Restricting Domain Registered devices from being used in BYOD

Similar Messages

• Office 365 AAD Password Writeback not working; Event Viewer Error: 0x80230619 (A restriction prevents the password from being changed to the current one specified.)

  Hello all,
  I'm currently setting up a Proof Of Concept setup with directory synchronisation and password syncing to Office 365, leveraging AAD Premium for the password reset and password writeback to on premises
  AD functionality. Directory Sync + Password Sync is working flawlessly with the AADSync tool. However, upon requesting a password reset for a user, I'm hitting a password writeback error. The webpage states that the password does not meet the password
  complexity policy, while it does. I can set that particular password for that account at the on premises AD without any problem.
  In the event viewer at the AADSync server, I'm seeing this Error pop up whenever I try to reset the password:
  An unexpected error has occurred during a password set operation.  "BAIL: MMS(4032): ..\server.cpp(11003): 0x80230619 (A restriction prevents the password from being changed
  to the current one specified.) Azure AD Sync 1.0.0475.1202"
  My Setup:
  Windows Server 2012 AD with a single forest
  Seperate domain joined Windows Server 2012 for AADSync tool
  AADSync version 1.0.0475.1202 with options password sync, password writeback enabled
  Service account for AADSync tool with Replicating Directory Changes and Replicating Directory Changes All permissions
  on root AD forest structure with inheritance to all objects. This account also has the permissions to Change Password and Reset Password on all descendant
  User Objects.
  AAD Premium for my office 365 tenant
  AAD Premium licenses for the test users and the office 365 account used to sync to Office 365. This account is also Global Admin.
  Could anyone help me with this? Is there something I’m missing here? My guess is that the AAD is not trusted or the service account for AADSync tool does not have the proper permissions. I’ve tried
  many options, like setting the AADSync Service account to Enterprise Admin or granting the service account Full Control over that particular user.

  Concerning my issue:
  The Default Group Policy setting: Minimum Password Age is set at 1 day. As I was testing this feature with new users, their provisioned passwords were less than 24 hours old and the Minimum Password Age of 1 prevented the change of the password.
  After changing this to 0 days in the Default Group Policy, my password resets started working for newly created users. While this might not have affected existing users in production, it had me looking and searching for permission issues on my AD.
  So for those that might be experiencing ADSync Event ID 6329 and PasswordResetService Event ID 33008 Errors when trying to do a Password Reset using AAD Premium with Password Writeback, it might be helpful to check the applied password policy.
  The issue is solved.

• Is there a way to password protect certain apps from being used? Example I don't want my child to access my apps while he's using his on the iPad

  Is there a way to password protect certain apps from being used? Example I don't want my child to access my apps while he's using his on the iPad. I don't want to lock him out of the iPad. Let him use Angry birds, but not Sims or Games not appropriate for him that I play.

  Sorry, but it is not possible to restrict use of specific apps other that the few restrictions provided in the Restrictions settings, not unless the app itself provides some sort of lock. If you don't want your child playing certain games, the only answer is to not load them on the iPad he uses.
  Regards.

• Preventing Domain Group Policy from being applied

  How can a user prevent the domain group policy from being applied to his machine? And How can I stop users from doing that?

  Hi,
  No, group policy is processed by order, that is,  local GPO is processed first, and then domain policy is processed by order, which would overwrite settings in the earlier GPOs if there are conflict.
  If you don’t want to apply the domain policy, apply a higher precedence policy or disjoin the domain.
  Group Policy processing and precedence
  http://technet.microsoft.com/en-us/library/cc785665(v=ws.10).aspx
  Alex Zhao
  TechNet Community Support

• I keep getting "Device not properly ejected" message and no device is being used.  Help?

  I keep getting "Device not properlt ejecte" message and no device is being used. Help?

  Hello,
  No external Drives, camera cards, or CDs/DVDs in use? Any Network Volumes mounted?

• Is there anyway to set a passcode for my iPhone/iPad, but prevent the device from being disabled?

  My wife and I have iPhones, and also have an iPad. We also have three children, and recently they have been trying to guess our passcodes so that they can watch videos and play games. Trouble is, after 10 attempts, the device will disable for 60 seconds, and then if the 11th attempt is wrong, the device will disable for 5 minutes, etc. My iPad is currently disabled for 60-minutes. Grrr.
  Is there anyway to set a passcode to keep the children out, and yet prevent the device from being disabled on successive attempts? I realise that this feature is there to protect our devices from brute-force attacks, but we are being penalised, in that our devices become disabled for a period of time.

