Security for domain computer only accessible for administrative users

Similar Messages

• Data Level security for specific Users

  Hi,
  Can you please suggest some ideas on by-passing the Data Level security for specific users or specific group?
  Currently, we have data level security defined on a group permissions for one group and for people belonging to another group, the security should not apply and they should see entire data.
  But, key thing here is that, the user belongs to both the groups.
  Any ideas helps.
  Thanks,
  Chandu.

  So you are saying you want a user to belong to a group with data-level security filters, but you don't want the filters to apply to that user?
  Why are they in the group then?
  Are the data filter defined with variables or are the hard-coded?
  If variables, you may be able to put logic in initialization block to set the variable appropriately for specific users.
  I'd rethink the security model - when I define data level security filters, I tend to force users to only belong to a single group/role.

• Content Administration Tab is missing for administrator user in  NW CE 7.1

  we have a issue after upgrading the portal to NW CE 7.1 SP00 RTC.
  "Content Administration" Tab is missing for administrator users

  In CE version, we have to manually enable by using "Content Layer Tool"
                http://<host>:<port>/irj/servlet/prt/portal/prteventname/HtmlbEvent/prtroot/com.sap.portal.content.layers.ContentLayersTool
  This link may lead to "Portal Runtime Error" because "contentLayerTool" is port of high_safety zone
  To access without runtime error, pls follow the below process.
  1. login http://<host>:<port>/irj with admin user
  2. concatenate the below line to browser
      /servlet/prt/portal/prteventname/HtmlbEvent/prtroot/com.sap.portal.content.layers.ContentLayersTool
  3. To enable content admin tab click "Activate Development Mode"

• SMTP Security for Roaming Users

  Hi all,
  We used to arrange our mobile users to use VPN to access our MS (2005Q4) server so that they can use it as a relay to send mail to external email addresses when they are roaming. The server is configured so it allows mail relay from internal (VPN) IP addresses so that it still protects us from external spammers from using it as an open relay.
  That works well for some time. However, it has 2 disadvanges:
  1. Users must first setup setup a VPN before getting mail, and that's a support nightmare
  2. Sending email this way allows any internal and VPN users to forge sender envelop address
  So I'm thinking the following:
  1. Enable SMTPS (to avoid the VPN stuff)
  2. Configure MS to require authentication for both SMTP and SMTPS for senders who uses @ourdomain.com email address in the envelop. And at the same time, match that envelop sender address with the authenticated user to see if they match.
  I have already done point #1. But #2 seems so complicated. Please advice if I am thinking in the correct direction. Is there a simpler way to archieve that?
  Any ideas are welcome.
  Thanks.
  BR,
  Py

  Hi,
  SMTPS is definitely a good idea for roaming users. If you are going to be requiring authentication then you want the authentication details to be encrypted.
  2. Configure MS to require authentication for both SMTP and SMTPS for senders who uses @ourdomain.com email address in the envelop. And at the same time, match that envelop sender address with the authenticated user to see if they match.This seems complex to me and is going to cause issues for users who send emails via their ISP's server to your work-place when working from home. Requiring authentication for the SMTPS connection is a good idea and that can be accomplished just by associating the TLS port with the SMTP_SUBMIT service (instead of just SMTP):
  [SERVICE=SMTP_SUBMIT]
  PORT=587
  ! Uncomment the following line if you want to support SSL on the alternate
  ! port 465
  TLS_PORT=465
  You should also enable the logging of the username used when authenticating by adding the following line to the option.dat file:
  LOG_USERNAME=1
  That way if there is a user who 'spoofs' their email address, you know who they are (by the username), the IP address they came from and who they were pretending to be. This should act as sufficient deterrent.
  Shane.

