Restrict corporate user to connect to the BYOD ssid

Similar Messages

• Restrict Standard User from not removing the COM-Addins registered under HKLM with Admin rights.

  Hello,
  I have developed a COM-Addin for word 2013 by VS 2013 and installed it under the HKLM with Admin rights. Now from an non-admin account, ie Standard User I'm able to uncheck that addin from the COM-Addins dialog and remove it also. Previously I have done the
  same thing for word 2007 addins and if a non-admin user tries to uncheck it the warning "The
  connected state of Office Add-ins registered in HKEY_LOCAL_MACHINE cannot be changed" pops
  up. But this is not happening for office 2013 apps(basically word, excel and powerpoint). 
  This is happening for all Add-Ins installed under HKLM.
  How can a Standard User be restricted from unchecking and removing the Office Addins registered under HKEY_LOCAL_MACHINE with same warning "The
  connected state of Office Add-ins registered in HKEY_LOCAL_MACHINE cannot be changed" in
  a pop-up box?
  Regards, Sayan

  Hi,
  The behavior is changed since Office 2010. Office 2010 and Office 2013 allows a standard user to turn a per-machine add-in off by unchecking the add-in in the COM Add-ins dialog.
  To restrict Standard User from not removing the COM Add-ins, we can try to add the add-in to
  the Group Policy option: List of managed add-ins in the Office Group Policy template.
  Word for example, the policy is under:
  User Configuration\Administrative Templates\Microsoft Word 2013\Miscellaneous
  To enable this policy setting, provide the following information for each add-in:
  In "Value name", specify the programmatic identifier (ProgID) for COM add-ins, or specify the file name of Word add-ins.
  To obtain the ProgID for an add-in, use Registry Editor on the client computer where the add-in is installed to locate key names under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins.
  To obtain the file name of an add-in, click the File menu in the application where the add-in is installed. Click Options, click Add-ins, and then use the Location column to determine the file name of the add-in.
  In "Value," specify the value as follows:
  To specify that an add-in is always enabled, type 1.
  Hope this helps.
  Regards,
  Steve Fan
  TechNet Community Support

• Domain users cannot connect to the network folders when logged in via rds remote apps

  Hi,
  recently I setup an RDS farm for remote apps on server 2012 r2.
  all users can connect to the apps published. no problems there.
  but when users connect via rds they cannot connect to the networkfolders and cannot store the resultance of there work (docx and xlsx files)
  all users are normally connected to the networkfolders using a small login batch file handing down the unc path needed. when I log in as domain admin, also using a login batch, connections are setup correctly. It seems to me to be an security issue on the
  rds session host.
  how to alter this?
  greetz, Fons
  Fons system and network engineer Balie Amsterdam

  Hi,
  Thank you for posting in Windows Server Forum.
  We use WMI to communicate with the RDSH server. Various issues can cause WMI to deny access or return error codes. Here's a few things you can try:
  1.  Check if the "TS Web Access Computers" security group on the RDSH server has incorrect permissions in DCOM and/or WMI:
     For checking DCOM security settings:
     1. Start the Component Services MMC snapin
     2. Navigate to Component Services -> Computers -> My Computer
     3. Right-click on My Computer and select properties
     4. Go to the COM Security tab
     5. Under Access Permissions, click the Edit Limits button
     6. Ensure that TS Web Access Computers is in the list, with all of the permissions set to “allow”.
     7. Under Launch and Activation Permissions, click the Edit Limits button
     8. Ensure that TS Web Access Computers is in the list, with all of the permissions set to “allow”.
     For checking WMI security settings:
     1. Start the WMI Control MMC snapin
     2. Right-click the WMI Control node and select properties
     3. Go to the Security tab
     4. Navigate to Root->CIMV2->TerminalServices
     5. With TerminalServices selected, click the Security button
     6. Ensure that TS Web Access Computers is in the list with Execute Methods, Enable Account, and Remote Enable set to "allow"
  2.  Verify the RD Session Host server's firewall allows WMI calls.
  3. Verify that the RD Connection Broker hasn't lost its trust relationship with the domain.
  4. See if non-RDS related WMI calls can be successfully made to the RDSH server. This can help differentiate between a general WMI issue and an issue calling the RDS WMI provider.
  (Quoted from following thread.)
  RemoteApp Source not working from RDWeb
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/173d4546-e12f-47c1-ac66-8b4f69826892/remoteapp-source-not-working-from-rdweb?forum=winserverTS
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• Find how many users are connected in the Oracle Server

