Query regarding admin group

Similar Messages

• Need to Query Local Admin Group

  I wrote (copied) some PowerShell code that will add a Domain User to the Local Admin Group using ADSI.  
  $GuestPC = "WinNT://DOMAIN/UserName,user"
  $AdminGroup = [ADSI]("WinNT://"+$env:COMPUTERNAME+"/administrators,group")
  $AdminGroup.add($GuestPC)
  I want to add an If - Else statement to check if the Domain User is already in the Administrators group.  
  I found this code:
  $members = @($AdminGroup.psbase.Invoke("Members"))
  $members | foreach {$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)}
  This code actually lists the members of the Administrators Group.  Maybe its early or I did not get enough sleep, but I cannot figure out how to just query the Administators group for $GuestPC and if it is there don't do anything, but if it is not there
  add it using the above code.  
  Something easy for someone out there I hope?
  Matt
  Matt Dillon

  Finally found the answer on Google.  Just need to add -cnotcontains "GuestPC" in side a If-Then
  Matt Dillon

• Help required in identifying the admin groups for a IT Resource

  I would like to pick up the user details of the members in the admin groups of a particular IT resource.
  Can anyone help me in this regard..???
  Thanks in advance

  If you can replace <SMALLIMAGE with <IMG then I am not
  sure why you couldn't include the SRC="charcothip.jpg" with the
  <IMG portion?
  How are you replacing it currently? Could you store the
  replacement string in a variable and use it instead.
  var replacementString:String = "<IMG
  SRC=\"charcothip.jpg\"";
  Then you could do something like this (assume the myStr holds
  the XML String):
  var myArr:Array = new Array();
  myArr = myStr.split("<SMALLIMAGE");
  myStr = myArr.join(replacementString);
  Obviously, this will only work if you are replacing all of
  the <SMALLIMAGE pieces with the same image. If not then you
  could use the following:
  var searchFor:String = "<SMALLIMAGE";
  var newString:String = myStr.substring(0,
  myStr.indexOf(searchFor));
  newString += replacementString;
  newString +=
  myStr.substr(myStr.indexOf(searchFor)+searchFor.length);
  You can keep the width and height attributes since Flash will
  recognize those when rendering the HTML.
  Tim

• Query regarding DB_16k_CACHE_SIZE

  Hi Friends,
  I have got a urgent query regarding db_16k_cache_size parameter.I have created a tablespace with 16k block size,and i have configured the db_16k_cache_sieze to 208M accordingly.I have kept a table in this tablesspace whose presenet size is 323 GB.Some complex queries will be running on this table comprising groups,some complex joins,ordes,analytical functions etc.
  I am having 8 GB of SGA.Now my query is whether i have to increase the db_16k_cache_szie parameter from its present size to get better performance and if it is then how to detemine what will be the optimal size of db_16k_cache_size.
  Please help...
  Thanks
  somy

  Post your query what u have tried. Then only we might be help with you

• Query regarding database access segregation using os authentication in windows environment

  Hi ,
  I have a query regarding database access segragation using os authentication (like sqlplus "/ as sysdba") in windows environment.Let me briefly explain my requirement:-
  Suppose you have two DBA`s viz DBA1 and DBA2 and 4 databases resideds in a windows server say A,B,C & D.Now I want to set up such a way if DBA1 logs into the server then he can login to database A and B only using OS authentication and DBA2 can login to database C and D only using OS authentication.
  Please let me know how to do setup for this requirement.
  Database version is 11.2.0.3

  1494629, I am not a Windows person but if there is any way to do this I suspect some additional information is necessary:
  Are the DBA users members of the Administrators Group ?
  Do all 4 database share the same $ORACLE_HOME ?
  I suspect if either answer above is yes then this is not possible, but like I said I am not a Windows person.  I would just ask for two servers and the associated licensing to be acquired.  The requirement to spend money to do something management wants usually elimanates the request in my world.
  HTH -- Mark D Powell --

• DPM 2012 still requires put end users into local admin groups for the purpose of end user data recovery?

