Sourcefire access control policy and intrusion policy

Similar Messages

• Windows server 2008 can't access control panel and can't choose "properties" under "my computer"

  Hello everyone!
  Today after a schedule restart on the night I thought everything was normal with my server. But When i go to "start -> control panel" it show me "empty". And if I try to lunch "change/remove software" via search window in
  "start" then nothing happen. 
  I know also that I can't right click on "computer" and choose "properties" in the start-menu. 
  Also another problem. I did install Fbackup to make schedule file backups on the night. The software worked well to launch when I had installed it, but after the night, this morning it just crash on launch.
  I can also tell that I did add from 4 CPU core to 6 CPU cores.

  Hi,
  Have you tried to see if the issue persists when you boot into Safe Mode? Since you it shows blank when accessing Control Panel, please check if the policy setting below has been
  configured.
  Please choose Start – Run - type (gpedit.msc) - click on (Administrative Templates) - (control Panel) -
  Prohibit access to Control Panel and Show only specified Control Panel applets. If they were configured, please disable them to see if it could resolve the issue.
  In addition, the issue may also be caused by the virus, please run a system scan to see if there is any virus. At this time, you can also launch Control Panel apps from the command
  line, and here's a list of .cpl files for your reference that you can print out:
  Accessibility Options
  access.cpl
  Add/Remove Programs
  appwiz.cpl
  Add Hardware Wizard
  hdwwiz.cpl
  Automatic Updates
  wuaucpl.cpl
  Bluetooth Properties
  bthprops.cpl
  Display Properties
  desk.cpl
  Firewall Properties
  firewall.cpl
  Game Controllers
  joy.cpl
  Internet Options
  inetcpl.cpl
  iSCSI Initiator
  iscsicpl.cpl
  Java Control Panel
  jpicpl32.cpl
  Licensing Mode
  liccpa.cpl
  Mouse Properties
  main.cpl
  Network Connections
  ncpa.cpl
  Network Setup Wizard
  netsetup.cpl
  ODBC Properties
  odbccp32.cpl
  Power Options
  powercfg.cpl
  Regional and Language Options
  intl.cpl
  Sound and Audio Devices
  mmsys.cpl
  Stored Passwords
  keymgr.cpl
  System Properties
  sysdm.cpl
  Telephone and Modem Properties
  telephon.cpl
  Time and Date Settings
  timedate.cpl
  User Accounts
  nusrmgr.cpl
  Windows Security Center
  wscui.cpl
  Wireless Link
  irprops.cpl
  Hope this helps.
  Regards,
  Andy Qi
  Andy Qi
  TechNet Community Support

• GRC Access Control licensing and Sizing

  Dear All,
  I am putting up a proposal for GRC Access Control. Could someone please help me with the calculation of licensing cost and the hardware requirements?
  1. Is the license cost totally driven by revenue ?
  2. Is there a flat base price plus number of user accounts?
  3. What sort of hardware config is required?
  Thanks,
  Aj

  Please ask your SAP account contact for pricing information.
  Frank.

• Access controll Logs and DNS entries

  Hello there,
  We have upgraded from Border Manager 3.5 to Border Manager 3.8 SP4 on
  new hardware. Everything runs fine except a little niggle. When we
  view the Access Control logs now all we see is IP addresses there are
  no host names. In real time monitoring we can click on DNS Host Name
  and get some of the names but most come back Unknown. Under the logs
  themselves the DNS host Name option is grayed out. Have I messed up
  the configuration in some manner?
  Dan

