Pix command authorization problem

help required
i am trying to configure pix firewall command authorization using cisco
secure acs 4.2 and a pix 515 running 7.0(5) but have run into a problem
i cant get it to work!
i have included the pix firewall configuration below and have included
screen shots of the acs configuration as attachments
as you can see i can authenticate ok but that is as far as i can go
as soon as i try and use the enable command authorization fails
i cant even enter a password
i have created two shell command authorization sets
one called admins which is configured to allow all commands
and one called restricted which restrics me to only a few commands
if i apply the admins authorization set to the group where the user
resides i can authenticate and authorize and i have access to all
commands but if i apply the restrictd authorization set i get the
problem depicted below
i would appreciate it if someone could take a look and give me
some pointers as to where i am going wrong
regards
melvyn brown
interface ethernet0
nameif outside
ip address 110.1.1.1 255.255.255.0
speed 100
duplex full
no shut
interface ethernet1
nameif inside
ip address 192.168.8.2 255.255.255.0
speed 100
duplex full
no shut
route inside 192.168.7.0 255.255.255.0 192.168.8.1
route inside 192.168.3.0 255.255.255.0 192.168.8.1
aaa-server ACS1 protocol tacacs+
aaa-server ACS1 host 192.168.7.2
key cisco123
domain-name acme.com
crypto key generate rsa modulus 1024
telnet 192.168.3.2 255.255.255.255 inside
ssh 192.168.3.2 255.255.255.255 inside
aaa authentication enable console ACS1
aaa authentication serial console ACS1
aaa authentication ssh console ACS1
aaa authentication telnet console ACS1
aaa authorization command ACS1
Username: fred
Password: **********
Type help or '?' for a list of available commands.
pixfirewall> en
Command authorization failed
pixfirewall> ?
  clear   Reset functions
  enable  Turn on privileged commands
  exit    Exit from the EXEC
  help    Interactive help for commands
  login   Log in as a particular user
  logout  Exit from the EXEC
  ping    Send echo messages
  quit    Exit from the EXEC
  show    Show running system information

Fixed it. It was one of those ID10T type errors. The user I was testing against was in in group1 on the ACS. Trouble is I was adding command authorizations to group0. Duh!

Similar Messages

  • PIX Command Authorization

    I have cisco PIX 525. I want my junior engineer to restrict to show commands. I dont want him to configure access-list and anything else. He is only suppose to sh the running and other show commands.
    I have made a user A and assign him with privilage 7. But when i log in with this user i was able to configure all things.
    username A password muljoLmw8YN8dG2h encrypted privilege 7
    I wana authenticate user locally and rest of all things local database. No external ACS.
    kindly tell me how to configure Firewall for this thing.

    Try using privilege 5 instead of 7. With 5 he should not be able to enter config mode, but do show run or show ver etc. but no configs privilege... try that.
    Rgds
    Jorge

  • Problem - acs command authorization and web access control

    Hi, I'm trying to add the control of some aironet 1310 bridges with a ACS 3.2 (tacacs+). I wanted to be able to do telnet command authorization restrictions trough shell command authorization sets and be able to give similar restrictive web access at the same time. I have it working if I permit some commands that are sent by the browser as "write memory quiet" and few other ones, but for it to work, I must give them limited users the privilege level 15 and by having the tacacs server authorizing the commands, it work for both, http and telnet. Where my problem begin is when I loose the connection with the ACS server, the user being already authenticated as level 15 user, the device become open to all commands; there is no more restriction applied by the ACS. Do anybody now a workaround.

    It is already at local, that is just that the user already have a level 15 access and I used to control the commands through level settings before. So when I try it, my user that is localy level 5 is already recognized as a level 15 user from when it was authenticated through the ACS. If I could find a way to give web access to the 1310 at priv level 5 and still controlling the command set, it would be ok but as soon as I try to access a page that is not permitted other way than by the view level (i think it's level 1... or 0), I get a username password prompt with that line on the top of it:"level_15_or_view_access" and the only way I can access it is by entering a level 15 un/pass. I attached my 1310 aaa config
    and here are the command set that work at level 15 to do a "shut" or "no shut" of the radio interface by the web interface:
    configure
    permit terminal
    exit
    permit Unmatched Args
    interface
    permit Dot11Radio0
    no
    permit shutdown
    permit cca
    ping
    permit Unmatched Args
    show
    permit Unmatched Args
    shutdown
    permit Unmatched Args
    telnet
    permit Unmatched Args
    write
    permit memory quiet
    Thanks for the help !

