Rights to associate users to Policy Package

Similar Messages

• Using Windows Group Policies in User policy package

  I've been using the gp under User Config > Windows Settings > Internet Explorer Maintenance > Connection > Proxy Settings in the User policy Package for a while now to prevent students from getting to https sites.
  There are some sites though that we had to the Exception list which has worked fine until I added a new one which is: https://secure.ontariocolleges.ca/sso/auth
  When this one is added it seems the gp doesn't work at all, ie students can go to any https site they want, when I remove this exception they're blocked again.
  Someone else told me there was a character limit to the exception list so I tried removing all other exceptions except the one above and it still doesn't work.
  I am unable to find any other info on this. Does anyone have any ideas?
  Thanks.

  Thanks for answering your own question :>
  I'm sure the answer will help others.
  Craig Wilson - MCNE, MCSE, CCNA
  Novell Support Forums Volunteer Sysop
  Novell does not officially monitor these forums.
  Suggestions/Opinions/Statements made by me are solely my own.
  These thoughts may not be shared by either Novell or any rational human.
  "jdwall" <[email protected]> wrote in message
  news:[email protected]..
  >
  > I think I found the problem, I replaced
  > https://secure.ontariocolleges.ca/sso/auth with
  > https://*.ontariocolleges.ca and that resolved it.
  >
  >
  >
  >
  > jdwall;1693410 Wrote:
  >> I've been using the gp under User Config > Windows Settings > Internet
  >> Explorer Maintenance > Connection > Proxy Settings in the User policy
  >> Package for a while now to prevent students from getting to https sites.
  >>
  >>
  >> There are some sites though that we had to the Exception list which has
  >> worked fine until I added a new one which is:
  >> https://secure.ontariocolleges.ca/sso/auth
  >>
  >> When this one is added it seems the gp doesn't work at all, ie students
  >> can go to any https site they want, when I remove this exception they're
  >> blocked again.
  >>
  >> Someone else told me there was a character limit to the exception list
  >> so I tried removing all other exceptions except the one above and it
  >> still doesn't work.
  >>
  >> I am unable to find any other info on this. Does anyone have any
  >> ideas?
  >>
  >> Thanks.
  >
  >
  > --
  > jdwall
  > ------------------------------------------------------------------------
  > jdwall's Profile: http://forums.novell.com/member.php?userid=2475
  > View this thread: http://forums.novell.com/showthread.php?t=353133
  >

• LC Rights Management End User can not find groups or users during policy creation process

  hello,
  I'm using LC8.0.1 turnkey install on win2003 box.
  Problem is LC Rights Management End User can not find groups or users (search result is empty) during policy creation process, thus can not apply specific restriction to certain groups or users.
  I have create a user in the DefaultDom and assigned the following roles:
  Live Cycle Rights Management Invite User
  Live Cycle Rights Management End User
  How can I allow the above created user to search for groups and user during policy creation? Thanks.

  Good catch Phuc. Make sure you do this for each Policy Set as well as My Policies.
  Here's an overview of Policy Sets:
  http://blogs.adobe.com/security/2008/04/delegating_control_over_policy.html
  Cut and paste the URL.

• ZENworks 6.5 SP1 - User Policy Package problems

  I have ZENworks 6.5 SP1. I am trying to apply user policy packages to
  control the desktop. We are using Windows XP and from what I can tell,
  everything is setup correct, but it doesn't apply at the desktop. We do not
  have any AD in our system.
  This is the first time we have tried to do this.
  Any ideas would be apprecitated.

  Rhonda Richardson wrote:
  > Jared Jennings wrote:
  >> rrichardson37,
  >>
  >>> I don't want the policies to apply to
  >>> workstaion because when I (admin) login to the workstation, I want to
  >>> have 'Admin' policies not 'User' policies.
  >>
  >> Ok no problem.
  >> Is this with groupPolicies?
  >> You are installing the zfdagent.msi correct?
  >>
  >
  > Yes, this is with group policies. I haven't worked on the W2K side yet,
  > I am just starting with WXP. the ZEN agents are supposed to be
  > installed, I'll have to double check (I didn't build the test network).
  > I'll double check and report back.
  I have double checked, yes, the 6.5 Agents are installed on the box. As
  a little additional information, just to check, I added a Windows
  Desktop Preferences setting to the same policy and those settings are
  getting to the PC with no problem.
  Also, today, when I go in and try to edit the group policy, I get an
  error "The Group Policy that you are attempting to edit is currently
  being edited by another user. Please try again later."
  I deleted the policy today (after I got the error) and tried to
  recreate, just to see if I missed a step. I get this same error when I
  try to edit the group policy. I restarted all workstation on my test
  network, including the management station I am building the policy from.

