Script or Command to flush/renew User policies
Dear Mac Pro's
I'am looking for a command to refresh/flush the user policies on the clients. Some policies won't work. In windows there is a command "gpupdate /force" is there also a command for Unx or a script?
Regards!
Roderik
I tried this script but i think its not going to catch loop..
I mean, testac6 is not a part of Test Group 3 so when i execute this scipt its still showing me
" Removing testac6 from the Test Group 3"
and not the catch loop part.
Shaktisinh Vaghela
Worked fine for me:
Removing testac6 from Test Group 1
Removing testac6 from Test Group 2
testac6 is not a member of Test Group 3
Suppose the user is in another domain. Another forest...
¯\_(ツ)_/¯
I guess we'll cross that bridge if we get there.
Don't retire TechNet! -
(Don't give up yet - 13,085+ strong and growing)
Similar Messages
-
Powershell script or command to Import AD USers with GUID
I need to import few users with their GUID's from our Training domain to Production domain. Our requirement is Users need to login their existing pc's local profile, once they move to
Production environment.
Our setup;<o:p></o:p>
Training domian:melbourne.com<o:p></o:p>
Domin controller: Training<o:p></o:p>
Production domain: melbourne.com<o:p></o:p>
Domin controller:
Production
Note:
I tried ADMT but it is not allowed to do for source and target as same domain name.
It is really appreciate any one’s expertise on this scenario to import AD users and computers.You're not going to be able to force creation of an object with any specific guid. That's not relevant to what you're trying to do any way. You also won't be able to clone the SID, since a, it's not supported, and b, the sid contains the
unique domain identifier which will be different for each domain even though the names are the same.
You could use sidhistory to help fix the permissions (add the sid from the account in test to the sidhistory of the account in production). But you'd need a trust relationship between the domains, and I'm not sure if that is supported when the domains
have the same name. You might need to add a different UPN suffix and set accounts to migrate to have that suffix to get around that. I've never actually looked into that situation.
ADMT won't do it though. You might have a command prompt utility that can do it in ADMT. But you should be able to do it with powershell by calling an api. You can probably use Ashley McGlone's sidhistory module for most of this.
https://gallery.technet.microsoft.com/scriptcenter/PowerShell-Module-for-08769c67
You will want to review the details and requirements relating to modifying sidhistory:
http://msdn.microsoft.com/en-us/library/ms677982(v=vs.85).aspx
Okay looking closer, you'll need to do this from C++. The easiest way is probably to use the sidcloner binaries (https://code.msdn.microsoft.com/windowsdesktop/SIDCloner-add-sIDHistory-831ae24b#content
) and call them on demand.
Honestly the best thing is probably get a consultant to come spend a few hours to do it for you. Messing with sidhistory can be a huge time sink. -
Applescript: How to run a script once upon logon for multiple users
I'm deploying a NetRestore image to about 150 Macs which will be using Active Directory and I've designed a custom default user for each new user. However, our system requires a specialized certificate that has to be installed on the local login.keychain for each user otherwise network connectivity is impacted.
I've tried to use the security command through Terminal to install the certificate, but no matter what combination of commands, I cannot seem to get that to work properly even with an already-created user. While it will often say it's installed, the cert will not actually show up in the login keychain in Keychain Access. And the network connectivity is still impacted.
So instead, I created a brief AppleScript that just gives the user brief instructions to click "Add" on the prompt for which Keychain to add the cert and then "Always Trust" for the "This cert is not verified" prompt. Then it launches Keychain Access. Originally, I was going to have it actually click the buttons for the user, but I realized trying to get the whole Accessibility apps and assitive devices to work on every new user would be a nightmare.
I created the script on another 10.9 Mac using Automator to make it an actual application. I've used the instructions in OS X: Using AppleScript with Accessibility and Security features in Mavericks to sign it and I'm using root to move it from its network location into the Applications folder. I've adjusted the permissions to allow all Admin users to r/w (along with everyone else). To the root user, it shows as a usable application, but every other user on the Mac sees it as damaged/incomplete.
What I want to do is add it to the default Login Items, so I can run the final AppleScript command to simply remove the login items listing. That way I don't need to worry about it running again, but it's still available for the next user to sign onto the deployed Mac.
I know it's a little convoluted, but this is the final piece to the NetRestore deployment I've been working on for months. Any suggestions on how to make this work (or even a completely different solution) would be greatly appreciated.