  • ACS command Authorization on PIX Console

    I have configured the pix firewall for ACS authentication and command authorization, everything is working fine
    aaa-server TACACS+ protocol tacacs+
    aaa-server TACACS+ (inside) host 172.28.x.x x.x.x
    aaa-server TACACS+ (inside) host 172.28.x. xx
    aaa authentication ssh console TACACS+ LOCAL
    aaa authentication serial console LOCAL
    aaa authentication enable console TACACS+ LOCAL
    aaa authorization command TACACS+
    aaa accounting command privilege 15 TACACS+
    aaa accounting enable console TACACS+
    but porblem is that i dont wana have ACS authentication while connecting with console. In case of emergency when
    ACS down, i wana to get console and access the device by using local username and password
    but now after this configuration when i try to access the firewall via console, i m getting error of
    command authorization fail.
    I dont wana have any command authorization while connected with console, Please tell me how to resolve this issue
    I have made the command authorization set in ACS and it is working fine for me,

    kindly once again check my modified configuration,
    I wanted to use this option in case, ACS goes down and i can console my firewall and but it is not working fine me.
    aa-server TACACS+ protocol tacacs+
    aaa-server TACACS+ (edn) host 172.28.31.132
    aaa-server TACACS+ (edn) host 172.28.31.133
    aaa authentication ssh console TACACS+ LOCAL
    aaa authentication enable console TACACS+ LOCAL
    aaa authentication serial console LOCAL
    aaa authentication http console LOCAL
    aaa authorization command TACACS+ LOCAL
    aaa accounting command privilege 15 TACACS+
    aaa accounting enable console TACACS+
    but i m not able to login i m getting following eror
    Command authorization failed
    TDC-INT-525-01> exit
    Command authorization failed
    TDC-INT-525-01> exit
    Command authorization failed
    TDC-INT-525-01> enable
    Command authorization failed
    i also defined the local command authorization set like this
    privilege cmd level 15 mode exec command exit
    privilege show level 5 mode exec command running-config
    privilege show level 15 mode exec command version
    privilege show level 0 mode exec command access-list
    privilege show level 0 mode configure command access-list
    privilege cmd level 15 mode configure command exit
    privilege cmd level 15 mode configure command no
    privilege cmd level 0 mode configure command access-list
    privilege cmd level 15 mode interface command exit
    privilege cmd level 15 mode subinterface command exit
    privilege cmd level 15 mode dynupd-method command exit
    privilege cmd level 15 mode trange command exit
    privilege cmd level 15 mode route-map command exit
    privilege cmd level 15 mode router command exit
    privilege cmd level 15 mode ldap command exit
    privilege cmd level 15 mode aaa-server-host command exit
    privilege cmd level 15 mode aaa-server-group command exit
    privilege cmd level 15 mode context command exit
    privilege cmd level 15 mode group-policy command exit
    privilege cmd level 15 mode username command exit
    privilege cmd level 15 mode tunnel-group-general command exit
    privilege cmd level 15 mode tunnel-group-ipsec command exit
    privilege cmd level 15 mode tunnel-group-ppp command exit
    privilege cmd level 15 mode mpf-class-map command exit
    privilege cmd level 15 mode mpf-policy-map command exit
    privilege cmd level 15 mode mpf-policy-map-class command exit
    privilege cmd level 15 mode mpf-policy-map-class command exit
    privilege cmd level 15 mode mpf-policy-map-param command exit
    Please tell me how to solve this problem

  • Authorization problem when using the Transaction Launcher

    Hi All,
    We have an authorization problem when we call a transaction (EL37) in ECC from the IC Web Client.
    We believe that we have done all the necessary customizing in CRM and when we press the link in the Navigation Bar we are asked to logon to our ECC system. After logging on, we get an error message saying that "You do not have authorization for transaction EL37". If I then enter the transaction directly in the white command field in top of the ECC screen, then I have no problem calling the transaction.
    My user has SAP_ALL, so it shouldn't be a problem with the authorizations. Maybe it has something to do with the transaction IC_LTXE? I have also tried to add this transaction to my user profile, but that didn't help.
    Does anyone have a suggestion for how to fix this problem?
    Kind Regards,
    Gitte.

