Ocilogon/logoff question

Similar Messages

• Cisco Jabber for Windows // Softphone mode // question to CFS config

  Hi Community,
  I have a question to the follwoing problem.
  Hope anybody can help me or give me an hint.
  Our customer have an CUCM / IM&P in version 10.5 cluster.
  He wants to use the fqdn in the CFS device. I try to look into the CFSSEPXXXXXX.cnf.xml and saw in the
  <processNodeName>HOSTNAME instead of FQDN</processNodeName> only the hostname.
  Its possible to get the fqdn in this field ? Where I have to change the Settings in CUCM / CUP ?
  Thanks in advanced for every hint,
  Stefan =)

  Hi Mohammed,
  thanks for your fast reply.
  Do I have after changing the fqdn on cucm to restart the tftp service as well ? Or should the client logoff / login again ?
  thanks,
  Stefan

• Security interview questions - some fun to tickle your brain.

  Hello gurus,
  I know that posting interview question series are not allowed if the person has not put in any effort, but I have and folks seem to want to practice a bit sometimes so I take the liberty of creating a central one.
  Tackle one or all of them to test your knowledge.
  There are no model answers.
  If you want to suggest additional ones, then please contact me.
  The rules
  Flaming of answers is allowed.
  Funny answers earn a beer (or cup of tea).
  There are no points.
  1)     When PFCG proposes 3 activities but you only want 2, how do you fix this?
  2)     What is the use of transaction PFUD at midnight?
  3)     Is PFUD needed when saving in SU01 and does the user need to logoff and on again after changes?
  4)     How are web services represented in authorizations of users who are not logged on?
  5)     How do you force a user to change their password and on which grounds would you do so?
  6)     What is the difference between SU24 and SU22? What is "orginal data" in SU22 context?
  7)     When an authorization check on S_BTCH_JOB fails, what happens?
  8)     Can you have more than one set of org-level values in one role?
  9)     Should RFC users have SAP_NEW and why?
  10)     What is an X-glueb command and where do you use it in SAP security?
  11)      What is the disadvantage of searching for AUTHORITY-CHECK statements in ABAP OO coding and how does SU53 deal with this?
  12)      In which tables can you make customizing settings for the security administration and name one example of such a setting which is usefull but not SAP default?
  13)     Can you use the information in SM20N to build roles and how?
  14)     If the system raises a message that authorizations are missing but you have SAP_ALL, what do you do?
  15)     Name any one security related SAP note and explain it's purpose or solution.
  16)     What are the two primary differences between a SAML token profile and a SAP logon ticket?
  17) Where do you configure the local and global settings of the CUA and what are the consequences of inconsistent settings?
  18)            If you have users in different systems with different user ID's for the same person, what are your options to manage their authorizations centrally?
  19)            Explain the use of the TMSSUP* RFC destinations and the importance of the domain controller?
  20)            Why should you delete SAP_NEW profile and which transaction should you use before doing so?
  To be continued...

