Possible to restrict logins on hosts w/ ACI?
Greetings,
My DS impelementation is beginning to mature some, and I'm not faced with the possibility that I may need to restrict logins on various hosts. My current setup is using LDAP netgroups to define who can log in to which server, but now I'm being asked to restrict it even further...some people in those netgroups will be explicitly disallowed from logging into some servers (think about contractors working with an already established team...you may not want them logging into just any server simply because they're part of a netgroup that can).
So, what I'm looking to do is set up ACI's to say something like "User X can log into servers A, B, and C, but none other".
Any ideas? I've tried creating ACI's using the ACI-builder, and I've done so at both the leaf entry and at the branch point, and I can still log into any server that that user's netgroup allows. So, either my ACI's are not built properly, or I"m not putting them in the right place. I suppose another possibility is that this type of access restriction isn't possible, but I'd have guessed that this was part of the point of ACI's :)
Thanks!
Patrick
Hi Tom,
Thank you for posting in Windows Server Forum.
For your environment, I would suggest you to use following command.
Firstly find user session ID with: Query Session /Server:Servername
For disconnecting existing login:
Disconnect-RDUser -HostServer sessionhost.contoso.com -UnifiedSessionID 2
For sending message to users:
Send-RDUserMessage -HostServer "rdsh.contoso.com" -UnifiedSessionID 1 -MessageTitle "Message from Administrator" –MessageBody "Please save your work. You will be logged off in 10 minutes"
You can deny new user logons by specifying user login mode.
Change Logon /Disable
http://technet.microsoft.com/en-us/library/bb490792.aspx
Hope it helps!
Thanks.
Dharmesh Solanki
TechNet Community Support
Similar Messages
-
Is it possible to restrict access to specific IOS apps based on the WIFI profile that a user has connected to?
you might be able to block it if the app uses Internet access
and depending on your wireless you might be able to block a specific user
accessing the backend host that the app uses
some firewalls offer application filtering but I'm not aware of any that work with ios apps -
When in a hierarchy, a user right clicks on a node to crate a new node, he has two options
-Child
-Sibling
Is it possible to restrict the user from creating a sibling and allow him to ONLY create child nodes?
Business cases:
1. different level nodes need to have different prefixes.
- Thus, the default prefix property definition uses the level number to assign a prefix
- Also, a validation, to ensure the correct prefix, uses the level number
But if the user can create a child and a sibling then the default prefix will only be right for a single case and not both.
ThanksIf the images are exactly the same size then make sure the layer with the mask
is the active layer and in the other documents go to Select>Load Selection and choose
your document with the layer mask under Source document and under channel choose the layer mask.
After the selection loads press the layer mask icon at the bottom of the layers panel.
MTSTUNER -
IS IT POSSIBLE TO RESTRICT A PARTICULAR MATERIAL GROUP FOR A USER
Hi Gurus,
I want to know whether it is possible to restrict a particular material group for a particular user.
e.g Material Group : 101
User : ADMIN
Our requirement is that the user should not be able to select material group 101 in
any stock related transactions. e.g MB5B, MB51, etc.
Thanks
AmolHi Amol
You ca try Tcode OMT3E where in u can maintain settings relatesd to Users.
Regards -
Is it possible to restrict printing via e-mail to one or a few domains?
Regarding HP ePrinting
Per default any emails will be printed, it is possible to restrict to certain e-mail addresses
Is it possible to restrict print per e-mail to a domain or a few domains, to get a better security and a more simple administration?
example:
e-mail addresses: [email protected], [email protected] ... etc.
Rule in HP ePrint: *@mymaildomain.comHi,
It is possible to restrict printing for allowed senders only,
You will have to add any email you would like to allow accessing, adding a bulk domain nake is not possible..
ePrintCenter lets you control who can e-mail print jobs to your HP product from mobile or network connected devices. Follow these steps set your ePrint-enabled product to receive print jobs from allowed senders only.
Log into your ePrintCenter account at HP ePrintCenter .
On the ePrintCenter Printers page, click ePrint Settings . The ePrint Settings window opens.
On the Allowed Senders tab, select Allowed Senders Only , and then click Save .
Type an allowed sender's email address in the dialog box, and then click Add Email . The email address is added to the Allowed Email Addresses list.
NOTE:You may specify up to 500 e-mail addresses allowed to send print jobs to your product. Your HP product ignores e-mail from addresses not on your allowed senders list.
(Optional ). To send a confirmation email to the sender after the ePrint job prints successfully, select the check box next to the email address in the Email job status column.
