Setting Up a Domain User's Desktop in a Joined Workstation

Similar Messages

• Allow Domain Users to Change Their Time On Workstation

  Is there a way to allow authenticated users on the domain to change their time on their workstations?  Ive added Domain Users, Domain Computers and Users to the Computer Configuration/Policies/Windows Settings/Security Settings/Local Policies/User Rights
  Assignment in the Default Domain Policy but nothing seems to change.  Ive forced the GP update as well.
  Any help would be appreciated.

  Hi Scottdog129,
  Based on my understanding, you have configured a GPO which allow that authenticated users  can change system time. However, this GPO does
  not apply successfully. Right?
  In addition to jkrato's suggestion, please follow the steps below to check if the GPO is applied to the clients. It is useful for us to narrow down the cause:
  Click
  Start, type rsop.msc in the search box to access
  Resultant set of policy.
  Check if the GPO is applied to these clients and the setting of the GPO is correct.
  In addition, if the GPO has applied to these clients, please check if there are some other GPOs have conflicts with this GPO in these clients.
  For your information ,please refer to the article Change the system time to get more help:
  http://technet.microsoft.com/en-us/library/dn221970.aspx
  Regards,
  Lany Zhang

• Problem of long loading and processing file in outlook 2010 of domain user

  Dear all,
  I have a problem on long loading and processing file when every open outlook 2010
  This problem occur when I join my computer to domain (window server 2008 r2) and set outlook of domain user to use shared .pst file, owner by administrator of that computer. Every time when log in to domain user and I open the outlook, it will take very
  long time to loading and processing the file, moreover it always ask password of the email I have set. However, when I finish input password and it is finish send/receive the email, the program work normally.
  I also try with another user account which is the administrator of that computer, the program run very fast and work normally.
  I am not sure the problem is caused from, or is it the wrong way to share .pst file with another user? Any suggestions please give to me.
  Thanks in advance.

  Hello,
  You should ask in one of the following forums, depending on your version of Microsoft Exchange:
  Exchange Server 2013 - Outlook, OWA, POP, and IMAP Clients
  Exchange Previous Versions - Outlook, OWA, POP, and IMAP Clients
  Karl
  When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer.
  My Blog: Unlock PowerShell
  My Book: Windows PowerShell 2.0 Bible
  My E-mail: -join ('6F6C646B61726C40686F746D61696C2E636F6D'-split'(?<=\G.{2})'|%{if($_){[char][int]"0x$_"}})

• Domain Users access to Remote Desktop Apps fails

  Can somebody bring a light to this issue?
  Our domain users are getting NO apps from the collection, when  they should get at least the Full MS Office 2013 Pro apps suite that was published to the collection without any user restrictions...
  Are they supposed to be member of the RDP Group or what else we missed during the settings?
  Also, when trying to access from IE using the link https:// [FQDN] /rdweb/feed/webfeed.aspx (FQDN omitted for security reasons) they get a prompt to download the file "WebFeedlogin.aspx" as son as they successfully authenticate with their
  credentials...
  FYI: All users member of Domain Admin group are working just fine...
  Thank you in advance for your time and effort to solve this! ;)

  Hi Marcio,
  Thank you for posting in Windows Server Forum.
  After going through your comment, I would say that to access RemoteApp by user they must be member of Remote Desktop User local group also. Apart you can go through below article for configuration related setting.
  - Introducing RemoteApp User Assignment
  - Step by Step Windows 2012 R2 Remote Desktop Services – Part 4
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Changing domain users desktop wallpaper periodically

  Hi 
  I know we can set a wallpaper for users from gpedit> Administrative Templates> Desktop. 
  but is there any way to do this automatically each day or week ?
  Tanx

  > but is there any way to do this automatically each day or week ?
  http://evilgpo.blogspot.de/2012/03/how-to-save-my-screen.html
  You can use the same technique for the wallpaper, and in GPP, you have
  a) variables for the wallpaper file name and path
  b) Item Level Targeting, even for date/time
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• How to alow non-default domain users to set share folders.

  From Messanger Express, users who are in non-default domains cannot set any share folders, and only get an error message "You do not have permission for setting permission". However, Users in default domain can do it without any problem in same server[iMs5.2].
  Is there any specific permission to allow non-default domain users to do it ?
  If yes, how to give this permission to these users ?
  Thanks & regards,
  Takuto

  In deed it is fix in the GA.Another way to set the alias table is to do it in the Admin client. If you add a connexion to a user there is a new 6.5 button "set alias" that allow you to set the default alias table for this specific user. But, it does not exit on a user group level.