  I have one year experience in SAP Security and only two in Basis, so flame on......... I swear I didn't use google or any of my systems for reference!<br><br>
  1) When PFCG proposes 3 activities but you only want 2, how do you fix this? Best answer is to modify your su24 data. <br><br>
  2) What is the use of transaction PFUD at midnight? removes invalid profiles from user records <br><br>
  3)Is PFUD needed when saving in SU01 and does the user need to logoff and on again after changes? PFUD is not needed and the user needs to log off and back on again <br><br>
  4)How are web services represented in authorizations of users who are not logged on? ?? <br><br>
  5)How do you force a user to change their password and on which grounds would you do so? SU01 -> Logon Data tab -> Deactivate password. I am not sure what grounds this would be necessary. I have never had to use it. <br><br>
  6)What is the difference between SU24 and SU22? What is "orginal data" in SU22 context? SU22 you maintain authorization objects???? Su24 you maintain which authorization objects are checked in transactions and maintain the authorization proposals. <br><br>
  7)When an authorization check on S_BTCH_JOB fails, what happens? "You do not have authorization to perform whatever operation you are trying to perform." message. HAHA <br><br>
  8)Can you have more than one set of org-level values in one role? I might be misinterpreting this question. But yes. Depending on the transactions inserted into the role menu, you could have more than one org level to maintain. Purchasing Org and Plant, Sales Org and Sales Division..... <br><br>
  9)Should RFC users have SAP_NEW and why? No. Just insert the transactions and necessary authorization objects into a role. S_RFC for one. <br><br>
  10) What is an X-glueb command and where do you use it in SAP security? ??? <br><br>
  11) What is the disadvantage of searching for AUTHORITY-CHECK statements in ABAP OO coding and how does SU53 deal with this? Disadvantage? I can think of an advantage. My ABAPer shows me his programs and we work out what authority checks should be performed. <br><br>
  12) In which tables can you make customizing settings for the security administration and name one example of such a setting which is usefull but not SAP default? ??? <br><br>
  13) Can you use the information in SM20N to build roles and how? You could, I guess. Not a good practice though. Build roles based on business processes. <br><br>
  14) If the system raises a message that authorizations are missing but you have SAP_ALL, what do you do? Regenerate SAP_ALL which reconciles new authorization objects from SAP_NEW <br><br>
  15) Name any one security related SAP note and explain it's purpose or solution. Don't know the number off hand, but I was looking at it yesterday. Program Z_DEL_AGR to allow deletion of more than one role at a time. There is no mechanism in SAP to achieve this currently. <br><br>
  16) What are the two primary difference between a SAML token profile and a Logon ticket in SAP? ??? I know what these are but have no experience with it. <br><br>

• Questions on ICR reconciliation process 002

  Dear all,
  I am implementing ICR reconciliation process 002   and I have some questions regarding process's behaviour and functionality. I have set u201CDefine Rules for Document Assignments" as following:
  1     POPER     Posting period     = Equal     POPER     Posting period
  10     RTCUR     Transaction currency     = Equal     RTCUR     Transaction currency
  20     TSL     Transaction Currency     -1 Opposite Amount (Only for Value Fields)     TSL     Transaction Currency
  1/ when running trx 'FBICR2 - Reconcile Documents Manually' although there are only 2 items and they are reconciled and appear as without differences, group's status on navigation tree is "yellow" (Unassigned items). I expected that it will be "green" (Assigned without differences).
  2/ I do not fully understand process behaviour. Although all accounts included in a group are balanced to zero; group status appears "yellow" (Unassigned items) and I have to unassign them in the assigned data view (bottom of the user interface) and then assign them manually again in order to get them in "green" status (without differences).
  I understood for process '002' reconciliation is in a account balance point of view and not try to clear item by item. Am I right?
  3/ If I am reconciliating company A with partner B in FBICR2, when I assign manually items and reconcile all accounts for this Company A/Partner B I expected that status for Company B and Parther A would be updated but transaction do not seems to work as I expected. Is this the correct behaviour or am I doing something wrong?
  Cheers

  Ralph thanks for your answer that was very helpful.
  I reviewed table FBICRC002T and as you said, there were lines with RTYPE = 1 and TSL NE 0; but they were wrong, I mean not "real" since the amounts (totals amounts) were bigger than the sum of the individual line items documents involved in FBICRC002A.
  Then I run 'FBICRC002_DATA_TCAL' and totals were recalculated and then I run FBICA2 and all lines in FBICRC002T with TSL NE 0 had RTYPE = 2 so gropus appear as "green" in FBICR2 now.
  I think that I understand now how program derive group's status.
  Then I did the following steps:
  - I went to FBICR2  and unassign all items in "green" groups.
  - FBICRC002A was updated with status 1 but FBICRC002T remains with status 2
  - Then I logoff transaction FBICR2  and login transaction FBICR2 again. Since table FBICRC002T did not change (remains with status 2) groups appear "green" again although items were not assigned in FBICRC002A.
  - Then I run 'FBICRC002_DATA_TCAL' again FBICRC002T was updated now with status 1
  - After doing that, I log in transaction FBICR2 again and groups appear "yellow" as expected.
  - Then I manually assign in FBICR2 all items so they changed to status "2" in FBICRC002A but FBICRC002T remains with status "1". Groups remains as "yellow" since FBICRC002T is not updated yet.
  - Once again, If I run 'FBICRC002_DATA_TCAL'  table FBICRC002T is updated with status "2" and groups are "green" in FBICR2.
  If you are still keeping reading this thanks you. I think all of this sounds a bit tricky but my question is: how and when is table FBICRC002T updated? Is necessary to run 'FBICRC002_DATA_TCAL' after any manual change (assign or unassing) at FBICR2? Is this regular behaviour? Sound a bit strange by the way, I think I am doing something wrong or have misunderstood somethingu2026
  Thanks a lot in advance for your help and patience.
  Rafa