NOTE:To remove an email address from the Allowed Email Addresses list, click the X next to the email address in the Remove column.
Say thanks by clicking the Kudos thumb up in the post.
If my post resolve your problem please mark it as an Accepted Solution -
Is it possible to restrict copying and printing a pdf?
Is it possible to restrict copying and printing a pdf without setting a password? I just want to restrict using the document, but don't want a password-demanding window to pop up.
Hei guys!
I truly need your reply!
Any reply or a hint or a reference to another application is welcome.
Thank you! -
How to restrict login from client?
Hi all,
11gR2
How do I restrict login from client users, because I want to backup our database using expdp, and I do not want anybody updating the database.
I can not use the startup restrict becuase some client have dba privs.
I am thinking of shutting down the listener, but there are other database using this listener.
Is there option in the listener so that I can disconnect only the servicename PROD1 database? or do I need to stop the listener and edit it and remove PROD1 then start it again?
Any more briliant ideas?
Thanks a lot,KinsaKaUy? wrote:
Hi Pavel,
I not trying to make a backup of my db. But I do not want to use rman as this is complicated to restore. What's complicated about
oracle: rman target /
rman: restore database
rman: recover databaseIf you are dpending on export as your backup ...
1) you will lose all transactions since the export was taken
2) you will need to rebuild a database from scratch in order to have something in which to import.
The most flexible,easy, and space friendly backup is export. and I beg to disagree to anyone saying that export dump is not a backup.
In fact this is the best backup utility Oracle has ;)
Thanksssss"In fact this is the best backup utility Oracle has "
That falls under the heading of "if the only tool you have is a hammer, every problem looks like a nail." -
Transaction F110 - Possible to restrict the input of Identification-field?
Hello all,
is it possible to restrict the input of the "Identification"-field in transaction F110 (Automatic Payment Transactions: Status)?
e.g.: User X with company code XX is only allowed to enter XX01 in the identification field.
User Y with company code YY is only allowed to enter YY01...
Is that possible?
Thanks in advance for any reply!
Steffen
Message was edited by:
Steffen PoetschHi
You can control the "identification" with the help of the BASIS guy.
They will define the authorization object to field level.
Create seperate roles for that and assign accordingly
VVR -
Is it possible to detect recepient email host's content type?
Hello
Is it possible to detect recepient email host's content type...I mean HTML or Text before sending mail to that recepient? Can someone tell me about this?
ThanksIt is not possible.
-
Is it possible to restrict the object creation for stateless session beans
Hi,
Is it possible to restrict/fix the ejb object creation for stateless session beans in application server?
For example, i want to configure the application server ( am using JBOSS ) to create maximum of 10 session bean objects. and if any requests for the stateless session bean come, as application server has created 10 objects, the requests should be blocked.
Thanks in advance,
nvseenuYou can keep a counter in the application code. A static var won't work, but an entity and a consistent id should. This version would affect performance, but it would be portable to other app servers.
// ConstrainedBean.java
package unq.ejb;
import javax.ejb.Stateless;
import javax.ejb.CreateException;
import javax.annotation.PostConstruct;
import javax.annotation.PreDestroy;
import javax.persistence.PersistenceContext;
import javax.persistence.EntityManager;
@Stateless
public class ConstrainedBean implements Constrained {
final static int DEFAULT_COUNTERID = 1;
@PersistenceContext EntityManager em;
@PostConstruct
protected void init() throws CreateException {
ConstrainedBeanCounter counter =
em.find(ConstrainedBeanCounter.class, DEFAULT_COUNTERID);
if( counter == null ) {
counter = new ConstrainedBeanCounter();
counter.counterId = 1;
counter.counterValue = 0;
em.persist(counter);
if( counter.atMaximum() ) {
throw new CreateException("error attempting to create > 10 beans");
else {
counter.increment();
@PreDestroy
protected void destroy() {
ConstrainedBeanCounter counter = em.find(ConstrainedBeanCounter.class,
DEFAULT_COUNTERID);
counter.decrement();
public void doSomething() { System.out.println("doSomething()"); }
// ConstrainedBeanCounter.java
package unq.ejb;
import javax.persistence.Entity;
import javax.persistence.Id;
@Entity
public class ConstrainedBeanCounter implements java.io.Serializable
@Id public int counterId;
public int counterValue = 0;
public void increment() {
counterValue++;
public void decrement() {
counterValue--;
public boolean atMaximum() {
return counterValue > 9;
} -
Is it possible to restrict Revoke of TECO/DLFL in CO02?
