Secure IOS Configuration Template for AP's?

Similar Messages

• App-V: A Configuration Template for Deploying to Stateless RDS Clients on Citrix Published Desktops with Citrix UPM for Profile Management

  Please Vote if you find this to be helpful!
  App-V:  A Configuration Template for Deploying to Stateless RDS Clients on Citrix Published Desktops with Citrix UPM for Profile Management
  Just posted this to the wiki:
  http://social.technet.microsoft.com/wiki/contents/articles/25318.app-v-a-configuration-template-for-deploying-to-stateless-rds-clients-on-citrix-published-desktops-with-citrix-upm-for-profile-management.aspx

  I would not recommend this and keep the package cache and the client on the same non-persistent drive and enable the Shared Content Store. If you separate the cache and the App-V client they could get out of sync and strange behaviour can occur. 
  You can use a temporary local profile with Citrix UPM or UE-V and specify what to roam/save.
  You can use the Shared Content Store so packages will stream over the network. When the user logs on there is a publishing phase where shortcuts etc are created for the user, this will take some time.
  Are you using the App-V full infrastructure?
  Are you using a boot disk, partition or PXE in combination with PVS?

• Configuration Template for SRP 521W

  Hello all,
  Does anyone have a recommnedation for creating a configuration template for the SRP521W?  I can use the Admin-->Backup Config to get a xxx.cfg file, but I cannot edit it with notepad++.
  Also, i know the config can be view via view-source:http://ipaddr/admin/config.xml, but how would I load a modified copy of this back to the router?
  Thanks in advance for your time!
  Philip

  Hi Philip,
  You can load XML configurations on to the SRP using a number of different methods.
  Firstly, make sure that your XML is properly formatted as follows.  Configuration files can include as much or as little configuration as you need.
  <?xml version="1.0"?>
    Add your configuration here
  Provisioning Methods
  1. Resync URL
  You can use the resync URL to command the SRP to collect a new configuration from a specified location.  The SRP can use TFTP, HTTP or HTTPS to collect the defined configuration.  Once you have created your configuration file and loaded it to a TFTP or web server, construct a URL as follows and paste it in to your browser.
  http://:/admin/resync?&xuser=admin&xpassword=
  For example:
  http://192.168.15.1/admin/resync?tftp://192.168.15.100/myconfig.xml&xuser=admin&xpassword=admin
  2. Provisioning URL configuration
  As an alternative to the above, it is also possible to configure the SRP500 with a provisioning URL via the web GUI.  In this case, take the configuration file URL and use it configure the "Profile Rule"  configuration field, which may be found on the Voice > Provisioning page.
  3. Push URL
  Use an application like curl to post the XML file directly to the SRP IP address.  For example:
  curl -k -d @myconfig.xml http://192.168.15.1/admin/config.xml&xuser=admin&xpassword=admin

• Updated! App-V: A Configuration Template for Deploying to Stateless RDS Clients on Citrix Published Desktops with Citrix UPM for Profile Management

  I've updated my App-V Startup script that I use.  The new version includes Event Logging as well as detailed logging, and its in PowerShell finally)
  Check out the wiki!
  http://social.technet.microsoft.com/wiki/contents/articles/25318.app-v-a-configuration-template-for-deploying-to-stateless-rds-clients-on-citrix-published-desktops-with-citrix-upm-for-profile-management.aspx

  I've updated my App-V Startup script that I use.  The new version includes Event Logging as well as detailed logging, and its in PowerShell finally)
  Check out the wiki!
  http://social.technet.microsoft.com/wiki/contents/articles/25318.app-v-a-configuration-template-for-deploying-to-stateless-rds-clients-on-citrix-published-desktops-with-citrix-upm-for-profile-management.aspx

• Oracle Sesame Adaptater - missing template for creation of a new SAIL repo.