  Hi,
  I am using Oracle 10g. My question is, is it possible to find how many users are connected in the Oracle Server. We are having one Server and we are having many client machines which will connect the Oracle.
  And one more question in the meanwhile i want to take Backup of one database which client as connected. Is it get any problem to the client machine which is accessing the server. And How to take the backup from the server machine. Any commands to process.
  Thank u...!

  Hi there.
  If You run
  select count(*) from v$session where username is not null;you'll get the number of users connected to Oracle server,
  and yes , you could do backup while users are connect to db you are backing up.
  cheers

• I want to check that how many users are connected to the wifi which i m using at present

  i want to check that how many users are connected to the wifi which i m using at present???

  Go to Utilities > Airport Utillity
  If you click on your router it should show you the "wireless clients" that are connected

• Force users to connect to the cable LAN?

  Hi everyone!
  I am a IT-administrator at a school in Norway with at least 470 computers in total. We use ZENworks 11 on about 350 of them.
  The largest problem for us is to make sure everyone using their laptop, connects to the local cable network at out school, so the computer get windows updates, policies, upgrades and other software installations and reports. About 60% of the laptops is never using the local cable network.. this is a problem since we are controlling the computers through Zenworks agent (patch, and so on)
  And if they are on the local cable network, they only use their local user, so that the policies and so on published with zenworks or active directory is never updated. This is a security issue for us!
  Is there a policy or similar to force users to connect to the local cable network, meaning: If f.ex they do not connect to this network within 30 days, the local user will be disabled (not the built-in local administrator) or anything that forces the user to contact the IT-department to enable the computer again?

  romsdal,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Visit http://support.novell.com and search the knowledgebase and/or check all
  the other self support options and support programs available.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://forums.novell.com)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://forums.novell.com/faq.php
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://forums.novell.com/

• Howto block p2p traffic of clients connected to the same ssid on different wlc

  Hi all,
  I use two wlc 4400 (4.2.x version) with a mobility domain and one ssid, both wlc are connected to a cisco l2 switch infrastructure. On the wlc I use the p2p blocking action 'drop' (http://www.cisco.com/en/US/docs/wireless/controller/5.2/configuration/guide/c52wlan.html#wp1209597) to isolate the clients from each other. Does anybody know if only unicast traffic is blocked or also multicast and broadcast traffic like arp requests?
  Concerning blocking p2p traffic of clients connected to the same ssid but different controllers I found the following statement in the LAP FAQs (http://www.cisco.com/en/US/products/hw/wireless/ps430/products_qanda_item09186a00806a4da3.shtml):
  ===
  Q. In autonomous APs, Public Secure Packet Forwarding (PSPF) is used to avoid client devices associated to this AP from inadvertently sharing files with other client devices on the wireless network. Is there any equivalent feature in Lightweight APs?
  A. The feature or the mode that performs the similar function of PSPF in lightweight architecture is called peer-to-peer blocking mode. Peer-to-peer blocking mode is actually available with the controllers that manage the LAP. If this mode is disabled on the controller (which is the default setting), it allows the wireless clients to communicate with each other through the controller. If the mode is enabled, it blocks the communication between clients through the controller. It only works among the APs that have joined to the same controller. When enabled, this mode does not block wireless clients terminated on one controller from the ability to get to wireless clients terminated on a different controller, even in the same mobility group.
  ===
  Does anybody know what's the best practise to prevent this inter wlc client traffic? I already read about using acls on the wlc dynamic interfaces, or private vlans on the l2 switch vlans where the dynamic interfaces are connected to. Is it allowed to completely isolate the wlc from each other on these dynamic interfaces with acls or private vlans or do the wlc need to see each other on this interfaces (e.g. heart beat)?
  Many thanks in advance,
  Thorsten