    Hi,
    I have found the solution for the problem myself. The transation code in the Transation Launcher Wizard must be written in capitals! We had entered 'el37' and have now changed it to 'EL37'.
    Best Regards,
    Gitte.

  • ACS - Shell Command Authorization Sets

    Hi,
    I have had a problem where a set of users in two groups in ACS are struggling entering commands.  The commands are set in the Shell Command Authorization Sets and this hasnt changed.  Other commands are working.  As this is spanning two groups in ACS I am thinking it's not something with the groups but the command sets itself.
    Just to check, the commands are 'clear port-security' and clear mac address-table' - I have entered in Command 'clear' and the following attributes;
    permit port-security
    permit mac address-table'
    I've also ticked 'Permit unmatched args'
    At the same time as this is occuring I have been recieving the following messages from the ACS server via email;
    Test Timed out for service: CSAdmin
    Test Timed out for service: CSAuth
    Test Timed out for service: CSDbSync
    Test Timed out for service: CSLog
    I have looked at other posts and have restarted CSMon.  This then stops the messages for some time, then a day or so later I get the messages again.
    Could this be tied in with the command issue?  Is there something else I should look at other than restarting the server and the CSMon service again?  All other CS' services are running.
    Thanks!!
    Steve

    Thanks for your reply!
    there are no errors, the switch ios is putting the asterics as it does when you enter a command that is not recognised, i.e. for clear port-security the port-security onwards is not recognised.  On this note, the user is entered into priviledge mode and not in configure terminal mode, just base priviledge mode.  The group in ACS is set to max priviledge level 7 and have also set this on the user account in addition.
    I am using ACS v 4.1.
    While I receive the service messages and also when they go away - I always have the authorisation problem.
    Thanks
    Steve

  • Command authorization issue.

    Hello.
    I'm using commands authorization with Cisco Secure ACS 4.1. This morning I'm going to set the MOTD and entries fail because my banner starts with a blank.
    The shell command set that I'm using is a "permit unmatched commands".
    Any idea?
    Thanks.
    Andrea

    What you're experiencing is a known defect:
    CSCtg38468    cat4k/IOS: banner exec failed with blank characters
    Symptom:
    %PARSE_RC-4-PRC_NON_COMPLIANCE:
    The above parser error can be seen together with traceback, when configuring a banner containing a blank character at the begining of line.
    Conditions:
    Problem happens, when AAA authorization is used together with TACACS+
    Workaround:
    Make sure there is no blank character at the begining of line in the banner message.
    Problem Details: trying to configure banner exec with blank character at beginning of line failed.
    This happens when configuring the banner exec via telnet/ssh !
    When configuring the same banner exec via console-port, everything is fine.
    Note the blank characters at beginning of each line. When removing those, banner exec works fine.
    Again, this was working till IOS version 12.2(46)SG.
    Beginning with 12.2(50)SG1 and up, the behaviour has changed.
    ~BR
    Jatin Katyal
    **Do rate helpful posts**

  • Cisco ACS command authorization sets

    I need help on the following please.
    1. - I am using ACS as TACACS server to control IOS authorization on all our Switches, However I can not deny telnet sessions to other devices from within CatOS - does anyone know the command authorization set to deny this within ACS ????
    2. Does anyone know where I can read up on command authorizations sets for ACS ??
    3. What is the debug command for CatOS to see cli output ?
    Many thanks
    Rod

    Thanks for your info. I have solved my problem -
    1. I enabled tacacs administration logging using command on switch aaa authorization commands 15 default group tacacs+
    This let me see what what happening everytime I entered a command on CatOS - via the logging monitor on ACS. From here i was able to see that when i was trying to telnet to a device from CatOS it was doing it on Privilage mode 1. I then entered this command aaa authorization commands 1 default group tacacs+ which solved my telnet problem.
    Problem resolved.
    Many thanks.

  • Command authorization on ASA

    Hi,
    Can anyone confirm that command authorization works as advertised on the ASA platform? i.e. is anyone doing this successfully at the moment?
    We've no problems with authentication, accounting, NAR's, etc - just the authorization set's.
    thanks,
    Andrew.