• OU Group Policy over-riding User Group Policy

  I'm using ZfD 4.01 ir7 and have a restrictive Group Policy applied at the
  OU level. I've created a less restrictive Group Policy and assigned it to
  a user within the above mentioned OU but the settings are not
  taking...the OU Group Policy is over-riding the user Group Policy. The
  appropriate rights have been assigned and this configuration is working
  for other users/OUs in the tree. I've run a dsrepair against this
  partition and no errors were reported.
  Any suggestions to resolve this would be greatly appreciated.
  Ryan

  Paulr,
  It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
  - Check all of the other support tools and options available at http://support.novell.com in both the "free product support" and "paid product support" drop down boxes.
  - You could also try posting your message again. Make sure it is posted in the correct newsgroup. (http://support.novell.com/forums)
  If this is a reply to a duplicate posting, please ignore and accept our apologies and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• User GPO policy issues - 2012R2

  hello all
  i have a number of terminal 2012r2 terminal servers with XenApp 7.5 installed. policy setting are applied using loopback/replace as normal. machine settings apply consistently but sometimes ALL the user settings fail to apply ?.
  wondered if there are any 2012 patches that might address this ?. also what is the best way to log gpo processing with 2012r2 ?
  thanks
  dave
  dsbrown

  Hi Dave,
  >>policy setting are applied using loopback/replace as normal. machine settings apply consistently but sometimes ALL the user settings fail to apply ?.
  Before going further, for we are using Loopback processing Replace mode,  the user policies defined in the computer's Group Policy objects replace the user policies normally applied to the user. Here, we can follow the following steps to collect group
  policy result report for specific user on specific computer for troubleshooting.
  1. On domain controller, click Start -> Run, type GPMC.MSC, it will load the GPMC console.
  2. Right click on "Group Policy Result" and choose wizard to generate a report for the problematic computer and user account (please place appropriately). (Choose computer and select
  the proper user in the wizard)
  3. Right click the resulting group policy result and click the "Save Report…" => save report to save the report to a HTML file.
  TechNet Subscriber Support
  If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
  Best regards,
  Frank Shen

• NT User Extensible Policy - what am I missing ?

  Hi,
  NT4SP6a Workstation, NW Client 4.83
  Zen 3.2 on NW6SP3 server.
  I have created one simple user.
  Then I created a User Policy Package, including a DLU policy and a User
  Extensible Policy, in which I disabled "Registry editing tools".
  I have assigned my policy to my user :
  - the DLU policy works fine, my user is created at login, in the user group
  I've chosen
  - unfortunately, the user has access to regedit, and the parameters I
  modifiy in the common.adm policy does not seem to be applied.
  What did I miss ?

  I once noticed a strange behaviour you might want to check.
  When working in the policy package, I associated the policy package directly
  to users.
  It failed to apply.
  I looked at the user for associated policies and it was empty. I can't
  really remember whether or not the new policy association showed up in
  effective policies or not. I suspect not.
  So I worked from the user screen and associated the policy and it worked.
  Maybe that will work for you.
  Chris Denby
  IT Coordinator
  Rainy River District School Board
  Fort Frances, Ontario
  Canada
  <[email protected]> wrote in message
  news:CfvHd.655$[email protected]..
  > Hi,
  >
  > NT4SP6a Workstation, NW Client 4.83
  > Zen 3.2 on NW6SP3 server.
  >
  > I have created one simple user.
  >
  > Then I created a User Policy Package, including a DLU policy and a User
  > Extensible Policy, in which I disabled "Registry editing tools".
  >
  > I have assigned my policy to my user :
  >
  > - the DLU policy works fine, my user is created at login, in the user
  group
  > I've chosen
  > - unfortunately, the user has access to regedit, and the parameters I
  > modifiy in the common.adm policy does not seem to be applied.
  >
  > What did I miss ?