  Hi Sasha,Thorsten
  The bug is Junked and I believe which is what you are running into with your tests:
  CSCtr60787    WLC P2P Blocking Set to Forward-UpStream Doesn't Work.
  Bugtoolkit : http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs
  To answer your original query :
  ACL is only solution to block client communication on same ssid between 2 wlcs. 5508 works better with ACLs then 44xx platform.
  ARP requests will be forwarded to upstream router just like any other traffic. WLC won't proxy arp for clients on same vlan.
  Gateway arp's I believe should be handled by WLC . ( Don't quote me on this but I am pretty sure it is ) ..If it was not, then how would client know about gw ?
  Multicast traffic is not applicable for p2p.
  Your ACL can be as simple as this for the scenario :
  WLC 1 - clientvlan = 10
  WLC 2 - clientvlan = 10
  and you want to restrict users from wlc1-wlc1, wlc1-wlc2, wlc2-wlc2 for same vlan10.
  Basically in that case the ACL should look like on both WLCs :
  1. Permit statement to talk to gateway.
  2. Deny to subnet.
  3. Permit all.
  4. If DHCP/DNS other services are on same subnet then you would need to add a permit
  statement before the deny.
  5. Attach the ACL to SSID or dymanic interface.
  Thanks..Salil
  CSCtr60787    WLC P2P Blocking Set to Forward-UpStream Doesn't Work.

• VPN Connected Users cannot connect to the internet or send email

  I just upgraded to Xserve G5 Dual 2.3 GHz 2GB SDRAM and a 3.5 TB Xserve RAID Running OSX Server 10.4.7.
  Used to run G5 Tower running OSX Server 10.3.9.
  Running as a Standalone Server.
  Everything seems to be running smoothly other that the fact that users connecting through VPN can no longer connect to the internet while connected through VPN nor can they send email. (I assume it's the same issue).
  Wondering if password type is the issue. In 10.3.9 Workgroup Manager User password types were Open Directory for my vpn users. Previous Server was Standalone Server with Open Directory running, but not setup (weird I know.) 10.4.7, Open Directory for password is not an option... only shadowed password.
  Not running any Open Directory services other than Lookup Server: Running and NetInfo Server: Local Only.
  Any help is greatly appreciated.
  -Ed

  Unless otherwise informed, a connecting client will send ALL traffic via the vpn. Ideally you only want to route traffic applicable to the VPN and for any other traffic (browsing and external email) to go via your local 'normal' router. You can configure the VPN server to inform connecting clients about applicable VPN traffic...
  Example: the network you are vpn'ing into is 192.168.0.0/24
  In Client Information-> Network Routing Definition, add 2 routes:
  Address: 192.168.0.0
  Mask: 255.255.255.0
  Type: Private
  Address: 0.0.0.0
  Mask: 0.0.0.0
  Type: Public
  A connecting client will incorporate this routing information when connecting and thereafter send all traffic for the 192 network through the VPN (private) but send all other traffic (the catchall 0.0.0.0) to their local default router (public). Make sure you have them in that order (catchall at bottom).
  -david

• Restricting Management to HTTPS Connections on the WRVS4400N

  Where in the web management console is the toggle to restrict management sessions to HTTPS on the WRVS4400N?
  I have found this option on the WRT54G under Mangement 'Server Access' but I can not locate the setting on the WRVS4400N. I assume it must be present as it seems quite silly to drop that security setting an a more complex device with an IDS etc. built in.

  HTTPS is enabled in that location and Remote Management is Disabled because I do not want anyone to be able to manage the unit remotely.
  I want to forbid ANY management (including local) though HTTP. This is a network security requirement.

