Restrict access of "domain user" to specific computer

Similar Messages

• Cannot log in on one particular PC as other domain user than specific

  Hello,
  We have next problem:
  On one specific PC I can log in as one specific domain user. However, I cannot log in to this PC as other domain user than specific. When I try to log in as other user it turns back to "Press Ctrl+Alt+Del to log in" screen so it doesn't go
  to user's desktop.
  Operating system is Windows 7 Enterprise.
  What could be issue in such case?

  Can you access resources like file shares with the user who can login?Has the PC been off for a long time? I just ask as the computer needs to talk to the domain controller at least once every 3 months, otherwise it looses it's domain membership and has
  to be removed and rejoined.

• Restricting  Access for SQ01 User Group

  Hi ,
  Please let me how to Restrict  Access for a   User Group  to only some of  the specific users?
  Thank you
  Edited by: Vibhor Arora on Apr 12, 2010 7:29 AM

  Hi,
  Can you please clarify what exactly you want to know, your request can be interpreted in a few different ways.
  If you are concerned that people have access to all user groups, then you need to remove access to S_QUERY activity 02 and I think activity 23.  They will lose access to all user groups that they are not assigned to via SQ03.

• All Domain User update specific application

  Server OS: Windows Server 2008 R2
  PC: Windows 7 SP1 Professional /joined domain
  We looking for any hint can allow domain user account upgrade specific appliation, we test servral method but all not work
  1. This is IM QQ appliction and no MSI , version change quickly, can not use GPO deploy also the patch is not download. Force update by online.
  2. We can not grant local admin right to users beacuse need to stop anyone install application without approval
  3. Can not use Windows Application Control, because that feature need Windows 7 Enterprise.
  4. Consider use local security policy, application control or software restrict but difficult for mangement over 100 PCs
  5. Try to grant everyone under program files / (x 86) folder but patch update seem involve registry and other system permission.
  6. Market has third party application control but those application can not block the application which not on their list, means we if we grant local admin right to users, they can freely install anything
  seem any other information can help this case. thanks
  supporthk

  How about:
  Group policy to add a local admin user account for a day or two, or a week
  Group policy to apply a logon script to run a batch file - batch file to copy file(s) to local computer, "run as" the install file as new local admin account, then clean up temp & install files
  Then edit the 1st GPO to remove that local admin account
  Could be a way, but that force the admin to pre-package all software update and it allow a hole for the user to install anything while it's PC isnt rebooted.
  Maybe in App-V it could be do-able. In XenApp you can stream to the computer the application, and you can allow the user to update. The registry hive is isolated and file are deployed when the user click the application. Never tried it with App-V, but I
  heard you can isolate the application too. In both product you pre-install in a virtual's way, and that make like a .msi, that the user get to the workstation when they want to use the application in big, and the modified file are stored in the user profile
  (for xenapp, surelly the same for app-v)
  Regards, Philippe
  Don't forget to mark as answer or vote as helpful to help identify good information. ( linkedin endorsement never hurt too :o) )
  Answer an interesting question ? Create a
  wiki article about it!

• Access level to users at specific fields

  Dear Techies,
  I am new guy In BO and also to this forum icon_smile.gif
  I am designing my universe and now i little concern
  I want to design one universe for 5 departments in company
  and then i want to give specific rights for users for specific fields in the universe level
  any best way / solution there...
  any suggestion / help / link / tutorial would be highly appreciated
  regards
  Nadir Firfire

  Hi,
  You can deifne metadata restrictions for group of users in the universe.
  In Universe Designer, select the "Tool" menu then the menu option "Manage Security" and finally menu option "Manage access restrictions".
  Then click on "New" button to create an access restriction and select the "Object" tab.
  Last you have to associate the restrictions to users or group of users.
  Didier

• Cannot delegate Reporting Services Web access to domain user / group, User does not have required permissions

  Hi
  I have an SCCM 2012 SP1 CU3 installation on a Server 2008 R2 + SQL 2008 R2.
  I'm having trouble delegating Reporting Services Web Access to a standard domain user.
  I have followed the instructions from these blogs:
  http://blog.coretech.dk/kea/creating-the-reporting-user-role-in-configmgr-2012/
  http://www.wolffhaven45.com/blog/sccm/assigning-users-to-configmgr-reportusers-group-in-sccm-2012/
  No matter how I try, I cannot get the reports to show for a standard domain user. In the console no reports are showing and in the web access I get
  "User domain\user does not have required permissions........"
  The only thing that is consistenly working when I test is to put the AD Group on the Security Role "Full Administrator".
  Then everything will show up.
  Any ideas on how to troubleshoot this?