• Missing the User Extensible Policy

  Hello,
  I don't know if this is the right forum.
  We are missing the User Extensible Policy when we are creating a User
  Policy packet
  When we create a new User Policy packet we have all the options except the
  User Extensible Policy. We need this to redirect folders. We did this on
  other networks without any problems.
  Network:
  Netware 5.1 sp6
  Zen 3.2 sp2
  Tested on:
  Windows 2000 (NwClient 4.83 sp1 and sp3)
  Windows 98 (NwClient 3.21)
  ConsoleOne 1.3.3
  ConsoleOne 1.3.5
  The pcs and the servers are the same on every network.
  Greets,
  Bert Nieuwenampsen
  [email protected]
  ROC Twente Plus
  Dr. D.H. Groen College

  bnieuwenampsen,
  > Is not a ConsoleOne snapin that we are missing, because we copied the
  > Consoleone from the 'working' network.
  >
  > How can we check witch snapin is installed on the server ? We checked
  > NWconfig view install products, and they are the same.
  In consoleone you would go to help and then snapins, but that can be
  very confusing.
  Easiest way would be to download the snapins from novell.
  download.novell.com under products select zenworks for desktops from
  there you can get the 3.2 snap-ins.
  Extract the download and copy the snap-ins to your c1 copy, it would be
  best if you were running c1 local on your workstation.
  Q, when you copied c1 from the working location, did you copy the whole
  1.2 directory to your desired location?
  Jared L Jennings
  Novell Support Forums SysOp
  Using XanaNews 1.16.3.1

• IR4HP7 Stops Policy Packages

  I don't see much activity here but I'll give this a shot.
  I have several OES2SP2 and SP3 servers running ZFS7.1 . The basic 7.1 install works but must be restarted more than I'd like so I thought I'd try IR4HP7 which is said to support OES2SP2 (no mention of SP3). I've tried it on 3 servers with similar results - the Policy Package Agent stops working. This can be seen on the patched server in the Remote Web Console "Display" dropdown in the upper right corner. Before applying HP7 (or HP4 for that matter) You see both "Tiered Electronic Distribution" and "Policy Package Agent" (you have to click on it to see it). After applying the HP you only have TED.
  This means that Policy Package distributions don't work (they download but fail to extract). The event log shows: "ERROR - applying the distribution.Reason: helma.xmlrpc.XmlRpcException:XmlRpc Server for FacilitatorXMLRPC not found. Make sure the service is still running"
  Of course the service is not running so the error message itself isn't too helpful. I've looked through the startup log but don't see anything obvious.
  Anyone seen this problem and fixed it?

  Shaun (or anyone else)
  Believe it or not I still have an open SR on this. I now need to reinstall IR4 as I'm no longer sure if I installed it before HF7, however without the policy package agent running you can't extract a cpk. With NetWare you could manually extract one from the ZFS command prompt, is there a way to do this in Linux?
  Thanks
  - Bruce

• Cannot set admin right to my user root account has STANDARD RIGHTS!

  I had this common problem, my account turned to standard.
  I followed the instructions here.
  I changed the root password from the install DVD, restarted.
  logged in as "root", but the root user has standard rights as well!!
  therefore I cannot change the rights of my user...
  any suggestions?

  Wow, it looks like you went for the deluxe bugs package.
  ..."now I'm the adminstrator. but this didn't change the fact, that folder I'm creating ( doesn't matter where ) have "read only" rights for the admin. system has read write....
  You hadn't mentioned that before, but actually that sounds like a completely different problem, one that can be caused by using "repair permissions" on a 10.5 volume while booted from a 10.4 (or earlier) disk - this might also include having used "DiskWarrior" to repair permissions (something the manufacturer advises against). Unfortunately, Apple is in the process of revising how "repair permissions" works, and the new method in 10.5 doesn't appear to be fully implemented. As a result, it does not fix this problem, which is purely a permissions issue. If this is indeed the problem, the most straightforward way to get back to a normal system is to reinstall - an "archive and install" while preserving network and user settings should be sufficient for this particular issue. If you are comfortable with the command line, it may be possible to change permissions manually - it would be necessary to attempt a permissions "repair" or "verify" under Leopard, and to record and carefully analyze the messages to determine what needs to be fixed, and how.
  The "Finder" crashes are due to another bug - the GUI crashes when there are files or folders with a group ID that doesn't correspond to a group record in "DirectoryService". There are various strategies to use as workarounds: if all of the problem files have the same group ID, it is probably fastest just to create a group record for that group. If there are a number of different groups involved, doing a batch change of group from the command line might be easier. To get an ideal of what groups are involved, the following command can be used to display the various factors regulating access to a particular file or folder - try using it to survey a selection of different items exhibiting the problem:<pre>
  ls -elO /path/to/item</pre>
  Copying the items to an external drive, then copying them back to a folder that does not display "(unknown)" in "Get Info" might be another strategy (but note that there have been some reports of data loss copying large amounts of data - even after the 10.5.1 update, and even copying instead of moving). Ultimately, these are just workarounds and Apple really needs to fix this sooner than later - it's getting stupid.
  But actually, considering all of the different issues you are experiencing, backing up the data to an external drive (and verifying the integrity of the backup), then performing a full "erase and install" might be the one stop solution. I'm not sure about the best strategy for reimporting the data once that is done since I have never used the Apple tools and do not know how they handle ownership and permissions (what is perserved, etc.) - hopefully someone else will be able to fill in those details.
  So you were bitten by the "Get Info" crash bug, a second issue caused directly by following what turned out to be bad advice in an official kb article, and had a permissions problem that couldn't be resolved using the tool that is supposed to deal with permissions problem. I'd call that a Leopard beta hat trick.

