VPN Concentrator & Radius for Administration users

Similar Messages

• Content Administration Tab is missing for administrator user in  NW CE 7.1

  we have a issue after upgrading the portal to NW CE 7.1 SP00 RTC.
  "Content Administration" Tab is missing for administrator users

  In CE version, we have to manually enable by using "Content Layer Tool"
                http://<host>:<port>/irj/servlet/prt/portal/prteventname/HtmlbEvent/prtroot/com.sap.portal.content.layers.ContentLayersTool
  This link may lead to "Portal Runtime Error" because "contentLayerTool" is port of high_safety zone
  To access without runtime error, pls follow the below process.
  1. login http://<host>:<port>/irj with admin user
  2. concatenate the below line to browser
      /servlet/prt/portal/prteventname/HtmlbEvent/prtroot/com.sap.portal.content.layers.ContentLayersTool
  3. To enable content admin tab click "Activate Development Mode"

• Security for domain computer only accessible for administrative users

  Dear users,
  I was wondering if there is any GPO so I can secure some computers from being used by other users.
  This is how the situation is currently:
  There 600 computers and all are member of a domain.
  Now I want 4 computers that only can be used by Administrators so no one else can logon on these computers.
  But I can't seem to find that option, or its not working.
  Does anyone here knows a good KB or any other related article I can read to arrange this?
  Kind regards,
  Martijn

  Hi,
  Would you please tell more information regarding the 4 computers here? Are they domain controllers?
  With domain controllers, the default settings is that only members of the Account Operators, Administrators, Backup Operators, Print Operators, and Server Operators groups have the
  Allowed logon locally system right.
  For workstations and servers, members who have the logon rights are Administrators, Backup Operators, Power Users, Users, and Guest. If we want to change the default settings about logon locally with workstations and servers, we may consider to modify this
  policy.
  More information regarding allow logon locally, please see:
  Allow log on locally
  http://technet.microsoft.com/en-us/library/cc756809(v=WS.10).aspx
  Hope this may help
  Best regards
  Michael
  If you have any feedback on our support, please click
  here.
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Cisco Nexus 5K + Micrososft Radius for Admin Authentication

  Hi,
  I have cisco 3750 switches configured to use MS radius for administrator authention. however, now I would like to add our cisco nexus switches to MS radius as well so that administrators are authenticated against the Microsoft radius for admin authention.
  I tried it earlier but it won't accept 3750 commands.. Can you please help with me with a configuration example please that I can follow?
  the commands I have used on 3750 are as follows:
  aaa new-model
  aaa authentication login vtylogin group radius local
  aaa authentication login conlogin group radius local
  aaa authentication enable default group radius enable
  aaa authorization console
  aaa authorization exec vtylogin group radius local
  aaa authorization exec conlogin group radius local
  radius-server host x.x.x.x key SECRETE
  line con 0
  exec-timeout 5 0
  authorization exec conlogin
  logging synchronous
  login authentication conlogin
  line vty 0 4
  exec-timeout 0 0
  authorization exec vtylogin
  login authentication vtylogin
  transport input ssh
  line vty 5 15
  exec-timeout 0 0
  authorization exec vtylogin
  login authentication vtylogin
  transport input ssh

  I have never done this before with ACS but not with NPS. However, you are in the right path. Nexus uses NX-OS which is different in some regards to regular IOS. One of those differences is the AAA setup. In NX-OS you assign users to roles. So for full access you will need to return the following attributes from your Radius server:
  Attribute: cisco-av-pair
  Requirement: Mandatory
  Value: shell:roles*"network-admin vdc-admin"
  For more information take a look at this link:
  http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/115925-nexus-integration-acs-00.html
  Hope this helps
  Thank you for rating helpful posts!

• Setting Crystalviewer for all users in CMC

  I am trying to setup Crystal Reports server 2008 VI for my organization. One of the requirement is to disable the Preferences in inoview and set the crystal report viewer to the Web ActiveX control for all users. I was able to disable the preference parameter in CMC -> Allications -> InfoView, but could not find away to set the default viewer for all InfoView users to the activeX control? Is this doable? If so I would like to know how.
  Any help is greatly appreciated.

