TMG2010 - Exhcange 2010 - Restrict User Groups

Hey Guys, 
We have TMG2010 currently reverse publishing OWA however no Pre-Auth is being used, the Exchange 2010 Auth Form is being used. 
The TMG box is not Domain Joined, however if we joined it to the domain would we be able to use AD Security Groups to restrict access to certain services such as OWA?  Without enabling the "Pre-Auth" Functions of TMG? 
Thanks, 
Robert 
Robert

Hi,
yes it is possible to restrict access to specific services like OWA/EAS/OA on the TMG Server for specific user/groups if the TMG Server is a member of the domain. You can also use pre-auth if the TMG Server is a member of a workgroup if you use LDAP
on the TMG Server:
TMG publishing:
http://www.microsoft.com/en-us/download/details.aspx?id=8946
TMG and LDAP:
http://www.isaserver.org/articles-tutorials/configuration-general/Microsoft-Forefront-TMG-Using-LDAP-RADIUS-Authentication.html
regards Marc Grote aka Jens Baier - www.it-training-grote.de - www.forefront-tmg.de - www.galileocomputing.de/3570

Similar Messages

  • Restrict user group authorization on reporting

    Hi all;
    I've problem restriction of user groups on monitoring reports.
    By using RSSM transaction I gave only one user group to reach the reports but I still see the other groups on report.
    Thanks.
    Korel.

    Hi Chris,
    There is no standard report available for this purpose. However all this information is stored in table UME_STRINGS.
    You can write your own SQL queries to generate such reports. However please note that this table is not normalized, and it's a master UME table. You should use it strictly for READ ONLY purpose.
    For a sample code you which i wrote some time back, you might refer:
    http://forums.sdn.sap.com/thread.jspa?threadID=2088099&messageID=10859334#10859334
    Thanks
    Prashant

  • Not able to restrict user groups from accessing certain entities

    We have created user groups and are trying to give them restricted access to certain entities so that they can perform consolidations only for those entities. But even after creating Security Classes (and assigning them to the entities in the metadata) and assigning [Default] security class access as Read Only, the users are still able to access and consolidate all the entities using process control.
    Can anyone please let me know how to restrict consolidation to only certain entities?

    To solve this you need the following information:
    -- What roles do the users have? Anyone with the Administrator role has full access to all classes.
    -- Examine the groups. If any users are members of a group which has more access than the users have as individuals, they get the greater access level. You can generate a report which shows all roles for all users including the derived roles.
    -- Examine your metadata. Do the entities in question have the classes you intend? If you omit a class (the field has been left blank), HFM treats it like the [Default] class.
    With this information we could help you troubleshoot the issue.
    --Chris                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   

  • Sharepoint 2010 get User Groups from specific site

    Hello,
    I was able to get all User groups from entire site Collection.
    But instead of getting user groups from entire site, I want read user groups only from one specified sub site.
    Please help!
    Thanks

    Assuming you have an SPWeb object named "web", example:
    SPSite site = new SPSite(http://yourdomain/sites/yoursite);
    SPWeb web = site.OpenWeb("mysubsite/subsbusite");
    web.Groups will return a collection of SPGroup objects for the current subsite. If this subsite inherits permissions from a parent site (web.HasUniquePerm = False), the list is the same as the Groups property of the parent site.
    SPWeb.Groups:
    http://msdn.microsoft.com/en-us/library/office/microsoft.sharepoint.spweb.groups(v=office.15).aspx
    SPGroup:
    http://msdn.microsoft.com/en-us/library/office/microsoft.sharepoint.spgroup(v=office.15).aspx
    You would be better results by posting coding questions in "SharePoint 2010 - Development and Programming" instead of "SharePoint 2010 - General Discussions and Questions".
    Mike Smith TechTrainingNotes.blogspot.com
    Books:
    SharePoint 2007 2010 Customization for the Site Owner,
    SharePoint 2010 Security for the Site Owner

  • Restrict users to see some colums from an report

    Hi,
    is there a way to restrict users (group of users) to see some columns in a report.
    For example:
    mr X to see both quantity and price columns
    and mr Y to see just quantity column
    in the same report
    or I have to make 2 report one with both columns and one with just an column.
    Thanks in advance
    best regards
    Nicolae Ancuta

    Hi Nicolae ,
    Security is enforced on two levels:
    Object-level security controls access to Metadata Repository objects (configured in
    Administrator Tool), and Web Catalog objects such as Folders, Filters, and Dashboards, etc. (configured in BI Answers Web Application). Data-level security controls access to content and data in end-user Reports and Dashboards (configured in Administrator Tool). Administrator Tool Manage Menu item Security Manager is used to define Users and User Groups and define Repository permissions.
    Data-level permissions can be set to above Groups and Users from the Presentation Table properties dialog box of each Subject area.BI Answers Web Page, Settings Menu
    Administration, to view and administer privileges associated with various components of the Answers Web application.
    More here in the documentation
    http://download.oracle.com/docs/cd/E10415_01/doc/nav/portal_booklist.htm
    Regards,
    Mohammad Farhan Alam