• Enable Inheritance Security Setting wont stay applied on Domain User Accounts

  The Weirdest thing is happening on a 2012 R2 DC, in order to fix the ActiveSync error event ID 1053 on exchange
  2010, the fix is to Enable inheritance on the Advanced Security settings of the domain users that will be using ActiveSync...Ok...but here is the weird thing...I set the Enable inheritance on the users and apply them, then when I check back after however
  long...the setting has now reverted back to disabled inheritance? this is happening on all user accounts?
  This screen shot is from this morning...Last night I changed this setting and enabled inheritance...this morning it reverted back to disabled inheritance?

  Hi John,
  Are you sure it's for quite literally all users, or all users in protected groups like the Domain Admins, Enterprise Admins and so on?
  My guess - and it's only that at this stage, is that you're seeing this affecting protected groups and their members, in which case this is an expected behaviour based on how the AdminSDHolder functionality works.
  You can read more about AdminSDHolder mechanics
  here and
  here.
  Cheers,
  Lain

• SDK service using domain user trying to set SPN for computer account

  I have a SDK service running under a domain user account, but it tries to register the SPN for the computer account of the machine?!
  Therefore I get the following alert: 
  The System Center Data Access service failed to register an SPN. A domain admin needs to add MSOMSdkSvc/WIN-9IAJC0HS9RJ and MSOMSdkSvc/WIN-9IAJC0HS9RJ.domainxx.local to the servicePrincipalName of CN=WIN-9IAJC0HS9RJ,CN=Computers,DC=domainxx,DC=local
  Which makes sense because it has not the permissions to do that.
  When I make the domain user account member of domain admins it has the concerning permissions and it indeed registers that SPN to the computer account. But why?? The SPN should be registered to the domain user account instead (and therefore I had given the
  domain user account the read/write permissions to itself to do that).
  I have the following SPN registered now for the computer and domain user account:
  setspn -l WIN-9IAJC0HS9RJ
  Registered ServicePrincipalNames for CN=WIN-9IAJC0HS9RJ,CN=Computers,DC=domainxx
  DC=local:
          MSOMSdkSvc/WIN-9IAJC0HS9RJ
          MSOMSdkSvc/WIN-9IAJC0HS9RJ.domainxx.local
          MSOMHSvc/WIN-9IAJC0HS9RJ
          MSOMHSvc/WIN-9IAJC0HS9RJ.domainxx.local
          TERMSRV/WIN-9IAJC0HS9RJ
          TERMSRV/WIN-9IAJC0HS9RJ.domainxx.local
          WSMAN/WIN-9IAJC0HS9RJ
          WSMAN/WIN-9IAJC0HS9RJ.domainxx.local
          RestrictedKrbHost/WIN-9IAJC0HS9RJ
          HOST/WIN-9IAJC0HS9RJ
          RestrictedKrbHost/WIN-9IAJC0HS9RJ.domainxx.local
          HOST/WIN-9IAJC0HS9RJ.domainxx.local
  setspn -l domainxx\omdas
  Registered ServicePrincipalNames for CN=OMDAS,CN=Users,DC=domainxx,DC=local:
  none for this account
  I don't get it. Anyone?
  I am using SCOM 2012 R2
  Pls help.
  Thanx in advance.
  Regards
  Chris

  SCOM SDK service really tries to set its SPN to the computer account (although the SDK service is running using a domain user account). The alert is no bug!
  I know this for sure because I gave the SDK service permission to do it - by making the domain user account member of the domain admins security group - and it indeed sets the SPN on the computer account.
  The latter is the actual bug I would say! It should try to set the SPN for the domain user account the sdk service is running with.
  Then again, nog having the SPN been set correctly to this domain user account, does not seem to bother SCOM at all indeed. Perhaps it uses NTLM instead in this scenario.
  Can anyone comfirm?

• Adding a domain user to the admin role within the local user management breaks all metro apps for all users!!

