Restricting vnc to one user
I enabled Apple remote desktop in preferences on my iMac using Tiger. in the accessibilty screen i set up a password and designated only a specific no-admin user to have access. i left the computer logged in to my main user account (has admin privileges) and went to work.
From my work computer (linux) i launched tightVNC and found myself looking at my main user desktop with full privileges to do what i wanted. i had to enter the vnc password to get there but i did not have to enter a user name or an account password.
can i restrict vnc access to just one user?
You could force remote clients to tunnel their inbound VNC connection through ssh, in order to restrict access. I've got a couple of posts in one or more of these forums that explain how I set up my computer to do that.
Additionally, in Sys Prefs | Sharing | Services, when you check ARD checkbox then click on Access Privileges, you can restrict what individual user accounts (on computer that is acting as local VNC server) can do, by highlighting user account, then clicking the appropriate privileges checkboxes. Would that give you enough control over other users?
Plus, don't leave the VNC server computer in a logged-in state. You can login once you've made the VNC connection.
On the Mac, the freeware client CotVNC has a checkbox on the connection page that allows a user a choice as to whether to permit simultaneous connection to an active session by another user, or to be exclusive user of a session. Hopefully, tightVNC does, too.
So, limit other accounts' VNC privileges in Sys Prefs | Sharing | Services | ARD | Access Privs, tunnel connections through ssh, be exclusive user in an active session, and then login to your account on the VNC server computer's login window. That might be enough protection to meet your needs.
Similar Messages
-
How can I restrict more then one user to access the table?
Hi !
I have a problem and two solutions and I am a bit confused as to
which one is the best one and/or can there be any better way of
handling the problem ?
Problem : I have to update a key field of a table when I update
it in the form 5.0 screen. I am basically doing a maintenance of
a table and if a certain field is updated then the change has to
be reflected in two more tables. But the issue is that the field
is a part of the key in those two tables. So all I can think of
is that I need to insert new set or rows for that new value of
the field and delete the old set of records for old values of
the field.
There are two ways of doing it;
1.One option can be to explicitely define two cursors separately
and fetch the values in them one by one and then insert the new
records and then delete the old records in both the tables. This
I feel will be a cumbersome process both in terms of processing
time and the coding.
2.Second option I was thinking can be to create two flat tables
(without keys) and insert the values in them and update the
changed field there and then insert the rows in the respective
tables. Delete the old records in the main tables and delets the
records in these flat tables. This is a bit more faster and
easier to predict and code. This seems to be a better option for
me.
Any comments on these ?
In both the cases I was thinking of making some provision so
that more then one person can't update the table simultaneously.
Since if there are more then one persons doing the processing
then some inconsistency might creep into the whole process.
This is easier to do in the second process as if I check the
data in the flat tables and if there is some data then I can
presume that some one is doing the processing and I can ask the
other person to hold for a while. But in this case how can I
stop more then two people to simultaneously check for the empty
table and start inserting the record ?
I was just thinking of having a sepatare table having only one
field and this will be a key field and as the process begins the
process will insert a fix value say 'Y' in the key field and at
the end of the process the record will be deleted and this way
we can restrict the user to access the process more then one at
a time..? Since you can't have same value of the key in a table
more then once.
Any better way of handling it will be deeply appreciated.
How about locking the table at the begining and releasing the
lock at the end ? Will there be any issue in that? since I am
inserting and deleting the rows in the same transaction.
Comments welcome,
Shobhit
nullHow about performing the update IN the database using a stored
procedure?
By using non-database fields on your form to get the
information, you can then call the procedure in the database to
perform the updates. If an error occurs in the procedure you
rollback, if necessary, and send a message or status back to the
form. If it succeeds you might wish to commit and then re-
execute the form's query -- using either the original key values
or the new key values...
null -
Restrict number of concurrent programs running by one user.