  Hi,
  I'm trying to deploy the Sesame Adaptater on my TOMCAT server.
  At the point 8.9 of the doc ( http://docs.oracle.com/cd/E18283_01/appdev.112/e11828/sem_sesame.htm#BABFFEFA) I'm suppose to type in the sesame console the following comand :
  "create oracle."
  I got this error :
  ERROR : No template called Oracle found in C:\Users\<Username>\AppData\Roaming\Aduna\OpenRDF Sesame Console\templates
  By reading the Sesame doc and according to this page (http://www.openrdf.org/doc/sesame2/users/ch07.html) I suppose that I have to add in the "C:\Users\<Username>\AppData\Roaming\Aduna\OpenRDF Sesame Console\templates" directory a file based on this template :
  # Sesame configuration template for a main-memory repository
  @prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#>.
  @prefix rep: <http://www.openrdf.org/config/repository#>.
  @prefix sr: <http://www.openrdf.org/config/repository/sail#>.
  @prefix sail: <http://www.openrdf.org/config/sail#>.
  @prefix ms: <http://www.openrdf.org/config/sail/memory#>.
  [] a rep:Repository ;
  rep:repositoryID "{%Repository ID|memory%}" ;
  rdfs:label "{%Repository title|Memory store%}" ;
  rep:repositoryImpl [
  rep:repositoryType "openrdf:SailRepository" ;
  sr:sailImpl [
  sail:sailType "openrdf:MemoryStore" ;
  ms:persist {%Persist|true|false%} ;
  ms:syncDelay {%Sync delay|0%}
  Do anyone have the correct template ?
  I didn't find any other thread about this problem, so I supose it's an easy issue to solve, but the Semantic Technologies are totally new for me.
  Arthur

  I finally find the answer to my question. The template used in the tutorial is present in the sesame adapter.
  I just had to extract the files into the "sdordfsesame.jar", the template is locate in "sdordfsesame.jar/org/openrdf/console/oracle.ttl".
  After adding the "oracle.ttl" to the correct directory, it's work fine.
  Arthur

• How to create bulk configuration files from a template for staging?

  Hello,
  We have created a sample configuration for ISRG2 2901 Router.  The sample configuration is long, and with copy/paste it is possible to skip some lines, and it is difficult to ensure the configuration of every device is standardized due to this error possibility. What we are trying to achieve is first create a template from this sample configuration file, and then create configuration files for each device seperately and automatically. After creating this configuration instances, we want to be able to distribute the configuration files (and possibly the ios) to the devices during the staging phase. Since there are about 1000 2901 routers, creating configuration files is important?
  From searching we have found the following tools:
  1) CCE (Cisco Configuration Engine): This tool seems to be very efficient for distributing the created configuration files. We may use the serial number of the device, and it provides almost zero touch provisioning of the configuration files to the devices. Creating the configuration file from the template seems to be manual, i.e enter the ip addresses of the interfaces, the routing tables one by one for each device. How can we use velocity template for device configs?
  2) Ciscoworks LMS Prime: It is possible to create a baseline template for the devices, and after getting the backup configuration of the routers, it is possible to compare the actual configuration of the device with the baseline template, and understand if there is any difference with each other. This is indeed very useful in order to keep the configuration standardized, we again could not find a way to create bulk configuration files from the baseline template.
  3)  Solarwinds Config Generator: This tool is useful for creating a configuration file from a template, but again not for automatically creating configuration files, and needs manual intervention.
  4) Excel Macro: It seems that some people have achived to automatically create configuration files with using an excel macro, but we could not find a procedure or tip of how to achieving this.
  5) Pearl or TCL/TK Script: Again since we are not software developers but from networking field, it is difficult to achieve a working form of this scripts or codes due to to lack of documentation and development experience.
  So our problem comes down to creating a template from a sample configuration, and creating bulk configuration files from the template. Is there a specific tool or procedure to achive this purpose?
  Thanks in Advance,
  Best Regards,

  Hi,
  Try this one http://www.gen-it.net
  Regards,
  Stuart

• Configuration file for pkcs11 security provider

  Hi all,
  I'm using Mandriva 2008.0 . In the jdk 1.5.0 documentation, it is given that, the security provider pkcs11 can be configured statically by adding an entry, as shown below, in the java.security file present in the directory jre/lib/security/.
  *# configuration for security providers 1-6 ommitted*
  security.provider.7=sun.security.pkcs11.SunPKCS11 /opt/bar/cfg/pkcs11.cfg
  Where can I get the configuration file (pkcs11.cfg) from? Please direct me how to proceed.
  Thanks.