  Hi,
  I have posted this in another large thread under the "Windows 8 General" group but have not had any appropriate feedback from MS.
  After hours of testing and working with other users I have managed to isolate a simple situation that breaks all metro ui applications within Windows 8 for all users on the machine. Here are my exact steps and notes.
  Before continuing if you are running Avast then your solution may be to turn of the behaviour shield functionality as this also breaks metro apps. This is NOT the problem we are having!
  I have performed 3 cleans installs after isolating the problem and am able to reproduce the issue every time using the same steps on two different machines. 
  First thing to say is that for us it has nothing to do with simply joining the domain, domain/group policies nor does it appear to have anything to do with the software we installed, the problem here is much more simple but the result is pretty terrible.
  Here are my exact steps of what I did to reproduce our problem:
  Complete format of HDD in preperation for a clean install
  Clean install performed
  Set up the machine initially with a local account
  Test metro apps - all working fine
  Open control panel from the desktop, click on System, change the system to join the domain, click reboot
  Log into the system using my domain account
  Test metro apps - all working fine
  Here's were the problem starts. I need my domain account to have admin rights on the local machine so I can install programs without the IT men having to come over and enter their password every 5 mins.
  I go to control panel via the desktop and click on User Accounts. From with here I then click on "Manage User Accounts". This requires the IT guys to enter their details to give me access to such functionality. This is fine
  In the dialog box that opens I can only see the local user that was initially created during setup. The "Group" for this local account shows as "Administrators" - Image included below (important to note that metro apps are working at this point)
  I click add and then add my domain account - also giving it administrator access
  Sign off or reboot to ensure the new security is applied
  Sign back in to the domain account
  Test metro - ALL BROKEN
  Sign out
  Sign in as local account
  Test Metro - NOW ALL BROKEN FOR THIS USER ALSO
  So as soon as I add my domain account to the local user accounts and set it as admin it breaks all metro apps for all users. This is on a totally clean install with nothing at all installed other than the OS.
  Annoyingly if I go back and change the domain account to a standard user or if I totally remove the domain account from the local account management system the problem does not go away for either user. basically it is now permanently broken. The only fix I
  could fathom was a full re install and not giving the domain user admin access to the local  machine.
  Screen one - this is the local user accounts window AFTER joining the domain and logging in with my domain account (All metro apps working at this point)
  Screen 2: User accounts AFTER joining the domain and AFTER adding domain account to local user management (METRO BROKEN)
  I have isolated my machine from all group policies so nothing like that is affecting me. Users I have spoken to in different companies have policies that automatically add users to the local user management. This means that metro apps break as
  soon as they join the domain which leads them to wrongly think it is group policies causing the error. Once they isolate themselves from this they can reproduce following my steps.
  Thanks

  Hi Juke,
  Thank you for the response and apologies for the delay in getting back to you. My machine was running a long task so I couldn't try your suggested solution.
  I had already tried running the registry merge suggested at the top of the thread to no avail. I had not tried deleting the OLE key totally so I did that and the problem still exists. I will post all the errors I see in event viewer below. For
  your info, since posting my initial comment I have sent out my steps to 7 different people and we can all reproduce the problem. This comes to 10 different machines (3 of them mine then the other guys) in 3 different businesses / domains. We see the same errors
  in event viewer.
  Under "Windows Logs" --> "Application" : I get two separate error events the first reads "Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: The app didn't start. See the Microsoft-Windows-TWinUI/Operational log for additional
  information." The second arrives in the log about 15 seconds after the first and reads "App winstore_cw5n1h2txyewy!Windows.Store did not launch within its allotted time."
  Under "Windows Logs" --> "System" : I get one error that reads "The server Windows.Store did not register with DCOM within the required timeout."
  Under "Applications And Services Logs" --> "Microsoft" -->  "Windows" --> "Apps" --> "Microsoft-Windows-TWinUI/Operational" : I get one error that reads "Activation of the app winstore_cw5n1h2txyewy!Windows.Store for the
  Windows.Launch contract failed with error: The app didn't start."
  If you require any further information just let me know and I will provide as much as I can.
  Thanks

• GP on Domain User to Restrict other PC Access

  Hi Team,
  Thanks for reading, I have the following scenerio - 
  Being the administrator of Domain i have to restrict other domain user to access other PC.
  Domain User should not able to access the other PC's WITHIN the domain.
  Awaiting for your response..
  OS - Windows Server 2008 R2.
  Client pc using OS- Windows 7
  Thanks,
  Regards, Ravi Kumar

  Hi,
  you can set the User Attribute "userWorkstations"
  Source of Picture: http://www.selfadsi.de/user-attributes-w2k8.htm
  So yo can restrict where the users can logon.
  Is this what you searched for?
  Regards
  Eric
  Eric Berg -- http://www.ericberg.de -- MCSE: Private Cloud MCSE: Server Infrastructure MCSE: Desktop Infrastructure