• Synchronization only works with Administrator user

  I've been using Blackberry Desktop Software for about 18 months to synchronize organizer data held in Microsoft Outlook 2010, under Windows XP Professional SP3, via a USB connection.
  I recently upgraded the BB desktop to v7.1.0 B42. In order to get a functional installation, I needed to remove the previous version and all associated data, and reinstall from scratch. After this, synchronization only works when the Windows account has Administrator privileges. This is true for both USB and Bluetooth connection.
  Has anyone else had this problem?

  I believe I do have it setup for all users - the printer shows up in "print setup utility" for the other accounts. When I get home I'll go ahead and reinstall the Stylus C86 driver.
  Since I'm at work, I attempted to print to a network printer I also have installed - I get the same error when I print from the other admin account (not mine) or the managed user account.
  Here's another tidbit: From the other admin account I navigated to the CUPS interface (127.0.0.1:631) and was able to successfully print a test page from there.
  Could this be some kind of user permission issue?

• Security for Administrator Role in 11.1 and Upgrades

  Our Essbase is still on 6.5 with three applications/DB. I'd like to know:
  1. How much efforts to upgrade to 11.1. What are the most time consuming tasks in such upgrade.
  2. Can admin role be set up for ONLY one application/db, including user security, group, variables...
  Thanks for your responses.

  The amount of effort depends on your IT staff, number of users, and number of cubes. This could be anywhere from a few weeks for a small environment to a few months for a large environment.
  Major steps:
  Hardware procurment (hen going from 6.5 you can expect to purchase a whole new hardware environment)
  Installation of Hardware
  Installation of Software
  Data export from 6.5
  Data import to 11.x
  Exeuction of scripts to calc 11.X data
  Export/Import of security (Filters, Groups,Users)
  Update of client software (Add-in)
  Financial Reports Export/Import (if you use them)
  Update of all automation scripts (this one can really take a lot of time. One of my large clients had 1600 scripts on Unix -- we wrote automation to update all the paths for this one)
  Regards,
  John A. Booth
  http://www.metavero.com

• OBIA 7.9.6.4 security for new user

  Hi,
  I have setup OBIA 7.9.6.4 environement on Linux platform and configured 4 modules financials, Supply chain & Order management, Procurements & Spend and Project.
  Then I have created a new user in weblogic LDAP server and assigned to BIConsumers Group, but none of the report are displaying results. so that I can share this user log in details with other user so that they can only open report and should not be able to make any changes to them.
  Please advice if anything additional required to done apart steps.
  Thanks
  Lalchand

  Hi,
  BI Platform Consumer was already included in both place access to Dashboards and Answers, I have also included the BI Platform Author Role, but still no luck. I am getting below mentioned error
  Error Codes: YQCO4T56:OPR4ONWY:U9IM8TAC:OI2DL65P
  Odbc driver returned an error (SQLExecDirectW).
  State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error has occurred. [nQSError: 43113] Message returned from OBIS. [nQSError: 27005] Unresolved column: "Fact - Inventory Transactions"."Actual Issue Quantity".Please have your System Administrator look at the log for more details on this error. (HY000)
  SQL Issued: {call NQSGetLevelDrillability('SELECT Product."Product Type Description" saw_0, "Movement Type"."Movement Type Description" saw_1, "Fact - Inventory Transactions"."Actual Issue Quantity" saw_2, "Fact - Inventory Transactions"."Actual Receipt Quantity" saw_3 FROM "Inventory - Transactions" WHERE ((TOPN("Fact - Inventory Transactions"."Actual Issue Quantity",5) <= 5) OR (TOPN("Fact - Inventory Transactions"."Actual Receipt Quantity",5) <= 5)) AND ("Time"."Year" = ''2013'')')}
  Thanks
  Lalchand

• ADF security for dynamic users.

  Hi,
  Am using jdeveloper 11.1.1.6.0.
  In my project i need to use Dynamic users in ADF security.
  UseCase:
  My project is similar to shopping Website. In that i will be having Sign up link which is used to register the users and the users will get the system generated password.
  Is this possible to implement ADF Security here.
  Please give me your valuable suggestions.
  Regards,
  Prasad K T,

  Take a look at the fusion order demo out fod in short.It's available from the jdev home page. Make sure you load the sample for your version
  Timo

• VPN Concentrator & Radius for Administration users

  Is there a way to utilise a Radius servers instead of TACAS+ to administer the admin accounts at a VPN 3005 Concentrator?