  Hi,
  I went through that Java SE6 documentation link. It describes the contents of the configuration file for pkcs11. But I couldn't find the information of where can I get the configuration file for pkcs11 security provider from.
  Thanks.

• Will the security update be available for IOS 6?

  Will the security update be available for IOS 6?

  linrey wrote:
  Not so - Apple says they have release iOS 6.1.6 to address the security problem. However no one seems to know how to get it since every request for an update only offers iOS 7. Very strange...
  Nothing strange about it.  iOS update only allows the installation of the latest release based on the hardware it detects you are using.  The 6.1.6 update is only available to those devices that CANNOT run iOS 7, like the iPhone 3Gs.  For any device capable of running iOS 7, the iOS update system will ONLY offer the option of updating to iOS 7.0.6, regardless of whether the device is still running iOS 6 at the time you try to update it.
  That is how the iOS update system has always worked - you simply cannot update to a lesser iOS release then the most recent for your particular hardware.

• Secure Configuration Guide for Lion?

  Is Apple going to release a secure configuration guide for Apple, as it has for its past OS X operating systems?  It doesn't yet exist on the Secure Configuration Guide page on Apple's site.

  i'm also interested in reading this document.
  i posted the same question before reading your post.
  https://discussions.apple.com/message/19256352#19256352

• Why can't I configure BFD for static routes on IAD2431 on ios 15.1(2)T when Feature Nav says its in there

  I am trying to configure BFD for static routing on a 2431 running IOS 15.1(2)T to detect and route around simple multihoming faults.  According to Cisco Feature Navigator, BFD for static routes is supported on c2430-ik9o3s-mz.151-2.T.bin.  But when I follow the config guide steps to configure it, IOS does not recognize the commands, such as:
  ERC3-IAD2431-3(config)#int fa0/0
  ERC3-IAD2431-3(config-if)#bfd ?
  % Unrecognized command
  ERC3-IAD2431-3(config-if)#
  and:
  ERC3-IAD2431-3(config)#ip route static bfd fa0/0 172.19.113.241 
  % BFD is not supported on FastEthernet0/0
  ERC3-IAD2431-3(config)#
  Am I missing some prerequisite, or restriction?