• Software always installs to Domain Admin account on connected PC-cant install to Domain User account

  I have completed the following steps:
  Set up Windows Server 2012 R2 Essentials successfully
  Successfully connected a Windows 8.1 Pro PC to the network by running the Essentials Connector software
  The PC has the following users: Original local account created when I installed Windows 8, Domain Admin account created when I ran the Essentials Connector account, Domain User created after PC was connected to the network.
  Everything seems to be working fine. I have installed MS Office 365 Pro, Skype, various other applications while logged in as the Domain User. Every one of these installs triggered a UAC prompt, which was expected, and after entering the Domain Admin
  credentials the install proceeded successfully. After install, the software was available to the Domain User, shortcuts appeared in the Start Menu or Desktop, appropriate directories were created in the Documents folder.
  All except for 3 applications - upon being prompted for permission to install, I enter the Domain Admin credentials, installation proceeds, but the software is installed to the Domain Admin account-not the Domain User account. Shortcuts appear on the Domain
  Admin desktop-Not the Domain User account, etc. I've tried:
  Downloading a new copy of the software to the Domain User desktop & running it from there
  Right-click file, Install as Admin
  click file, Install as a different user
  Right clicking file, Properties>Compatibility & changing compatibility settings
  Right clicking file, Properties>Compatibility>Run as Administrator
  None of these options have changed the result, the software is still installed to the Domian Admin account as opposed to the Domain User account. Any idea why these 3 software wont install correctly but everything else has? Any suggestions as to how to install
  the software to the profile that doesn't involve making the Domain User an Administrator? Thanks for any help!

  Hi voltron5,
  Many programs may provide options: "install for everyone" or "just for current user", when you install them.
  Please check if there are such options during the installation process.
  If those three programs are all third-party applications. I suggest you should contact with the corresponding
  support and confirm this.
  If those three programs are Microsoft applications, would you please let me know specific information of those
  three applications? Such as their names and so on. Meanwhile, when complete the installation, please check the software path was added in administrator environment variables or system environment variables.
  Hope this helps.
  Best regards,
  Justin Gu

• System DSN not visible to 'domain users', why??

  We have a Windows Server 2012 R2 Remote Desktop Services RDS farm.
  I set up a 32-bit *system* DSN properly with the 32-bit ODBC app for Crystal Reports 2011, a 32-bit app.
  When a domain user opens CR the newly created DSN does not appear in CR, though it appears for an admin user.
  Why is the system DSN not visible to the domain users per se??
  I checked the proper registry item and gave 'Domain Users' read permission to it, still no work.
  Certain users need to see the DSN so they can configure the report to talk to the proper server, database, etc.
  System DSNs are supposed to be visible/usable to all users.
  What should I do??
  Thank you, Tom

  FWIW some other DSNs are visible to CR2011 but nothing we can use, they were somehow automagically created during installation of other software stuff.
  I've tried every way I can think of to install the DSNs (different providers, different accounts) but I still can not get the desired DSN visible to my domain user login after opening a Crystal Reports 2011 report and clicking 'change database location'...
  I thought about and tried using a DSN-less connection string but that did not go very far...it would be usable, people could type in ID and password if they must, but I could not get it to even let that happen...I also did not quite know what the string
  should be, the database itself is SQL Server 2012 (11.0), I don't know the exact version OTOH.
  The Remote Desktop Services Hosts are all Windows 2012 R2...could that be the cause of the problem?? Every other server I've put system DSNs was 2003 or 2008...
  Thank you, Tom

• In trying to transfer iWeb pages (not uploaded) to another computer I went into the library and transferred the domain onto the desktop. Disaster! On opening iWeb all previous (uploaded) sites have disappeared. Help!