  • Restrict metadata field during an update to a specific user group

    Hello everyone,
    I am having some trouble figuring out the best way to restrict permissions to change some metadata fields for 2 different groups of users.
    I have two user groups, A and B. Group A will be checking in documents that the B group will then review for accuracy and quality. Group B will then update an optionlist field called "Status" with either "Recommended" or "Not Recommended".
    This is not a workflow situation as the scope requires that all documents are immediately available for searching. I currently have a CheckIn and Search profile for the content permitting read write access to groups A and B. The "Status" field is hidden on the CheckIn page. Can anyone please suggest a good way to restrict the field "Status" on an Update page to just "B" users? Groups A and B should be able to update all fields with the exception of the B restricted "Status" field.
    Thanks!
    Edited by: user6750815 on Jun 2, 2010 4:11 PM

    Hey rMac,
    I understand it this way you have one profile for A and B user groups. On this profile Status field is hidden.
    If this is your problem you can approach it from two places, while making the rule for hiding the Status field, use rule activation condition. Make it active only for users with Role A . This way even with single profile some of the user with Role B will be able to see the Status field.
    otherwise you can put similar code in Restrict Personalization Link where in you make this hidden field editable and compulsory for Users in B.
    cheers,
    sapan

  • Restricting  Access for SQ01 User Group

    Hi ,
    Please let me how to Restrict  Access for a   User Group  to only some of  the specific users?
    Thank you
    Edited by: Vibhor Arora on Apr 12, 2010 7:29 AM

    Hi,
    Can you please clarify what exactly you want to know, your request can be interpreted in a few different ways.
    If you are concerned that people have access to all user groups, then you need to remove access to S_QUERY activity 02 and I think activity 23.  They will lose access to all user groups that they are not assigned to via SQ03.

  • How to restrict users working on Windows 7 clients from accessing Windows Explorer and other systems in the network through Group Policy with a domain controller running on Windows Server 2008 r2

    Dear All,
    We are having an infrastructure setup of around 500 client computers managed through group policy.
    Recently the domain controllers have been migrated from Windows Server 2003 to Server 2008 R2.
    Since this account requires extremely strict environment, we need to figure the solution for restricting the users from access anything locally.
    It would be great if you can assist me with the following query.
    How to restrict users logged on Windows 7 clients from accessing Windows Explorer and browsing other systems in the network through Group Policy with a domain controller running on Windows Server 2008 r2 ?
    Can we disable Network Tab on the left hand pane ?
    explorer.exe is blocked already, but users are able to enter the Windows Explorer by clicking on the name which is visible on the Start Menu.

    >   * explorer.exe is blocked already, but users are able to enter the
    >     Windows Explorer by clicking on the name which is visible on the
    >     Start Menu.
    You cannot block explorer.exe when you do not replace the shell - the
    desktop you see effectively IS explorer.exe...
    Your requirement sounds like you need a custom shell:
    http://gpsearch.azurewebsites.net/#2812
    Martin
    Mal ein
    GUTES Buch über GPOs lesen?
    NO THEY ARE NOT EVIL, if you know what you are doing:
    Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))

  • I have a Win7Pro SP1 PC locked down with a Group Policy as it is a public facing PC. PDF fillable forms cannot be completed when logged on as the restricted user. The forms work as a normal user. What are the user requirements/permissions needed to fill f

    I have a Win7Pro SP1 PC locked down with a Group Policy as it is a public facing PC. PDF fillable forms cannot be completed when logged on as the restricted user. The forms work as a normal user. What are the user requirements/permissions needed to fill forms?

    Well, try this (I was able to fix my with these steps):
    Go Utilities > Disk Utility
    Select your Startup Disk, e.g. Macintosh HD
    Then, under the First Aid Tab, click Verify Disk Permissions.
    If there are errors, then click repair Disk Permissions.
    After it is done, restart the computer and see if your problem is resolved.
    I hope this help.
    Zeke
    www.ZekeYuen.com/blog/

  • Restrict password resets to certain user groups in UME

    I am investigating if it is possible to create a UME action which restricts admins to unlocking/locking IDs and resetting passwords for users in a certain user group.  I know you may need to create a UME permission class and action.  Has anyone done this?  If so how?
    Thanks and Regards,
    Mosi