  On client computers that are protected by DPM 2010 and prior versions, you had to put the end users account in the local administrators group. If you did not add the end user account to the local administrators group you would get this error after opening
  the recovery tab in the DPM client: “DPM found no recovery points which you are authorized to restore on the specified DPM server. You can restore only those recovery points for which you were an administrator at the time the
  backup was taken. To restore other recovery points, contact your DPM administrator, or attempt to restore from another DPM.”  This is not ideal on many networks because the end users are not allowed to have local administrator access.
  Ths fix to this was included in hotfix 2465832 found here: http://support.microsoft.com/kb/2465832.
  This hotfix (a hotfix rollup package for DPM 2010) resolves other issues with DPM 2010 as well. You can find the full list of what this hotfix corrects on that link.
  One would think this issue should have been resolved in DPM 2012, however I am encountering the same exact issue, had to include end-users into the workstation local admin group before they can search for recovery points on the DPM server. This is not acceptable
  practice.
  Is there a new hotfix for the same issue on DPM 2012? I am hesitated to apply KB2465832 since it also includes many other fixes for DPM 2010, which may not appicable for version 2012.
  Please help.
  Thanks,

  This is a hands off solution to allow all users that use a machine to be able to restore their own files.
  1) Make these two cmd files and save them in c:\temp
  2) Using windows scheduler – schedule addperms.cmd to run daily – any new users that log onto the machine will automatically be able to restore their own files.
  <addperms.cmd>
  Cmd.exe /v /c c:\temp\addreg.cmd
  <addreg.cmd>
  set users=
  echo Windows Registry Editor Version 5.00>c:\temp\perms.reg
  echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Data Protection Manager\Agent\ClientProtection]>>c:\temp\perms.reg
  FOR /F "Tokens=*" %%n IN ('dir c:\users\*. /b') do set users=!users!%Userdomain%\\%%n,
  echo "ClientOwners"=^"%users%%Userdomain%\\bogususer^">>c:\temp\perms.reg
  REG IMPORT c:\temp\perms.reg
  Del c:\temp\perms.reg
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT] This
  posting is provided "AS IS" with no warranties, and confers no rights.
  That's a good one! Thanks for that.
  I've been scripting on KIX for some time, so here is mine, hope it helps to someone... (it's probably not the best, but it works)
  ========================================================================
  $RC=setoption("WOW64AlternateRegView","on") 
  $DPMkey = "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Data Protection Manager\Agent\ClientProtection"
  $uservariable = "%userdomain%\%username%"
  If KeyExist ($DPMkey)
  $Userstring=ReadValue($DPMkey, "ClientOwners")
  If $Userstring == ""
  WriteValue($DPMkey,"ClientOwners", $uservariable, "REG_MULTI_SZ")
  ? "Key created"
  else
  If not instr($Userstring,$uservariable)
  $Userstring = "$Userstring,$uservariable"
  WriteValue($DPMkey,"ClientOwners", $Userstring, "REG_MULTI_SZ")
  EndIf
  Endif
  EndIf
  ==========================================================================
  The problem actually is that you still need to use an admin account to write on the registry, so ensure you configure it properly on the schedule task.
  In case you use a service account on the schedule task... the "$uservariable" will get populated with that account. As a work around to this... I changed it for the following line:
  =========================================================
  $uservariable = ReadValue("HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI", "LastLoggedOnSAMUser")
  =========================================================
  The only problem with that, is that key gets created/updated only if user gets logged phisically on that PC, but will not work for anyone connecting through RDP.

• Query regarding Transfer order creation

  Hi Experts,
  I have query regarding on creation of transferorder in WM.
  1) Once the delivery order received from SD ,  How  WM people  will proceed with that delivery order?
  2) Is it possible  to create transfer order for each item avaliable in delivery order?
  3)  Is there any chance to partial delivery/ partial picking against that delivery order?
  Please guide..
  Points willl be rewarded ..
  Thanks in advance..

  1.once the delivery order received from SD, WM will start up with creating a wave pick thru outbound delivery monitor(VL06P), then trasnfer order (TO)is created , then TO is confirmed and goods issue is posted.
  2.yes it is possible to create transfer order for each item avaliable in delivery order, if the delivery items are not grouped under a wave pick.
  3.partial delivery can be made

• Security Settings for two admin groups  with shared service

  Hi all,
  I use Essbase Administration Services 11.1.2 and Hyperion Shared Services Console 11.1.2.0.73 (Drop 17)
  Access Rights are granted via Groups in Hyperion Shared Service Console.
  We have two admin groups.
  AccessGroup 1: admin rights on some cubes (A) and read rights on all others (B).
  AccessGroup 2: admin rights on (B) and read rights on (A).
  If someone of AccessGroup 1 copies a cube of (A) – Fin_rep for example – wether AccessGroup 1 nor AccessGroup 2 can even see the cube (and i dont even mention admin rights) execpt the one who copied it.
  Settings in Shared Services Console:
  - Both groups have role "Create/delete application" and "AccessManager" (or something like that - german word is "Zugriffsberechtigungsmanager") on Essbase Cluster (our essbase server).
  - AccessGroup 1 has role "ApplicationManager" and "AccessManager" for all cubes which they should administrate (A)
  and role "Read" for all cubes with read only (B)
  - AccessGroup 2 has role "ApplicationManager" and "AccessManager" for all cubes which they should administrate (B)
  and role "Read" for all cubes with read only (A)
  I hope i can get some help with this topic.
  Thank you in advance,
  Best regards
  Bernd
  Edited by: 907705 on 07.02.2012 02:52

  Security will not copy over when you create new cube from old cube. You have to grant security to required groups using shared services or Maxl.