Here was the original shell script in case you're curious.
#!/bin/bash
## Prompt for current user admin for use in Certificate Install
while :; do # Loop until valid input is entered or Cancel is pressed.
localpass=$(osascript -e 'Tell application "System Events" to display dialog "Enter your password for Lync Setup:" default answer "" with hidden answer' -e 'text returned of result' 2>/dev/null)
if (( $? )); then exit 1; fi # Abort, if user pressed Cancel.
localpass=$(echo -n "$localpass" | sed 's/^ *//' | sed 's/ *$//') # Trim leading and trailing whitespace.
if [[ -z "$localpass" ]]; then
# The user left the password field blank.
osascript -e 'Tell application "System Events" to display alert "You must enter the local user password; please try again." as warning' >/dev/null
# Continue loop to prompt again.
else
# Valid input: exit loop and continue.
break
fi
done
echo $localpass | sudo security import /'StartupFiles'/bn-virtual.crt ~/Library/Keychain/login.keychain
osascript -e 'tell Application "System Events" to delete every login item whose name is "LyncCert"
And this is the AppleScript itself. (I used the \ to make it easier to read. The first line is actually one complete command)
display dialog "Click OK to start installing Mac Network Certificate." & return & return & \
"In the following prompts, click the 'Add' then 'Always Trust'." & return & return & \
After you have clicked 'Always Trust', quit Keychain Access." default button 1 with title \
"Mac Network Certificate Install"
activate application "Keychain Access"
tell application "Finder" to open POSIX file "/StartupFiles/bn-virtualcar.crt"
tell application "System Events" to delete login item "Lync-AppleScript"
end
Thank you for your help!I have run into this same issue. Are you trying to run the script one time as a new user logs in or everytime a user logs in?
-
Running Oracle Scripts from Command Line
Hi,
How can i run Oracle scripts from command line.
Actually i need to run these scripts from MSBuild before running Unit test projectsC:\>sqlplus @myscript
That would be the easiest variation
C:\>sqlplus user/passwd@tns_alias @myscript
would be an often used variation
And then there is of course the version with parameter passing:
C:\>sqlplus user/passwd@tns_alias @myscript param1 ... paramx
Dunno about MSBuild -
OIM 11 - Error while running scheduled job "Evaluate User Policies"
Hello,
We are trying to run the OOTB scheduled job " EValuate User Policies" with the default parameters. Job history shows the execution status success but diagnostic logs throw the following error. And the users donot get provisioned to their resources based on the access policies.
We are on OIM 11 BP05.
[2013-01-30T10:11:47.072-05:00] [oim_server1] [NOTIFICATION] [IAM-0080006] [oracle.iam.platform.kernel.impl] [tid: Thread-1033] [userId: oiminternal] [ecid: 3f3dc64898fb7625:-13c8cd5d:13c88a6943c:-8000-0000000000000002,1:26684] [APP: oim#11.1.1.3.0] Orchestration process moved to failed stage, and the corresponding error is - {0}[[
oracle.iam.platform.kernel.EventFailedException: Operation - EVALUATE_POLICIES that is submitted as part of the orchestration is not supported.