Hello,
How can I restrict whole number of concurrent programs running by one user?Hi
I am not sure if I understand the question correctly, but if you are asking what I think you are asking, then you can restrict the number of simultaneous concurrent jobs that a user is allowed to run with this profile option;
"Concurrent:Active Request Limit"
I recommend that you set this at the User level and not the Site level since this parameter has caused problems for me in the past (certain types of transactions submit a batch of concurrent jobs, and if all the jobs are not able to start at the same time then the concurrent jobs go into a pending state and never complete. I have not worked out why this happens, so I just stopped restricting the number of concurrent jobs that a user could run).
Frank -
Transfer music from one user account to another on the SAME mac?
My family (wife, son, daughter, and me) share an imac but we all have our own user accounts. Our entire itunes music library is in one user account and is getting to the point of being unmanageable.
Can I move some of my itunes library (e.g., my son's music) to another user account on the same iMac? Some songs were imported from CD and others were purchased from my Apple ID number.
It's my understanding that an ipod can only be synced with one itunes library at a time, but I thought Apple also restricted the usage of music bought from itunes to a finite number of computers. If this is true, I think I would be able to transfer a group of songs from one user account to another so long as the user accounts were on the same computer.
I was told that I could just drag the songs into a shared folder and then log into his account and drop them in iTunes.
Some specific questions:
1) Can I move all music files (CD and purchased) to the shared folder for dropping into his account?
2)The purchased ones were purchased under MY apple ID which I do not want to give him access to. Should I create one for him or just have him use mine and wait for my password. I would like to put an allowance on his new ID number and keep it separate from mine. Would that make a difference in the future if I wanted to use one of his songs on my iPod or in an iMovie project?
I just reinstalled my Lepoard OS X and put all my data back. I did not deauthorize anything before I did this. Did I need to? Or is even a clean install on the SAME machine ok and seen as the same authorization?
Thanks in advance!!You can give him copies of song files, either by using a shared folder, or by putting the copies on a USB flash drive from which he can copy them to his own iTunes library.
Any DRM-protected tracks that you have purchased from Apple can only be played if the user has authorization to the account(s) from which the tracks were purchased. Authorization requires physical access to the computer and knowledge of the password, and you can figure it from there!
Message was edited by: ed2345 -
How to restrict login for multiple users having same Role
Our Web Application is deployed on Tomcat 5.5
The requirement is ?
There are roles in application like "operator", "admin"?
There are multiple users created for each of the above role.
When one user of "operator" role is logged in, then
It should not allow to login for another user of "operator" role.
Also, if user did not log out & application gets close, then
It should not allow to login for another user of "operator" role.
Also, it should not allow to login for multiple requests of same user
(using another browser instance...)
Is it possible using session object?
But, using session object, it will create separate objects for different users,
So here I will not be able to restrict session object creation rolewise.
Also, how to retrieve these multiple session objects created for different users on server?
If anyone is having the solution please reply as soon as possible,
Thank you.To tell you the truth, this is a stupid requirement. It must be an extremely fragile application.
In any case, you will have to write your stuff for that. Probably a filter that on login, logout, and session expiration checks, makes, or removes entries in a DB (using a synchronized resource to prevent race conditions) or possibly even simply in an application context object. -
How to limit the max dialog no that one user can use at the same time?
Hi,
I meet one performance problem that one user can open 6 sessions in the GUI and he/she can run 6 reports at the same time witch could occupy 6 dialogs in the sap R/3 instance. It makes poor performance for other users.
Would you pls tell me how to limit the no. of sessions one user can create at the same time or how to limit the no. of dialogs one user can occupy at the same time?
Thanks a lot!
I used this parameters in the default profile as blew:
rdisp/rfc_check 1
rdisp/rfc_use_quotas 1
rdisp/rfc_max_own_used_wp 20 (means: 20%)
It still didn't work.
SeanHello,
We can reserve DIA W.P by giving value to the parameter :- rdisp/rfc_min_wait_dia_wp=1(default)
that have to necessarily remain free for other users.
This parameter is used to reserve a number of dialog work processes for Dailog mode.