• Authorization group - to restrict other users to not see the program code

  Hi,
  I have developed report program. Is it possible to restrict the other users to don't see the program code.
  Thanks in advance.
  Regards,
  Eswar

  Eswar:
  SAP does not allow you to restrict access to your report programs. Anybody with the right autorizations can see your programs.
  There are some tricks to achieve someting like that. Tricks consists basically in write your code without enter between lines. I think there are no effective way in SAP or ABAP to protect programs source code from curious eyes.
  Ex.:
  REPORT ztest. TABLES: ztable. DATA: g_var1...
  Regards.
  Rafael Rojas.

• Problems with User Accounts connecting to the server

  I created couple of user accounts but the users can not connect to their accounts from the computer lab. i want to know how properly set the accounts to login to any computer in the lab.

  Welcome to the forums. You need to:
  1. Bind your desktop machines to your Open Directory master
  2. Create groups and user accounts in WorkGroup Manager which allow your users to log into those computers
  You will find the User Admin documents here useful:
  http://www.apple.com/server/documentation/
  hth,
  b.

• How to restrict end user from modifying/saving the workbook?

  <Moderator Message: As you deleted my comment in this thread by editing it again, I am locking it now>
  Hi,
  We have created few workbooks. The requirement is that the end user should not be able to modify or save the workbook. We tried using S_RS_Tools authorization object with "themes" in the Command ID. But this does not seem to solve our problem. Please suggest whether it is possible to enter any other value in this field to restrict access to the end user.
  We also tried including the following authorization objects with the corresponding values :
  1.S_GUI with the value Activity=60(import)
  2.S_USER_AGR with Activity = 03 and * in Role.
  3.S_BDS_DS with Activity = 03(display) and 30 ; Class Type = OT.
  4. S_USER_TCD with tcode = RRMX.
  But still the end user is able to modify the workbooks. (The end user must not be able to make changes to settings of any of the buttons in the design mode, must not be able to save the workbook).
  Please suggest the corrections required. Also kindly suggest if there are any other ways to resolve this issue <removed by moderator>.
  Your help is appreciated.
  Thanks.
  Edited by: Siegfried Szameitat on Nov 26, 2008 12:55 PM
  Edited by: suresh naidu on Nov 26, 2008 1:19 PM
  Edited by: Siegfried Szameitat on Nov 26, 2008 1:23 PM

  Hi,
  Only few people have authorization to create S.O. w.r.t. quotation (as in our case, sales ppl create quotation and Finance ppl create S.0., with reference to Quotation Only - T.Code: VTAA).
  Others have only authorization to View/ Display, VA03.
  Consult your Basis-Admin, he will create appropriate role & assign T. Code: va03 for list of user, provided by you.
  Best Regards,
  Amit.
  Note: You can't restrict anyone with T. Code: VA02, to change qty or price in Sales order, directly.

• Is it possible to restrict access to individual SharePoint Online sites (or site collections) to users only connecting when on the corporate network?

  Hi,
  We have an Office 365 environment which is linked to our on premise ADFS environment. We have started to make some deployments of sites to our SharePoint Online environment. For the majority of sites this is great and the ability to access the sites
  from anywhere is a real bonus. However, there are some sites and data that I would be much more comfortable in migrating to SharePoint Online if there were a way to make them only accessible via users/computers connected to the corporate network. 
  I have seen articles in how you can configure ADFS to allow all connections to the Office 365 tenant only from the network or not but what I am after is something which can be configured on a site by site basis (i.e. not the whole Office 365 environment
  or SharePoint Online environment) to only allow access when connecting from the corporate network.
  Any advice/help would be much appreciated?
  Many thanks
  Paul

  Hi,
  This is the forum to discuss questions and feedback for Microsoft Office, the issue is more related to SharePoint online, I recommend you post your question to the Microsoft Office 365 Community Sites and document sharing Forum
  http://community.office365.com/en-us/f/154.aspx
  The reason why we recommend posting appropriately is you will get the most qualified pool of respondents, and other partners who read the forums regularly can either share their knowledge or learn from your interaction with us. Thank you for your understanding.
  Thanks
  George Zhao
  Forum Support
  Come back and mark the replies as answers if they help and unmark them if they provide no help.
  If you have any feedback on our support, please click "[email protected]"