• Windows 7 / Server 2003 Roaming profile synchronization error at logoff (ntuser.pol)

  Hi all,
  I have implemented Roaming Profiles for a few test users on Windows 7 PC's (Windows Server 2003) and everything is working well aside from one error I'm seeing at logoff ('Your roaming user profile was not completely synchronized.  See the event log
  for details or contact your administrator.')
  The event log reveals event ID's 1504 and 1509.  1504 is flagging the fact that Windows cannot update the roaming profile completely.  1509 shows the following:
  'Windows cannot copy file C:\Users\jtest\ntuser.pol to location \\server\Profiles$\jtest.V2\ntuser.pol.  This error may be caused by network problems or insufficient security rights.
  DETAIL - Cannot create a file when that file already exists.
  Other observations:
  This issue occurs with all test users upon each logoff attempt except for the very first logoff, where there is no network share copy of ntuser.pol to get in the way.
  Prior to logoff, the network share copy of ntuser.pol has an older timestamp than the local copy.  This is not a cause or symptom but it leads me to believe updating the network copy of the file at logoff is normal/required behavior.
  If I delete the network share copy of ntuser.pol prior to logoff the error does not occur.  I don't suspect file permissions are the cause since I used the same user having difficulty logging off to delete the network share copy of the file.
  ntuser.dat has no problem overwriting itself upon logoff.
  I was able to repeat the problem with two windows 7 clients.
  I've been all over the usual suspects (i.e. group policies affecting roaming profiles, file/folder permissions, installed every hotfix relating to roaming profiles and folder redirection, and googled every keyword) and came up empty.  I confirmed offline
  caching for the profile share is disabled.
  Does anyone know what may be going on here?  I'd greatly appreciate a point in the right direction.  Thanks in advance.

  You could too run a process monitor to watch what happen. With filter you can easilly configure it on the server to not log everything except read|write on the profile.
  Regards, Philippe
  Don't forget to mark as answer or vote as helpful to help identify good information. ( linkedin endorsement never hurt too :o) )
  Answer an interesting question ? Create a
  wiki article about it!

• How to create and add a logon/logoff script to populate last user into the computer field in AD

  Hi All,
  Bit stuck here,
  Not sure what forum to put this is as it involves different subjects,
  I work in a Server 2008 RT environment and have access to Active Directory etc.
  I saw this a few weeks ago - http://ivan.dretvic.com/2012/10/automatically-generate-description-field-for-computers-in-active-directory/
  Now, I'm not particularly sure what to do here, I don't know how to create a group policy etc. How to implement it in a test environment etc. Never done this before.
  Can somebody give me a step by step guide on literally everything that would be involved in this?
  Or any links that may be able to help?
  I basically want the AD to show who was the last user that logged into a specific client when the client named is searched for in the Computers OU, and if possible being able to pull the make/model and serial number from the client aswell.
  If possible there should be a way of including this with the existing login script that we already have, how can I do this?
  I've tried a few so far and got stuck, I have domain admin priveledges also.
  Thanks,
  Regards, Max.