Hi everyone!
In our system, we need to implement a rule that users can TECO and mark del. flag production orders (TCode CO02) but they should not be able Revoke it.
I had already checked in activity groups (user administration) but I can only restrict Change completely.
Is it possible to restrict like this? Or can I totally remove the Revoke options in CO02?
We use SAP R/3 (4.6B). Thanks a lot!Hi RICARDOJR
lease Try the below settings
1.Goto BS22
2.Select the system status TEC0 (I0045) & just duble click it,
3.Maintain the Revoke technical completion (BUTA) =Forbidd (not allowed),
Now system will give the error message when u revoke TECO status at CO02.
And also for DLFL (DELTION FLAG ) (I0076)
Maintain the Remove deletion flag (LVMZ) =Forbidd (not allowed),
Now system will give the error message when u revoke DLFL status at CO02.
Please try & if u found useful reward and close the thread
Regards
Pradeep -
Is it possible to restrict Sales Order Type by Plant/User ?
Dear all,
Is it is possible to restrict sales order type while creating sales order by plant / User ?
Any solution for above issue ?
JeyakanthanHi,
To my knowledge it is possible through SHDO tcode.
Also, you can have a look on this link:
[User Spcific Transaction Variant|Re: User specific transaction variant;
In that look for the Step by step guide fior the Variant.
Regards
Edited by: SAP2020 on Nov 23, 2009 3:00 PM -
Is possible to restrict MB1B -541 for certain materials
HI MM experts,
kindly let me know is there any possibility of restricting users to perform 541 mov thru MB1B/MIGO for certain material codes?
pl help
thanx in advance
SrihariHi,
It is not popssible to resctrict any movement type for specific material codes through configuration. For restricting certain material codes for movement type 541 through tcode MB1B, ABAP coding is required in user exit. -
View Buffering not possible, Transport restricted
Hi Frnds,
I have created a view when I am going to activate the view it is giving me warnings like
All fields are evaluated as key field
Key field KWMENG has num. type QUAN: Buffering not possible, Transport restricted
Key field KBMENG has num. type QUAN: Buffering not possible, Transport restricted
Key field NETPR has num. type CURR: Buffering not possible, Transport restricted
Key field KZWI1 has num. type CURR: Buffering not possible, Transport restricted
Because of these warnings I am not able to transport this view into production.
What might be the reason?
Regards,
SridharHi Sridhar,
1)Goto RSA6 --Search for ur datasource
2)Click on the same and go to Change Mode
3)Goto the Extract Structure.
4)U can find four TABS there
5)Goto Currency/Quantity Fields.
In that TAB specify for that Obejct the Comp type ,data type,lenght and Decimal.
Rgds
SVU -
Buffering not possible, transport restricted
hi,
i am creating ztable. i have domain of type int4. my primary key refers to this domain. while compiling, i get a warning - "Key Field ZZ has num field of type INT4. Buffering not possible, transport restricted".
what does this mean? will i have any problems while transporting to QA and Prod. and Buffering?
JData Types for a Characteristic Object:
CHAR
NUMC
DATS
TIMS
Data Types for a Kef Figure Object:
Amount
Quantity
Number
Integer
Date
Time
You should use characteristic data types while using key fields for a buffered table. If you use NUMC , it will work.
regards,
preet
Maybe you are looking for
-
I have a water damaged iphone 5c. I was thinking about taking it to the Apple store and paying the 269 dollar service charge for them to attempt to fix it. My question is: If they can't fix it, will they replace my phone for that $269 dollars, or wil
-
Country chart of accounts mapping to operational chart of accounts
Hi All, We intend to use country specific chart of accounts to one of our company code along with operational chart of accounts. We try to map 1 operational G/L account to a group of country G/L accounts, system not allowing doing this, understanding
-
Hi All, I have a sales report, its a very simple report. I need to calculate revenue at the report level. Revenue = Price * Quantity. I have quantity Key figure in the column level, i need to calculate revenue(calculated key figure), but price key fi
-
Sync iPod after Hard Drive crash
The Hard Drive in my daughter's Macbook recently died and was replaced. I was able to restore from Time Machine but the last time she backed up was about 6 months ago. She has several albums that she'd imported in the last 6 months and are now residi
-
Mar 2009 Oracle Certification E-Magazine now online
!http://blogs.oracle.com/certification/2009-0224-1330.jpg! <p>The March 2009 edition of the Oracle Certification E-Magazine is now online.</p> <p>Get the latest certification track updates, program news, and details on new Oracle certifications, upgr