  Well, so you have to ask: Is the problem your iPad or your children? Another question: If they're not to watch videos or play games, then why are they on the iPad in the first place?
  Obviously you already know the answer to your question; there is no way to set it up the way that you want to. If you nonetheless feel that you should be able to do that, then put together your best case for it and make your wishes known directly to apple via their established Feedback links:
  http://www.apple.com/feedback/ipad.html
  Posting here is no substitute for doing that

• Phone company locked my phone from being used. but i have owned it for a year

  ANY OTHER IDEAS PLEASE  I JUST WNAT TO USE MY PHONENow Chatting with Synthia
  Hello, my name is Synthia. Welcome to AppleCare chat support. Please give me a moment to look over your information.
  hi synthia
  Before we get started, in the event that we get disconnected it is most likely due to a connection or system error. It is never my intent to disconnect from our chat. If this happens, I will immediately email you your case number and our contact information so that you can either re-chat us, or give us a call.
  Do I have the pleasure of speaking with Shannon?
  Hello!
  yes honey
  i brought my iPhone a year ago from cash converters
  and now i have been told that it has been locked
  I’d love to help in any way that I can! In what way has it been locked?
  i can not make or receive anything i has someone device it as its out of warranty and they told me that it had been blocked
  i have contacted vodafone as that was the company that it was originally with but they have been unable to help me all they have done is confirmed that it has been blocked
  I just want to make sure I am fully understanding. By “blocked” are you referring to the device being locked to Vodafone? Or are you saying that it is locked to another customer or the previous owner?
  blocked to another customer and now we are unable to use they phone
  I can certainly see how that would be an inconvenience. We call this “Activation Lock” and this is a security feature that is enabled by the original owner of the device. This feature can only be disabled by the owner who enabled it.
  In this case, since you purchased it from Cash Converters, they would be the best resource for you to contact, as they may be able to reach out to the original owner.
  Once the original owner is contacted, they can remove the iPhone from their iCloud account on iCloud.com and you will have access to activate the phone again.
  vodafone is unsure who put the block on it because the vodaofone fraud squad is involved
  I've been told that the contract has been unpaid or the owner has reported it stolen
  If the device is locked to another customer, it would be due to an Activation Lock. There is a chance that the phone could have been reported stolen, and blocked by the carrier as well.
  i have all the purchase documents form cash converters and from the day we brought it
  Apple can help with most things, but in this situation it would be best to work with the carrier and Cash Converters. Apple does not have the capability of unblocking phones that have been locked or reported stolen.
  is there a way that we can put them into our name after the situation is solved
  my family have other apple phones that they have brought from there
  Yes, absolutely. However, the block is controlled by the carrier. If we are dealing with an Activation Lock issue, that is a feature of iCloud and once the owner releases the device from their account you would be able to add it to your own.
  Your chat session has ended. Thanks for using Apple's chat support
  End Chat

  Does this happen with all Wi-Fi hotspots?  A specific one?
  Have you tried forgetting the Wi-Fi connection and then reconnecting to it?
  What about power cycling the Wi-Fi router?

• How can i delete an registered device from apple account.

  Hallo
  I registered 4 device to my itunes account sometime ago a got a virus in my network and i must re-install the operating System an all 4 devices....
  So now my question..
  How can i delete the now "not more available" devices from my apple/itunes account.
  Sorry for my bad english if it is possible you can also answer in german or in simple english
  thank you

  If your system crashes or you reinstall your operating system without deauthorising iTunes first, even a single computer can use up your limit of 5 authorisations. You can't deauthorise those dead installations individually. However once you've reached your limit of 5 you have the option to deauthorise them all in one go from your iTunes Store account and start over again. *Just note that you can only use this option once a year*: About iTunes Music Store Authorisation and Deauthorisation
  To deauthorise all computers associated with your account:
  1. Click iTunes Store in the Source pane.
  2. If you're not signed in to the store, click the Account button, then enter your account name and password.
  3. Click the Account button again (your ID appears on the button), enter your password, and then click View Account.
  4. In the Account Information window, click Deauthorize All.
  See also this article: One computer using multiple iTunes Music Store authorizations

• Restricting prod order quantity from being higher than sales order quantty

  Dear Experts,
     I create production order interactively through co08 ( prod order with respect to sales order). the prod order automatically picks up the quantity in the sales order which is desired, but this order quantity field in the prod order is editable (i.e can be made higher or lower). Please how do I restrict this prod order quantity from being  higher than the sales order quantity?i mean what should be done to make system disallow the prod order qty being fixed higher than thesales order qty?