• Connect to a cube with Integrated WIndows Sercurity for Windows user with computer outside the domain

  Hello,I am trying to connect to an MSSAS cube with a windows user ( and i need this user to be the end user that connect to the cube) from outside the domain.It will be .Net application.I use msmdpump.dll before but the thing is it impersonate the connection
  so the user that connect to the Cube is not the real client user with is a problem for me because i like to manage the security throw roles.
  SSRS is able to do what i am trying to achieve ( it ask you your domain user and password) then connect to the cube with these credential which is great,but i do that ?
  With ADOMD.Net how do you provide windows user/password in the connection string ?
  I tryed to only active windows security access with IIS and MSSAS but it's not working with a computer outside the domain even if in excel i provide a windows user/password.
  Vincent

  With ADOMD.Net how do you provide windows user/password in the connection string ?
  Hello Vincent,
  See MSDN Connection String Properties (Analysis Services) for all available properties; addtitional: AdomdConnection.ConnectionString
  Property  =>
  Olaf Helper
  [ Blog] [ Xing] [ MVP]

• How to restrict the user(Schema) from deleting the data from a table

  Hi All,
  I have scenario here.
  I want to know how to restrict a user(Schema) from deleting the values from a table created in the same schema.
  Below is the example.
  I have created a table employee in abc schema which has two values.
  EMPLOYEE
  ABC
  XYZ
  In the above scenario the abc user can only fire select query on the EMPLOYEE table.
  SELECT * FROM EMPLOYEE;
  He should not be able to use any other DML commands on that table.
  If he uses then Insufficient privileges error should be thrown.
  Can anyone please help me out on this.

  Hi,
  kumar0828 wrote:
  Hi Frank,
  Thanks for the reply.
  Can you please elaborate on how to add policies for a table for just firing a select DML statement on table.See the SQL Packages and Types manual first. It has examples. You can also search the web for examples. This is sometimes called "Virtual Private Database" or VPD.
  If you have problems, post a specific question here. Include CREATE TABLE and INSERT statements to create a table as it exists before the policies go into effect, the PL/SQL code to create the policies, and additonal DML statements that will be affected by the policies. Show what the table should contain after each of those DML statements.
  Always say which version of Oracle you're using. Confirm that you have Enterprise Edition.
  See the forum FAQ {message:id=9360002}
  The basic idea behind row-level security is that it generates a string that is automatically added to SELECT and/or DML statement WHERE clauses. For example, if user ABC is only allowed to query a table on Sunday, then you might write a function that returns the string
  USER  != 'ABC'
  OR      TO_CHAR (SYSDATE, 'DY', 'NLS_DATE_LANGUAGE=ENGLISH') = 'SUN'So whenever any user says
  SELECT  *
  FROM    table_x
  ;what actually runs is:
  SELECT  *
  FROM    table_x
  WHERE   USER  != 'ABC'
  OR      TO_CHAR (SYSDATE, 'DY', 'NLS_DATE_LANGUAGE=ENGLISH') = 'SUN'
  ;If you want to prevent any user from deleting rows, then the policy function can return just this string
  0 = 1Then, if somone says
  DELETE  employee
  ;what actually gets run is
  DELETE  employee
  WHERE   0 = 1
  ;No error will be raised, but no rows will be deleted.
  Once again, it would be simpler, more efficient, more robust and easier to maintain if you just created the table in a different schema, and not give DELETE privileges.
  Edited by: Frank Kulash on Nov 2, 2012 10:26 AM
  I just saw the previous response, which makes some additional good points (e.g., a user can always TRUNCATE his own tables). ALso, if user ABC applies a security policy to the table, then user ABC can also remove the policy, so if you really want to prevent user ABC from deleting rows, no matter how hard the user tries, then you need to create the policies in a different schema. If you're creating things in a different schema, then you might as well create the table in a different schema.