NOOB Question Network Security Groups

Similar Messages

• Network Security Groups REST API

  HI,
  according to this link:
  http://azure.microsoft.com/blog/2014/11/04/network-security-groups/
  Network Security groups is currently exposed only through power shell and REST API.
  I can't find any REST API documentations.
  any idea?

  Hi,
  You are correct. There is no offical article related to Network Security Group with REST API as Network Security Group is a new feature. I will report it to the related team and hope the related articles would be published quickly. In addition, you can also
  submit your requirement in Azure feedback:
  http://feedback.azure.com/forums/34192--general-feedback
  Apprecite your patience.
  Best regards,
  Susie
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Network Security Groups - Internet

  Hello,
  I am implementing NSGs in an Azure environment. When i apply a Deny Any Internet on the Domain controller Subnet (2 DC), i am not able to login with RD Web access anymore (DMZ has internet allowed). After the Deny Any Internet is an Allow Any Any applied.
  Internet-outbound Deny Internet
  AllowAny-outbound Any Any
  Can a domain controller still be a Azure DNS server with these rules up? Since the DC needs to contact the Azure DNS.

  Hi,
  It seems like this issue is more related to Microsoft Azure Virtual Networking, I will move this thread to Microsoft Azure Virtual Networking Forum for a better help.
  Thank you for your understanding.
  Best Regards,
  Jambor
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• Docs for NSG (Network Security Groups) Powershell cmds

  Is there a max length or other restrictions on the -Name used for New-AzureNetworkSecurityGroup?
  Or for the rules, via Set-AzureNetworkSecurityRule?

  Hi Darian,
  Currently I would suggest using < 50 chars, we are working on fixing the length problem.
  Also, please be advised the name:
  1. must start with a letter or underscore
  2. must not contain \, /, :, *, ?, ", <, >,|, `, ', ^, %, #
  3. must not end with whitespace or .
  Hope this helps.
  Regards,
  Malar.

• Help: network security question

  I just bought a PowerBook G4 running OSX 10.4.5 and was wondering about network security. What are some good anti-virus protection programs? I was searching the Apple store and found Net Barrier X4 and Virus Barrier X4 by INTEGO. What is the difference between the two? Are there other programs out there that are better? I will be the only person using this computer and it's for personal use, not business. Does anybody have any recommendations?
  powerbook G4   Mac OS X (10.4.5)  

  What you mention anti virus software programs. In your topic it reads "network security question"
  There is a difference between the two. Network security would be protecting a local LAN or WAN home network used for gaining access to the net. If this is what you want to do then you should have your network WEP or WPA password protected and enable OS X's personal Firewall by going to System Preferences->Sharing->Firewall->Start Firewall. Some good tips to remember are:
  * Never leave your network unlocked.
  *Keep your network password complex (12 digits and letters).
  *Don't hesitate to tell your ISP if someone is "using" your Network.
  *If you see any unknown files don't open them!
  Now if your were talking about a Software virus that affects your computer and causes it to malfunction/crash/break Then you don't have very many worries as there are no "Real" viruses for the Mac right now other then two worms, one which is spread via iChat and the other Bluetooth, both causing you to open them and give your Admin password to run them
  In other words moral of the story is don't open unknown files/programs and don't give your Mac your password unless you know what it's for and why it's asking.
  Net barrier acts as a firewall with more options all though I have found it to cause trouble with my network and have stopped using it.
  Virus Barrier, attempts to keep viruses from affecting your OS by scanning for them and warning you if it finds one and delete them. Once a again two different types of software.
  -Internet Wiz

• Create different network share shortcut in desktop for different security groups using GPO

  Hi,
   I have an OU named TECH that contains two different security groups ENG and PRESS.
  When users in ENG group logs in desktop should show a network share \\server1\eng-share and 
  when users in PRESS group logs in desktop should show a network share \\server1\press-share.
  How to create a GPO for this ?
  regards, Faisal

  You could use group policy preferences shortcuts. You would create a shortcut to each of these shares and then use Item Level Targeting. The target would point to the security group needed.
  If my answer helped you, check out my blog:
  DeployHappiness. Subscribe by
  RSS or
  email. 

• Using a security group to add members to the collection question

  Hi,
  I have a collection created in SCCM 2007 that is using a security group for membership. So I added a computer to the security group in AD but when I go to SCCM and click on the collection I dont see the computer in the collection. Should it show here or
  because it is a security group based membership will it not show the members?
  THanks!