  Thanks Craig, We are indeed runing the transparent proxy. Is this a
  change between 3.5 and 3.8? When we ran the transparent Proxy under
  3.5 we were able to see the URL's.
  On Tue, 17 Jul 2007 21:36:53 GMT, Craig Johnson
  <[email protected]> wrote:
  >In article <[email protected]>, Dan Larson
  >wrote:
  >> When we
  >> view the Access Control logs now all we see is IP addresses there are
  >> no host names. In real time monitoring we can click on DNS Host Name
  >> and get some of the names but most come back Unknown. Under the logs
  >> themselves the DNS host Name option is grayed out. Have I messed up
  >> the configuration in some manner?
  >>
  >If you have transparent proxy working, you will get IP addresses of
  >hosts instead of URL's.
  >
  >If you are not using proxy authentication, you will get IP addresses of
  >user PC's instead of user names.
  >
  >Craig Johnson
  >Novell Support Connection SysOp
  >*** For a current patch list, tips, handy files and books on
  >BorderManager, go to http://www.craigjconsulting.com ***
  >

• Timed Access controlling Main and Guest Network

  I have a Time Capusle 4G running software v7.5.2. I am running a Guest Network as well as a closed network.
  In the Timed Access window i have default set to "no access". Then, all the computers that are allowed access to the main network are on the list. My guest network is broadcasting but when a user tries to connect to it, they get an "Unable to connect" message. If I change the default access in Timed Access to "Everyday", users are then able to connect to the Guest network again.
  Obviously, this is a bug/missing feature and has been for several software revisions. I don't want people accessing the main network that aren't on the timed access list. However, I still want guest users to access the Guest Network, without using MAC address filtering on the Guest Network.
  It looks to me that the Timed Access window is controlling the restriction of the Guest and Main network. Which renders the Guest Network feature pretty much useless.
  Hopefully this will be addressed in the near future. If other people are experiencing this problem, Please let me know.
  -Ghost

  It looks to me that the Timed Access window is controlling the restriction of the Guest and Main network.
  Your observation is correct. Access control using Timed Access is an ALL or NOTHING feature for both the Main and Guest networks. The Guest network is basically a VLAN function.

• Policy to force use of AD photos only is not working (global policy and client policy) - Users can change their picture

  Hi,
  On Lync server 2013 we are trying to disable the option to change the photo on lync client, the global policy has been set to display only AD photos, this didn't work so we create a client policy with the same setting and applied to users but is not working.
  Is there something that we are missing?
  Regards.

  So you mean to say the "Edit or Remove Picture" button is active on the Lync client and you want to disable it?
  AFAIK, The button is active if you are on Exchange 2013. Is this true for you?
  If Yes, maybe you can try this on your Exchange Shell. 
  Set-OwaVirtualDirectory -identity "owa (Default Web Site)" -SetPhotoEnabled $False
  Note: If you find a post informative, please mark it so using the arrow to the left. If it answers a question you have asked, please mark the thread as answered to aid others when they are looking for solutions to similar problems or queries. <p>-------------------------------------------------------
  </p> <p>The opinions expressed here are solely my own and do not express the views or opinions of my employer.</p>

• Custom User Groups in GRC Access Control Risk and Remediation 5.3

  Hi all,
  Does anyone know how I can mass upload assignments of users to custom user groups in R&R?
  We have a requirement to group users in a different way to the SAP user groups so I wanted to create new 'custom' user groups in R&R and allocate specific users.  We're talking about 3000 users so I can't do it manually.
  Regards
  Amir

  Hi Amir,
     I don't think there is direct way to do this. You might be able to pull this off by going through the back-door (database update). Talk to SAP support about this and they should be able to provide you with the tablenames which gets affected by users and user groups upload.
  Regards,
  Alpesh

• How to activate control center and notification center in ios 8.1.3

  I have iPhone 5s whit iOS 8.1.3, sometimes I can't access control center and notification center by sliding up or down on screen till I turn my device off and then turn it on. What is the problem?
  Is it a bug in this version of iOS??? :-O

  Go to Settings > General > Restrictions, make sure "Deleting Apps" did not get turned off.
  If it is not a restrictions problem...
  Try resetting:
  Hold both the home and power buttons at the same time until the Apple boot logo appears. No data will be lost.