For eg. If 10 dialog w.p. are configured for the instance(rdsip/wp_no_dia=10) and the parameter rdisp/rfc_min_wait_dia_wp=3 is set,parallel RFC's can occupy a maximum of 7 DIA W.P.3 DAI W.P. always remain free for dialog mode.
But now the question is how we assign/restrict this free dialog w.p. to the specific user.
Reply...
Regards,
JUNAID -
How to restrict changing password for user ?
Hi All experts ,
We have created users . Users should not change their password without permission of Administrator . How to restrict them by setting Permissions / Authorizations ?
Thanks.
KISHORE SATPUTEHi,
In "USER MAINTENANCE- SU01" --> in the "logon tab" there are 5 different "user type"
1. dialog
2. system
3. communication
4. service
5. reference
Kindly mention the function and role of all the above mentioned user types specifically and hows is one user type different from another.
These are as follows:-
1. Dialogue:-
For this kind of users:-
GUI login is possible.
Initial password and expiration of passowrd are checked.
Multi GUI logins are checked.
Usage:- These are used for GUI logins.
2. System
For this kind of users:-
GUI login is not possible.
Initial password and expiration of passowrd are not checked.
Usage:- These are used for internal use in system like background jobs.
3. Communication
For this kind of users:-
GUI login is not possible.
Users are allowed to change password through some software in middle tier.
Usage:- These are used for login to system through external systems like web application
4. Service
For this kind of users:-
GUI login is possible.
Initial password and expiration of passowrd are not checked.
Multiple logins are allowed.
Users are not allowed to change the password. Only admin can change the password
Usage:- These are used for anonymous users. This type of users should be given minimum authorization.
5. Reference
For this kind of users:-
GUI login is not ible.
Initial password and expiration of passowrd are not checked.
Usage:- These are special kind of users which are used to give authorization to other users.
Rewads point if helpful
Thanks
Pankaj Kumar -
After installing Mountain Lion, why is there Yahoo access for one user but not another?--both are administrators.
We've had several instances where we have had to run chkdsk on arrays with over 1m files. Average completion time is approximately 72 hours. The maximum downtime window they have available is the 64 hour weekend window. File sizes and number of files were
much smaller then than they are now.
The idea, in theory, was to use VHDs to compartmentalize the data into smaller volumes which could be more easily managed. It would also improve performance when transferring these compartments of data as they would use sequential read/write rather than
fragmented/random. This idea was never fleshed out in entirety, they don't split data up into little containers, but simply into big ones per project. Hence the 11m files in one container that I am currently trying to diagnose.
Some other important facts: The VHD in question is mounted in B:/project/ as this server also allows remote workers to log in, but they are restricted to see only data in E:. Disks A-D are hidden via group policy.
Update: icacls is failing on a large number of files within this dataset. I counted the path characters to ensure it wasn't the 255 character limit I was encountering and verified that the paths being blocked are only about 150 characters long. Once it finishes,
I'll have to try taking ownership and then re-running it. At this point I still have no idea how long to expect. I'm running out of time as the environment will be in use again at 9AM tomorrow morning. -
Failed to parse SQL query by one user
Hi all,
in my app i have a text-item with a submit button. In this item i type a name and a report after the item-region show me the result(s). this works for all my users (>2000) perfectly, but one of this users become an error in the report-region:
failed to parse SQL query:
ORA-01403: no data found
We try this with the same searchstring on the same computer/browser. If i logged in the result is ok, if the user logged in, the error message shows. If i try this on the computer from the user with me logged in, result ok. If the user try this on an other pc, results error.
I have an productive and a developer workspace. In the developer workspace the user can try this perfectly without errors. Only in the productive workspace the error shows.
The SQL-Select in the reprirt ist verry simple:
select id
, name
, raum
from table
where instr(upper(name), upper(:P60_SEARCH))>0
However all users can use this search-field with report perfectly, only this one user has the error. It is no restrictions on this item or report.