  As per Cisco documentation here;
  http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/4_1/admonbk/access.htm#1507954
  It can be done only using the TACACS+ server. I do not see any option to configure RADIUS server here.

• IE 11 Enhanced Security improperly enabled for one user in domain

  I'm running a small network with two domain controllers which use Server 2008 R2 Standard. The clients all run Windows 7 with the latest updates. Today one user suddenly started having their browser always start in Enhanced Security mode on the Windows
  7 clients! This happens for any client in the domain, but it does not happen when then user logs into the terminal server for the domain. I use roaming profiles and redirected folders. I have separate profiles for the Terminal server from those used for the
  local computers. I have restored the user's profile to last week when the problem was not happening, but it did not help. It does not happen for any other user in the network, even if the user logs in on the same computer. So there is something in the user's
  environment that is causing the problem. I have reset IE 11 to default and it still comes up in with Enhanced Security for that user on the Windows 7 clients. I've searched the internet for this problem without success.

  So I figured this out. I think that it is a mis-feature in Server 2008. The particular user is a member of the Backup Operators security group on the domain. Recently they did a backup on the server and then this problem started.
  It appears that even though they are not a server administrator or a domain administrator, the Enhance Security settings got put into their roaming profile and when they logged into their workstation, the settings got applied to IE on their workstation.
  If I turned of Enhance Security on the server for only users, the problem still happened for this user, even though they are only a Backup Operator, not an administrator. If I turned off Enhanced security on the server for administrators, logged in and out
  of the server as this user, then the problem went away.
  So it seems that Backup Operators are viewed as "administrators" by Enhanced Security and if you use roaming profiles for such users, Enhanced Security will be enabled for such users on their workstations. Yuck.
  Easiest solution is probably to have a separate user account for the backup role on the server.

• How do creative cloud apps get installed without asking for administrator?

  The title says it all but I'll reiterate. How do CC apps downloaded with the Creative Cloud desktop app get installed without asking for administrator user/password? Its the sam on both Mac and Windows and I don't understand how its doing it. This seems like a security hole to me.

  JscottCMD are you installing the Adobe Creative applications with a Creative Cloud Individual subscription?  If so please see Install and update apps - https://helpx.adobe.com/creative-cloud/help/install-apps.html for information on how to install the applications and updates included with your membership.

• Setting Crystalviewer for all users in CMC

  I am trying to setup Crystal Reports server 2008 VI for my organization. One of the requirement is to disable the Preferences in inoview and set the crystal report viewer to the Web ActiveX control for all users. I was able to disable the preference parameter in CMC -> Allications -> InfoView, but could not find away to set the default viewer for all InfoView users to the activeX control? Is this doable? If so I would like to know how.
  Any help is greatly appreciated.

  Enable preferences and go to Infoview, click oh Preferences and change the view format to ActiveX and save it. Do this for Administrator users.
  There is download available, using that you can make the same change for all users, check the below link.
  Re: Setting the same "InfoView Start Page" to all users in one group
  With that you can change the settings for all users as Administrator, once done remove the access to Preferences.
  Thanks,
  Hari

• Load the SecFile for LDAP user

  Hi,
  I am trying to load the SecFile into my application to insert security for new LDAP users, but these users not are loaded.
  I has read about this issue with Native users (I know that the user does not exist in the planning tables.). How I do for to load security for this users without they have login into planning before
  - Planning 9
  - Win 2003;
  Thanks...