  In trying to transfer iWeb pages (not uploaded) to another computer I went into the Library and transferred the domain onto the desktop. Disaster! On opening iWeb all previous (uploaded) sites have disappeared. On opening the domain all I can recover is the many component parts, and when unzipped the code. Help! Mike

  Code in a domain file - really?  That is not possible because the domain.sites file does not contain any html or css code at all - the domain file is your iWeb data file and you won't see any code until you publish your website.
  If you can see html code, then you have the wrong file and it is a published version of your site which iWeb can do nothing with - iWeb has no import facility so cannot open any html files.
  Go back and ensure that you have the correct domain.sites files that can be found under your User Library/Application Support/iWeb/domain.sites and if you have Mavericks then you need to go to Go and press the alt key to reveal your hidden User Library, so that you can then get to Application Support and then iWeb and then your domain.sites file.
  You will also need to go and download either DomainCracker or iWebSwitch which allows you to open individual domain files under Mavericks, because from Lion onwards, you cannot open individual domain files.
  Also, it says that you are still using iWeb 08?  If this is so, you'll either need to upgrade to iWeb 09 by going to Amazon and purchasing the iLife 09 or 11 boxed set, both of which contain iWeb 09 or you need to switch to newer software that is actively being supported and developed such as EverWeb (http://www.everwebapp.com).

• Why domain users account allowed to logon to servers directly?

  I'm using Windows Server 2008 R2 with ADDS.
  By default, normal user account (domain users) should not be allowed to logon to Server directly, I mean the physical server or via RDP. They should get the message:
  "You cannot log on because the logon method you are using is not allowed on this computer"
  I had checked the GPO, under the Computer Configuration -> Windows Setting -> Local Security Policy -> Local Policy -> User Rights Assignment -> Allow Log on Locally, here only contains:
  Administrators, Account Operators, Backup Operators, Server Operators, Print Operators
  And, nothing set on the Deny Logon Locally.
  But, tested that, those accounts with just Domain User Group are able to logon to Server!?
  How or where should I check, to not allow normal user account to logon to server directly?
  Thank you.

  Hi,
  >>By default, normal user account (domain users) should not be allowed to logon to Server directly, I mean the physical server or via RDP.
  By default, standard domain user accounts can log onto workstations and member servers, and they can’t log onto domain controllers unless we allow them to do so via group
  policy.
  By default, standard domain user accounts can’t remote desktop onto other computers unless they have been added to Remote Desktop User groups of the computers.
  Regarding allowing log on locally, the following article can be referred to for more information.
  Allow log on locally
  http://technet.microsoft.com/en-us/library/cc756809(v=ws.10).aspx
  Regarding remote desktop user groups, the following article can be referred to for more information.
  Configure the Remote Desktop Users Group
  http://technet.microsoft.com/en-in/library/cc743161.aspx
  >>How or where should I check, to not allow normal user account to logon to server directly?
  We can utilize group policy setting
  Deny logon locally to prevent users from locally logging onto the targeted computers.
  Regarding this setting, the following article can be referred to for more information.
  Deny logon locally
  http://technet.microsoft.com/en-us/library/cc957048.aspx
  TechNet Subscriber Support
  If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.
  Best regards,
  Frank Shen

• Unable to browse internet on a domain user's computer through ASA 5503 Firewall

  Dear All,
  I am trying to configure my new firewall for the last one month but still unable to fix it. I have a domain in windows 2012 standard edition and the firewall with unlimited license. Here is the output of show startup-config. Please note that prpgb.org is my local domain.
  prpgbasa# show startup-config
  : Saved
  : Written by enable_15 at 02:50:45.169 PKT Thu Nov 20 2014
  ASA Version 8.2(5)
  hostname prpgbasa
  domain-name prpgb.org
  enable password AExqpLntfuzsVQrq encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  interface Ethernet0/0
   switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
   nameif inside
   security-level 100
   ip address 10.0.0.1 255.0.0.0
  interface Vlan2
   nameif outside
   security-level 0
   ip address 202.142.XXX.YY 255.255.255.252
  ftp mode passive
  clock timezone PKT 5
  dns server-group DefaultDNS
   domain-name prpgb.org
  pager lines 24
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 1 0.0.0.0 0.0.0.0
  route outside 0.0.0.0 0.0.0.0 202.142.XXX.YZ 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  http server enable
  http 10.0.0.0 255.0.0.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  telnet 10.0.0.0 255.0.0.0 inside
  telnet timeout 5
  ssh 10.0.0.0 255.0.0.0 inside
  ssh timeout 5
  console timeout 0
  dhcpd dns 10.0.0.2 255.0.0.0
  dhcpd dns 208.67.222.222 208.67.220.220 interface inside
  dhcpd lease 86400 interface inside
  dhcpd domain prpgb.org interface inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  class-map inspection_default
   match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
   parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
   class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect ip-options
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  Cryptochecksum:23c0af4b2ddf9e925f83ce13909ab900
  prpgbasa#
  You all are requested to have a look into the problem and suggest me the modifications.
  Thanks