  Hi,
  Even though you create the production in refernce to the SO, the order quantity can be alter.
  This is a normal behaviour of the system.
  To restrict any change in the order quantity, you can use tarnsaction variant for CO08. T code is SHD0.
  Secondly you can use the following enhancements to restrict the same,
  PPCO0006
  PPCO0007
  Hope this helps you.
  SmanS

• Trouble deleting device from DCR using dcrcli in CiscoWorks

  I am trying to delete a device from the DCR in LMS 3.2 using the dcrcli command below:
  dcrcli -u dnescripting cmd=del id=5052
  I am getting to following error after running that command:
  <dcrcli> * Password file found using DCRCLIFILE environment variable.
  Error in Delete Device:  Device is still managed by application(s).
  Does anyone know how I can get around this and make the device not "management by  applications" through an option added to the dcrcli command?
  Thanks Ryan.

  Use del -f to force deletion:
  dcrcli -u dnescripting cmd=del -f id=5052

• Can a GPO block certain characters from being used in filenames, for SharePoint compatibility?

  What I'm wondering is: Is it possible to use GPOs to set up a prohibition on certain characters for saved file names, so that when someone attempts to save a file to a server share, it gives them a dialog box along the lines of "That name uses
  invalid characters, please call it something else and try again"?  
  The reason I ask is we've recently started using Office 365, and our server is set up to sync our office shares folder with our SharePoint Online site, so that people can access our documents from outside the office.  The problem is, the Office Uploader
  keeps running into files saved with invalid characters (invalid for SharePoint, anyway - things like pound sign, colon, etc).  I know there was a thread about a script that can go through after the fact and truncate file names, but I'm afraid this would
  confuse our users, and if possible I'd like to deal with the problem preemptively.  I'm pretty disappointed in SharePoint right about now.
  As it stands right now, if a user saves a file with an invalid character, it won't even warn them.  It'll save to the share, but simply fail to upload to the SharePoint site, and when the user goes looking for it online later, they'll be sorely disappointed.
  Some more details/background: I'm the sole (volunteer) IT guy at a small nonprofit that serves adults with disabilities, both in and out of the office.  We have about 13 computers (mostly laptops) with Win 8.1Enterprise and 28 or so employees.  
  We have a Win 2012 SBS that acts as domain controller and hosts a share that's available to all employees.  We have Office 365 E2 for NonProfits, and I've synced a Sharepoint library with our network share using SkyDrive Pro.
  We're trying to set up an auxiliary office in the next town over so clients don't have to travel all the way to our part of the county, so it's suddenly a lot more important that we get our documents online and synced up.
  If anyone has any ideas, I'd be extremely grateful!  Thanks!!

  Hi,
  As far as I know and as suggested by Mahdi, there is no such Group Policy settings which can help us to achieve this.
  However, as also suggested by Mahdi, we can ask for help in the following scripting forum to see whether some scripts can help achieving this.
  The Official Scripting Guys Forum
  https://social.technet.microsoft.com/Forums/scriptcenter/en-US/home?forum=ITCG
  If we can get such a script, we can use Group Policy to deploy the script to clients.
  Best regards,
  Frank Shen

• HT1391 my phone has been stolen can apple top it from being used

  My phone has been stolen is there a way of it being blocked so it cannot be used again?

  Welcome to the Apple Community.
  You can only locate your device when it is logged into iCloud and 'Find My Phone' is enabled, additionally the device will need to be switched on and connected to a wifi or cellular network.
  Unfortunately, you cannot activate iCloud or 'Find My Phone' remotely.
  If the device is wiped by you or another, you may not be able to locate the device (although some have reported they can)

• Can I deauthorize devices from iTunes using my ipad?

  I only have an ipad and iPhone. I DO NOT have access to a computer (stolen).   I am trying to deauthorize iTunes on all my former devices using my ipad.
  All  the information I'm finding talks about using your computer to deauthorize. This is not an option for me.
  Is there no way to do this via ipad or iPhone??

  Ipads/iphones/ipods/apple tvs are not authorized at all.
  Authorization applies only to computers.
  You can only deauthorize from a computer.

• How to prevent email id from being used to send out bogus emails?

  My yahoo email id was "hijacked" last week and bogus emails were sent out under my id to my contact list. I have a macbook with snow leopard and norton antivirus. What can I do to prevent this from happening again.