at oracle.iam.platform.kernel.impl.EntityDefaultActionHandler.execute(EntityDefaultActionHandler.java:53)
at oracle.iam.platform.kernel.impl.DefaultActionHandler.execute(DefaultActionHandler.java:41)
at sun.reflect.GeneratedMethodAccessor5717.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at oracle.iam.platform.kernel.impl.EventHandlerDynamicProxy.invoke(EventHandlerDynamicProxy.java:30)
at $Proxy254.execute(Unknown Source)
at oracle.iam.platform.kernel.impl.OrchProcessData.runActionEvents(OrchProcessData.java:1036)
at oracle.iam.platform.kernel.impl.OrchProcessData.runEvents(OrchProcessData.java:644)
at oracle.iam.platform.kernel.impl.OrchProcessData.executeEvents(OrchProcessData.java:227)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.resumeProcess(OrchestrationEngineImpl.java:764)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.process(OrchestrationEngineImpl.java:519)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:459)
at oracle.iam.platform.kernel.impl.OrchestrationEngineImpl.orchestrate(OrchestrationEngineImpl.java:378)
at oracle.iam.accesspolicy.impl.AccessPolicyServiceInternalImpl.evaluatePoliciesForUser(AccessPolicyServiceInternalImpl.java:78)
at oracle.iam.accesspolicy.api.AccessPolicyServiceInternalEJB.evaluatePoliciesForUserx(Unknown Source)
at sun.reflect.GeneratedMethodAccessor5730.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.jee.spi.MethodInvocationVisitorImpl.visit(MethodInvocationVisitorImpl.java:37)
at weblogic.ejb.container.injection.EnvironmentInterceptorCallbackImpl.callback(EnvironmentInterceptorCallbackImpl.java:54)
at com.bea.core.repackaged.springframework.jee.spi.EnvironmentInterceptor.invoke(EnvironmentInterceptor.java:50)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:89)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at com.bea.core.repackaged.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at com.bea.core.repackaged.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
at $Proxy574.evaluatePoliciesForUserx(Unknown Source)
at oracle.iam.accesspolicy.api.AccessPolicyServiceInternalEJB_bgsblp_AccessPolicyServiceInternalRemoteImpl.__WL_invoke(Unknown Source)
at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
at oracle.iam.accesspolicy.api.AccessPolicyServiceInternalEJB_bgsblp_AccessPolicyServiceInternalRemoteImpl.evaluatePoliciesForUserx(Unknown Source)
at sun.reflect.GeneratedMethodAccessor5727.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
at $Proxy164.evaluatePoliciesForUserx(Unknown Source)
at sun.reflect.GeneratedMethodAccessor5726.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
at $Proxy421.evaluatePoliciesForUserx(Unknown Source)
at oracle.iam.accesspolicy.api.AccessPolicyServiceInternalDelegate.evaluatePoliciesForUser(Unknown Source)
at com.thortech.xl.schedule.tasks.tcTskUsrEvaluatePolicies$PolicyEvalWorker.run(tcTskUsrEvaluatePolicies.java:319)
at java.lang.Thread.run(Thread.java:662)
at com.thortech.xl.scheduler.tasks.SchedulerBaseTask$XLSchedulerThread.run(SchedulerBaseTask.java:157)
[2013-01-30T10:11:47.081-05:00] [oim_server1] [NOTIFICATION] [IAM-0080046] [oracle.iam.platform.kernel.impl] [tid: Thread-1030] [userId: oiminternal] [ecid: 3f3dc64898fb7625:-13c8cd5d:13c88a6943c:-8al.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
at oracle.iam.accesspolicy.api.AccessPolicyServiceInternalEJB_bgsblp_AccessPolicyServiceInternalRemoteImpl.evaluatePoliciesForUserx(Unknown Source)
at sun.reflect.GeneratedMethodAccessor5727.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at weblogic.ejb.container.internal.RemoteBusinessIntfProxy.invoke(RemoteBusinessIntfProxy.java:85)
at $Proxy164.evaluatePoliciesForUserx(Unknown Source)
at sun.reflect.GeneratedMethodAccessor5726.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:307)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:198)
at $Proxy421.evaluatePoliciesForUserx(Unknown Source)
at oracle.iam.accesspolicy.api.AccessPolicyServiceInternalDelegate.evaluatePoliciesForUser(Unknown Source)
at com.thortech.xl.schedule.tasks.tcTskUsrEvaluatePolicies$PolicyEvalWorker.run(tcTskUsrEvaluatePolicies.java:319)
at java.lang.Thread.run(Thread.java:662)
at com.thortech.xl.scheduler.tasks.SchedulerBaseTask$XLSchedulerThread.run(SchedulerBaseTask.java:157)
Any answer is highly appreciated.
Thanks,
MBiswalOk, did you reimported the /metadata/iam-features-accesspolicy/event-definition/EventHandlers.xml from the BundlePatch folder?
Have you followed Addendum to OIM 11.1.1.5.6 Bundle Patch 06 Readme (Doc ID 1543504.1)? -
Error to execute the script through command prompt
I tried to execute the script through command prompt. I got some following error. Could you please advice me how to rectify this.
cscript D:\JS\Test.js
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
D:\JS\Test.js(1, 1) Microsoft JScript runtime error: 'app' is undefined.
Thanks,
PrabudassI haven't use CS for quite some time and file associations may not work with the command prompt.
You can try using Windows Explorer to browse to a .js file then right click on that file. From the popup menu choose Open With. Even if you see Photoshop in the file list choose Browse at the bottom. Browse to Photoshop and make sure to check 'Always use selected program...'