Can anybody help me?Carsten,
user preferences do not have anything to do with the fact where the user resides (apex built in, LDAP, whatever). User Preferences are saved for a named user and they are loaded next time the same user loggs in. For example, if you sort your report on a column x, apex will save this as a setting and next time you call the same report, this report will be sorted the same way. Since you don't have a permission to edit services, you should check your adminstrative permissions and conntact the real administrator of the workspace to do that "purge prefference" for you. I could bet this is the reason you are getting that strange error message.
Denes Kubicek
http://deneskubicek.blogspot.com/
http://www.opal-consulting.de/training
http://apex.oracle.com/pls/otn/f?p=31517:1
------------------------------------------------------------------------------ -
Data Uploads done with one User Id not visible to other users in SPM
Hi,
Data uploads were successfully carried out by one of the SPM users. However, other users (with different user id) are not able to see anything in the Data Upload Summary screen.
Is there a restriction on the visibility of Data Upload Summary for data uploads carried out with one User id to other users in SPM? A similar behaviour is observed for other screens within the Data upload workbench.
Incase this is not the expected behaviour, it would be great if you could please provide pointers to possible reasons for this.
Just for your information, all users have been granted same privileges in the SPM application.
Thanks in advance.
Regards,
Ashish SharmaHi Ashish,
No this is not the expected behavior. We have seen this issue for other customers in the past but the reason has always turned out to be role related.
Can you ensure that the required SPM roles are assigned to the user who do not see the DM data both in ABAP as well as portal.
Thanks,
Divyesh -
Hi,
Our client has ACS server and implemented AAA fro logging into switches and routers through ACS which is being cofigured RADIUS . They are telnet into rotuers and switches from any user but they are want to setting access from only one user . Can someone plz tell me what can i do to solve yhis problem ?Hi,
If I understand this right, you have multiple users that can access the routers and switches right now but would like it so only 1 username has access?
If so, you could use NARS (network access restrictions) and deny access to everyone else but the one specific user.
Just select
1.Group Setup
2.Select the group which "already has" router switch access, edit the group settings
3.Then scroll down to the "per group defined network access restrictions" Enable it with a checkmark.
4. Select deny calling/point
5. AAA client = routers and switches (NDG)
6. Ports = *
7. Address = *
8. Hit enter and the new rule will be added to the window above.
9. Click submit (not submit and restart until you create the other NAR for the other group)
***Remember that groups that are mapped to and outside group (ldap, AD) will be able to connect to your routers and switches UNLESS to tell the ACS not to. By default the ACS doesn't know not to let USER1 access the routers but not allow USER2.
That being said, you'll need to deny access to your routers and switches (network device group) to all groups that are not allowed to connect to those devices.
Click submit and restart but remember this will stop authenticating users for the time its restarting.
Hope this helps and feel free to ask anymore questions.
Craig
Pls rate helpful posts. -
Group Policy Pref - Mapped Drives Not Applying to One User
Hi All,
I’m new to this list, so please excuse any etiquette slip ups.
I have three users at a site. All their machines are running Windows XP Service Pack 3 and have client side extensions installed. I created a group policy to map their default drives using GP User Preferences.
Each of the drives is set to "update".
As an example of the policy created XML is as follows:
<Drive clsid="{935D1B74-9CB8-4e3c-9914-7DD559B7A417}" name="H:" status="H:"
image="2" changed="2009-11-25 05:13:58"
uid="{8A44D2F4-AAE5-4F43-AEEC-D36F08EA619C}" desc="Maps the users H drive to
ServerName\users$\%username%" bypassErrors="1"><Properties action="U"
thisDrive="NOCHANGE" allDrives="NOCHANGE" userName=""
path="\\ServerName\users$\%username%" label="Home (ServerName)"
persistent="1" useLetter="1" letter="H"/></Drive>
and
<Drive clsid="{935D1B74-9CB8-4e3c-9914-7DD559B7A417}" name="J:" status="J:"
image="0" changed="2009-11-30 03:52:58"
uid="{535CD462-A45D-4363-ADA1-2316D5ECC703}" desc="Maps J drive for users to
\\ServerName\apps" bypassErrors="1"><Properties action="C"
thisDrive="NOCHANGE" allDrives="NOCHANGE" userName=""
path="\\ServerName\Apps" label="Apps (ServerName)" persistent="1"
useLetter="1" letter="J"/></Drive>
The group policy is applied to an OU for that site.
