SCCM 2007 database query for AD security group for machines

Similar Messages

• Remove permissions for a security group for all files and folders in a folder and all subfolders?

  I found a script that adds rights to files and folders.
  We need to grant administrators rights to a set of folders for a specific project.
  ChangePermissions.ps1
  # CACLS rights are usually
  # F = FullControl
  # C = Change
  # R = Readonly
  # W = Write
  $StartingDir=
  "C:\Users"
  $Principal="Administrators"
  $Permission="F"
  $Verify=Read-Host `n "You are about to change permissions
  on all" `
  "files starting at"$StartingDir.ToUpper() `n "for security"`
  "principal"$Principal.ToUpper() `
  "with new right of"$Permission.ToUpper()"."`n `
  "Do you want to continue? [Y,N]"
  if ($Verify -eq "Y") {
  foreach ($file in $(Get-ChildItem $StartingDir -recurse)) {
  #display filename and old permissions
  write-Host -foregroundcolor Yellow $file.FullName
  #uncomment if you want to see old permissions
  #CACLS $file.FullName
  #ADD new permission with CACLS
  CACLS $file.FullName /E /P "${Principal}:${Permission}" >$NULL
  #display new permissions
  Write-Host -foregroundcolor Green "New Permissions"
  CACLS $file.FullName
  When the project is over, we need to undo the changes and remove administrators permissions from the same group of folders.
  How do we change the script to remove administrators group members instead of adding?

  I'm not sure I understand how to use that example script to undo the changes in the script I posted..
  Is there  a way to just change a few lines in the first script so that it removes instead of adding the administrators group?
  This line appears to be the line that adds permissions:
  #ADD new permission with CACLS
  CACLS $file.FullName /E /P "${Principal}:${Permission}" >$NULL
  What would be the syntax to remove the  permissions
  $Principal="Administrators"
  $Permission="F"
   from files and folders in $StartingDir= "C:\Users"
  and everything below it?

• Security Groups for the alerts in SharePoint 2013?

  By default Microsoft has blocked to add Security Groups for the alerts in SharePoint 2013. It can be enabled but need to change the SharePoint System page setting with the help
  of below link:
  http://thesharepointfarm.com/2013/10/setting-sharepoint-alerts-on-active-directory-security-groups/
  So my query is if I change the page setting then in future if any SharePoint updates/ hotfixes deploy in system so will it cause a problem??

  I would wait as this is not a supported workaround (although it does work).
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Will there be a patch for the security flaw for iMac version 10.6.8.?

  Will ther be a patch for the security flaw for iMac version 10.6.8?

  What security flaw are you referring to? If you're referring to the recent SSL flaw, that was only present in OS X 10.9.
  Regards.

• Error : Wage Type is not allowed for personnel SG grouping for WT 3

  Hi All,
  When i am trying to create wage type Degree allowance i am getting error like below.
  WT xxxx is not allowed for personnel SG grouping for WT 3 (from 01.09.2006 to
  31.12.9999)
       Message no. PG 074
  Diagnosis
       In the "Personnel Subgroup Grouping for Primary Wage Types" view
       (V_001P_K), the employee is assigned to personnel SG for primary wage
       types 3. However, this grouping is not valid for wage type xxxx in the
       period from 01.09.2006 to 31.12.9999.
  Please let me know where i needs to check.
  Thanks.

  try to change the start date and try like 01.01.1990 like this
  juss chk and update

• HT5312 Hi, i'm forget answer for may security questions for Apple ID and can't reset it

  HI. i'm forget answer for may security questions for Apple ID and can't reset it, after verified email adress the link for reset questions is not available.

  The reset link will only show if you have a rescue email address on your account - if you've just added an address then it will be an alternate/secondary email address, which is a different setting/address on your account (a rescue email address can only be added by answering 2 of your questions).
  You will need to contact iTunes Support / Apple to get the questions reset : http://support.apple.com/kb/HT5699
  When they've been reset you can then use the steps half-way down the page that you posted from to add a rescue email address for potential future use

• HT1911 I am Forget answers for the security questions for my Apple ID

  I am Forget answers for the security questions for my Apple ID

  See Kappy's previous write-up.
    Some Solutions for Resetting Forgotten Security Questions: Apple Support Communities