  Dear All,
  I have solved the issue. I have done the following in-order to browse internet on domain user computers. Here are the steps
  1. I have disabled my internal DHCP server in the domain.
  2. Then I have configured the ASA DHCP server in the default IP address scheme i.e. 192.168.1.100-200
  3. I have Connected my ASA to a switch first then from there I connected a cable to my Domain's Server WAN interface. The LAN (192.168.1.2)interface of the Domain server is also plugged into the same switch. 
  4. I am using my Domain Server's DNS for name resolution and forward queries which are not served by my domain to open dns server.
  It works perfectly so far but before applying or setting up the entire netowrk i want your help to look into the configuration file for corrections if i am making any mistakes. Thanks again for your help and here is the output of show confing.
  prpgbasa# show startup
  : Saved
  : Written by Ghaffar at 02:11:24.319 PKT Mon Dec 8 2014
  ASA Version 8.2(5)
  hostname prpgbasa
  domain-name prpgb.org
  enable password AExqpLntfuzsVQrq encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  interface Ethernet0/0
   switchport access vlan 2
  interface Ethernet0/1
  interface Ethernet0/2
  interface Ethernet0/3
  interface Ethernet0/4
  interface Ethernet0/5
  interface Ethernet0/6
  interface Ethernet0/7
  interface Vlan1
   nameif inside
   security-level 100
   ddns update hostname PRPGB.ORG
   dhcp client update dns server both
   ip address 192.168.1.1 255.255.255.0
  interface Vlan2
   nameif outside
   security-level 0
   ip address 202.142.XXX.YY 255.255.255.252
  ftp mode passive
  clock timezone PKT 5
  dns domain-lookup inside
  dns server-group DefaultDNS
   name-server 192.168.1.2
   domain-name prpgb.org
  object-group network obj_any
  pager lines 24
  logging enable
  logging asdm informational
  mtu inside 1500
  mtu outside 1500
  no failover
  icmp unreachable rate-limit 1 burst-size 1
  no asdm history enable
  arp timeout 14400
  global (outside) 1 interface
  nat (inside) 1 0.0.0.0 0.0.0.0
  route outside 0.0.0.0 0.0.0.0 202.142.XXX.YY 1
  timeout xlate 3:00:00
  timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
  timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
  timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
  timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  timeout tcp-proxy-reassembly 0:01:00
  timeout floating-conn 0:00:00
  dynamic-access-policy-record DfltAccessPolicy
  aaa authentication ssh console LOCAL
  aaa authentication http console LOCAL
  aaa authentication serial console LOCAL
  aaa authentication enable console LOCAL
  http server enable
  http 192.168.1.0 255.255.255.0 inside
  no snmp-server location
  no snmp-server contact
  snmp-server enable traps snmp authentication linkup linkdown coldstart
  crypto ipsec security-association lifetime seconds 28800
  crypto ipsec security-association lifetime kilobytes 4608000
  telnet 192.168.1.0 255.255.255.0 inside
  telnet timeout 5
  ssh 192.168.1.0 255.255.255.0 inside
  ssh timeout 5
  console timeout 0
  dhcpd address 192.168.1.100-192.168.1.200 inside
  dhcpd dns 192.168.1.2 interface inside
  dhcpd lease 86400 interface inside
  dhcpd domain prpgb.org interface inside
  dhcpd update dns both interface inside
  dhcpd enable inside
  threat-detection basic-threat
  threat-detection statistics access-list
  no threat-detection statistics tcp-intercept
  webvpn
  username ABC password FL01QCj0LaLWTID0 encrypted privilege 15
  class-map inspection_default
   match default-inspection-traffic
  policy-map type inspect dns preset_dns_map
   parameters
    message-length maximum client auto
    message-length maximum 512
  policy-map global_policy
   class inspection_default
    inspect dns preset_dns_map
    inspect ftp
    inspect h323 h225
    inspect h323 ras
    inspect rsh
    inspect rtsp
    inspect esmtp
    inspect sqlnet
    inspect skinny
    inspect sunrpc
    inspect xdmcp
    inspect sip
    inspect netbios
    inspect tftp
    inspect ip-options
    inspect icmp
  service-policy global_policy global
  prompt hostname context
  no call-home reporting anonymous
  Cryptochecksum:7c4930a079158c0cb10a42813d3690cd
  prpgbasa#
  Please suggest me if there are any recomendations.
  Thanks in advance.
  Ghaffar