  Vignesh,
  As requested:
  ERC3-IAD2431-3#show version
  Cisco IOS Software, 2400 Software (C2430-IK9O3S-M), Version 15.1(2)T, RELEASE SOFTWARE (fc1)
  Technical Support: http://www.cisco.com/techsupport
  Copyright (c) 1986-2010 by Cisco Systems, Inc.
  Compiled Mon 19-Jul-10 16:23 by prod_rel_team
  ROM: System Bootstrap, Version 12.3(7r)T2, RELEASE SOFTWARE (fc1)
  ERC3-IAD2431-3 uptime is 1 week, 20 hours, 31 minutes
  System returned to ROM by reload at 15:45:52 EDT Mon Oct 27 2014
  System restarted at 15:47:56 EDT Mon Oct 27 2014
  System image file is "flash:c2430-ik9o3s-mz.151-2.T.bin"
  Last reload type: Normal Reload
  This product contains cryptographic features and is subject to United
  States and local country laws governing import, export, transfer and
  use. Delivery of Cisco cryptographic products does not imply
  third-party authority to import, export, distribute or use encryption.
  Importers, exporters, distributors and users are responsible for
  compliance with U.S. and local country laws. By using this product you
  agree to comply with applicable laws and regulations. If you are unable
  to comply with U.S. and local laws, return this product immediately.
  A summary of U.S. laws governing Cisco cryptographic products may be found at:
  http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
  If you require further assistance please contact us by sending email to
  [email protected].
  Cisco IAD2431 (R527x) processor (revision 4.1) with 250880K/11264K bytes of memory.
  Processor board ID FHK1444F1GM
  R527x CPU at 225MHz, Implementation 40, Rev 3.1
  2 FastEthernet interfaces
  48 Serial interfaces
  2 Channelized T1/PRI ports
  1 Virtual Private Network (VPN) Module
  DRAM configuration is 64 bits wide with parity disabled.
  63K bytes of non-volatile configuration memory.
  System fpga version is 250027
  System readonly fpga version is 250027
  Option for system fpga is 'system'.
  126976K bytes of ATA System CompactFlash (Read/Write)
  Configuration register is 0x2102
  ERC3-IAD2431-3#show int fa0/0
  FastEthernet0/0 is up, line protocol is up 
    Hardware is Gt96k FE, address is 5475.d026.3019 (bia 5475.d026.3019)
    Description: Uplink to TWC/Avaya VoIP Network
    Internet address is 24.30.210.144/27
    MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, 
       reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation ARPA, loopback not set
    Keepalive set (10 sec)
    Full-duplex, 100Mb/s, 100BaseTX/FX
    ARP type: ARPA, ARP Timeout 04:00:00
    Last input 00:00:00, output 00:00:00, output hang never
    Last clearing of "show interface" counters never
    Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
    Queueing strategy: fifo
    Output queue: 0/40 (size/max)
    5 minute input rate 2000 bits/sec, 3 packets/sec
    5 minute output rate 1000 bits/sec, 2 packets/sec
       40541 packets input, 6155984 bytes
       Received 20517 broadcasts (0 IP multicasts)
       0 runts, 0 giants, 0 throttles
       0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
       0 watchdog
       0 input packets with dribble condition detected
       149623 packets output, 22178324 bytes, 0 underruns
       0 output errors, 0 collisions, 5 interface resets
       17 unknown protocol drops
       0 babbles, 0 late collision, 0 deferred
       0 lost carrier, 0 no carrier
       0 output buffer failures, 0 output buffers swapped out
  ERC3-IAD2431-3#show int fa0/1
  FastEthernet0/1 is up, line protocol is up 
    Hardware is Gt96k FE, address is 5475.d026.301a (bia 5475.d026.301a)
    Internet address is 172.19.113.242/29
    MTU 1500 bytes, BW 100000 Kbit/sec, DLY 100 usec, 
       reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation ARPA, loopback not set
    Keepalive set (10 sec)
    Full-duplex, 100Mb/s, 100BaseTX/FX
    ARP type: ARPA, ARP Timeout 04:00:00
    Last input 00:00:44, output 00:00:05, output hang never
    Last clearing of "show interface" counters never
    Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
    Queueing strategy: fifo
    Output queue: 0/40 (size/max)
    5 minute input rate 0 bits/sec, 0 packets/sec
    5 minute output rate 0 bits/sec, 0 packets/sec
       14829 packets input, 3324508 bytes
       Received 7916 broadcasts (0 IP multicasts)
       0 runts, 0 giants, 0 throttles
       1 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
       0 watchdog
       0 input packets with dribble condition detected
       78596 packets output, 7819210 bytes, 0 underruns
       0 output errors, 0 collisions, 13 interface resets
       0 unknown protocol drops
       0 babbles, 0 late collision, 0 deferred
       0 lost carrier, 0 no carrier
       0 output buffer failures, 0 output buffers swapped out
  ERC3-IAD2431-3#
  Thanks,
  Alfy

• Harvard Outline Template for Pages iOS version ipad and iphone

  Is there any way to create a Harvard Outline in the Pages ios 8 version for ipad and iPhone?  If not can anyone recomend and App that does?

  Syrian_Kiwi wrote:
  The iCloud based Pages doesn't support Arabic... :-/
  You are correct, the new iCloud version also doesn't support any Indic script.  Use the feedback link to ask Apple to fix that before it leaves beta status.  The iCloud webapps have a separate forum at
  https://discussions.apple.com/community/iwork/iwork_for_icloud_beta

• Remote Desktop Service Manager - configure permissions for Remote Desktop Users to Send Message, Disconnect, Logoff

  Hello, dear colleagues.
  We are using Windows Server 2012 R2 as Remote Desktop Server. Also use Windows Server 2008 R2 with Remote Desktop Service Manager to control RDS user sessions (Send Message, Disconnect, Logoff, Query Info). 
  Send Message, Disconnect, Logoff options works only for users in Administrators group.
  I can't to configure permissions for Remote Desktop Users, specific user or AD group. 
  To set permissions I'm running RDS Host Configuration on Windows Server 2008 R2 and connect to Windows Server 2012 R2. Then double-click
  RDP-Tcp, Security tab, add specific user account , AD group or configure
  advanced permissions
  for Remote Desktop Users.  
  But, as I sad above, these options works only for users in Administrators group. How to make it work for Remote Desktop Users or specific user, AD group?
  Thanks.
  P.S. If move specific user from Remote Desktop Users group to Administrators group on
  Windows Server 2012 R2 - it works. 