  Hi Max,
  Please refer to the following article to learn how to create a logon/logoff script via GPO:
  Assign User Logon Scripts
  Assign User Logoff Scripts
  As for the issues about script, this is the forum to discuss questions about driectory service, better to post your question to the forum for Script:
  http://social.msdn.microsoft.com/Forums/en-US/home?forum=scripting
  The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or
  learn from your interaction with us.
  Thank you for your understanding.
  Regards,
  Lany Zhang

• How to Expose LogOff services as an iview on TopLevel Navigation

  Dear Experts
  I need to provide a logoff iview in Top Level Navigation.
  I have created a pdk  application for this. It is providing the basic functionality of logoff, but after logoff it is redirecting to the default portal logon page instead of my custosed logon page.
  Code of LogOff services.
  IAuthentication Authen = UMFactory.getAuthenticator();
  HttpServletRequest req = request.getServletRequest();
  HttpServletResponse res = request.getServletResponse(true);
  Authen.forceLogoffUser(req, res,"http://ssvepd00:50000/irj/portal/anonymous/LogOnPage?guest_user=JTCGuest");
  Could you please suggest me where I am missing? Is it anything to do with ume.logoff.redirect.silent property?
  PAppreciate your response..
  Regards
  Shanmukha Rao Banisetti
  Ph: 9916736946

  Hi! I guess it's nice to get called upon by name. :-)
  As user878 mentions, the problem trying to execute tmloadcf is related to the fact that the associated IPC resources are already considered active by Tuxedo, i.e., you did a tmboot with a given TUXCONFIG and that Tuxedo environment is still running.
  Specifically to answer your questions:
  1)can my application placed in any folder other and execute compile tmloadcf from there?Where the files reside is almost immaterial. What is key is what the environment variable TUXCONFIG points to. That file defines a Tuxedo environment and is created with the tmloadcf command. Once the application is booted, you can't use tmloadcf to change the configuration. You either need to use the tmconfig command or shutdown the environment and then issue the tmloadcf command and then reboot the environment.
  2)How to test my service using command prompt.Tuxedo only provides a generic command line client for Tuxedo services that use FML or FML32 buffers. The commands are ud and ud32. For Tuxedo services that use other buffer types, you will have to develop a specific client.
  I have also updated the Jrepository .The Jolt repository is only needed if you are using Jolt, the Java client API to Tuxedo services.
  Regards,
  Todd Little
  Oracle Tuxedo Chief Architect

• Using Unix Command Line to force logoff of other users

  Hello - I am the administrator for my family's Mac (OS X - 10.4.8). Four of us in the family share the system. Frequently, my family members forget to logoff. I would like to be able to force them off via the Unix command line. Can't I sign on as root and execute a "forced logoff" type of command?

  Thanks to Mihalis and Jarik for the additional info.
  I'm back now with a question. I have a user named "visitor" logged on. I issued a killall command which killed all the users processes except one. Using /Applications/Activity Monitor.app, I can see the process is "loginwindow" and it is owned by visitor.
  However,
  ps -u visitor
  reveals no running processes. Assuming I only had command-line access (no GUI to use Activity Monitor.app) and had multiple users logged in, how can I discover which loginwindow PID belongs to visitor?
  msq
  EDIT: I went ahead and sudo kill PID the loginwindow process owned by visitor and realized that
  ps -axj | grep visitor
  worked to reveal the loginwindow process owned by visitor. But when I logged visitor in (Fast User Switching) and ran sudo killall the Activity Monitor.app identifies the loginwindow as being owned by root but ps -axj | grep visitor shows the process belonging to visitor.
  Something weird in the depths of Leopard's UNIX land, but I think I can find my way around now.
  Thanks, everyone.
  Message was edited by: mistersquid

• Logoff page in different languages - transaction SICF

  Hi,
  In transaction SICF i configured a Logoff page according to: http://help.sap.com/saphelp_nw04s/helpdata/en/fc/04a5421935c511e10000000a1550b0/content.htm
  My logoff script works fine in the default language of my application. When I access my application in another language and want to logoff then my logoff script is not called. I have tried to maintain the service via the language button in SICF but without any luck.
  Hope anyone can help.
  Thanks,
  Regards,
  Morten

