Restricting Max users login

Similar Messages

• 802.1X wirelss restriction on User Login policies

  Hi all,
  Seeking some technical idea on Wireless 802.1x setup.
  Business requirement is:
  "User login policy: to limit the number of concurrent login by a single user only apply to one device at any given time. "
  There is no problem on PEAP/MSCHAPv2 login, only thing is the same user credential able to be use and login on multiple device, in the same time.
  On the NAD part, we configure these on WLC but still cannot achieve our objective
  - advanced eap max-login-ignore-identity-response disable
  - netuser maxuserLogin 1
  Seeking technical solution on this case, please advice. Is there anything need to tweak on the directory server or ACS part?
  The components using as below:
  Supplicant 1: Window 7, authentication method using PEAP/MSCHAPv2
  Supplicant 2: iPhone iOS version 6.x
  Authenticator: Cisco Wireless Controller 5800 Series on code version 7.2
  Authentication server: Cisco secure server ACS 5.3.0.40
  Identity Source : Microsoft server 2008 R2 ADDS, single forest single domain.
  attached the network diagram: topo1.png

  http://www.cisco.com/c/en/us/support/docs/wireless/5500-series-wireless-controllers/112175-acs51-peap-deployment-00.html

• Restrict local user login via GPO

  I need a way to restrict domain user's access to the PCs in my department. All users at the company are put into company wide general user groups and then, as a department, we put them into separate user groups per department OU. I want to restrict access
  to all users except the users in my OU user groups but there are hundreds of other user groups created by other departments so direct exclusion per group is out. I need a way to restrict everyone except my users via a group policy object. 
  Any help is appreciated.

  Hi,
  Please follow the below steps for denying logon to all users, except the users who are the members of groups in your department OU,
  1. Create a new group called "MyExcludedGroups" (To whom we are going to add the groups, for excluding logon to your department computers).
  2. Check the below steps for adding the groups to "MyExcludedGroups" group using powershell,
  - Go to Start -> Open Windows Powershell using Run as Administrator 
  - In the powershell type, set-executionpolicy unrestricted (for allowing commands to execute)
  - Type the command import-module activedirectory           (to enable and execute AD cmdlets)
  - For example to add the groups in "ou=test1,dc=mydomain,dc=com" to "MyExcludedGroups" group, type the below commands,
             $test1=Get-ADGroup -Filter * -SearchBase "ou=test1,dc=mydomain,dc=com" 
             Add-GroupMember -Identity MyExcludedGroups -Members $test1
        Similarly you can run the commands on each OU to add the groups to "MyExcludedGroups" group.
  3. Create a Group Policy Object (GPO) linked at the OU containing your department computers called "Deny Interactive Logon".
  4. Right click and edit the GPO "Deny Interactive Logon" and navigate to the node "Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment".
  5. In the "User Rights Assignment" node add "Deny log on locally" permission for "MyExcludedGroups" group.
  Regards,
  Gopi
  www.jijitechnologies.com

• Restrict user login

  Dear All,
  DB we use 9.2.0.1.0
  Can i restrict the user login once.
  What i mean is when user logs in unless and untill he logsout he cannot connect to DB again.
  e:g : User1 logs in and starts one report/form at the same time User1 again wants to login and run same or other report/form he should not be allowed to login and appropriate message to be shown to the user.
  Thanking You in anticipation
  Best Regards,
  Devendra

  Dear Miehoff;
  Following are the steps carried out by me
  SQL> connect posys/posys@dev
  Connected.
  SQL> CREATE PROFILE clerk LIMIT
  2 SESSIONS_PER_USER 1
  3 IDLE_TIME 30
  4 CONNECT_TIME 600
  5 /
  Profile created.
  SQL> alter user posys profile clerk;
  User altered.
  Simultaneously I loged in another oracle client
  SQL*Plus: Release 8.0.6.0.0 - Production on Wed Jul 16 15:52:21 2008
  (c) Copyright 1999 Oracle Corporation. All rights reserved.
  Connected to:
  Oracle9i Enterprise Edition Release 9.2.0.1.0 - Production
  With the Partitioning, OLAP and Oracle Data Mining options
  JServer Release 9.2.0.1.0 - Production
  SQL> show user
  USER is "POSYS"
  SQL>
  It allowed me to connect to posys user againg.
  What my question is if SESSIONS_PER_USER 1 then why it is allowing me 2 login second time i.e same user is connected having 2 differnet session.
  Best Regards,
  Devendra

• WLC 4400 issue on "user login policies" parameter.