  Hi,
  You can prevent administrators from changing the permissions for a connection by applying the
  Do not allow local administrators to customize permissions Group Policy setting. 
  This Group Policy setting is located in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security
  Apart there is one command with which you can set the permission for that check the related
  article. Additionally checkthis
  thread for more detail.
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Packer Arch: a template for building Arch base boxes for Vagrant

  I thought some people might be interested in my Packer Arch project. It is a bare bones Packer template and installation script that can be used to generate a Vagrant base box for Arch Linux. The template works for both Vagrant's default VirtualBox provider as well as the VMware provider.
  If you're not familiar with Vagrant, it's a way to "create and configure lightweight, reproducible, and portable development environments"...basically an incredibly easy way to spawn temporary virtual machines that you can use for testing/developing anything. In my case I launch Arch VMs to test out Ansible automated configuration tasks that I use to manage some personal servers. Anyway, hope somebody else finds it useful.
  https://github.com/elasticdog/packer-arch

  Absolutely right. I purposefully wanted to recreate a system that you'd see either out in the wild when purchasing a VPS, or what you'd have after performing a fresh installation from the latest ISO on your own hardware. Even though my end goal was to test Ansible, I didn't include its dependency of Python 2 directly in the build process, but kept things as minimal as possible and use a bootstrap script to handle dependencies after the fact. If you're interested in using Ansible to manage Arch hosts, I did write a quick blog post on my bootstrap process:
      Developing Ansible Playbooks for Arch Linux with Vagrant
  ...and another project I published called Hyperboriarch has some good examples of doing initial configuration tasks with Ansible (securing ssh, configuring ntp, simple iptables firewall setup, etc.):
      https://github.com/elasticdog/hyperboriarch
  </self-promotion>
  Last edited by elasticdog (2013-09-27 19:04:04)

• NCS WLAN Configuration Template Problems

  Hi All,
  I'm trying to set up WLAN Configuration templates on our new NCS server.  The version of NCS is 1.1.1.24 and the version of our WLC is 7.2.103.0.  I have two problems:
  1.  I do not see an option for AAA Override.   Has this been renamed to something else in NCS?
  2.  I do not see a way to assign a WLAN ID in the template.  This is important as I use it as a RADIUS attribute in our ClearPass guest wireless service.
  Thanks,
  Jason

  Yeah, it's a bit hidden.
  For the AAA Overide, it's actually under the Security > AAA Servers.
  As for setting the WLAN ID, this is not a configurable option from NCS.  It will just build the next one that is available.
  HTH,
  Steve
  Please remember to rate useful posts, and mark questions as answered

• ADM templates for Java

  Ok, this is a bit off topic, but let me put this up:
  1. On a windows 7 with the latest Java, I am accessing a Java page 
  http://nlvm.usu.edu/en/nav/frames_asid_190_g_1_t_1.html
  2. This page doesn't have a trusted certificate, as its an educational purpose one, anyway, I get the message :
  "Your security settings have blocked an untrusted application from running."
  3. Referring to : http://www.java.com/en/download/help/appsecuritydialogs.xml : I can as a Admnistrative user go in and goto Control Panel, Get to Java (32-bit)  and open it up
  Then I can go to Security and add the exception there.
  My issue is with users who are non-administrators.
  So I would like to know if anyone else has had a similar requirement where they had to do something in the Java Control Panel and used an ADM template, one they created or one available somewhere to configure it globally.
  Regards,
  Ramu
  Ramu V Ramanan

  Hi,
  try a web search.....
  http://www.bing.com/search?q=admx files or java RT
  you can write your own admix files for the Java RT settings or usually the software vendor offers a template for corporate users.
  or you could use procmon.exe to monitor which registry keys are changed by the java RT security console.
  Regards.
  Rob^_^