  Hi Holger,
  Thanks. I have created URL iView using application integrator. In the step 2 of Iview creation wizard, I have selected Generic.
  The entire list is
  Choose Portal Component: *
       BSP
       BWReport
       ContentIntegrator
       CrystalReport
       DNRObject
       Generic
       IAC
       MiniApp
       RemoteRedirector
       TestIViewURLGenerator
       Transaction
       WebDynpro
  After this, I have finished all steps of iView creation. When I am running iView, it is asking for some parameters. I am providing some URL and it is working fine.
  In your email, you have asked me to configure the Application Integrator iViews. The parameter I have to use is <Request.Language>. I tried a lot to find this parameter. I can not find it any where in iView property. Can you please let me know where exactly I have to alter value for language.
  Few more question - How the iView will work? When it will ask for language. Based on userid, I want to change the language of iView content. How it can be acheived?
  Will URL iView will work for secured connection URLs like https://www.somename.com:50000/irj/portal.
  Whether NetWeaver Developer Studio (NWDS) will be needed for carrying out this exercise? We don't have NWDS installed for our project.
  Thanks
  Stuart

• Need to collect the Windows logon and logoff events across the Domain in a DC eviornment, for different machines and user accounts.

  Hello All,
  I am trying to build a Tool to collect the info about all the user's who login and logoff on daily basis in a domain network. I am using a windows 2008 server as a DC and have xp, win 7, win 8 , win 12 server as clients in the network.
  There are few questions in my mind which I am not able to answer.
  1> When a user tries to login to the DC network, he/ she gets authenticated using the kerberos protocol. does these authentication gets logged on the AD server by default? I have see a way to enable it from registry but even that's not giving me the expected
  output in the eventvwr.
  2> Do I have to use Audit policies to monitor all the user's log off and log on activities?
  3> Is there a way to collect these information from any place on the AD server other than the Eventvwr?
  Please help me in finding the solutions to these query's  of mine.
  Thanks.

  1. Open the Group Policy Management console on any domain controller in the target domain: navigate to Start → Administrative Tools → Group Policy Management.
  2. In the left pane, navigate to Forest: <domain_name>→ Domains → <domain_name>→ Domain Controllers. Right-click the effective domain controllers policy (by default, it is the Default Domain Controllers Policy), and select Edit from the pop-up
  menu. </domain_name></domain_name>
  <domain_name><domain_name>3. In the Group Policy Management Editor dialog, expand the Computer Configuration node on the left and navigate to Policies → Windows Settings → Security Settings → Local Policies → Audit Policy. </domain_name></domain_name>
  <domain_name><domain_name>4. Set the Audit account management and the Audit directory service access policy to "Success". Set the Audit logon events policy to  "Success" and "Failure". </domain_name></domain_name>
  5. Navigate to Start → Run and type '"cmd". Input the gpupdate /force command and press Enter. The group policy will be updated.
  Number of events could be excessive so you need to adjust size of Security log ( 1gb for example ) 
  Usage of EventCombMT Tool (part of
  MS ALtools )
   This tool gathers specific events from several different servers to one central location.
   Run the EventCombMT.exe > Right Click on Select to search field > Choose Get DCs in Domain > Mark your Domain Controllers for search
   Click the Searches menu > replace Event ID field values with
  4624  LOGON / 4634  LOGOFF
   Click Search and wait for the process to complete the operation.
   After the search is done the output directory contains the log files for the domain controllers where events with the specified Event ID’s were found.
  Alternatively you can try Netwrix Auditor for Active Directory solution with 20 days of free trial to generate such reports.
  --- Jeff (Netwrix)

• Permit Group to logoff and shadow users (2012 R2)

  Hello everyone,
  I'm looking for a way to grant users permission to shadow und logoff RDS user sessions.
  To do this I first need to get the user's session host und unified session id:
  $Session = Get-RDUserSession -ConnectionBroker $ConnectionBroker -CollectionName "MyCollection" -ErrorAction Stop | Where {$_.UserName -eq $CommonName}
  After that I can use the information to either logoff or shadow the user.
  For shadowing:
  mstsc /v:$HostServer /shadow:$SessionId /control
  For LogOff:
  Invoke-RDUserLogoff -Force -HostServer $Session.HostServer -UnifiedSessionID $Session.UnifiedSessionId -ErrorAction Stop
  My problem:
  To run these commands the user needs admin privileges, which is not what you want for a first level supporter.
  My question:
  Is there a way to allow a group/user to retrieve the session ID's from the Connection Broker and Logoff/Shadow without granting them admin privileges?
  In case there is no way to grant those specific permissions, what are the permissions the user requires on which machines (broker, hosts?)?