    Hi Mosi,
    did you have a look at the <a href="http://help.sap.com/saphelp_nw2004s/helpdata/en/2b/306bb5bc98f24f8a85d489449af456/frameset.htm">Documentation about the Company Concept</a>? This can also be used to delegate administrative taks in your case.
    Regards,
    Patrick

  • SQ01 - User Group Restrictions

    Using transcation SQ01-Sap Query in the HR module is it possible to restrict users to specific queries. I have assigned users to user groups, but this does not appear to prevent users outside of the group running the query.
    All users concerned have access to the transaction with authorisation value '23'.
    Thanks
    Simon

    Hi,
    Did you check what are the restriction given while creating a Query.
    For more info
    http://help.sap.com/saphelp_nw04/helpdata/en/d2/cb42cb455611d189710000e8322d00/frameset.htm
    Cheers
    Soma
    Message was edited by:
            soma pradeep

  • Restricting Users based on GL Authorization Group

    Gurus,
    I have got requiremnt from our finance consultant/team for restricting users from accesing particular GL accounts in a company code. There are some GL which users are not supposed to view.
    We have created authorization group in FS00 -Control data , but we cannot see that group in object F_BKPF_BES(Account authorization for GL accounts).
    Please help.
    Regards

    Hi,
    Step1: Create Tolerance Groups
    Step2: Assign Users to Tolerance Groups
    Step3: Remove/Add T Codes in Users Master Data (T Code: SU01)
    Thanks
    Chandra

  • Restricting Queries in HR: Compensation Management User Group

    I am trying to restrict the Infoset /SAPQUERY/HR_XX_CM_03, which contains salary/compensation queries, assigned to User Group /SAPQUERY/H0, from being accessed by anyone.  In SQ03, user group /SAPQUERY/H0, there are no users assigned but users with access to SQ01 can select the user group /SAPQUERY/H0  and access the queries tied to infoset /SAPQUERY/HR_XX_CM_03.  Why are users able to access the infosets of the user group when no users are assigned to the user group?

    Turns out that security authorization for access to SQ01 had an S_QUERY value of 02 which allows for full change.  With this value the user group/user assignments done via sq03 did not work.  Setting S_QUERY to 23 allows for user group assignment to restrict access in sq01

  • How can we restrict the other user to add their user id's to the user group created in SQ03?

    Hello All,
    How can we restrict the other user to add their user id's to the user group created in SQ03?
    When we enter the user group name and click on "Assign users and Infosets" button in the attached pic "User Group" .
    I was able to enter my user id in other user groups. How to Grey out the other rows in the attached pic "User Group 1".

    How strange I answered (or at least helped) this very same question earlier today. Here the link to my previous answer then:
    http://scn.sap.com/thread/3536135

  • How to restrict a user group of SQ01 for only execution for some users

    Hi,
       I would like to know if it is possible to restrict the access to SQ01 transaction for some users. I would like that these users have only execution access to some queries associated with an user group.
       Do I have to associate the user group to the users I want to have access to it? How can I do it=
       Do I have to associate the queries created on SQ01 to the users? or it is enough to assign the users to the user group where the queries are defined?
       Do I have to associate the infosets created on SQ02 to the users? or it is enough to assign the users to the user group to which the infosets are associated?
       Thank you,
       Luz D.

    I suggest you do a web search on SQ01 and SQ02. That'll bring along SQ03 as well.
    There's so much information available on the web that there's no reason to repeat it here.
    [try google|http://www.google.com/search?hl=en&safe=off&q=SAPsq01sq02&meta=]
    Jurjen

Maybe you are looking for

  • Macbook Pro 13" won't turn on.

    I have had this macbook for about a year and a half. it was working fine last night but when i tried to turn it on this morning, nothing happened. Then I tried plugging it in to the charger but the green light that usually shows up didn't.

  • Best speech recognition software for Mac?

    What is the best speech recognition software available for a Mac? I want to be able to control my computer by voice while I lecture. I am aware of Dictate but hoping there is something better on the market. Thanks, todd

  • ToolTipText for an image

    Hey all! I've created a panel that contains 10 images in two rows of five, and i want to add tooltiptext to the images. It appears that there is no method to do such a thing, so i decided that one way to do it would be to draw a panel underneath each

  • IPhone 3GS not being recognized as a still camera in Windows

    Hi, this is my first post ever! My problem is that whenever I plug my iPhone 3GS in my PC (running Windows 8 Dev. preview) it isn't recognized as a still camera (or MTP device) so I'm not able to copy photos from the camera roll. The thing is it was

  • MIRO Problem - 2nd Stage Dealer !!

    HI Our client buys lots of raw material from 1st stage & 2nd stage dealers. They pass on Excise credit to our client. This amount of excise credit is not known at the time of creating a PO. So the PO has only VAT condition calculated by the tax code