• Adding responsibility objects for the Notification Groups for a PA

  Hi Gurus,
  I am supposed to add responsibility objects for the notiifcation groups for a PA.. Could you please confirm the steps I am planning to follow
  1. Find out the Workflow
  2. Add the responsibilities objects ( Where can Add  those ( in the workflow or in Org Management?)
  3. Edit the rule to point to that PA..
  I am new to workflows ..points are assured for the help

  Just write your own composite Icon class:
  public class CompositeIcon implements Icon
    private Icon icon1;
    private Icon icon2;
    public CompositeIcon(Icon icon1, Icon icon2)
      this.icon1 = icon1;
      this.icon2 = icon2;
    public int getIconHeight()
      return Math.max(icon1.getIconHeight(), icon2.getIconHeight());
    public int getIconWidth()
      return icon1.getIconWidth() + icon2.getIconWidth();
    public void paintIcon(Component c, Graphics g, int x, int y)
      icon1.paintIcon(c, g, x, y);
      icon2.paintIcon(c, g, x + icon1.getIconWidth, y);
  }Hopefully a slightly more reusable solution. You could write all sorts of different layouts in this way.
  Hope this helps.

• Use AD Security Groups for SharePoint database permissions

  In our SharePoint environment we have around 30 content databases. Each of these content databases need a few application pool accounts added to there permissions for various service applications etc. Currently all the accounts are added individually,
  but this can be a little error prone. Is there a reason why we could just pop all the required accounts in an AD security group and add that database permissions in SQL?

  You could do that, but your service accounts shouldn't be accessing the databases directly, instead routing through the SharePoint API, which then permissions would be taken care of by SharePoint accounts (or if you have custom Service Applications, the
  service app pool account).
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Too many AD security groups for ACS 4.1

  We have an issue that when a user is a member of too many Windows AD (2003) security groups (roughly 65) they won't get authenticated by our ACS 4.1.
  The 1st thing we investigated was the Windows Kerberos authentication issue. Which basically says that if a user is a member of more than 70 security groups then Kerberos authentication might fail. However we've used the tokensz.exe tool to calculate that the affected users Kerberos Token size isn't above the problem 12,000 bytes. Link to that issue http://technet.microsoft.com/en-us/library/cc757478%28WS.10%29.aspx
  On the ACS, when a user is a member of too many security groups, the error message is "External user not found". When the user is brought down to the "magic" number of security groups authentication works no problem.
  At the same time on the DC errors can be found in the CSWinAgent.log file.
  CSWinAgent 01/18/2010 12:25:23 A 0063 5720 NTLIB: Insufficient space for all of user [email protected] certificates
  CSWinAgent 01/18/2010 12:25:23 A 0063 5720 NTLIB: Group list buffer is too small for getting full groups list.
  So we are starting to think that the DC and / or CSWinAgent is causing us issues. Has anyone experienced similar issues?
  Thanks
  Stuart

  Hi Stuart,
  We are hitting a bug here.
  CSCse49827            Bug Details
  ACS Remote Agent fails users with too many goups
  Symptom:
  Windows External Database authentication fails on the ACS 4.0 SE if a user is a member of
  too many Windows groups.
  Conditions:
  This is specific to the ACS SE running 4.0.1(42) or earlier using Windows Domain Authentication
  to the ACS Remote Agent.
  Workaround:
  Reduce the number of group memberships the user is part of or reduce the lenght of
  the group names the user is a part of.
  Further Problem Description:
  If a user ia a part of enough windows groups that the number of characters total of all the groups
  exceed 1024 bytes the authentication of that user will fail.  All other users should still authenticate
  without any trouble
  Please upgrade ACS to 4.1.4 and that should fix it.
  First you need to upgrade it to 4.1.1 and then 4.1.4
  Regards,
  ~JG
  Do rate helpful posts

• Security Group for SharePoint 2013 Online Enterprise 3

  I need to copy all the user account names from one SharePoint Security group to a different SharePoint Security group in the same single tenant.
  I can not figure out how to do this.
  Thanks.
  Dawn

  Call your local Microsoft office (any office may due, but info from your local office will be more accurate), and ask for the
  Account Manager for SMB (small to medium businesses) in the
  education sector.
  Scott Brickey
  MCTS, MCPD, MCITP
  www.sbrickey.com
  Strategic Data Systems - for all your SharePoint needs