    Hi andrew.burns,
    Command authorization should work on ASA. Please review
    Configuring Command Authorization
    http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/config/mgaccess.htm#wp1042034
    btw - what version of ASA are you using? Also, are you using shared profile components?
    Hope this helps!

  • Shell command authorization

    Hi all
    I am having a problem with Shell Command Authorization. I have a user setup who I only want to be able to display the config, this is for automated config archival on an hourly basis.
    I have configuered the device with the following aaa commands:
    aaa new-model
    aaa group server tacacs+ ACS
    aaa authentication login default group ACS
    aaa authentication login NOAUTH none
    aaa authorization config-commands
    aaa authorization exec default group tacacs+ group ACS
    aaa authorization exec NOAUTH none
    aaa authorization commands 15 default group ACS
    aaa authorization commands 15 NOAUTH none
    aaa accounting commands 15 default start-stop group ACS
    The static account I have configured logs in ok and can show config etc. Access to conf t is disabled which is good but for some reason he can do any show command instead of just show run which is all I have allowed in the Shell command authorization.
    Unmatched commands is set to deny and permit unmatched arguements is unchecked.
    ACS is 3.3(2) and the switch I am testing is running 12.1(9)EA1
    Any ideas?

    Most "show" command are level 1 commands. You can verify this by logging in as a normal user, issue a "sho priv" to ensure you're at level 1, and then type "sho ip route", "sho ver", etc, you'll see that all of them work fine.
    Your AAA commands only tell the switch to authorize level 15 commands, so when you do a "sho ver" or the like this command will not be sent off to the ACS server for authorization.
    If you add the following:
    aaa authorization commands 1 default group ACS
    then that shoud fix it, but be careful because it's easy to lock yourself out of being able to get into enable mode (add "enable" into your command set too).
    You should also have noticed that all those "show" commands weren't being accounted either, because you have also only enabled accounting for level 15 commands.

  • Config commands authorization on ASA

    Hi, is there a way to control the config commands with tacacs+ authorization ?
    When I enable the configure command, in ACS shell coomand authorization set, all other config commands are enabled.
    In IOS there's the "aaa authorization config-commands", how to with ASA ?

    Please check this link that explains about command authorization on ASA.
    these commands are required on ASA/PIX/FWSM in order to implement command authorization through an ACS server:
    aaa-server authserver protocol tacacs+
    aaa-server authserver host 10.1.1.1
    aaa authorization command authserver
    http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml
    Regards,
    ~JG
    Do rate helpful posts

  • ACS SE - Shell Command Authorization

    Hi Sir,
    I have deployed an ACS Solution Engine 4.1(1) Build 23 to provide AAA services for routers/switches login.
    I'd like to create a user group that is restricted to only "show" commands when the users log in to the network devices.
    I have done the following steps:
    (1) Shared Profile Components -> Shell Command Authorization Sets
    Added a new set. Call it NOC. I added the command "show". For "Unmatched Commands", I selected Deny. I also checked "Permit Unmatched Args".
    (2) Group Setup.
    Created a new group. Call it NOC. For Enable Options, I selected "Max Privilege for any AAA Client" value of "Level 7".
    For TACACS+ Settings, I checked "Shell (exec)" and set "Privilege level" to 7.
    For Shell Command Authorization Set, I selected NOC for "Assign a Shell Command Authorization Set for any network device".
    (3) User Setup.
    Created a new user. Call it noc. Assign it to group NOC. All parameters point to group setting.
    (4) The AAA commands on the routers/switches are as follows:
    aaa new-model
    aaa authentication login default group tacacs+ local enable
    aaa authorization exec default group tacacs+ local
    aaa accounting exec default start-stop group tacacs+
    aaa accounting commands 15 default start-stop group tacacs+
    aaa accounting system default start-stop group tacacs+
    ip tacacs source-interface Loopback0
    tacacs-server host 10.10.10.10 key 0 tacacskey
    When the noc logs in, he's given privilege level 7. True, he's limited to only "show" commands. He can't do "config t". However, he also can't do "show run". Is it normal? I'd need him to be able to do "show run". How to configure the ACS?
    Thank you.
    B.Rgds,
    Lim TS

