; font-family:MS Shell Dlg; font-size:130%; font-weight:bold; padding-bottom:5px; text-align:center; }
.rsopname { color:#333333; font-family:MS Shell Dlg; font-size:130%; font-weight:bold; padding-left:11px; }
.gponame{ color:#333333; font-family:MS Shell Dlg; font-size:130%; font-weight:bold; padding-left:11px; }
.gpotype{ color:#333333; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; padding-left:11px; }
#uri { color:#333333; font-family:MS Shell Dlg; font-size:100%; padding-left:11px; }
#dtstamp{ color:#333333; font-family:MS Shell Dlg; font-size:100%; padding-left:11px; text-align:left; width:30%; }
#objshowhide { color:#000000; cursor:hand; font-family:MS Shell Dlg; font-size:100%; font-weight:bold; margin-right:0px; padding-right:10px; text-align:right; text-decoration:underline; z-index:2; word-wrap:normal; }
#gposummary { display:block; }
#gpoinformation { display:block; }
@media print {
#objshowhide{ display:none; }
body { color:#000000; border:1px solid #000000; }
.title { color:#000000; border:1px solid #000000; }
.he0_expanded { color:#000000; border:1px solid #000000; }
.he1h_expanded { color:#000000; border:1px solid #000000; }
.he1_expanded { color:#000000; border:1px solid #000000; }
.he1 { color:#000000; border:1px solid #000000; }
.he2 { color:#000000; background:#EEEEEE; border:1px solid #000000; }
.he3 { color:#000000; border:1px solid #000000; }
.he4 { color:#000000; border:1px solid #000000; }
.he4h { color:#000000; border:1px solid #000000; }
.he4i { color:#000000; border:1px solid #000000; }
.he5 { color:#000000; border:1px solid #000000; }
.he5h { color:#000000; border:1px solid #000000; }
.he5i { color:#000000; border:1px solid #000000; }
v\:* {behavior:url(#default#VML);}
</style>