• Unable to move SCCM 2007 database to SQL 2012 SP1

  Hi ,
  We want to Move
  SCCM 2007 R3 database to SQL Server 2012 SP1.
  SCCM server Version :
  4.00.6487.2000
  Build Number : 6487
  But it says fatal error during the move wizard.
  In ConfigMgrSetup.log it says :
   ***SqlError: [42000][102][Microsoft][ODBC SQL Server Driver][SQL Server]Incorrect syntax near '99901'. : SiteControl_ins_upd
  ***SqlError: [42000][102][Microsoft][ODBC SQL Server Driver][SQL Server]Incorrect syntax near '99901'. : SiteControl_ins_upd
  I already installed following updates on SCCM server , but still it failed to move.
   2676737 
   2676776 

  This would be manual process. The simplest way to fix them is to reinstall the reporting point.
  Garth Jones | My blogs: Enhansoft and
  Old Blog site | Twitter:
  @GarthMJ

• Create different network share shortcut in desktop for different security groups using GPO

  Hi,
   I have an OU named TECH that contains two different security groups ENG and PRESS.
  When users in ENG group logs in desktop should show a network share \\server1\eng-share and 
  when users in PRESS group logs in desktop should show a network share \\server1\press-share.
  How to create a GPO for this ?
  regards, Faisal

  You could use group policy preferences shortcuts. You would create a shortcut to each of these shares and then use Item Level Targeting. The target would point to the security group needed.
  If my answer helped you, check out my blog:
  DeployHappiness. Subscribe by
  RSS or
  email. 

• Creating a security group for S/Mime cert auto-enrolment

  We currently have auto-enrolment rights for an Exchange User cert granted to Domain Users. In our environment this is generating more than 50,000 failed requests each week by service accounts which don't have an email address.
  I would like to create a security group of users with an email address, and grant enrolment rights on the CA to that group.
  I have tried the following script to create such a group, however it's way too slow to be of any use (ours is a large enterprise):
  add-module activedirectoryGet-ADGroup -filter {name -eq "SMime Users"} | ForEach-Object {dsget group -members $_.distinguishedname | dsmod group $_.distinguishedname -rmmbr}Get-ADUser -filter {emailaddress -like "*"} | ForEach-Object {Add-ADGroupMember "SMime Users" -Members $_.SamAccountName}
  Any ideas on a way to bulk add users with an email address to a group? Or another way to achieve the same result?

  On Thu, 6 Feb 2014 19:20:37 +0000, Alen Williams wrote:
  We currently have auto-enrolment rights for an Exchange User cert granted to Domain Users. In our environment this is generating more than 50,000 failed requests each week by service accounts which don't have an email address.
  I would like to create a security group of users with an email address, and grant enrolment rights on the CA to that group.
  I have tried the following script to create such a group, however it's way too slow to be of any use (ours is a large enterprise):
  add-module activedirectoryGet-ADGroup -filter {name -eq "SMime Users"} | ForEach-Object {dsget group -members $_.distinguishedname | dsmod group $_.distinguishedname -rmmbr}Get-ADUser -filter {emailaddress -like "*"} | ForEach-Object {Add-ADGroupMember "SMime Users" -Members $_.SamAccountName}
  Any ideas on a way to bulk add users with an email address to a group? Or another way to achieve the same result?
  Although this group is going to be used for certificate enrollment this
  really isn't the right forum for your question. You should repost to either
  an Active Directory forum or to one dedicated to scripting or Powershell.
  Paul Adare - FIM CM MVP
  urbi et IP -- axelm in <mode=pope>

• How to associate more than one security group for UCM documents?

  When checking in a document we are only able to associate one security group to documents. In our case, a particular document can be seen by more than one group e.g a document can be seen bu both finance and marketing groups.
  How can we associate more than one group for documents?
  Our requirement is related to search. We want to display the documents to the end user based on the security group that is associated with the document. We are planning to use IDM and have all the groups/roles that are possible in the end site (also delivered by same ldap) available in UCM so that when checking in the documents we can associate desired groups who can see these documents.
  Regards,
  Pratap

  One thing before all, is that I suggest that you think through your security model before implementing it in UCM. You should ask yourself questions like :
  - Is security really based on department ?
  - Why two departments need to have access to the same category of document ?
  - Is it really security that I need or classification ? Is it a problem if Accouting have access to Finance or you just don't want Marketing documents in a finance related search ?
  - Maybe what you want is that finance guys to have access to marketing document.
  Without a clear business security model, it's hard to find a UCM security model as it is impossible to associate 2 security groups to one document.