  Enable preferences and go to Infoview, click oh Preferences and change the view format to ActiveX and save it. Do this for Administrator users.
  There is download available, using that you can make the same change for all users, check the below link.
  Re: Setting the same "InfoView Start Page" to all users in one group
  With that you can change the settings for all users as Administrator, once done remove the access to Preferences.
  Thanks,
  Hari

• Administrator User Account Locked

  Hi.
  I locked into my local portal with Admin user/pwd.
  It asks me to reset the pwd.
  I did it and I forgottenly given wrong password.
  When I tried to log in the portal with the Admin user/pwd, it is showing message as "Account Locked"
  Can anyone help on this issue.
  Regards
  Bala

  Hi Balachandar P,
  If you forgot or lock "Administrator or J2EE_ADMIN" password just follow below steps:
  <u><b>STEP-1: Enable "SAP*"</b></u>
  1.Start the Config Tool C:\usr\sap\<SID>\<engine-instance>\j2ee\configtool\configtool.bat
  Ex: D:\usr\sap\F02\JC00\j2ee\configtool --> configtool.bat
  2.Goto cluster-data --> Global server configuration --> services --> com.sap.security.core.ume.service
  3.Double-click on the property "ume.superadmin.activated = TRUE"
  4.Double-click on the property "ume.superadmin.password=<Enter any password ex: abc123>"
  5.Save.
  6.Restart the engine.
  <u><b>STEP-2: Login with "SAP*" into portal</b></u>
  1. http://<host>:<Port>/useradmin/index.jsp
  2. Enter userid / password as" SAP* / <password ex: abc123>"
  3. Search for "Administrator" user
  4. Reset or change password for "Administrtor"
  <u><b>STEP-3: Disable "SAP*"</b></u>
  1.Start the Config Tool C:\usr\sap\<SID>\<engine-instance>\j2ee\configtool\configtool.bat
  Ex: D:\usr\sap\F02\JC00\j2ee\configtool --> configtool.bat
  2.Goto cluster-data --> Global server configuration --> services --> com.sap.security.core.ume.service
  3.Double-click on the property "ume.superadmin.activated = FALSE"
  4.Save.
  5. Restart the engine.
  <u><b>STEP-4: Login with "Administrator"</b></u>
  1. http://<host>:<Port>/useradmin/index.jsp
  2. Enter userid / Password as "Administrator / <password>
  3. it will ask change password just change it.
  <b>Thanks,
  Nagaraju Parlapalli</b>

• How do creative cloud apps get installed without asking for administrator?

  The title says it all but I'll reiterate. How do CC apps downloaded with the Creative Cloud desktop app get installed without asking for administrator user/password? Its the sam on both Mac and Windows and I don't understand how its doing it. This seems like a security hole to me.

  JscottCMD are you installing the Adobe Creative applications with a Creative Cloud Individual subscription?  If so please see Install and update apps - https://helpx.adobe.com/creative-cloud/help/install-apps.html for information on how to install the applications and updates included with your membership.

• You do not have sufficient privileges to complete this installation for all users of the machine. Log on as administrator and then retry this installation

  Hi all
  Have seen a couple threads regarding this but unfortunately nothing that solves my problem thus far!
  Right now, our developers are using the Domain Admin account to promote their website code using MSI files.  I'd like to change this as I feel the Domain Admin account should be on lock down and only used when absolutely necessary, pretty common.  The
  same goes for my account too, I would like to absolve as much use of the Domain Admin as I can.
  Problem is, when they run installers from their own accounts, they receive this error: You do not have sufficient privileges
  to complete this installation for all users of the machine. Log on as administrator and then retry this installation
  The accounts they are using are part of the Built In Administrators group and the Domain Admins group... I'm not sure what other permission you'd need in a domain?  We've gone as far as explicitly giving them local admin access on this server and still
  nothing changes.
  Is there a Group Policy or something that I can change to provide install rights and possibly remove these accounts as Domain Admin and more along the line of Power User?
  Thanks much for your help!
  Ryan

  Hi,
  You could use Software Restriction Policies (SRP’s) or Applocker(supported on Windows server 2008 R2/Windows 7 only) to restrict the running
  of the application for specific user.
  Description of the Software Restriction Policies
  http://support.microsoft.com/kb/310791
  HOW TO: Restrict Users from Running Specific Windows Programs
  http://support.microsoft.com/kb/323525
  How to Implement Group Policy Security Filtering
  http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Security-Filtering.htmlPlease remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