• What is better for security?  WPA2 or Access control

  I have a Airport express and 2 computers; a Mac and a PC.
  When it come to securing your wi-fi connection so you don't get unauthorized clients on your network.
  What is better
  A- Just using encryption like WPA2 or some other password based system or
  B- Just entering the "Airport ID" (MAC) of the computers I want to authorize in my network on the Access control panel.
  Seems to me like the later is easier on the clients since they don't need a password or anything, It's completely transparent for the client. And I believe encryption slows down the connection a bit and create overhead for the computer. But maybe I don't have the full picture of the situation.
  Is there anybody who can illuminated this subject for me?
  thanks
  PowerBookG4 Mac OS X (10.3.9)

  WPA2 is virtually uncrackable only really vulnerable if you use a real word as a password.
  When using access control, MAC addresses are sent unecrypted can be read and spoofed and therefore do not add any security.
  Unfortunately "Closed" networks, MAC access control lists, and reduction in transmission power are all more "feel good" security rather than real security. All these various approaches are dated and mistakenly lead to overconfidence.
  WPA is your friend if you value wireless security.

• Integrating with external access control system

  Hi,
  I am new at the network but have read a lot recently about the above subject as much as I could. However, I am a bit mixed up at something. I understand in order to update SAP HR module with employees time and attendance logs I need to interface with a certified PDC interface => (SAP ECC - PLANT DATA COLLECTION - TIME & ATTENDANCE AND EMPLOYEE EXPENDITURES (HR-PDC)
  I wish to develop a system that updates the the SAP HR with employee attendance logs. In addition I also wish enroll new employees into my access control system database by polling the SAP HR database.
  Now my question is if I use .NET connector:
  1. Does the connector it include functions that can help with the above requirements?
  2. Is the use of PDC interface here still a must?
  Thanks

  For time management with the help of transaction pt80 you can download the information about employees with the help of idoc. And there are some programs a.k.a connectors that link access control systems and SAP so that you do not hire the same employee in the access control problem. You hire the employee in SAP and SAP sends the information (HR Minimaster DATA) to the related program.
  It is also do the same thing for the employees who resign. I mean if an employee is fired or resigned from the company than it is sent to the related system.
  These can be found under PDC integrated systems. You can find information about the systems from Ecohub. http://ecohub.sap.com/
  I hope this answer will help.

• Access Control functionality in Oracle workflow

  Hi everyone,
  I am doing research into access control models and workflow systems (separation of duty policies in particular). As far as I could tell, Oracle Workflow does not provide much in terms of securing access to data in a workflow process (except from the normal login authentication of course).
  One usually assigns a task's performer to a CONSTANT role from your database roles so that only certain users will have access to that task. This is not always enough though, especially when the role-hierarchy is not properly contructed and maintained. So, I've been working on a few scripts to dynamically prevent users from receiving tasks on their worklists based on their previous participation in the process (e.g. to prevent a manager from approving his own leave application).
  I was just wondering if anyone else have been working on access control in Oracle Workflow. Is there any built-in functionality that I missed that controls task-user assignment?
  Thanks,
  Carmen

  Thank you very much Sirish for your help.
  We are facing huge performance issues while Risk Analysis with Oracle Application servers through Greenlight Adaptor - its taking around 10 hours for 3000 users. Can you please point out what can be the possibilities and how can we trace out exact root cause and then solve it.
  This is happening on GRC AC 5.2 SP10 and GRC logs doesn't say much , it just gives output taken 12 secs for one user Risk Analysis.
  Here is our understanding on how GRC does Risk Analysis and our observations on our systems -->
  1. GRC asks for 1 user details at a time from Oracle Application Server - please confirm does GRC do Risk Analysis for one user at a time or a bunch of users?
  2. Oralce App server get details of that user and sends back results to GRC.
  3. Now there is a wait time for around 3 secs before Oracle Server gets request for the second user. 3 sec for one user means 2.5 hours of wait time for 3000 users. We are not able to understand why Oracle Server needs to wait for next user request from GRC?
  Would highly appreciate if you can share your experience on GRC Risk Analysis with Oracle (Greenlight Adaptor) and with SAP systems.
  Best Regards
  Davinderpal Singh