  Hi,
  Thank you for posting in Windows Server Forum.
  You can use provide access to shadow session to normal user other than administrator. To allow non-administrators permissions to shadow you can use the following command which is also applicable for Windows Server 2008 R2 
  wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSPermissionsSetting WHERE (TerminalName="RDP-Tcp") CALL AddAccount "domain\group",2
  More information:
  RDS 2012 Configure Permissions for Remote Desktop Services
  Connections
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• Granting privileges to logoff other TS users via GPO

  Hi,
  My client has asked me to grant a group of people (non admins) the rights to logoff other people's TS sessions on several servers.
  I've seen some answers to this question, but usually focused on a single server topology kind of thing.
  As I'm not a very experienced admin, I'd like to know if there's some sort of way to implement it via GPO so that I can deploy it on a more system-wide / OU fashion. As there is seemingly no prebuilt administrative template for this and no way that I can
  find to edit RDP-Tcp or manage permissions for TS on gpedit, I'm trying to find some help with this issue.  
  Thanks in advance,
  J

  Hi Johnny,
  You may use the WMI script in following threads, then configure it as startup script:
  RDS 2012 Configure Permissions for Remote Desktop Services Connections
  https://social.technet.microsoft.com/Forums/en-US/0d119172-1100-4f9d-accd-e2504e5f4908/rds-2012-configure-permissions-for-remote-desktop-services-connections?forum=winserverTS
  Customizing RDS permissions with GPO or scripts - is it possible
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/e9ebd85b-841d-4c62-8a25-05977d9ba1e0/customizing-rds-permissions-with-gpo-or-scripts-is-it-possible?forum=winserverTS
  Assign Computer Startup Scripts
  https://technet.microsoft.com/en-us/library/cc770556.aspx
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Need code for Logoff the screen

  Hi,
  i have requirement to close the sap application when then user is invalid. when a invalid user logs into the system, i need to show an  error message and logoff the system

  Moderator message - duplicate thread locked
  Please read [Rules of Engagement|https://wiki.sdn.sap.com/wiki/display/HOME/RulesofEngagement], How to post code in SCN, and some things NOT to do... and [Asking Good Questions in the Forums to get Good Answers|/people/rob.burbank/blog/2010/05/12/asking-good-questions-in-the-forums-to-get-good-answers] before posting again.
  Rob

• Auto Logoff while in Shared Services Security Mode

  Pretty simple question but I still haven't found the answer.
  My client's essbase server is set up in Shared Services Security Mode, so now the auto logoff options for the server don't apply. Is there a way to set this via shared services? Or is there some other means perhaps?
  Thanks for your time.

  Essbase will be default be in shared services security mode in 11.1.2, the wizard will not migrate security when in this mode.
  It is possible to revert it back but if you don't know the process then it is worth looking at alternatives first.
  You could use LCM to export the provisioning and then import into your target environment.
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Another oci8 question

  Hi there,
  Sorry to ask what seems to be a common question, but I've been trawling through threads and walkthroughs for a couple of days now and don't seem to be able to crack the problem I'm having.
  Running Win XP with Oracle 10g installed. I'm using the Apache HTTP server that came with this DB installation, which includes PHP 4 and the oci8 extension. Now trying to connect to my DB in PHP but continually getting the familiar "Fatal Error: Call to undefined function: oci_connect()". Have also tried using OCILogin() but the problem is the same.
  When I run a phpinfo() output, the oci8 module is listed, the directories for php.ini and the php extensions directory are correct, but still can't get past this error.
  It just seems strange that the module is clearly getting picked up by phpinfo but yet still not able to function. Any ideas?
  Thanks,
  Dave

  You were on the right track with the old names. With PHP 4 the names like oci_connect() are not available. Did you have a typo in the script or the post with ocilogin()? It should be ocilogon(). See Appendix C "OCI8 FUNCTION NAMES IN PHP 4 AND PHP 5" in The Underground PHP and Oracle Manual.
  I can't ever recommend anyone use PHP4. It's obsolete and the version of the OCI8 extension it ships with is unstable.
  Where exactly did the Apache install come from? From Oracle Apps Server?