  Hi EW, thanks for your answer.
  I agree with you about this and I understand.
  These users are in the system, are provisioned to Planning group and I see these users when I will assign access in Dimension Tab.
  The question is, When a provision theses users by ImportSecurity.cmd (Secfile.txt), I have the following error:
  +[22/09/2010 19:12:27]: Got the user Name as:<user_name>+
  Wed Sep 22 19:12:27 BRT 2010 :: Error : Import Security Failed - null
  java.lang.NullPointerException
  at com.hyperion.planning.HspImportSecurityCmd.parseSecFile(Unknown Source)+
  at com.hyperion.planning.HspImportSecurityCmd.importSecurity(Unknown Source)+
  at com.hyperion.planning.HspImportSecurityCmd.main(Unknown Source)+
  I tested with one native user, and I had the same error. I accessed the Planning Planning with this native user. I tried provision by script again and I got.
  I hope that I've explained better. :)
  Thanks

• Mount SMB share accessible by all users

  Hello,
  I aim to have a smb share accessible to all users.
  I've tried to mount with mount_smbfs ou autofs, but each time the mount is only accessible to one user and no right to group or others.
  This is what i've do with autofs :
  in /etc/auto_master
  /Volumes/Resources
  auto_resources
  in /etc/auto_resources
  MyShare
  -fstype=smbfs
  ://login:password@hostname/share
  Then i enable the share with
  sudo automount -vcu
  When i try to acces the folder, it succeed but all the rights on all files in the share and the main folder it self become rwx------
  The same occure with mount_smbfs.
  How can i "force" the permissions of the shared folder to fit my need ?
  Thanks

  It sounds like you are talking about multiple users on a single computer being able to use the same mounted share at the same time.
  As you have seen this does not work. Either each will get their own individual mounted copy, e.g. "/Volumes/Resources", "/Volumes/Resources 1", /Volumes/Resources 2" etc., or the others execept for the first user will be blocked. This limitation applies to both AFP and SMB.
  However if you use NFS and do this before anyone logs in then it will be accessible for all users on that Mac at the same time.
  NFS is still available in Mountain Lion.

• 2012 R2 RBA: Remove / Delete buttons greyed out Administrative users account (sec role/scope) clean up

  I am seeing something odd with one of my RBA settings.  Keep in mind I am seeing this as a 'Full Administrator'.
  I created a new test Security scope, Security Role, created a test Active Directory group and then entered that AD group as a new account name under Security>Administrative users.  I added the new Security Role under the Security Roles tab of the
  Account name (Administrative users) properties and also added the security scope that I created under the Security Scopes tab.  I was able to see all the settings I had created/exported in the RBA viewer and everything with the role worked as desired.
  I am now looking to clean that up but I don't seem to be able to.  I am starting under Administrative Users>Account name and trying to unlink the Security Roles and Security Scopes that listed in those tabs.  However, remove and deletes on this
  stuff are all greyed out.  If I add another role to the Security Role tab I can then remove that, but I cannot remove this 1 particular one.  The result is that I cannot remove the custom Security Scope, Security Role and ultimately the Administrative
  user.
  Does anyone have any idea why I can't remove the security roles and scopes from the Account Name?

  I am now looking to clean that up but I don't seem to be able to.  I am starting under Administrative Users>Account name and trying to unlink the Security Roles and Security Scopes that listed in those
  tabs.  However, remove and deletes on this stuff are all greyed out.  If I add another role to the Security Role tab I can then remove that, but I cannot remove this 1 particular one.  The result is that I cannot remove the custom Security Scope,
  Security Role and ultimately the Administrative user.
  Does anyone have any idea why I can't remove the security roles and scopes from the Account Name?
  I'm able to "delete" one admin user or group (account name) from Administrative users node (\Administration\Overview\Security\Accounts). I tried with custom security role/scope etc....even the same user was part of \Administration\Overview\Security\Accounts.
  It seems something wrong with your FULL admin account ? Do you've any other FULL Admin account? If so, can you try with that account?
  Anoop C Nair (My Blog www.AnoopCNair.com)
  - Twitter @anoopmannur -
  FaceBook Forum For SCCM