  Details from Active directory are added to SCCM database through discovery methods. Please ensure that AD security group discovery and AD system discovery are enabled in the primary site. If they are enabled, check the frequency set for these discovery
  methods. Once you added these computers to the AD group, you need to wait till the next discovery cycle before it appears in SCCM collections. Till that point, SCCM database will not have information about the group memberships of these computers

• Virus Barrier X4 question and a Top 10 Network/Security question

  I am currently running Norton AV/Mac. It runs fine, no problems, no slow down, am happy! However, I know that there are some very experienced Mac users who are very down on Norton AV as far as causing problems/hogging resources/slowing things down...again, I don't have any problem, but I am still a newbie. I see however that one of the top 10 Network/Security downloads is Virus Barrier X4. If I want to run an AV program, could someone shed some light on wht this would be a better application? Also the number 1 download in this category is Mac Scan. I am confused, Forget virus's, I thought there was no Spyware/Malware? Why would so many people make this such a popular download..Curious! Thanks, Bill

  Bostonfan49,
  Spyware is a self-inflicted injury.
  To prevent drive-bys, remember to uncheck the Open "safe" files after downloading box in the Safari>Preferences>General tab and make sure that you're blocking pop-up windows.
  Configure your firewall correctly (turn off ALL unused services) and stealth it.
  Don't use P2P (Limewire and the like) or visit "dodgy" (unknown, copyright infringing, skanky, pr0n, etc.) Web sites.
  Never, ever install any program or give any installer your admin password unless you are certain that you know and trust the source.
  Create a separate administrator account for installing software and updates and make your normal user account an ordinary, nonadminstrative user.
  OS X is not immune to spyware: The spyware would still have to be coded to run in OS X. Requiring an administrator account and click-the-"Yes"-box user permission to install and run didn't prevent KaZaa (and its bundled nasties) from being downloaded and installed by millions, so this OS X "barrier" to malware is subject to the same vulnerability. That said, I'm not aware of much of anything in the way of spyware for Macs.
  -Wayne

• Security Group Creation in Specific OU and Create Network Share For the Security Group

  Hi,
  We would really want to create a PowerShell script that creates a specific Security Group within a selected Organisation Unit.
  Brief Scenario;
  We have created several Organisation Units. Each Organisation Unit contains another Organisation Unit called users. 
  +OU=Netherlands
  ++OU=Company A
  +++OU=users
  ++OU=Company B
  +++OU=users
  And so forth.
  If we run the PowerShell script it should create a list of all the Companies in container Netherlands. After the list is created it creates an output like 1. Company A; 2. Company B. (Forearch ..)
  The script asks for user input where to create the Security Group. If user selects option 2, a security group Called "Company B" is being created. All the users located in the Organisation Unit users within Company B are joined to that group. (Sets
  option 2 as a value like Security Group = "$Company B", create Security Group "Universal, Global (option), and get all users from container users and join them)
  Then without user interaction a share is being created. Granting Domain Administrators full access and the Security Group which has just been created.
  Is somebody able to help me with this kind of script?
  Thank you in advance,
  With kind regards,
  Danny Locorotondo

  Already gathered some information. Have this as a result. Now I need to figure out how to put the results into a list, so the user can select the group. As far as now I am stuck.
  Import-Module ActiveDirectory
  Function SelectCollectionRelease 
      [CmdletBinding()]
      Param
          [Parameter(Mandatory=$true,
                     Position=0,
                     HelpMessage='Enter the Release of the Collection. By example: Alfa,Beta or Charlie')]
          $CollectionRelease
      IF(!$CollectionRelease)
          write-host "`n You did not select a proper Collection Release" -foregroundcolor "red"
  SelectCollectionRelease 
      Elseif($CollectionRelease)
      [string] $OUPath = "OU=$CollectionRelease,OU=VDI,OU=carsystems,DC=carsysdev,DC=local"
  if (!([adsi]::Exists("LDAP://$OUPath"))) 
  write-host "`n Collection Release does not exists" -foregroundcolor "red"
  SelectCollectionRelease 
  else
  write-host "`n Collection Release exists." -foregroundcolor "green"
  write-host "`n Selected $OUPath ..." -foregroundcolor "yellow"
  Get-ADGroup -SearchBase "OU=$CollectionRelease,OU=VDI,OU=carsystems,DC=carsysdev,DC=local" -filter {GroupCategory -eq "Security"} | Format-List -Property Name
      Else
          //$SecurityGroup = Get-ADGroup -SearchBase "OU=$CollectionRelease,OU=VDI,OU=carsystems,DC=carsysdev,DC=local" -filter {GroupCategory -eq "Security"} -and (ObjectClass -eq "user")
  SelectCollectionRelease 