    Hi Narayan,
    Appreciate your detailed configuration steps.
    My intention is to create a shell command authorization set that allows a user group to only perform "show" commands, including complete config of "sh run". This group is not allowed to configure anything.
    See my original post for my configuration steps. I tied the group to the above authorization set and assigned it Level 7.
    The outcome is, the user can do all "show" commands except "sh run". Of course, he is not authorized for configuration commands.
    I came across the following link:
    http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800949d5.shtml
    Perhaps it explains the problem here. If I understand it correctly, a user can't see in the output of "sh run" what he can't configure at his privilege level or below.
    The same issue happens when I configured the following:
    no aaa new-model
    username noc privilege 7 password test
    privilege exec level 7 show
    line vty 0 4
    login local
    The user "noc" can't do "sh run".
    Thank you.
    B.Rgds,
    Lim TS

  • Command Authorization

    In setting up command authorization I have a question:
    The command aaa authorization commands (level) allows commands to be checked via the Shell Command Authorization Sets configured on the ACS server. For Pix the command is just "aaa authorization command" this checks all command levels. Why do you need to specify a level then on other devices such as a router? Why would you have to specify a level such as :
    aaa authorization commands 15
    For that matter if the command is specified with just level 15 won't it still check the Shell Command Authorization Set for the allowed commands?

    Waseem, have a look at the following link:
    http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml
    The best option is to turn on the following debugs on the router and then enable the appropriate commands in ACS (as sometimes router is sending strange characters like etc)
    debug aaa authorization
    debug tacacs
    Regards
    Farrukh

  • Failover exec and command authorization

    Hi, got into a dead end here. I have a pair of ASA firewalls running as active/standby. I'd like to use the 'failover exec' to issue commands on the standby firewall via the active one. This shouldn't be a problem, but we have AAA command authorization configured. And when the active ASA tries to issue a command on the stadby ASA, it gets a 'authorization denied' message. At the ACS we see the auth request being denied, the ASA sends the request using the 'enable_1' user, instead of using the same user connected to the active ASA.
    Any clues on how to go around this?
    thanks!

    Remote command execution lets you send commands entered at the command line to a specific failover peer.
    Because configuration commands are replicated from the active unit or context to the standby unit or context, you can use the failover exec command to enter configuration commands on the correct unit, no matter which unit you are logged-in to. For example, if you are logged-in to the standby unit, you can use the failover exec active command to send configuration changes to the active unit. Those changes are then replicated to the standby unit. Do not use the failover exec command to send configuration commands to the standby unit or context; those configuration changes are not replicated to the active unit and the two configurations will no longer be synchronized.
    To send a command to a failover peer, perform the steps given in the below URL:
    http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/failover.html#wp1154924
    The below URL helps you in configuring the Active/standby failover:
    http://www.cisco.com/en/US/docs/security/asa/asa80/configuration/guide/failover.html#wp1058096

  • AAA -- Int range configuration gives "Command authorization failed" msg.