  Hi,
  I'm using a Cisco Wireless controller in my company.
  (the model is a AIR-WLC4402-50-K9 in 4.2.207.0 version).
  The WLAN is configured with WPAv2 AES and 802.1X (PEAP MS-CHAPv2) authentication on an external Microsoft IAS server (2003 R2).
  the authentication rely on Active Directory login and password.
  The user authentication works fine and the WLAN too.
  But it's possible for a single user to log on different laptops with the same AD login and password and use the wireless network.
  And it has to be forbiden by  "user login policies" parameter set to 1 on the WLC (in security parameters).
  Does anybody says if it's a known issue and how to solve this problem?
  thanks,
  raphael Paviot.

  Dancampb,
  Many thanks ,  you're right, I have to find the solution on IAS server side.
  In fact, I have also applied these commands on the controller and the max-user login works (in the case of an externan radius server).
  I have seen it in the "message logs".
  (Cisco Controller) config>advanced eap max-login-ignore-identity-response disable
  (Cisco Controller) config> netuser maxuserLogin 1
  But the problem still remain , because the IAS server is not case sensitive for user logins instead of the Wireless Controller.
  For exemple:
  raphaelpaviot login and RaphaelPAVIOT login are:
  -one user for the IAS server.
  -two different users on the WLC.
  cordially.

• How to restrict a user to login twice

  hei evryone!
  Here's my prob... I need to restrict a user to login more than once meaning, if a certain user account is currently login , that account cannot be used concurrently using another window or machine... If another user attempts to login, using that same account an error message will be displayed saying "this user account is already logged in".. i tried to do this in javascript but the code that i've got only works for IE and its kinda hard to capture the event for closing window.. plus using onunload is not advisable with my situation since my webpage can be redirected to other codes meaning the cause of unloading the page could either be closing the browser or redirecting the window to another page such as window.location="anothercode.jsp";... I was wondering if there's a way to do this in jsp...
  Any suggestions, ideas, or sample codes would be deeply appreciated. Thanks in advance!
  btw, i need to generate a code that is cross browser.. What i really need to accomplish is to be able to determine when the browser is closed either by clicking the X button on the window, alt f4 or my own close button and not when the page is unloaded.
  Here's a sample code : This only works in IE =(
  ---------- default.jsp-------------------------
  <html>
  <head>
  <script language="Javascript">
       onunload=function(e) {      
       winX = navigator.appName=="Microsoft Internet Explorer" ? window.event.clientX : e.screenX;
       winY =navigator.appName=="Microsoft Internet Explorer" ? window.event.clientY :e.screenY;
  if (winX<0 && winY<0)
            // redirect to logout.jsp n do some stuff
  </script>
  </head>
  <body>
  Logout
  List
  View Schedules
  </body>
  </html>
  the default screen would be the code above: "default.jsp" wherein there are many ways that the page
  can be unloaded such as :
  - clicking the logout link
  - click the View Schedules
  - click the x button the left side of the window
  - alt f4
  - if the window is minimized , right click then select close option
  Now, what i needed to do is to determined when the browser is closed so i reset the login flag of the account and can be used later on.

  hei everyone!
  im tryin to resolve this prob by adding a session id field on the users table. Everytime a user logs in i will update the session id field so that if anyone attempts to use the same account i will redirect the later into the login page with a warning msg. I'll do this by comparing the session id that u got from the dbase and the session id from request.getSessionId() of the browser. However, my prolem now is how to cleanup my database.. i need the cleanup coz i have a user tracking screen wherein i cud show who's account are login n who's not. I have created an applet and embed it in all of jsp files so that i cud catch the event for closing window whether by using the x button of the window or a power intrerruption. However, i need to find a way where i cud determine whether the event was really a close window or just a redirection from another page. I mean , you could leave the page either by viewing another screen or by actually closing the window.. For instance, my main page has main menu which are (1) View Users and (2) View Schedule .By default, im in the "View Users" screen . These two menus have their corresponding jsp n both jsp files have an embeded applet. So if the user click the "View Schedules " screen or if the user chooses to click the logout button or window's x button to exit the browser, then the applet will call the stop method. This what i meant by how will i determine if the user really exits on my application or not.. Coz if the user clicks from one screen to another then, user actually does not leave my application the user only exit on my application if the user logs out or close the window..
  Please help me out on this matter... Thanks in advance!

• Restricting user login

  This is regarding, restricting user login.
  my application pointing to Oracle Database.
  for example: one user loggedin with userid: nbiaadmin.
  when the same user trying to login using another browser or another system. Then i want to invalidate the existing user's session and allow new user to login.
  how to achieve this?
  please let me know.
  Thanks,
  Natesh.

  You try running maxl with something like
  alter system logout session on application appname force;
  alter application appname disable connects;
  then your load then
  alter application appname enable connects;
  Cheers
  John
  http://john-goodwin.blogspot.com/

• Restrict SAP user ID login on certain PC

  Hi,
  Is there a way to restrict the SAP user ID to login only on certain PC?
  Example User ID A can only login at computer A. He cannot login SAP if he using computer B.
  Kindly please advise. Thank you.