• AD security group issues in SharePoint 2013 Integrated Mode

  Hello,
  Sorry if this is the wrong forum, I'm not sure if this is a SharePoint issue or a Reporting Services configuration issue (or if it should be in a SharePoint forum regardless).
  I have SSRS2012 on SharePoint 2013 in integrated mode. We are doing item level permissions, which means we have an AD security group Reports-All with
  Read to the Reports document library, then each actual report has unique permissions. We have a report with the ProjectManagers AD
  security group on it with Read (plus some other stuff to let them manage subscriptions), and another AD security group ProjectUsers with
  just Read access so they can open the reports. The data source used by this report has the AD security group I mentioned before, Reports-All,
  with Read.
  At a SharePoint level, things appear to work. When a user in ProjectManagers or ProjectUsers browses
  to the library, they see only the 3 reports that those two security groups have permission to see (out of a lot more in the library). That means SharePoint is reading those security group memberships correctly as far as I can tell.
  The issue is when a user in ProjectManagers or ProjectUsers clicks
  on a report, they get a reporting server based error message, and the ULS logs have an error specific to the user trying to run the report.
  Microsoft.ReportingServices.Diagnostics.Utilities.AccessDeniedException: The permissions granted to user 'MyDomain\MyUser' are insufficient for performing this operation. (Fault Detail is equal to Microsoft.ReportingServices.ServiceContract.RsExceptionInfo)
  If I add that specific user with Read permissions to the report and the data source, they are then able to run the report without errors. It seems like some Report Server component is not liking the fact that I'm using security groups. 
  Has anyone seen this behavior with AD security groups? Any ideas on why my environment does not want to work properly with those even though AD security groups are working fine for other non-Reporting Services files?
  Thanks,
  Aaron

  Hi aaronzott,
  According to your description, you configured SSRS 2012 of SharePoint integrated mode. You added read permission to reports and data source to AD security group Reports-All, then added just read permission to ProjectManagers and ProjectUsers groups. When
  users in ProjectManagers or ProjectUsers groups click report, the error message occurred. After you added Read permissions to the report and the data source to the groups, they can preview the report without errors.
  Report definition permissions are defined through List permissions on the library that contains the report, but we can set permissions on individual reports if we want to restrict access. Set properties on a report including data source connection information,
  processing options, and parameter properties. Edit Items on the library that contains the report or on the individual report. We also need to have view permissions on a shared data source (.rsds) to select it for use with the report.
  For more information about Set Permissions for Report Server Operations in a SharePoint Web Application, please refer to the following document:
  http://msdn.microsoft.com/en-us/library/bb326286(v=sql.110).aspx
  If you have any more questions, please feel free to ask.
  Thanks,
  Wendy Fu
  If you have any feedback on our support, please click
  here.

• Network security:LAN manager authentication level setting on GPO

  Hi,
  We have a requirement from project team to change the one of the security setting on default domain policy for all computers in domain. Below are the security setting which we need to modify.
  computer configuration-->windows settings-->security settings-->local policies-->security options-->
  Network security: LAN manager authentication level 
  this setting need to be changed to - Send LM & NTLM - use NTLMv2 session security if negotiated.
  The project team facing issue with Apache web server and they found the solution on below link.(we have tested this  by changing local group policy and this solution works as expected)
  https://www.sysaid.com/Sysforums/posts/list/9065.page 
  We need to know what is the impact after enabling this on domain computers.
  Need help on this to go-head on this.