    Versions involved:
    AAA
    ACS 4.1.4.13.12
    Devices:
    C2960-LANBASE-M, Version 12.2(25)SEE3, RELEASE SOFTWARE (fc2)
    C3550-I9Q3L2-M, Version 12.1(14)EA1a, RELEASE SOFTWARE (fc1)
    If we try to configure a single interface or just a very small range, it works fine, but if we try to configure a larger range of interfaces, we get a Command authorization failed message, as can be seen below:
    HOST1184(config)#int range fastEthernet 0/1 - 3
    HOST1184(config-if-range)# switchport access vlan 24
    HOST1184(config-if-range)# switchport mode access
    HOST1184(config-if-range)# switchport voice vlan 301
    HOST1184(config-if-range)# dot1x pae authenticator
    HOST1184(config-if-range)# dot1x port-control auto
    HOST1184(config-if-range)# dot1x timeout reauth-period 7200
    HOST1184(config-if-range)# dot1x timeout supp-timeout 120
    HOST1184(config-if-range)# dot1x max-req 1
    HOST1184(config-if-range)# dot1x max-reauth-req 1
    HOST1184(config-if-range)# dot1x reauthentication
    HOST1184(config-if-range)# dot1x guest-vlan 280
    HOST1184(config-if-range)# spanning-tree portfast
    HOST1184(config-if-range)#!
    OST1184(config-if-range)#end
    HOST1184#conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    HOST1184(config)#int range fastEthernet 0/4 - 14
    HOST1184(config-if-range)# switchport access vlan 24
    Command authorization failed.
    Command authorization failed.
    Command authorization failed.
    HOST1184(config-if-range)# switchport mode access
    HOST1184(config-if-range)# switchport voice vlan 301
    HOST1184(config-if-range)# dot1x pae authenticator
    HOST1184(config-if-range)# dot1x port-control auto
    Command authorization failed.
    HOST1184(config-if-range)# dot1x timeout reauth-period 7200
    Command authorization failed.
    HOST1184(config-if-range)# dot1x timeout supp-timeout 120
    Command authorization failed.
    HOST1184(config-if-range)# dot1x max-req 1
    Command authorization failed.
    HOST1184(config-if-range)# dot1x max-reauth-req 1
    Command authorization failed.
    HOST1184(config-if-range)# dot1x reauthentication
    Command authorization failed.
    HOST1184(config-if-range)# dot1x guest-vlan 280
    Command authorization failed.
    HOST1184(config-if-range)# spanning-tree portfast
    Command authorization failed.
    HOST1184(config-if-range)#!
    The pieces of config are as follows:
    aaa new-model
    aaa group server radius dot1x
    server 10.61.156.136 auth-port 1812 acct-port 1813
    aaa authentication login default group tacacs+ enable
    aaa authentication enable default group tacacs+ enable
    aaa authentication dot1x default group dot1x
    aaa authorization config-commands
    aaa authorization exec default group tacacs+ if-authenticated none
    aaa authorization commands 0 default group tacacs+ if-authenticated
    aaa authorization commands 1 default group tacacs+ if-authenticated
    aaa authorization commands 15 default group tacacs+ if-authenticated
    aaa accounting exec default start-stop group tacacs+
    aaa accounting commands 0 default start-stop group tacacs+
    aaa accounting commands 1 default start-stop group tacacs+
    aaa accounting commands 15 default start-stop group tacacs+
    aaa accounting system default start-stop group tacacs+
    enable secret 5 <removed>
    logging 10.142.4.45
    snmp-server community <removed> RO
    snmp-server community <removed> RW
    snmp-server location "SD"
    snmp-server contact contact - [email protected]
    tacacs-server host A.B.C.D timeout 5 key <removed>
    tacacs-server host A.B.C.D timeout 5 key <removed>
    tacacs-server host A.B.C.D timeout 5 key <removed>
    no tacacs-server directed-request
    radius-server host 10.61.156.136 auth-port 1812 acct-port 1813 key 7 096E5C3D4851
    radius-server retransmit 3
    Anyone out there has a solution for such a problem?
    Regards,
    AL

    Hi JG, thanks for your response.
    I don't have the appliance close to me, so I cannot check on this setting.
    As soon as I have a chance, I will return with this info.
    Anyway, why does it work for other devices and also, why we don't have any problem when configuring a small range of interfaces?
    Once again, thanks for your reply.
    Regards,
    AL

Maybe you are looking for

  • Not to print Zero values in SMART Forms

    Hi all, I have a problem there is a field in SMART FORMS if it is having a zero value it should not print value as 0.00 instead there should be a blank. How to print blank instead of Zero value. Waiting for helping hands in this problems. Thanks in A

  • Changing file associations in finder

    Hi there, My 1st post. I did a search for this and although I have read some close answers, everything I tried has not worked. I want to associate a bunch of java files to an editor I like to use called Smultron. I have tried the following: * Command

  • Time stamp a file

    Hi I have a text file that I need to time stamp, however I want to appear in the following format let us say it is 9:28 p.m Aug 10, 2003 So my file name should appear like 20030810_09_28.txt is there a way to accomplish this?? please let me know...ma

  • IBook wakes from sleep if touched or moved

    Hi all, This just started happening recently. If I touch the top of my (closed) sleeping iBook, or move it, the computer wakes from sleep for a second and then goes back to sleep. It will sometimes do this several times in succession. It's as if it's

  • Disabling document date of marketing document

    Hi my client wants to make invisible the posting date, so that his person may not change them and system should go according to document date. is there any possibility to make invisible the document date. Thanks