  Thanks everyone for helping me with tips. I have now solved the problem. It was the permissions from SCCM that did not replicate to the Reporting Server.
  In srsrp.log I got these error messages:
  Could not retrieve the reporting service name for instance 'MSSQLSERVER'
  Invalid class
  Could not stop the reporting serviceAfter googling a litte I found these 2 sites with similiar problems:http://social.technet.microsoft.com/Forums/en-US/d4a7f93a-506f-4e3f-b5fc-bd2b087277da/ssrs-permissions-do-not-add?forum=configmanagergeneral
  http://www.microtom.net/microsoft-system-center/software-distribution/sccm-2012-reporting-services-do-not-install
  So I ran the command for SQL 2008 R2: mofcomp.exe C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqlmgmproviderxpsp2up.mof
  and BAAM, everything started to work =)
  /ALX

• Restrict Access to certain users based on if a variable in the SQL database is set to 1

  Hey guys,
  I am quite new to PHP and MySQL and I have a question concerning access  restriction. For a website project I am experimenting with Dreamweaver's  login and restrict access behavior, which works fine. However, on the  website I would like to restrict access for users that only have a 1 set  in the corresponding MySQL database (which means that e.g. each page has a different variable in the database that can be set to 1, which would allow me to personify access beyond the level of the out-of-the box option, where each user can only have one access level). So it is quite similiar to the  out-of-the-box restrict access to page based on user group, but just  depending on another variable in the database.
  I guess it can be done with an if condition that checks in the database if the logged in user has a 1 in this variable, and if yes give her/him access if not redirect to another page. However, I could not figure out  how to implement that.
  Your help is highly appreciated!
  Thanks in advance!

  Hello guys,
  I spend quite some time on the internet reseaching my wish and redefined my need: I would basically like to have the possibility to assign a user multiple access levels. There would be e.g. 10 pages for each I create an access level. Then a user with e.g. access to pages 2 and 8 can only access these two pages. So my basic question is if and if yes how I can assign a user muliple access levels at a time and store these values in the MySQL database.
  Thanks a lot for your help!!

• 1 user can access inernet, another user on same computer cannot

  I can access the internet, another user on same computer gets the message "connection was reset"

  This article should be of help: http://docs.info.apple.com/article.html?artnum=93195

• CWS with multiple domain users sharing a computer off work

  Hi,
  I need to know if this is an expected behaviour and if there is a workaround to this. I have AnyConnect Web Security (3.1.04063) installed on Windows 7 Enterprise computer that is part of a Windows domain. Two domain users login to the computer at work. When User1 logs in and visits "whoami.scansafe.net", his relevant user/group info is displayed in the browser. When User1 logs off and User2 logs in, the page correctly displays info for User2 in the browser.
  However, if at this point the computer is then taken off the work network say a home/public network where AD domain servers are not available. Both User1 and User2 can still logon to Windows but for both of them the "whoami.scansafe.net" page display the info for User2 only. It doesn't change even if the computer is restarted and User1 logs in - still User2 scansafe info is displayed. This happens to User1 untill the PC is brough up on Work network where Windows Logon service is available and User1 can now correctly see his scansafe info in the browser.
  Shouldn't Web Security client app be pulling the info relevant to the logged on user for both on and off work networks ? If this is expected, is there a docu reference to this ?
  Thanks,
  Rick.

  Hi Rick,
  That is the expected behaviour of AnyConnect Web Security (ACWS).
  Reason is when you are off the network, ACWS will use the cached credential of the user who last login. In your example, if user2 is the last to login when he/she is connected to the work network, then his/her user credential will be cached.
  It uses the information from the output of gpresult/r.
  Regards, Jen

• Restricting websites for domain users

  Hello,
  We have a Windows 2008 R2 Standard server with Service Pack 1 and IE 9.
  All users in the domain get to the internet through the server and are allowed to visit any web site.
  Users have a combination of Windows XP Pro SP3 and Windows 7 Pro.
  We would like to institute something to restrict user website browsing.
  I found this information in a search of the web:
  http://www.windowsecurity.com/articles/Restricting-Specific-Web-Sites-Internet-Explorer-Using-Group-Policy.html
  It looks like this should work, but it seems like it would be a lot of work to either get the allowed sites into IE or the not
  allowed sites into IE.
  Does anybody know of a file that can be imported into IE to populate the Allow this web site for Always or Never?
  Any help anybody can provide to institute a website restriction policy would be gratefully appreciated.
  Thanks,
  Tony
  Stop The World, I want To Get Off! ........... Life Isn't About Waiting For The Storm To Pass ... It's About Learning To Dance In The Rain.