• OIM - query regarding child tables

  Hi All
  I have a query regarding child tables. For example, when a user is removed from an AD group, his corresponding entry from the AD groups child table will be deleted. I want to know whether it is deleted of marked as deleted. Can I get the information later on that the user was removed from which AD group?
  Please help.
  Thanks

  You will have to enable the audit level = Resource Form and perform the additional tasks to track the process form data changes. This will track all modifications to the forms.
  -Kevin

• Query regarding the Node manager configuration(WLS and OAM Managed server)

  Query regarding the Node manager configuration(WLS and OAM Managed server):
  1) In the nodemanager.properties I have added the ListenAddress:myMachineName and ListenPort: 5556
  My setup : One physical Linux machine(myMachineName) has : WLS admin server, managed server(OAM 11G) and nodemanager.No clustered environment.
  2) nodemanager.log has the following exception when I start the oam_server1 using EM(Enterprise Manager11g):
  Mar 23 2012 1:39:55 AM> <SEVERE> <Fatal error in node manager server>
  java.net.BindException: Address already in use
  at java.net.PlainSocketImpl.socketBind(Native Method)
  at java.net.AbstractPlainSocketImpl.bind(AbstractPlainSocketImpl.java:336)
  at java.net.ServerSocket.bind(ServerSocket.java:336)
  at javax.net.ssl.impl.SSLServerSocketImpl.bind(Unknown Source)
  at java.net.ServerSocket.<init>(ServerSocket.java:202)
  at javax.net.ssl.SSLServerSocket.<init>(SSLServerSocket.java:125)
  at javax.net.ssl.impl.SSLServerSocketImpl.<init>(Unknown Source)
  at javax.net.ssl.impl.SSLServerSocketFactoryImpl.createServerSocket(Unknown Source)
  Default port on which node manager listen for requests is localhost:5556.I have changed it to point to my machine. The port should be of WLS admin server or it should be the managed server port?
  3) I have started the NodeManager using the startNodeManager.sh script.
  4) The admin server port is 7001 and the oam managed server port is 14100.
  Any inputs on what might be wrong in the setup will be helpful.Thanks !

  By using netstat -anp|grep 5556 you can check which process on your machine is using the 5556 port.

• Unity 7.0 - AD Domain Admin Group

  I have Unity 7.0 with failover, AD, and Exchange 2010.  Unity accounts are created in AD in the Domain Admin Group.  Most that I have read states if Unity is a domain controller it needs to be in the Domain Admin group.  I do not know how to see if Unity is a domain controller and do not know why (previous to me), Unity was setup in the Domain Admin Group.
  Can you help me understand why Unity might be setup in the Domain Admin Group, reasons?
  Thanks,

  Melinda;
  -> if you use the tools depot option in the unity server you will see an option called dc\gc reconnect tool to check if unity looks at itself as a domain controller; here is a link that will give you more informaiton on this tool;  http://www.ciscounitytools.com/Applications/Unity/DCGCReconnect/Help/DCGCConnectionManager.htm
  -> Can you clarify if you are asking whether the unity reference account ( unityinstall/unimgstoresvc/unitydirsvc) needs to be domain admin or not ? If you query is related to the above mentioned accounts ; what permissions do they need is documented in the following link;
  http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/unity/5x/installation/guide/umexfo/5xcuigumefox/5xcuigumefo070.html
  -i hope this helps.