  Hi Li,
  Find below two steps: a) To track the user in SAP with any number of logon's and other to restric user from a single login prespective:
  Single PC login:
  Implement Note 748424.
  All logons are then entered with the terminal ID, the user ID, the SAP GUI version, patch level and how many time logged in.
  e.g.
  Terminal ID User Operating System SAPGUI Version Patch Level Logins
  PC111555 USER1 WINDOWS 710 22 7
  Tracking user in SAP with multi logins:
  It is possible to track the audit log filters using SM19 transaction code. Once the filter is applied, the system will start tracking all the activities of the users (Based on the options you select in the filter.)
  You can further use SM20 transaction code to analyze the audit logs where you can find the user login/logout time, transaction executed by the user, amount of time he spent in each screen etc.,
  As the audit logs occupy more space, you should be careful while choosing the filter option. The old audit logs can be deleted using SM18 transaction code.
  There is also a background system house keeping job that deletes the old logs from the system.
  Do let me know if this helps you.
  Thanks
  Madhu

• Restrict ESS user to login via sapgui

  Hello All,
  Can anyone pl  suggest if the ESS users can be restricted by some means to access into the R/3 via the sapgui.
  Thanks in advance

  Shiva,
  By design SAP B1 permits two instances for one user login.  Therefore the same user/ password will be permitted to login on 2 clients at the same time.
  I do not think this can be changed.
  Suda

• How we can restrict remote user to access same URL?

  HI,
  We have two remote sites A and B.
  Site-A    ---  Users accessing application by using this URL: http://frsys.abc.com.pk:7777/forms/frmservlet?config=sales
  Site-B    ---  Users accessing application by using this URL: http://frsys.abc.com.pk:7777/forms/frmservlet?config=market
  We want to restrict the users A and B, to access the login pages vise versa.
  Regards.

  Hi,
  I m not sure how the task would be achieved throughOAS.
  But with the help of developer n DBA,we can restrict the users A and B, to access the login pages vise versa.
  1) Create 2 tables in DB,one table which contains only user A and another only for user B
  2) With the help of Developers,create inital login page(Userrname/Password) for both applications ie Site A and Site B
  3) At Login page validate with the respective table created ie check whether the user is from table A or table B
  Regards,
  Fabian

• How do i Restrict the users up to the self service pag only in IDM 11g

  Hi all,
  can any one please help me out to restrict the users to self service page only in 11g.
  thanks for your time and support
  Regards
  Siva

  Your user will have the Administration page if they have an Authorization Policy configured to allow the user any of the User Management or Role Management Functions. Also, if you login as a user that has those tabs, and logout while on the Administration tab, sometimes i've noticed the new user logging in with the same browser session will be in the Administration tab but with no items available.
  -Kevin

• How to get an alert when user login with "DDIC" in any of the systems?

  Hi all,
  Can it be possible when ever the user login with DDIC user  in any of the satellite system,can we we  get an alert -as DDIC login attempt in any system?
  Is this possiblem in CCMS or BPM or...?
  Regards,
  Neni

  Hi Srikrishna,
  Link which you have give is good.But when i login with DDIC i am not geting alerts and i am not able to add any satllites system to
  under Security node
  My configuration:
  Miximum values for list                               1 min
  When should an alert be triggered?
  From value                   Red               Severity      2
  Max. number of alerts for each message ID             50
  Max. number of lines to be saved                      50
  SM19
  Client     *                                                     Events
  User       DDIC selected -Dailog logon         Alll
                                         systmem
  Please help me.
  Regards,
  Swaroop

• Generate User Login in "Create User" Request

  Hi Guys,
  I have more a problem. To create user, I am using a Request (Create User Template), I managed add the attributes that would necessary normally, but I use a Event Handler (Post-Process) to generate user login. So I marked the User Login in Attributes Restrictions, fixing an user login default for example: autogenerate.
  Then I created a new request to create user, I filled out all the fields that I marked to appear. I approved this request, and the user is created with the User Login generate by my Event Handler normally. The issue is, when I create 2 create user requests, as I use a Default value in the User Login attribute, if the first request still isn't approved, the second request isn't created because the "autogenerate" user login already being used.
  Exists some otherwise to I resolve this issue?
  Thanks

  Hi Bikash,
  Use a prepopulate adapter an attribute with timestamp is nice idea, but I use the "Create User" template CreateUserDataSet.xml and not exists a form in Design Console to associate the prepopulate adapter.
  I had thought in eventhundler because I use a method that check on Active Directory if the user login generated by other method, already is being used. And I use this eventhandler in HR GTC recon too.
  About XL.LDAPReservationPluginImpl, I opened the oracle.iam.identity.usermgmt.impl.plugins.reservation.ReservationInOID but I not understood as use this option. If I needs add in this class my method of generate user login. If I needs implement an new class similar to this class, using my methods and associate the name of class in XL.LDAPReservationPluginImpl.
  Thanks a lot