If that doesn't work you will need to create an action that runs your script and make a droplet from that action. You can then use the droplet in the command prompt. You may also need to create a 'dummy' image file to launch the droplet with if you script doesn't require an open document at startup. See http://www.ps-scripts.com/bb/viewtopic.php?t=967 -
What is the powershell command to get the user count in Active Directory
What is the powershell command to get the user count in Active Directory
Get-ADuser
REF: http://blogs.technet.com/b/heyscriptingguy/archive/2012/10/30/powertip-single-line-powershell-command-to-list-all-users-in-an-ou.aspx
This post is provided AS IS with no warranties or guarantees, and confers no rights.
~~~
Questo post non fornisce garanzie e non conferisce diritti -
11.2.3a - Unable to edit exsisting xp user policies
Maybe I could get some help here. I am currently unable to edit XP group user policies from my zenworks 11.2.3a zone. All policies were "minted" uner the 11.2.2 version. I was able to edit policies no problem before the 11.2.3a Update. All machines have the 11.2.3a Group Policy helper activeX control installed on them (Fresh images not upgrades). Here are the problems I am having
1. When the group policy editor opens, all my policies are set to "Not Configured", even though these are active working policies with many items configured
2. Once in a ten or so tries, the group policy editor opens the ADM's correctly. I am able to configure the needed settings. The group Policy editor closes and echoes back theat the "Settings were successfully imported". The problem here is that the "upload button" stays dimmed out and I am unable to uplaed the configured policy.
Not really to sure what is going on.mdymes wrote:
>
> Maybe I could get some help here. I am currently unable to edit XP
> group user policies from my zenworks 11.2.3a zone. All policies were
> "minted" uner the 11.2.2 version. I was able to edit policies no
> problem before the 11.2.3a Update. All machines have the 11.2.3a
> Group Policy helper activeX control installed on them (Fresh images
> not upgrades). Here are the problems I am having
>
> 1. When the group policy editor opens, all my policies are set to
> "Not Configured", even though these are active working policies with
> many items configured
>
> 2. Once in a ten or so tries, the group policy editor opens the ADM's
> correctly. I am able to configure the needed settings. The group
> Policy editor closes and echoes back theat the "Settings were
> successfully imported". The problem here is that the "upload button"
> stays dimmed out and I am unable to uplaed the configured policy.
>
> Not really to sure what is going on.
I've seen something like this in earlier versions as well - in my case
it was the version of the browser I used and the security settings of
this. What browser do you use?
Do you see the same if you use the ZCC from antoher server?
Niels
A true red devil... -
Terminal command to login a user
I'm doing some work on a lab, and it part of the process involves logging out the user. To complete the installation, I need to log back in as the user. ARD let's let send a command to log out a user, but is there a terminal command to login a user? I've tried using login -f username, but that didn't work.
To login as administrator:hello
I use:
osascript <<EOF
tell application "System Events"
keystroke "administrator"
keystroke tab
delay 0.5
keystroke "hello"
delay 0.5
keystroke return
keystroke return
end tell
EOF
You can save it as a task and double-click and drag in the computers and run when you want to do it. -
How to prevent Evaluate User Policies to run for Bulk loaded users?
Hi,
I have an OIM 11G R2 environment, where i did a bulk load of abount 200,000+ users, and all the users' accounts were created using target recon.
How do I prevent the evaluate user policies scheduler from running for these users?
Any ideas are welcome.
Thanks,
Aravind SureshHi,
I do have roles and access policies.
But i do not want them to applied to them at this stage as they already got everything through target recon.
Only for new users or these users on update i want the evaluate user policies to run.
Otherwise running evaluate user policies for these many users could be a very time and resource consuming task.
Thanks,
Aravind Suresh -
BASH script to determine most recent/used user account
Hi everyone,
I'm trying to patch a script I have to copy user data and set permissions accordingly. I'd like to have the script sense the most-logged-into user account and set permissions on the corresponding home folder, is there a way to do this in Tiger?
My next question is that these computers are being upgraded from Tiger to Leopard. Is there a way in Leopard to sense all existing user accounts (again in BASH), and set permissions on their corresponding home folders? That might be the best solution, and the easiest to implement.
TIA!Hi everyone,
I'm trying to patch a script I have to copy user data and set permissions accordingly. I'd like to have the script sense the most-logged-into user account and set permissions on the corresponding home folder, is there a way to do this in Tiger?