<script language="vbscript">

</script>

<script language="javascript">

</script>
</head>
<body>

<div style="display:none;">
<div id="explainText_windowTitle">Group Policy Management</div>
<div id="explainText_windowStyles">
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; }
.head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; }
.path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; }
.info { padding-left:10px;width:100%; }
table { font-size:100%; width:100%; border:1px solid #999999; }
th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; }
td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; }
.btn { width:100%; text-align:right; margin-top:16px; }
.hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; }
.bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; }
button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; }
@media print {
.bdy { display:block; overflow:visible; }
button { display:none; }
.head { color:#000000; background:#FFFFFF; border:1px solid #000000; }
</div>
<div id="explainText_settingPathLabel">Setting Path:</div>
<div id="explainText_explainTextLabel">Explanation</div>
<div id="explainText_printButton">
<button name="Print" onClick="window.print()" accesskey="P"><u>P</u>rint</button>
</div>
<div id="explainText_closeButton">
<button name="Close" onClick="window.close()" accesskey="C"><u>C</u>lose</button>
</div>
<div id="explainText_noExplainTextAvailable">No explanation is available for this setting.</div>
<div id="explainText_supportedLabel">Supported On:</div>
<div id="explainText_noSupportedTextAvailable">Not available</div>
</div><table class="title" cellpadding="0" cellspacing="0">
<tr><td colspan="2" class="rsopheader">Group Policy Results</td></tr>
<tr><td colspan="2" class="rsopname">BANKA\administrator on BANKA\BA01S02</td></tr>
<tr><td id="dtstamp">Data collected on: 4/7/2015 8:00:28 PM</td><td><div id="objshowhide" tabindex="0"></div></td></tr>
</table>
<div class="rsopsummary">
<div class="he0_expanded"><span class="sectionTitle" tabindex="0">Summary</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he1_expanded"><span class="sectionTitle" tabindex="0">Computer Configuration Summary</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he2"><span class="sectionTitle" tabindex="0">General</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info" cellpadding="0" cellspacing="0">
<tr><td>Computer name</td><td>BANKA\BA01S02</td></tr>
<tr><td>Domain</td><td>banka.com</td></tr>
<tr><td>Site</td><td>Default-First-Site-Name</td></tr>
<tr><td>Last time Group Policy was processed</td><td>4/7/2015 7:59:30 PM</td></tr>
</table>
</div></div>
<div class="he2"><span class="sectionTitle" tabindex="0">Group Policy Objects</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he3"><span class="sectionTitle" tabindex="0">Applied GPOs</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3" cellpadding="0" cellspacing="0">
<tr><th scope="col">Name</th><th scope="col">Link Location</th><th scope="col">Revision</th></tr>
<tr><td>Default Domain Policy</td><td>banka.com</td><td>AD (3), Sysvol (3)</td></tr>
</table>
</div></div><div class="he3"><span class="sectionTitle" tabindex="0">Denied GPOs</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3" cellpadding="0" cellspacing="0">
<tr><th scope="col">Name</th><th scope="col">Link Location</th><th scope="col">Reason Denied</th></tr>
<tr><td>Local Group Policy</td><td>Local</td><td>Empty</td></tr>
</table>
</div></div></div>
<div class="he2"><span class="sectionTitle" tabindex="0">Security Group Membership when Group Policy was applied</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i">BUILTIN\Administrators<br/>Everyone<br/>BUILTIN\Users<br/>NT AUTHORITY\NETWORK<br/>NT AUTHORITY\Authenticated Users<br/>NT AUTHORITY\This Organization<br/>BANKA\BA01S02$<br/>BANKA\Domain Computers<br/>Mandatory Label\System Mandatory Level</div></div>
<div class="he2"><span class="sectionTitle" tabindex="0">WMI Filters</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3" cellpadding="0" cellspacing="0">
<tr><th scope="col">Name</th><th scope="col">Value</th><th scope="col">Reference GPO(s)</th></tr>
<tr><td colspan="3">None</td></tr></table>
</div></div>
<div class="he2"><span class="sectionTitle" tabindex="0">Component Status <v:group class="vmlimage" style="width:15px;height:15px;vertical-align:middle" coordsize="100,100" alt="Error">
<v:oval class="vmlimage" style='width:100;height:100;z-index:0' fillcolor="red" strokecolor="red">
</v:oval>
<v:line class="vmlimage" style="z-index:1" from="25,25" to="75,75" strokecolor="white" strokeweight="3px">
</v:line>
<v:line class="vmlimage" style="z-index:2" from="75,25" to="25,75" strokecolor="white" strokeweight="3px">
</v:line>
</v:group></span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3" cellpadding="0" cellspacing="0">
<tr><th scope="col">Component Name</th><th scope="col">Status</th><th scope="col">Last Process Time</th></tr>
<tr><td>Group Policy Infrastructure</td><td>Failed</td><td>4/7/2015 7:59:31 PM</td></tr>
<tr><td colspan="3"><table class="subtable_frame" cellpadding="0" cellspacing="0">
<tr><td colspan="2">Group Policy Infrastructure failed due to the error listed below.<br/><br/>The system cannot find the path specified.
<br/><br/>Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available.<br/><br/>Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 4/7/2015 7:59:30 PM and 4/7/2015 7:59:31 PM.</td></tr></table></td></tr><tr><td>Registry</td><td>(N/A)</td><td>4/6/2015 1:06:17 PM</td></tr>
<tr><td>Security</td><td>(N/A)</td><td>4/6/2015 1:06:19 PM</td></tr>
</table>
</div></div>
</div>
<div class="filler"></div>
<div class="he1_expanded"><span class="sectionTitle" tabindex="0">User Configuration Summary</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he2"><span class="sectionTitle" tabindex="0">General</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info" cellpadding="0" cellspacing="0">
<tr><td>User name</td><td>BANKA\administrator</td></tr>
<tr><td>Domain</td><td>banka.com</td></tr>
<tr><td>Last time Group Policy was processed</td><td>4/7/2015 7:59:30 PM</td></tr>
</table>
</div></div>
<div class="he2"><span class="sectionTitle" tabindex="0">Group Policy Objects</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he3"><span class="sectionTitle" tabindex="0">Applied GPOs</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3" cellpadding="0" cellspacing="0">
<tr><th scope="col">Name</th><th scope="col">Link Location</th><th scope="col">Revision</th></tr>
<tr><td>Default Domain Policy</td><td>banka.com</td><td>AD (1), Sysvol (1)</td></tr>
</table>
</div></div><div class="he3"><span class="sectionTitle" tabindex="0">Denied GPOs</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3" cellpadding="0" cellspacing="0">
<tr><th scope="col">Name</th><th scope="col">Link Location</th><th scope="col">Reason Denied</th></tr>
<tr><td>Local Group Policy</td><td>Local</td><td>Empty</td></tr>
</table>
</div></div></div>
<div class="he2"><span class="sectionTitle" tabindex="0">Security Group Membership when Group Policy was applied</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i">BANKA\Domain Users<br/>Everyone<br/>BUILTIN\Users<br/>BUILTIN\Administrators<br/>NT AUTHORITY\INTERACTIVE<br/>CONSOLE LOGON<br/>NT AUTHORITY\Authenticated Users<br/>NT AUTHORITY\This Organization<br/>LOCAL<br/>BANKA\Domain Admins<br/>BANKA\Group Policy Creator Owners<br/>BANKA\Enterprise Admins<br/>BANKA\Schema Admins<br/>BANKA\Denied RODC Password Replication Group<br/>Mandatory Label\High Mandatory Level</div></div>