• Access Control 5.3 RAR - BW Reporting 0GCC_UPV

  Hi experts,
  I have activated the SAP GRC Access Control content and everything works fine so far. However, I can't report risks by users properly, as mitigated controls are not taken into account in cube 0GCC_UPV. Mitigated users are stored in 0GCC_MTUS.
  Has anyone experience with this ? Of course we want to report on users which are not mitigated and still have risks.
  The query select * from virsa_cc_prmvl on Java Stack says that MITREFNO is always empty. However, there is the possibility on the java stack to report on users and select/deselect mitigation. I don't believe they join two tables during runtime !
  Any help is appreciated !
  Thanks,
  Max

  Hi Annie,
  For your first question check this thread -
  GRC 5.3 Zero Violations & unable to exclude critical profiles
  Question 2:
  When I change the background job parameters for Batch Risk Analysis with specific usergroup and specific role range, why it doesnt reflect in the mgt view->risk violations? it still show me all the users in the systems and not the range of users that i specified.
  As per my uderstanding mgt-risk violation will show you the results based upon the selected criteria in the view and not based upon the background job you selected. Once Full Batch Risk Analysis is done, the data is there in GRC database. After that it keeps syncing each time you run a new batch risk analysis and adds any new changes.
  Showing in mgmt report is based upon what you select to see.
  Regards,
  Sabita

• Home Hub 3 Access Control not working

  Not sure if anyone can help with this, but here goes!
  I have access control enabled on my HomeHub 3 which should stop my daughter from using the Internet between 9:00pm and 3:00pm - it seems to be working in as much as she isn't able to access the internet from her laptop from the time she gets up until 3:00pm, but it doesn't stop her using the internet at 9:00pm, in fact she can still quite happily access the internet up until 10:30 or even later.
  I have tried restarting the hub, switching access control off and back on and delting and re-instating the device block but none of these seem to work properly, so any advice would be gratefully received.
  I'm also having problems with wireless connectivity, but I've put that in a different post as I think it probably needs different expertise

  It could be because the time on the hub is an hour slow because it has not updated to BST. This is a known problem which BT were going to sort out within a few days! See here and elsewhere in these forums: http://community.bt.com/t5/Other-BB-Queries/Clocks-Forward/td-p/448429.
  Pending resolution of the problem, putting the Access Control times back an hour might do it. (It has been reported that the alternative of setting the time manually can result in the hub not keeping time very well.)  
  You can click the white star next to this message if you think it was helpful.

• Integrating SAP HCM with third party Access Control System

  Hi Experts,
  We have client using SAP HCM and intend procuring an Access Control Solution to manage her people.
  What the client wants to avoid though is having to create a new employee in SAP HCM and manually creating same in the Access Control Software. Is there a way this can be automated such that upon recruitment of new staff, the data is updated in the Access Control DB which uses MS SQL? If this is possible, what is required to get this working well.
  Thanks for your support in this regard.
  Regards
  John

  For time management with the help of transaction pt80 you can download the information about employees with the help of idoc. And there are some programs a.k.a connectors that link access control systems and SAP so that you do not hire the same employee in the access control problem. You hire the employee in SAP and SAP sends the information (HR Minimaster DATA) to the related program.
  It is also do the same thing for the employees who resign. I mean if an employee is fired or resigned from the company than it is sent to the related system.
  These can be found under PDC integrated systems. You can find information about the systems from Ecohub. http://ecohub.sap.com/
  I hope this answer will help.

• Access Control Context in Engineering Record screen

  Hello Gurus,
  I need to remove the Access Control Context and Owning Tet field from the PLM Engineering Record screen. Is it possible to do with configuration to hide these fields?
  I removed from "Specify Object Types for PLM Authorization check".
  Kindly advice.
  Thanks & Regards
  Jo

  Hi Jo ,
  You cannot hide it via configuration as access control context is coming from component reuse . I created it while my team was developing PLM ECR in SAP Labs India.
  One possible approach is to do a custom development to hide this field .
  Thanks & Regards,
  Abhishek.