• Missing properties for ADMINS  group in security property file

  Hi,
  I'm getting the following error while trying to start the J2EE server
  how to overcome this
  SAP J2EE Engine Version 6.20 PatchLevel 67440.20 is starting...
  Loading: LogManager ...
  Loading: SystemThreadManager ...
  Loading: ThreadManager ...
  Loading: TimeoutManager ...
  Loading: MemoryManager ...
  Loading: PoolManager ...
  Loading: PolicyManager ...
  Loading: IpVerificationManager ...
  Loading: ClusterManager ...
  Loading: ClassLoaderManager ...
  Loading: SwapManager ...
  Loading: LockManager ...
  Loading: R3StartupManager ...
  Loading: ServiceManager ...
  Loading core services:
    Starting core service p4 ... done.
    Starting core service monitor ... done.
    Starting core service log ... done.
    Starting core service file ... done.
    Starting core service dbms ... done.
  ID000544: Error starting service security. Unexpected exception: java.lang.SecurityException: Missing properties for ADMINS group in security property file!!!
  [ServiceManager]: ID000544: Error starting service security. Unexpected exception: java.lang.SecurityException: Missing properties for ADMINS group in security property file!!!
  Exception in core service. Kernel not started.
  [ServiceManager]: * Exception in core service. Kernel not started.
  Loading: ServiceManager returned false!
  Kernel not loaded. System halted.
  Element 1779446621 disconnected.
  System Exception * Fail to start Naming. Exception is: java.lang.NullPointerException
  ThreadDeath catched in deploy when trying to start it. Rethrowning...
  [ServiceManager]: ThreadDeath catched in deploy when trying to start it. Rethrowning...
    Starting core service naming ... done.
  ThreadDeath catched in admin when trying to start it. Rethrowning...
  [ServiceManager]: ThreadDeath catched in admin when trying to start it. Rethrowning...
  Message was edited by: Lakshmi Manohar

  Hi,
  As I understand, you are using SharePoint designer worfklow on 2013 platform and you would like to edit cancelation email body for task process.
  From my experience, there is no OOB option for you to edit cancelation email body. Since workflow 2013 is different from 2010, task forms are auto-generated based upon a certain Content Type. As workaround, I'd recommend you using approval workflow on 2010
  platform. In addition, you could try codeplex 2013 approval workflow, please check the link below:
  http://sharepointwf.codeplex.com/
  More information:
  http://blogs.msdn.com/b/sharepointdesigner/archive/2012/09/14/how-to-manipulate-the-task-form-with-sharepoint-designer-for-new-task-actions.aspx
  http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.workflowservices.activities.singletask.cancelationemailbody(v=office.15).aspx
  Regards,
  Rebecca Tu
  TechNet Community Support

• Users Admin Group in WS 2012

  Recently users got deleted from Admin group in the windows server 2012, is there any tracking enabled or how do I check when it was deleted and how deleted.
  I have gone thorugh security audit logs but could not find much information. please help.
  Thanks, Ram Ch

  Hi,
  If the auditing is not enabled for such changes that you won't see anything logged in the security log.
  http://www.windowsecurity.com/articles-tutorials/windows_os_security/Auditing-Users-Groups-Windows-Security-Log.html
  Basically you would need a GPO (if you are in AD domain) and enable "Audit Account Management" for success/failure if you want to see both type of changes. The GPO should be linked to where you have your servers/workstations placed (organizational
  unit).
  If you want to see changes on the domain security/distribution groups then the same GPO setting would be linked to Domain Controllers OU. Yo ucan either configure the default domain controllers policy or create a new one for this.
  Hope this helps.
  Regards,
  Calin

• Create/Admin Groups

  Hello,
  I am currently using the Application System Server 9. Could you please let me know how to Admin user groups (list,create,delete...)?
  I am able to create users in the system Realms and assign them to roles, but there is not any option for the groups.
  Any help will be appreciated
  regards,
  Sito
  http://www.insit.es

  Vikram,
  We are configuring an LDAP security realm for our portal application. Theconfiguration
  document says that we need to create certain Admin groups in LDAP likeAdministrators,
  AdminELIGIBLE, DelegatedAdministrator and a SystemAdministrator group.I've 2
  questions in this regard.
  1. Many applications would be using the same LDAP repository. So I amassuming
  that for eachapplication all the Admin groups mentioned above would becreated
  under the Application specific group.You only need to create these groups once for your LDAP Realm. They are not
  created for each application.
  2. Can't we have these Admin groups site in the FileRealm instead ofhaving them
  in the LDAP realm as the user population in these groups is going to bevery small.
  Yes you can have these admin related groups placed in your FileRealm. There
  is a document that discusses this. It lives somewhere on dev2dev.bea.com
  but I am just going to attach it. See attached.
  Hope this helps.
  russ
  [Portal_70_Delegated_Administration_with_a_Custom_Realm.doc]

• Query regarding Pagination

  Hi all,
  I have a query regarding the Pagination in the table component.I have a table and this table has been paginated with size 5. I am using an ObjectListdataprovider for populating data in table.Here i populate the ObjectList from another page and show it here in another page.Here we can chane the data.when i am clicking on the save it only considering the first 5 values dat is currently showing.This thing happens only when i didn't go the the second page using page navigation buttons.That is it ony saves the data that got focus.Can anyone have any solution?Please help me..
  Thanks and Regards
  Sree

  Do you have a message group component on the page to display runtime errors?
  Did you check the server log (right-click Deployment Server and choose View Server Log) to see if any errors show up there?
  Do you have any table colomn components bound to non-string fields? If so, did you drop the right type of converters on those components?