<div class="he2"><span class="sectionTitle" tabindex="0">WMI Filters</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3" cellpadding="0" cellspacing="0">
<tr><th scope="col">Name</th><th scope="col">Value</th><th scope="col">Reference GPO(s)</th></tr>
<tr><td colspan="3">None</td></tr></table>
</div></div>
<div class="he2"><span class="sectionTitle" tabindex="0">Component Status <v:group class="vmlimage" style="width:15px;height:15px;vertical-align:middle" coordsize="100,100" alt="Error">
<v:oval class="vmlimage" style='width:100;height:100;z-index:0' fillcolor="red" strokecolor="red">
</v:oval>
<v:line class="vmlimage" style="z-index:1" from="25,25" to="75,75" strokecolor="white" strokeweight="3px">
</v:line>
<v:line class="vmlimage" style="z-index:2" from="75,25" to="25,75" strokecolor="white" strokeweight="3px">
</v:line>
</v:group></span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3" cellpadding="0" cellspacing="0">
<tr><th scope="col">Component Name</th><th scope="col">Status</th><th scope="col">Last Process Time</th></tr>
<tr><td>Group Policy Infrastructure</td><td>Failed</td><td>4/7/2015 7:59:31 PM</td></tr>
<tr><td colspan="3"><table class="subtable_frame" cellpadding="0" cellspacing="0">
<tr><td colspan="2">Group Policy Infrastructure failed due to the error listed below.<br/><br/>The system cannot find the path specified.
<br/><br/>Note: Due to the GP Core failure, none of the other Group Policy components processed their policy. Consequently, status information for the other components is not available.<br/><br/>Additional information may have been logged. Review the Policy Events tab in the console or the application event log for events between 4/7/2015 7:59:30 PM and 4/7/2015 7:59:31 PM.</td></tr></table></td></tr></table>
</div></div>
</div></div>
<div class="filler"></div>
</div>
<div class="rsopsettings">
<div class="he0_expanded"><span class="sectionTitle" tabindex="0">Computer Configuration</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he1h_expanded"><span class="sectionTitle" tabindex="0">Policies</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he1_expanded"><span class="sectionTitle" tabindex="0">Windows Settings</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he2"><span class="sectionTitle" tabindex="0">Security Settings</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he3"><span class="sectionTitle" tabindex="0">Account Policies/Password Policy</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3" cellpadding="0" cellspacing="0">
<tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Winning GPO</th></tr>
<tr><td>Enforce password history</td><td>24 passwords remembered</td><td>Default Domain Policy</td></tr>
<tr><td>Maximum password age</td><td>42 days</td><td>Default Domain Policy</td></tr>
<tr><td>Minimum password age</td><td>1 days</td><td>Default Domain Policy</td></tr>
<tr><td>Minimum password length</td><td>7 characters</td><td>Default Domain Policy</td></tr>
<tr><td>Password must meet complexity requirements</td><td>Enabled</td><td>Default Domain Policy</td></tr>
<tr><td>Store passwords using reversible encryption</td><td>Disabled</td><td>Default Domain Policy</td></tr>
</table>
</div></div><div class="he3"><span class="sectionTitle" tabindex="0">Account Policies/Account Lockout Policy</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3" cellpadding="0" cellspacing="0">
<tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Winning GPO</th></tr>
<tr><td>Account lockout threshold</td><td>0 invalid logon attempts</td><td>Default Domain Policy</td></tr>
</table>
</div></div><div class="he3"><span class="sectionTitle" tabindex="0">Local Policies/Security Options</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4h"><span class="sectionTitle" tabindex="0">Network Security</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3" cellpadding="0" cellspacing="0">
<tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Winning GPO</th></tr>
<tr><td>Network security: Force logoff when logon hours expire</td><td>Disabled</td><td>Default Domain Policy</td></tr>
</table>
</div></div></div><div class="he3"><span class="sectionTitle" tabindex="0">Public Key Policies/Certificate Services Client - Auto-Enrollment Settings</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3" cellpadding="0" cellspacing="0">
<tr><th scope="col">Policy</th><th scope="col">Setting</th><th scope="col">Winning GPO</th></tr>
<tr><td>Automatic certificate management</td><td>Enabled</td><td>[Default setting]</td></tr>
<tr><td colspan="3"><table class="subtable3" cellpadding="0" cellspacing="0">
<tr><th scope="col">Option</th><th scope="col">Setting</th></tr>
<tr><td scope="row">Enroll new certificates, renew expired certificates, process pending certificate requests and remove revoked certificates</td><td>Disabled</td></tr>
<tr><td scope="row">Update and manage certificates that use certificate templates from Active Directory</td><td>Disabled</td></tr>
</table></td></tr></table>
</div></div><div class="he3"><span class="sectionTitle" tabindex="0">Public Key Policies/Encrypting File System</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4h"><span class="sectionTitle" tabindex="0">Certificates</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i"><table class="info3" cellpadding="0" cellspacing="0"><tr><th scope="col">Issued To</th><th scope="col">Issued By</th><th scope="col">Expiration Date</th><th scope="col">Intended Purposes</th><th scope="col">Winning GPO</th></tr>
<tr><td>Administrator</td><td>Administrator</td><td>3/24/2018 12:34:28 PM</td><td>File Recovery</td><td>Default Domain Policy</td></tr>
</table>
<br/>For additional information about individual settings, launch Group Policy Object Editor.</div></div></div><div class="he3"><span class="sectionTitle" tabindex="0">Public Key Policies/Trusted Root Certification Authorities</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4h"><span class="sectionTitle" tabindex="0">Properties</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i">
<table class="info" cellpadding="0" cellspacing="0">
<tr><td scope="row"><b>Winning GPO</b></td><td>[Default setting]</td></tr>
</table>
</div><div class="he4i">
<table class="subtable" cellpadding="0" cellspacing="0">
<tr><th scope="col">Policy</th><th scope="col">Setting</th></tr>
<tr><td>Allow users to select new root certification authorities (CAs) to trust</td><td>Enabled</td></tr>
<tr><td>Client computers can trust the following certificate stores</td><td>Third-Party Root Certification Authorities and Enterprise Root Certification Authorities</td></tr>
<tr><td>To perform certificate-based authentication of users and computers, CAs must meet the following criteria</td><td>Registered in Active Directory only</td></tr>
</table>
</div></div></div></div></div></div></div>
<div class="filler"></div>
<div class="he0_expanded"><span class="sectionTitle" tabindex="0">User Configuration</span><a class="expando" href="#"></a></div>
<div class="container"><div class="he4i">No settings defined.</div></div>
</div>
</body></html>