• Flash Player works for Administrator but not other users

  I have Flash Player 10.2.153.1 installed and I am running Windows Vista 32-bit and Windows Internet Explorer 8.  If I am logged in as the Administrator I have no problem watching video previews from the Odeon and other similar websites.  However, if logged on a Standard user account Odeon film previews cannot be seen - all I get is a blank white viewing box with a small square box in the top left corner with the colours red, green and blue in it (it is too vague to make out what the logo is even when zoomed in).  The inability to watch video clips for Standard users seems to be random as some sites work while others do not?  Can anyone help solve this problem?  Why do I have this problems for the standard user accounts on some websites but not at all for the Administrator account on any website ???

  Experienced same problems: http://forums.adobe.com/thread/790415
  Would very much appreciate a solution.
  Glocke

• Firefox won't install for all users in Windows 8.1; only installs for administrator

  Since moving to Windows 8.1, I have been unable to install Firefox for multiple users on this laptop. Firefox installs only for the Administrator (me), and does not appear on any other user account. When I try installing from one of the other user accounts (after entering my administrator password), it simply won't install.

  Check that Firefox isn't set to run as Administrator.
  Right-click the Firefox desktop shortcut and choose "Properties".
  Make sure that all items are deselected in the "Compatibility" tab of the Properties window.
  * Privilege Level: "Run this program as Administrator" should not be selected
  * "Run this program in compatibility mode for:" should not be selected
  Also check the Properties of the firefox.exe program in the Firefox program folder (C:\Program Files\Mozilla Firefox\).

• MacOSX AIR Permissions for non-administrator user folders

  We're making final changes to our installer for PowerPC Macs, which cannot get the fixes in Adobe AIR 2.7.
  What are the ownership AND permissions expected to be for normal Adobe AIR operation in the following user folders?
  ~/Library/Application Support/Adobe/AIR
  ~/Library/Preferences/Macromedia/Flash Player/www.macromedia.com/
  /Users/Shared/Library/Application Support/Adobe
  We would like to know if it is advisable to apply the permissions fixes to user folders other than those under the administrator user. Neither the AIR Install Repair.zip posted on the forums nor the MacOSX Adobe AIR 2.7 Installer logs show that any user folders other than those under the administrator user are modified.
  Thanks for your advice.

  Hi,
  I don't believe you'll need to make adjustments to these folders.  Here's what mine are set to:
  /Users/chris/Library/Application Support/Adobe/AIR
  755 / owner:chris group:chris
  /Users/chris/Library/Preferences/Macromedia/Flash Player/www.macromedia.com
  755 / owner:chris group:chris
  /Users/Shared/Library/Application Support/Adobe
  755 / owner:chris group:wheel
  Fwiw, the reason we had to fix up permissions was due to beta versions of past Creative Suite installers (the shipping installers were corrected.)  As far as I know, the only folders effected were the ones we corrected in the installer and I addressed in the script.
  Thanks,
  Chris

• Cisco works LMS 3.0.1 cannot archieve configuration for cisco 3000 series vpn concentrator

  Hi All,
  Our problem is, we have Cisco Works LMS 3.0.1. cannot archieve configuration for cisco 3000 series vpn concentrator.
  Any help would be greatly appreciated.
  Thanks in advance.
  Samir

  Make sure you have filled out all of the HTTP/HTTPS credential data in DCR for these devices.  RME will only use HTTPS to fetch VPN concentrator configurations.

