VPN Concentrator & Radius for Administration users
Is there a way to utilise a Radius servers instead of TACAS+ to administer the admin accounts at a VPN 3005 Concentrator?
As per Cisco documentation here;
http://www.cisco.com/univercd/cc/td/doc/product/vpn/vpn3000/4_1/admonbk/access.htm#1507954
It can be done only using the TACACS+ server. I do not see any option to configure RADIUS server here.
Similar Messages
-
Content Administration Tab is missing for administrator user in NW CE 7.1
we have a issue after upgrading the portal to NW CE 7.1 SP00 RTC.
"Content Administration" Tab is missing for administrator usersIn CE version, we have to manually enable by using "Content Layer Tool"
http://<host>:<port>/irj/servlet/prt/portal/prteventname/HtmlbEvent/prtroot/com.sap.portal.content.layers.ContentLayersTool
This link may lead to "Portal Runtime Error" because "contentLayerTool" is port of high_safety zone
To access without runtime error, pls follow the below process.
1. login http://<host>:<port>/irj with admin user
2. concatenate the below line to browser
/servlet/prt/portal/prteventname/HtmlbEvent/prtroot/com.sap.portal.content.layers.ContentLayersTool
3. To enable content admin tab click "Activate Development Mode" -
Security for domain computer only accessible for administrative users
Dear users,
I was wondering if there is any GPO so I can secure some computers from being used by other users.
This is how the situation is currently:
There 600 computers and all are member of a domain.
Now I want 4 computers that only can be used by Administrators so no one else can logon on these computers.
But I can't seem to find that option, or its not working.
Does anyone here knows a good KB or any other related article I can read to arrange this?
Kind regards,
MartijnHi,
Would you please tell more information regarding the 4 computers here? Are they domain controllers?
With domain controllers, the default settings is that only members of the Account Operators, Administrators, Backup Operators, Print Operators, and Server Operators groups have the
Allowed logon locally system right.
For workstations and servers, members who have the logon rights are Administrators, Backup Operators, Power Users, Users, and Guest. If we want to change the default settings about logon locally with workstations and servers, we may consider to modify this
policy.
More information regarding allow logon locally, please see:
Allow log on locally
http://technet.microsoft.com/en-us/library/cc756809(v=WS.10).aspx
Hope this may help
Best regards
Michael
If you have any feedback on our support, please click
here.
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. -
Cisco Nexus 5K + Micrososft Radius for Admin Authentication
Hi,
I have cisco 3750 switches configured to use MS radius for administrator authention. however, now I would like to add our cisco nexus switches to MS radius as well so that administrators are authenticated against the Microsoft radius for admin authention.
I tried it earlier but it won't accept 3750 commands.. Can you please help with me with a configuration example please that I can follow?
the commands I have used on 3750 are as follows:
aaa new-model
aaa authentication login vtylogin group radius local
aaa authentication login conlogin group radius local
aaa authentication enable default group radius enable
aaa authorization console
aaa authorization exec vtylogin group radius local
aaa authorization exec conlogin group radius local
radius-server host x.x.x.x key SECRETE
line con 0
exec-timeout 5 0
authorization exec conlogin
logging synchronous
login authentication conlogin
line vty 0 4
exec-timeout 0 0
authorization exec vtylogin
login authentication vtylogin
transport input ssh
line vty 5 15
exec-timeout 0 0
authorization exec vtylogin
login authentication vtylogin
transport input sshI have never done this before with ACS but not with NPS. However, you are in the right path. Nexus uses NX-OS which is different in some regards to regular IOS. One of those differences is the AAA setup. In NX-OS you assign users to roles. So for full access you will need to return the following attributes from your Radius server:
Attribute: cisco-av-pair
Requirement: Mandatory
Value: shell:roles*"network-admin vdc-admin"
For more information take a look at this link:
http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-system/115925-nexus-integration-acs-00.html
Hope this helps
Thank you for rating helpful posts! -
Setting Crystalviewer for all users in CMC
I am trying to setup Crystal Reports server 2008 VI for my organization. One of the requirement is to disable the Preferences in inoview and set the crystal report viewer to the Web ActiveX control for all users. I was able to disable the preference parameter in CMC -> Allications -> InfoView, but could not find away to set the default viewer for all InfoView users to the activeX control? Is this doable? If so I would like to know how.