> The processing of Group Policy failed. Windows attempted to read the file \\bank
> a.com\SysVol\banka.com\Policies\{7E60CAFC-6077-4FBB-B30A-F5FEAF4A38F1}\gpt.ini f
> rom a domain controller and was not successful.
Repair Sysvol Replication - it is broken.
NTFRS:
https://support.microsoft.com/en-us/kb/315457
DFSR:
https://support.microsoft.com/en-us/kb/2218556
Greetings/Grüße,
Martin
Mal ein
gutes Buch über GPOs lesen?
Good or bad GPOs? - my blog…
And if IT bothers me -
coke bottle design refreshment (-:

How can I configure FireFox security setting globally for all users on a PC? Is there something I can do in group policies or throught the registry to insure all users have the same settings?

Our Bank's core processor has rewritten their product to run in a web browser. Their browser of choice is Firefox 3.6. The specifications from our core processor specify specific security and settings parameters that must be adhered to by all users for their product to run properly. Is there a way to globally configure these settings via the registry or group policies to insure everyone who logs in to a given workstation opens Firefox with the same settings? Thank you for any assistance you can provide - Steve Gish, First Bank Kansas.
== User Agent ==
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

You can try:
*http://kb.mozillazine.org/Locking_preferences

Nexus_5000 policing

Similar Messages

Maybe you are looking for