My next question is that these computers are being upgraded from Tiger to Leopard. Is there a way in Leopard to sense all existing user accounts (again in BASH), and set permissions on their corresponding home folders? That might be the best solution, and the easiest to implement.
TIA! -
"certain user policies are enabled that can only run during logon"
I have created a GPP for mapping a drive. Is there any way to NOT prompt for a logoff on first logon?
"certain user policies are enabled that can only run during logon"
OK to logoff?. (Y/N)I have created a GPP for mapping a drive. Is there any way to NOT prompt for a logoff on first logon?
"certain user policies are enabled that can only run during logon"
OK to logoff?. (Y/N) -
Problem with"Evaluate User Policies"sch task after the upgrade OIM R1 to R2
Problem with "Evaluate User Policies" scheduled task after the upgrade from OIMg R1 to OIM 11g R2
After the upgrade process is completed we are having issue with Access policy not triggering if rule is set to custom attribute
- We had a Rule with custom attribute (Policy='Full-Time') the value gets populated by event handler which triggers the access policy in OIM 11g R1.. which worked fine in OIM R1
After the upgrade the value is getting populated but even after running "Evaluate User Policy" the Access Policy is not getting triggered.
We tested creating a rule with other custom attribute,policy does not trigger even after running Evaluate User Policy schedule Task in this case too
but if we try creating rule with OOTB attributes(Country='US') it works fine the access policy got triggered after running Evalute User Policy
One more issue we observed is
- Evaluate User Policy value usr_policy_update is not updated still set to '1' even after the Access policy got triggered (as it worked when rule is set to OOTB attribute)
I believe after the evaluate user policy gets triggered for a user it should update the value from '1' to '0')
Please let me know if you have any idea..Thanks!well, I overcame the issue by 'fooling' the installer: on second node, change the scan ip address to point to something else (ie, different ip address to the scan in the first node, cleanup then rerun root.sh, it went past the trouble stage, then I still have problem later at the time database creation. I think scan ip address has to be setup correctly (round robin thingy)
This is how i did the cleanup before rerun root.sh
/u01/app/11.2.0/grid/crs/install/rootcrs.pl -verbose -deconfig -force -
Dos based script or command to backup iphone5
hello,
I am using iTunes 11 and iPhone 5 on window XP. I want to create iPhone 5 backup through iTunes services in my location(not in default location). can you provide any type of dos based script or command.
thanks in advance
Vivek Chauhanhttp://www.iclarified.com/28426/how-to-change-the-location-of-your-itunes-iphone -backups-windows
-
Script to delete a lot of user from exchange
Hi every one I have a list of mailbox in excel file
Please I want to know how I can delete a list of mailbox with powershell
Thank youHello,
If you are using text file as input file, there is no need place ; or , after every user.
If you using text file. Use below command:
Get-Content C:\User.txt | foreach{ Remove-mailbox
-Identity $_
-Confirm $false}
If you are using CSV file. You can use following command.
$a= import-csv c:\userdeletionlist.csv
Foreach( $u in $a) { Remove-mailbox -Identity $u
-Confirm $false}
Maybe you are looking for
-
Working on both Mac and PC, advice?
First of all, I hope this is an acceptable forum for this question, I figured licensing is the root of the 'problem' so might as well ask here. I currently have a desktop PC with CS2 (I've also got MX 2004 of the other stuff), I really have no reason
-
Can you help? Ipod no longer syncing songs from my music
I have recently added many more cds to my "my music" on windows. When I used to do this, the next time Iplugged in my ipod it would automatically upload all the new albums. However, now it does not. I don't know how to transfer these songs to my itun
-
NEF(raw) photos turn into jpg when i drag from iphoto to my desktop?
why do my NEF(raw) photos from my nikon D90 turn into jpg when i drag them from iphoto to my desktop? i can not work on them in PS unless i dig into the original files in the masters list. i download them from the card, both go in, and if i look at t
-
Shift or Adjust All Pages/Content for Print
Is there a way to shift all content in an entire publication by specified amounts, from one central location or command - as a temporary "effect"? I work with a document containing a set of labels (@70) that print the variable, b&w text portions of p
-
I connect my iphone as i always have - it syncs but does not show down the left as a device?
can anyone please help? it worked yesterday fine...