• How to restrict the user to enter only numeric values in a input field

  How to restrict the user to enter only numeric values in a input field.
  For example,
  i have an input field in that i would like to enter
  only numeric values. no special characters,alphabets .
  reply ASAP

  Hi Venuthurupalli,
  As valery has said once you select the value to be of type integer,once you perform an action it will be validated and error message that non numeric characters are there will be shown. If you want to set additional constraints like max value, min value etc you can use simple types for it.
  On the project structure on left hand side under local dictionary ->datatypes->simple types create a simple type of type integer
  The attribute which you are binding to value property ;make its type as simple type which you made
  Hope this helps you
  Regards
  Rohit

• What are the steps necessary to allow a single user login the ability to execute a single stored procedure and nothing else.

  Hello,
  I have a request to create a user login and restrict that user to only be able to execute a single stored procedure.
  Is this possible using only TSQL commands? 
  Am i on the right track here?
  USE MyDatabase
  GO
  CREATE LOGIN [mylogin] DEFAULT_DATABASE = [MyDatabase], CHECK_POLICY = OFF, CHECK_EXPIRATION = OFF
  GO
  CREATE ROLE exec_single_proc_role
  GO
  exec sp_addrolemember 'exec_single_proc_role', 'mylogin'
  GO
  CREATE SCHEMA [restricted] AUTHORIZATION mylogin
  GO
  GRANT EXECUTE ON SCHEMA::restricted TO exec_single_proc_role
  GO

  Thanks for the reply.
  This particular user should need to be able to Alter, Execute, and View the stored procedure as well.
  Here is what i ended up with:  Any improvement are appreciated.  Thanks
  USE MyDatabase
  GO
  --DROP SCHEMA
  IF EXISTS (SELECT * FROM sys.schemas WHERE name = N'restricted')
  DROP SCHEMA [restricted]
  GO
  --DROP SERVER WIDE LOGIN
  IF EXISTS (SELECT * FROM sys.server_principals WHERE name = N'MyUserLogin')
  DROP LOGIN [MyUserLogin]
  GO
  --CREATE SERVER WIDE LOGIN
  CREATE LOGIN [MyUserLogin] WITH PASSWORD = 0x0100F1CF6792E602EF40DFF55983FDE81A9 HASHED, SID = 0xC33B04EECE59DC4C95BE66ED9B15D13D, DEFAULT_DATABASE = [MyDatabase], CHECK_POLICY = OFF, CHECK_EXPIRATION = OFF
  GO
  --DROP ROLE
  DECLARE @RoleName sysname
  set @RoleName = N'exec_single_proc_role'
  IF EXISTS (SELECT * FROM sys.database_principals WHERE name = @RoleName AND type = 'R')
  Begin
  DECLARE @RoleMemberName sysname
  DECLARE Member_Cursor CURSOR FOR
  select [name]
  from sys.database_principals
  where principal_id in (
  select member_principal_id
  from sys.database_role_members
  where role_principal_id in (
  select principal_id
  FROM sys.database_principals where [name] = @RoleName AND type = 'R' ))
  OPEN Member_Cursor;
  FETCH NEXT FROM Member_Cursor
  into @RoleMemberName
  WHILE @@FETCH_STATUS = 0
  BEGIN
  exec sp_droprolemember @rolename=@RoleName, @membername= @RoleMemberName
  FETCH NEXT FROM Member_Cursor
  into @RoleMemberName
  END;
  CLOSE Member_Cursor;
  DEALLOCATE Member_Cursor;
  End
  IF EXISTS (SELECT * FROM sys.database_principals WHERE name = N'exec_single_proc_role' AND type = 'R')
  DROP ROLE [exec_single_proc_role]
  GO
  --DROP USER
  IF EXISTS (SELECT * FROM sys.database_principals WHERE name = N'MyUserLogin')
  DROP USER [MyUserLogin]
  GO
  --CREATE USER AND ASSIGN DEFAULT SCHEMA
  CREATE USER [MyUserLogin] FOR LOGIN [MyUserLogin] WITH DEFAULT_SCHEMA=[restricted]
  GO
  --CREATE SCHEMA
  CREATE SCHEMA [restricted] AUTHORIZATION [MyUserLogin]
  GO
  --CREATE ROLE
  CREATE ROLE [exec_single_proc_role] AUTHORIZATION [MyUserLogin]
  GO
  --ADD ROLE
  EXEC sp_addrolemember 'exec_single_proc_role', [MyUserLogin]
  GO
  GRANT EXECUTE ON SCHEMA::[restricted] TO [exec_single_proc_role]
  GO
  GRANT EXECUTE ON OBJECT::[dbo].[MyStoredProcedure] TO [MyUserLogin]
  GO