  Hello,
  You can block URLs using group policies: http://www.grouppolicy.biz/2010/07/how-to-use-group-policy-to-allow-or-block-urls/
  Personally, I would recommend using a Proxy server like TMG Forefront to filter Web access instead of using group policies.
  This
  posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
  Microsoft Student Partner 2010 /
  2011
  Microsoft Certified Professional
  Microsoft Certified Systems Administrator:
  Security
  Microsoft Certified Systems Engineer:
  Security
  Microsoft Certified Technology Specialist:
  Windows Server 2008 Active Directory, Configuration
  Microsoft Certified Technology Specialist:
  Windows Server 2008 Network Infrastructure, Configuration
  Microsoft Certified Technology Specialist:
  Windows Server 2008 Applications Infrastructure, Configuration
  Microsoft Certified Technology Specialist:
  Windows 7, Configuring
  Microsoft Certified IT Professional: Enterprise
  Administrator
  Microsoft Certified IT Professional: Server Administrator
  Microsoft Certified Trainer

• How do I restrict access by domain and the rest of the world to the documents in the public_html folder in iPlanet Portal Server?

  Hello,
  We have multiple domains configured in our iPlanet Portal Server 3 demo environment. In addition we are using the gateway.
  In one of these domains the userTemplate.html file is tailored to display Macromedia Flash components at dynamic positions on the page. The logical home for these Flash components (since the portal software cannot find them if we simply store them in iwtDesktop) is somewhere below the /opt/SUNWips/public_html directory.
  The problem is that once the file is stored here I can access it if I know the url (http://server:8080/file_path) without being authenticated in the domain.
  The allow/deny url policy settings are specific to a domain and seem to have no affect on the rest of the world.
  Any advice you can provide is greatly appreciated.
  Thanks!

  Joel,
  If your intent is to block access to the doc root, you can probably use access control lists (acl) to prevent anyone from accessing the files stored under public_html. You can get more information about how to create ACLs from the following URL
  http://docs.iplanet.com/docs/manuals/enterprise/41/ag/esaccess.htm#1005439
  You can even set up Basic Authentication for access to the direcory or ip based access or any which way you want. I've personally never blocked access to the doc root in portal, so I am not sure what the impact will be.
  Hope this helps!

• How to restrict access to views for some users in the app?

  Hi SDN!
  I have an WD application wich embedded in the portal. Appication has 2 iViews (and 2  pages respectively). These iViews consist several views connected with each other (e.g. one view provide list data, second view is add/edit form for this data). I need to restrict access for some users for view with add/edit form. I can't make separate page for this view.
  What I've done:
  1) create yet another UIContainer for this view in main window and embed view to this container. It was be done for create separate iView for form.
  2) in the portal I create iView for this form but don't embedd in any page.
  When I try to call my form from list data (that is one iView from another) I get exception:
  <b>com.sap.tc.webdynpro.services.exceptions.WDRuntimeException: duplicate usage of view .MyCarRentalAddCity</b>
  Is there a way to get needed functional?
  Thanks,
  Lev