  Welcome to Apple Support Communities.
  If you haven't already done so, change your Yahoo password to something extremely secure.
  Then go to Yahoo's recommendations for compromised accounts, found here:
  http://help.yahoo.com/kb/index?page=content&y=PROD_MAIL_CLASSIC&locale=en_US&id= SLN3420&pir=.ERun_NibUlqprOy6AQ5KLRAOrUdr0acOZBh12BjZ6uUgTx7O5KFy_g3RVY.usintguY mSbHjESfUDXQC_FwPo2Cxt_KEGnx3QnKIu6C7_5._vmX207fxMRD53yXCsEdulnEIA1af.bHN_fWp2R_ tQ_5VnaDSXZv1mCvr1ctsfKaP._9hTnsSqrM4SMQ6b_tNq7QQHsysg1qM14mLsADfJLF2DZmVIYIPDpo hK15cCGe_JhidaJ1Vxt5O07TuhoshHRCrQ3eaa0gkp6dnbqceRgKRWuaLKDL7L6ovGban7n4UzFvdWWp x4TDgNxgLv3ehjmTj0.Hnh1lHKWL6cG6iJ0E1xjY_jfBAX3d2cwKpgTDV_AI8T25LElgA_upWicMBpj_ OjZ9sk9asfCbAOTXnQ--
  It's likely the hacker sent spam to your Yahoo-account email addresses, without accessing your Mac Address Book. (Most of the time it's hard to tell, because you probably have many of the same addresses in both lists.)
  Next, change your password on EVERY account.
  Make certain that every site you visit as a registered user has a unique account name and password.
  Yeah, that can be a lot to manage.
  Let your Mac 'Keychain' help manage all that information by remembering which user ID and which secure password goes where. There are password manager programs for sale such as 1Password. I don't currently use it, so I can't recommend it.
  In my experience, there is ongoing and widespread 'hacking' at Yahoo, Hotmail, and other popular free email accounts. Why? Because most free email accounts permit unlimited unsuccessful login attempts and never 'lock' accounts for suspicious activity the way banks and brokerage firms do.
  So far, the hackers are primarily using the accounts send out 'spam' to your trusted email list.
  Hacking most often occurs when someone discovers or guesses the password to the email account, and it's about 99% certain that it had nothing to do with your MacBook, or any malware or virus on your physical computer. No, it doesn't hurt to run a virus and/or malware scan, but it is 99% unlikely you'll find anything harmful to OS X. You may discover a few of your incoming email attachments DO contain Windows viruses and malware!
  Virtually everyone I correspond with via a free Yahoo account has been 'hacked' in the last six months. Three Yahoo friends sent me the same 'no subject' email with a surreptitious link to a FoxNews video about weight-loss in the same day!
  When thousands or millions of passwords and/or account names are revealed and posted online (as documented here:http://www.latimes.com/business/technology/la-fi-tn-eharmony-hacked-linkedin-201 20606,0,4578300.story ) enterprising hackers worldwide will begin systematically testing them everywhere.
  If your email address is widely-used and widely-published and your password is not very secure, every account you have is eventually vulnerable.
  DO USE a combination of upper and lower-case letters mixed with numbers and permitted punctuation that does not contain common sequences, names, or dictionary words.
  If you don't want to buy software, use the first letters and numbers of phrases that are easy for you to remember, but meaningful only to you. The longer the phrase, the better:
  MyLimeGreen72DodgeDartHadA340Six-PackEngineAndATorque-FliteTranny!
  MLG72DDha340S-PEaaT-FT!
  Of course I don't actually use that, but yeah, there are still a few of those cars around: http://www.youtube.com/watch?v=kUk0jdmAKzM

• How can I prevent breadcrumbs from being used on the first page?

  Hi,
  I'm using the latest version of the technical communication suite to produce a WebHelp
  layout from a framemaker book. Thanks to all the help I've received so far it's proceeding
  well, although slowly.
  II have an initia l'home'  page, that isn't present in the TOC, just with a program logo, a company
  logo and a helpdesk address. How can I stop breadcrumbs from appearing on this page?
  I'm happy for this to be the Home page and to keep the word Home, and it is a separate
  document in the linked framemaker book.
  Has anyone got any ideas as to how I can do this?
  Thanks in advance for your help.
  Best wishes,
  Karen

  Hi Karen
  To each his or her own. Jeff's approach certainly will work but will require you to repeat the process each time you generate. With the approach I outlined you would only need to do things once.
  As for the breadcrumbs not appearing at all, it depends on *WHERE* in the Master Page you elected to add them. In order for the approach I outlined to work, you need to ensure you add the placeholder *OUTSIDE* the Body placeholder. Then you should see breadcrumbs on the pages you have associated with the Master Page.
  Cheers... Rick
  Helpful and Handy Links
  RoboHelp Wish Form/Bug Reporting Form
  Begin learning RoboHelp HTML 7, 8 or 9 within the day!
  Adobe Certified RoboHelp HTML Training
  SorcerStone Blog
  RoboHelp eBooks