• Performance Tuning for non Administrator users

  Hi,
  Since i had performance issue on my cube i have followed tutorial:
  http://www.oracle.com/technology/obe/obe_bi/bi_ee_1013/aggpersist/aggpersist.htm
  to obtain best performance using aggregate tables.
  All works, but opening NQSQuery.log i've seen that only Administrator User uses aggregate tables, and not other users. In fact:
  Administrator User:
  WITH
  SAWITH0 AS (select sum(T209.SPESA_PRES0000004A) as c1,
  T202.Sesso00000057 as c2
  from
  SA_Nominat00000090 T202, (Aggregated table)
  ag_Fatti T209 (Aggregated table)
  where ( T202.Nominativo0000005F = T209.Nominativo0000005F )
  group by T202.Sesso00000057)
  select distinct SAWITH0.c2 as c1,
  SAWITH0.c1 as c2
  from
  SAWITH0
  Other user:
  WITH
  SAWITH0 AS (select sum(T32.SPESA_PRESCRITTA) as c1,
  T32.ASSISTITO__SESSO_LVLDSC as c2,
  T32.TEMPO_DIM_ANNO_LVLDSC as c3
  from
  STORDO_CUBE_CUBEVIEW T32
  where ( T32.TEMPO_DIM_LEVEL = 'ANNO' and T32.ASSISTITO__LEVEL = 'SESSO' )
  group by T32.TEMPO_DIM_ANNO_LVLDSC, T32.ASSISTITO__SESSO_LVLDSC)
  select distinct SAWITH0.c2 as c1,
  SAWITH0.c3 as c2,
  SAWITH0.c1 as c3
  from
  SAWITH0
  How can I do to obtain a query similar even for a non Administrator User?
  However, in your opinion, to have a TOTAL level for all dimensions, can me help to improve performances?
  p.s. In addition, aggregate measure value is wrong. It's 900, but it must be 300, infact the total of all rows in fact table is 300 and not 900. In this way, even the report result is wrong!!! Why?
  Thanks
  Giancarlo
  Edited by: user5380662 on 10-mag-2010 4.44
  Edited by: user5380662 on 10-mag-2010 5.47

  Hi daqstudent,
  What versions of Windows (with service packs), LabVIEW, and the DAQmx
  drivers do you have?  It looks like this issue should have been
  fixed in DAQmx version 7.4.  As a work-around, you should be able
  to use the Measurement & Automation Explorer (MAX) to create
  DAQmx Global Channels, and then use those saved Global Channels in LabVIEW. The
  configuration for DAQmx Global Channels in MAX is the same as that of
  the DAQ Assistant in LabVIEW. The only experience lost is seeing the
  actual DAQ Assistant icon in LabVIEW.
  Thaison V

• Administrative user only for install software but prevent intercative session

  Hello,
  as an university, we are not allowing domain users di write anything on the C:\ drive on our Win7/64 PCs; therefore users are unable to install any software and that is what we - usually - want.
  But there are some users (researchers, Teachers or labs) who sometimes need to install software in order to test it. So we created on their PCs a local user "install" as member of the local administrator Group. They should use it when
  UAC prompts them to give administrative rights to install software or with the "Run as administrator" right click. This works fine but unfortunately we noticed that many users are using the "install" account to do their daily work, so they
  are working the whole day long with the highest privileges and we do not want this for obvious security reasons.
  We want to leave the administrative user "install" for the software installation purpose but we want prevent users using it interactively; we couldn't find a way to do this. Is it possible ?
  In order to discourage users, we also made some tests giving the "install" local user, deny permission on the start menu, desktop and some other folders, so that they couldn't find programs and be very limited in using the installa account
  interactively, but this does not give the expected results (for example the user is able to create a folder on the desktop after a couple of popus warnings, or the start menu is not completely empty).
  Any ideas ?
  Thank you in advance.
  Best regards,
  Eric

  Hi,
  In my opinion, you can try to use AppLocker to accomplish this task. You can create a new pricple the allow specific user or group install application. Also the type of about to be installed app could be customized.
  You can allocate User group app install permission to make sure they could install APP unrestricted but doesn't have administrator rights.
  Please refer to the link below for more details about APP Locker:
  http://technet.microsoft.com/en-us/library/dd723678(v=ws.10).aspx
  Roger Lu
  TechNet Community Support

• Roles for the user to Edit the Dimension without being an administrator

  Dear Users,
  I have a query based on Planning security.
  I want the user to edit the dimensions and members in planning application. However, the user cannot be administrator.
  I have created a user and assigned the role of "Interactive User" on Planning roles and of "Dimension Editor" on Shared Services access. With this provisioning user the "Administration-->Dimension" is grayed out for the user.
  Please suggest if roles can be assigned to the user in order to Edit the Dimension without being an administrator?
  Regards,
  Praveen.

  I am sure this question gets asked over and over, they need to be an administrator.
  Cheers
  John
  http://john-goodwin.blogspot.com/