  Hi,
  do you need to remove the IView from the portal menu or do you just want to make a View container in your WD application invisible if the user doesn't have the rights to see it.
  If so, you could create your own roles on the app server:
  You need to create a new class that extends NamePermission like:
  import com.sap.security.api.permissions.NamePermission;
  public class ApplicationAccessPermission extends NamePermission {
             * @param name
            public ApplicationAccessPermission(String name) {
                 super(name);
             * @param name
             * @param action
            public ApplicationAccessPermission(String name, String action) {
                 super(name, action);
  Also, you have to create an Action.XML file that looks like this:
  <BUSINESSSERVICE
       NAME="com.vendor.administration">
       <DESCRIPTION
            LOCALE="en"
            VALUE="actions view usage"/>
       <ACTION
            NAME="View Permission">
            <DESCRIPTION
                 LOCALE="en"
                 VALUE="Show view"
                 />
            <PERMISSION
                 CLASS="com.vendor.utilities.ApplicationAccessPermission"
                 NAME="ShowView"
                 />
       </ACTION>
  </BUSINESSSERVICE>
  If you have created these to files in your packages, you can access this function like:
  IUser user ;
  try {
            user = WDClientUser.getCurrentUser().getSAPUser();
            if(user.hasPermission(new ApplicationAccessPermission("Show view"))){
                 wdContext.currentV_UIElement().setViewVisibility(WDVisibility.VISIBLE);
            }else{
                 wdContext.currentV_UIElement().setViewVisibility(WDVisibility.NONE);
       }catch (WDUMException e1) {
            wdContext.currentV_UIElement().setViewVisibility(WDVisibility.NONE);
                  e1.printStacktrace();
  You have to bind the ViewVisibility attribute of the context to the View Container you want to hide.
  The applicationAccessPermission you defined in the XML File will be visible in the UME Manager of you J2EE engine. With this action you can create a new role and group that you can map to the users that should see you view.
  But, the exception you get is because you have embedded one view twice, which is not possible.
  Hope this helps.
  Regards,
  Dennis

• Restrict access to users in customer line item display FBL5N

  Hi all,
  We got a requirement from my client that, they want to restrict access of their users to view details of few customers  only. The user has a right to view FBL5N transaction code, but he cannot view all customers details.
  we created 4 customer account groups,we created like .. SD customers1
                               SD customers2
                               Onetime customers
                               FI customers
  These FI customers cannot be viewed by all users except who has authorization in Tcode  FBL5N, we need to restrict to display only SD and one time customers details.
  we have tried with Basis but its not working and its blocking to view all customers.
  anyone got this kind of requirement , Is it possible to restrict....please help me.
  Thanks
  Nagesh
  Edited by: nag on Dec 27, 2011 5:26 PM

  It is standard behaviour that the authorization object F_KNA1_GRP(account group authroization) is not checked
  in the transacion FBL5N. You can confirm this functionality in trans. SE24.
  As a workaround, I would suggest you to use the authorization object F_KNA1_BED Customer: Account Authorization
  If you assign an authorization group as the accouting group, perhaps you can get a similar functionality.
  Please note that for the 'drill-down' or direct call of FBL5N these objects are checked:
    F_BKPF_BLA Accounting Document: Authorization for Document Types
    F_BKPF_BUK Accounting Document: Authorization for Company Codes
    F_BKPF_GSB Accounting Document: Authorization for Business Areas
    F_BKPF_KOA Accounting Document: Authorization for Account Types
    F_BKPF_BED Accounting Document: Account Authorization for Customers
    F_KNA1_BED Customer: Account Authorization
    F_KNA1_BUK Customer: Authorization for Company Codes
  Kind Regards
  Soumya

• Restrict access on login to some users

  Hi
  I'm building an appllication for internal use and i need to restrict access to some users... Is it possible to do that during login, considering that the authentication scheme selected is "Database Account"...?
  I thank in advance all your replies!

  Hi
  Thank you for your reply.
  I liked your suggestion of setting a condition on the login process on logon page and it's exactly what i want... But it's not working... If i set the condition when the login button is pressed, no one enters the application... If i don't set it that way, all users enter, including the ones on the "exclude list"... I'm using condition type ="SQL Expression".
  What might i be doing wrong?
  Best regards

• Restricted access to attachments in SRM 7.0 web applications

  Hi,
  We have a very specific problem regarding the handling of attachments with SRM 7.0 web applications. The system is configured to use ArchiveLink for storing documents on a remote content server, which is working fine.
  Now we have a requirement which should restrict access to certain documents to specific user groups. As an example you could say that a Purchase order has (besides others) two documents attached, e.g.
  - signed contract
  - meeting minutes
  The contract should only be visible to a limited number of people, whereas the Meeting Minutes are accessible to everybody.
  Our problem is that apparently only one Content Category ("BBPFILESYS") is used by the SRM web applications for an upload. When granting authorizations on this content category, we cannot distinguish between contracts and meeting minutes anymore.
  Comparing this with the config in ECC we can freely define document types which can be used in AUTH profiles. Is there any similar solution that can be used in SRM 7.0?
  Any help would be greatly appreciated.
  Cheers,
  Mark

  Hello,
  Have a look at note 1334202. It provides some inputs.
  Regards,
  Ricardo