All three users are in the same OU.
All three users are also in the same “xxsitecode Users” group.
2 of the users log into their pc and get the mapped drives with no issue, but one user doesn’t.
There are no other login scripts and the user has no manually mapped drives.
He does have a H drive mapped using the profile field in his AD object as a temp measure. But every 90 mins any other manually mapped drives are removed by the policy.
We don’t use roaming profiles
To trouble shoot I have tried
- Reinstalling client side extensions
- Re-joining the pc to the domain
- Running gpupdate from the command prompt to see if any event logs are generated (none are)
- Manually mapping the drives to make sure there is network access etc – I can manually map them/he can access them.
- Creating the user a new account, when he logs in using that account he gets his mapped drives on all PC’s
- Getting the user to log into a different pc, when he does this he doesn’t get his drives – so it’s not his machine or profile
- Manually checking the security on the user object in AD against one of the users who gets their drives mapped
I'm sure the GP is fine because it works for two other users and the testing isolates his user account as the issue.
The Policy I’m having issues with is xxxx Mapped Drives/ Printers
I have posted this issue on the tech net GP discussion groups page, but haven’t had any replies.
Any suggestions would be appreciated.
SimoneWhat's interesting is that I applied a new GP to users - it has one policy setting and one preferences setting. He only gets the policy setting.. aka he gets the wallpaper but not the homepage.
Also, Jorke asked me to post the gpresult /z .
Microsoft (R) Windows (R) XP Operating System Group Policy Result tool v2.0
Copyright (C) Microsoft Corp. 1981-2001
Created On 10/02/2010 at 2:19:34 PM
RSOP results for DOMAIN\USER on MACHINENAME : Logging Mode
OS Type: Microsoft Windows XP Professional
OS Configuration: Member Workstation
OS Version: 5.1.2600
Domain Name: DOMAIN
Domain Type: Windows 2000
Site Name: SITECODE
Roaming Profile:
Local Profile: C:\Documents and Settings\USER.DOMAIN
Connected over a slow link?: No
COMPUTER SETTINGS
CN=MACHINENAME,OU=Laptops,OU=SITECODE,DC=DOMAIN,DC=com,DC=au
Last time Group Policy was applied: 10/02/2010 at 1:06:38 PM
Group Policy was applied from: XXXXXADC.DOMAIN.com.au
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
Allow Remote Assistance
au-mdwsus
Default Domain Policy
Legal Notice
Proxy Settings
Logon as service, operating system
AU-WSUS
Desktop Background & Home Page
Reg Permissions for default desktop
Local Admin & Local Power Users
The following GPOs were not applied because they were filtered out
SITECODE Mapped Drives/ Printers
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
AVD Rollout
Filtering: Disabled (GPO)
The computer is a part of the following security groups:
BUILTIN\Administrators
Everyone
Debugger Users
BUILTIN\Users
NT AUTHORITY\NETWORK
NT AUTHORITY\Authenticated Users
MACHINENAME$
Domain Computers
CERTSVC_DCOM_ACCESS
Resultant Set Of Policies for Computer:
Software Installations
N/A
Startup Scripts
GPO: Desktop Background & Home Page
Name: image.bat
Parameters:
LastExecuted: 7:55:34 PM
Name: swiftdesktop.vbs
Parameters:
LastExecuted: 7:55:35 PM
Shutdown Scripts
N/A
Account Policies
Audit Policy
User Rights
Security Options
Event Log Settings
Restricted Groups
System Services
Registry Settings
File System Settings
Public Key Policies
N/A
Administrative Templates
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\CurrentVersion\Winlogon