• Application User Passsword Policy

  Hi,
  I am using Oracle APPS 11i.
  How can I incorporate Special character as mandatory in Application user Password policy.
  Thanx

  Check Note: 362663.1 - How to implement (Signon Password Custom) Profile Option in Oracle Applications 11i
  https://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=362663.1

• Customizing User Name Policy OOTB Plugin

  Hi
  I want to use the User Name policy generation plugin to generate the user id for an oim user. But the requirement is that we have to create the User ID with Preferred Name(not with first name) and Last Name and the issue is that in the code we cannot get the attribute other then the attribute coming in the HashMap. So the question is , Is there any way in which we can pass this UDF to that hashmap or can get the value in the code?
  Please note Preferred name is a UDF and coming from the trusted Source.
  Thanks in Advance

  Maybe i've partially solved the issue, I've noted that during the user creation procedure the username field is mandatory in the for so I must specify a value.
  Maybe the validation procedure of the OOTB username policy returns alway a true value so the field is always converted in UPPERCASE and the username generation rule is never called
  How can i set a non mandatory account name field ?

• Wich rights must a user have to copy a table to another user?

  Wich rights must a user have to copy a table to another user? If I try it while using SQLDeveloper I become a message wich says that the user has not enough rights.
  Thanks a lot
  Torsten

  If you are trying to create a table in a schema other than your own, you must have the CREATE ANY TABLE system privilege.

• Deny user based policy for a specific computer

  I have a user based policy that deploys software for specific users when they log in to their Windows 7 workstations.  
  Some of these same users also have login access to a test server.  I am trying to prevent the software deployment policies from being processed when users login to this test server.  I have denied the 'read' and the 'Apply group Policy' security settings
  to the test computer, but since it is a user based policy I believe these computer level denies are being ignored.  
  I have looked into loopback processing but I cannot grasp how it would fit in to my environment.     Do I enable the loopback processing in the same policy that deploys the software?  
  Any suggestions?

  Use loopback merge in the policy of the software that I want to keep?  Or in the Policy I want to deny?
  I finally got it to work.
  I moved the computer object to a new OU and blocked inheritance.<o:p></o:p>
  I created a new policy that only has Loopback Policy enabled (replace).
   I linked that new policy to the OU that has the test server.<o:p></o:p>
  I removed any loopback processing settings from any other policies. I left them at 'Not Configured'.<o:p></o:p>
  For the software I was trying to block I modified its security permission to read DENY for the computer object (Computer Name) of the test computer
  .  ('Apply group policy' was left blank).<o:p></o:p>
  I then linked all other software deploy policies to this new OU and modified the security filtering from authenticated users to whichever users specifically
  needed the software.<o:p></o:p>
  Ran Gpresult /R /scope computer and verified that the only computer policy the server was receiving was my loopback policy<o:p></o:p>
  Reboot test server.
  <o:p>Thanks everybody for your help!</o:p>

• ISE 1.1.1 - User Accept Policy keeps returning

  Hello there
  I have an ISE 1.1.1 setup, with a guest portal. The AD can be used to log onto this portal, and the Guest Portal Policy Configuration is on First Login.
  However, every time a AD user logs in on the portal, he has to accept the User Accept Policy. Is this a bug? Or is there a configuration error?
  Greetings

  Steve,
  It should be able to redirect users based on the username and device that they are authenticating from, if you look at the endpoint there is an attribute that is AUP specific once that is set to yes, the profiling database should have this flag set so it isnt redirected to the AUP after login.
  In your authorization profile is the client being redirected to another authorization policy after CoA?
  Please post screenshots of the authorization policy, the endpoint attribute, and the authentication events....
  Thanks,
  Tarik Admani
  *Please rate helpful posts*