  Hi,
  you have a weaker domain security overall. "
  LM Hash Generation 
  The algorithm introduces several weaknesses that attackers can exploit. First, all lowercase characters are set to uppercase, reducing the number of possible characters. Second, it splits a long, strong, password into two seven-character chunks.
  Both the LM and NTLM protocols operate essentially the same way; the only difference is the password hash.
  REF: The Most Misunderstood Windows Security Setting of All Time
  This post is provided AS IS with no warranties or guarantees, and confers no rights.
  ~~~
  Questo post non fornisce garanzie e non conferisce diritti

• Virtual machine VHD file is missing the "Virtual Machine" Security group from ACL

  Hey All,
  Doing support work for a client and they are unable to take snapshots from certain vm's. I think this is down the VM not having the virtual machines security group within its ACL instead is seems to just have two GUIDs. to me if looks like the vm's have
  been moved and imported or something like that but was obviously not done correctly.
  When taking a snapshot they get a general access denied error
  Does anyone know a quick way to add the virtual machines security group back into the ACL, I did find some powershell commands however this errored stating I could not change the owner of the group.
  I'll keep looking but if someone knows a quick fix for this I would appreciate it. One other thing I had thought of was turning the vm off, The creating a new Virtual machine and attaching the VHD as the new VM? Would this work?
  thanks in advanced

  Hi Dunn2010,
  Yes , please try to copy the VHD then create a new virtual machine and attach the replication .
  If it is possible please try to find the relevant Error messege of your question in event log and post it here .
  Any further information please feel free to let us know.
  Best Regards
  Elton Ji
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• My deployed printers don't appear on the computers that are part of the security group

  I use the Print Management role to deploy my printers to my users.
  Because I only want those printers to appear on certain laptops/servers, I deployed them using the “Per machine GPO”
  I created an “Office Printers” security group that contains those laptops/servers
  I use this security group to filter my GPO (under Security Filtering)
  The above used to work but after modifying and adding new printers, the printers are not getting deployed anymore.
  Here is what I see:
  - On the laptops/servers I am connecting to (I am the Domain Admin), I can see all the printers
  - On some user’s machine, no printers shows
  - On some user’s machine, only the printers that were listed in GPO before the changes do show
  gpresults –r shows different result:
  - Mine shows: Filtering : Denied (Security) even I see the printers
  - Some machines show: Filtering:  Not Applied (Unknown Reason)
  - Some machines don’t show the GPO at all

  Hi,
  Before posting my question, i ran gpresult /force and rebooted the machines several times.
  I resolved my issue yesterday by "chance":
  - since the deployment was failing using the deploy to GP feature in Print Management, I decided to try to deploy them by using directly GPMC.
  - I discovered that the printer that I added few days ago was not marked as "shared" (I did not think that it was an issue because I assumed that the Print Management did not need this setting to be set). Since the others were shared, I decided to share
  this one as well.
  >>>> that resolved the issue: the printers appeared on all the machines as expected.
  I feel that MS should look into this behavior:
  - Deployment of the printers should not fail if one is not shared
  - if sharing is a must to use this feature, deploying the printer from the Print Management should bring an error.
  Thanks
  Christophe

• How to locate my network security key

  I wrote this same request a month or so ago and can no longer locate my 'saved' message.  Would someone please forward me the link again on how to locate the network security key so I may add another computer to my wi-fi.
  And another question, will there be any change that more than one security key will appear and if so, how will I determine which key is the proper key to use?
  Thank you much.

  The "key" is another word for your normal wireless network "password", sometimes called a "pass phrase".
  The password generates a 64 character code of random letters and numbers. I doubt that this would be of any use to you, but if you want to see it.....
  Open AirPort Utility on your Mavericks Mac
  Click the AirPort icon, the click Edit
  Click the Base Station icon at the top of the screen
  Click Show Passwords
  More likely, you have a Windows Firewall issue, or Microsoft Security Essentials...if installed....is blocking the connection.  The anti-virus program can do the same thing.

• Grant access to help desk users to add members to distribution and security groups

  Hello,
  I am trying to create a set of help desk users that has full access to add or remove members from distribution and security groups as well as update users.  We want it to bypass owner approval and essentially allow this group to add or remove members
  in the FIM Portal and flow it down to ADS.
  This obviously works fine if one is a member of the Administrators set, but we want a second tier of power users with limitied rights compared to FIM Admins.  We have added the help desk team to the  Security Group Users and Group Users set as
  well as MPR "Security group management: Users can read selected attributes of group resources".
  The help desk users can update users in the Portal with no issue.  The can search groups with no issue but when they try to add members to a group they get the error "Access Denied".
  Any help is greatly appreciated.
  Thanks!

  I'm having very similar problem - I have users with delegated right to modify group membership only. User can add someone to group and it works fine, but when the same user is trying to remove and user from a group (even if this is the same user
  which was added a minute ago) he gets Access Denied:
  The
  request included members which the requestor is not authorized
  to add and/or remove from this group."
  It is caused by default MPR:
  Group management workflow: Validate requestor on remove member
  Question is how this activity validates this request - any insight?