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: Desktop Background & Home Page
Setting: Software\Policies\Microsoft\Internet Explorer\Security
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: AU-WSUS
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate\AU
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services\RAUnsolicit
State: Enabled
GPO: au-mdwsus
Setting: Software\Policies\Microsoft\Windows\WindowsUpdate
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List
State: Enabled
GPO: Allow Remote Assistance
Setting: Software\policies\Microsoft\Windows NT\Terminal Services
State: Enabled
USER SETTINGS
CN=Matthew Luhrs,OU=Users,OU=SITECODE,DC=DOMAIN,DC=com,DC=au
Last time Group Policy was applied: 10/02/2010 at 1:54:53 PM
Group Policy was applied from: XXXXXADC.DOMAIN.com.au
Group Policy slow link threshold: 500 kbps
Applied Group Policy Objects
Allow Remote Assistance
**** SITECODE Mapped Drives/ Printers - has Gp Pref's that should apply
Default Domain Policy
Proxy Settings
**** Desktop Background & Home Page - has Gp Pref's that should apply
Local Admin & Local Power Users
The following GPOs were not applied because they were filtered out
AU-WSUS
Filtering: Not Applied (Empty)
Legal Notice
Filtering: Disabled (GPO)
Reg Permissions for default desktop
Filtering: Not Applied (Empty)
Logon as service, operating system
Filtering: Not Applied (Empty)
Local Group Policy
Filtering: Not Applied (Empty)
au-mdwsus
Filtering: Not Applied (Empty)
AVD Rollout
Filtering: Disabled (GPO)
The user is a part of the following security groups:
Domain Users
Everyone
Offer Remote Assistance Helpers
BUILTIN\Administrators
BUILTIN\Users
NT AUTHORITY\INTERACTIVE
NT AUTHORITY\Authenticated Users
LOCAL
Computer Account Operators
Internet Users
SITECODE Users
DOMAIN-Public Folders Administrators
All Email Users
DOMAINSWIFTEMAIL
Domain Admins
Offer Remote Assistance Helpers
WSUS Administrators
DHCP Administrators
CERTSVC_DCOM_ACCESS
Resultant Set Of Policies for User:
Software Installations
N/A
Public Key Policies
N/A
Administrative Templates
N/A
Folder Redirection
N/A
Internet Explorer Browser User Interface
GPO: Proxy Settings
Large Animated Bitmap Name: N/A
Large Custom Logo Bitmap Name: N/A
Title BarText: N/A
UserAgent Text: N/A
Delete existing toolbar buttons: No
Internet Explorer Connection
HTTP Proxy Server: Proxy:port
Secure Proxy Server: Proxy:port
FTP Proxy Server: Proxy:port
Gopher Proxy Server: Proxy:port
Socks Proxy Server: Proxy:port
Auto Config Enable: Yes
Enable Proxy: Yes
Use same Proxy: Yes
Internet Explorer URLs
GPO: Proxy Settings
Home page URL: N/A
Search page URL: N/A
Online support page URL: N/A
Internet Explorer Security
Always Viewable Sites: N/A
Password Override Enabled: False
GPO: Proxy Settings
Import the current Content Ratings Settings: No
Import the current Security Zones Settings: No
Import current Authenticode Security Information: No
Enable trusted publisher lockdown: No
Internet Explorer Programs
GPO: Proxy Settings
Import the current Program Settings: No -
One user account can't connect to VPN on Server 2012
Problem with Server 2012 VPN Access. I have one user account that won't connect to RAS and I am stumped. No other account is having a problem. The permissions are correct, the connection settings are correct. But it will not connect
no matter what I do. The account will not connect from any computer. But if I use another account in the connection it connects no problem. The account will connect to Remote Web Workplace no problem, Outlook is connecting to exchange,
she connects to Sharepoint 2013 no problem. Just the RAS connection won't authenticate.
I get the errors.
Error 20271 CoId={79DB7056-D8F6-489E-8988-66A171AE49B9}: The user connected from IP but failed an authentication attempt due to the following reason: The connection was prevented because of a policy configured on your RAS/VPN server. Specifically,
the authentication method used by the server to verify your username and password may not match the authentication method configured in your connection profile. Please contact the Administrator of the RAS server and notify them of this error.
Error 20258 CoId={79DB7056-D8F6-489E-8988-66A171AE49B9}: The account for user connected on port VPN1-127 does not have Remote Access privilege. The line has been disconnected.
And this account was connecting fine for a while now. Nothing has changed on the Server or her computer.
I have researched the errors, none of the fixes apply because it's only one account having problems and it looks exactly the same as other accounts that can connect
Any help would be greatHi Karama,
Does this account belongs the same group with other accounts?
To verify if it is a issue of policy configuration, please try to create a temporary policy with no restrictions.
To create a policy with no restrictions, please follow the steps below,
Create a network policy.
Add Day and Time Restrictions into the Conditions.
In the Day and Time Restrictions, choose permit all.
In Constraints, allow all authentication methods.
Leave other settings to default value.
Move the policy to the top of the list.
If it works, please check your original policy, it should be a policy configuration issue.
If it doesn't work, please check the event of NPS, the policy preventing the authentication is logged there.
If the request matches the temporary policy, please try to reset the password of the account.
Best Regards.
Steven Lee
TechNet Community Support -
How to restrict the EBS end users to run only two same reports at a time?
Hi,
We are using EBS 12.0.6 and database 10.2.0.3.
Is it possible to restrict the end business users to run only two reports at a time?
OR
Is it possible to restrict the end business users to run only two same reports at a time?
Thanks.Is it possible to restrict the end business users to run only two same reports at a time?It is not possible.
You can either make the report "incompatible" to itself (this means only one user in your company can run it at a time)
Or not make it incompatible. (That means any user can run it any number of times)
Incompatibility is a way of specifying which requests cannot be run under which circumstances.
See http://download.oracle.com/docs/cd/A60725_05/html/comnls/us/fnd/incomp.htm
You can use Hussain's suggestion to use Concurrent: Active Request Limit profile. You can set this profile value at each user level. But if you decide to set it at global level, remember to keep it a higher value for sysadmin kind of users that run scheduled jobs.
Hope this helps,
Sandeep Gandhi -
my keychain tells me there is restricted access to one of my accounts. Now I can't send or receive emails
I am glad we were able to get your email working again. Please reach out anytime you need us.
Thanks,
Anthony_VZ
**If someones post has helped you, please acknowledge their assistance by clicking the red thumbs up button to give them Kudos. If you are the original poster and any response gave you your answer, please mark the post that had the answer as the solution**
Notice: Content posted by Verizon employees is meant to be informational and does not supersede or change the Verizon Forums User Guidelines or Terms or Service, or your Customer Agreement Terms and Conditions or plan
Maybe you are looking for
-
HT5312 How do you change the email address used to send security answers?
How do you change the email used to send the security answers you have forgotten? I have changed the alternative email adress in Name, ID and Email Addresses but this does not change the email address in the Password and Security section.
-
Some more information: - I have iPhoto '11 and, in iPhone 4S, iOS 5.1; - I started having this issue about 2 months ago, but I can't associate it with any changes or updates; - with iTunes, the behaviour is absolutely normal...
-
Hello All, Can you tell me if there is any Standard Work Flow(config) for the Vendor Master. Basically I want to block a vendor if there are changes to any vendor master field(defined by me) and route it for the approval. What are other options to tr
-
Billing Doc Automatic posting to wrong G/L Accounts
Hey, Billing documents for certain customers are being automatically posted to the wrong G/L account in my company's (4.7) SAP system. I have checked transactions OMWB and FBKP but the G/L account in question is not linked to any activities. Can anyo
-
hi guys , It is not possible to use the stamente GET BSID for example , in methods ? thanks.