Any help is greatly appreciated.Enable preferences and go to Infoview, click oh Preferences and change the view format to ActiveX and save it. Do this for Administrator users.
There is download available, using that you can make the same change for all users, check the below link.
Re: Setting the same "InfoView Start Page" to all users in one group
With that you can change the settings for all users as Administrator, once done remove the access to Preferences.
Thanks,
Hari -
Administrator User Account Locked
Hi.
I locked into my local portal with Admin user/pwd.
It asks me to reset the pwd.
I did it and I forgottenly given wrong password.
When I tried to log in the portal with the Admin user/pwd, it is showing message as "Account Locked"
Can anyone help on this issue.
Regards
BalaHi Balachandar P,
If you forgot or lock "Administrator or J2EE_ADMIN" password just follow below steps:
<u><b>STEP-1: Enable "SAP*"</b></u>
1.Start the Config Tool C:\usr\sap\<SID>\<engine-instance>\j2ee\configtool\configtool.bat
Ex: D:\usr\sap\F02\JC00\j2ee\configtool --> configtool.bat
2.Goto cluster-data --> Global server configuration --> services --> com.sap.security.core.ume.service
3.Double-click on the property "ume.superadmin.activated = TRUE"
4.Double-click on the property "ume.superadmin.password=<Enter any password ex: abc123>"
5.Save.
6.Restart the engine.
<u><b>STEP-2: Login with "SAP*" into portal</b></u>
1. http://<host>:<Port>/useradmin/index.jsp
2. Enter userid / password as" SAP* / <password ex: abc123>"
3. Search for "Administrator" user
4. Reset or change password for "Administrtor"
<u><b>STEP-3: Disable "SAP*"</b></u>
1.Start the Config Tool C:\usr\sap\<SID>\<engine-instance>\j2ee\configtool\configtool.bat
Ex: D:\usr\sap\F02\JC00\j2ee\configtool --> configtool.bat
2.Goto cluster-data --> Global server configuration --> services --> com.sap.security.core.ume.service
3.Double-click on the property "ume.superadmin.activated = FALSE"
4.Save.
5. Restart the engine.
<u><b>STEP-4: Login with "Administrator"</b></u>
1. http://<host>:<Port>/useradmin/index.jsp
2. Enter userid / Password as "Administrator / <password>
3. it will ask change password just change it.
<b>Thanks,
Nagaraju Parlapalli</b> -
How do creative cloud apps get installed without asking for administrator?
The title says it all but I'll reiterate. How do CC apps downloaded with the Creative Cloud desktop app get installed without asking for administrator user/password? Its the sam on both Mac and Windows and I don't understand how its doing it. This seems like a security hole to me.
JscottCMD are you installing the Adobe Creative applications with a Creative Cloud Individual subscription? If so please see Install and update apps - https://helpx.adobe.com/creative-cloud/help/install-apps.html for information on how to install the applications and updates included with your membership.
-
Hi all
Have seen a couple threads regarding this but unfortunately nothing that solves my problem thus far!
Right now, our developers are using the Domain Admin account to promote their website code using MSI files. I'd like to change this as I feel the Domain Admin account should be on lock down and only used when absolutely necessary, pretty common. The
same goes for my account too, I would like to absolve as much use of the Domain Admin as I can.
Problem is, when they run installers from their own accounts, they receive this error: You do not have sufficient privileges
to complete this installation for all users of the machine. Log on as administrator and then retry this installation
The accounts they are using are part of the Built In Administrators group and the Domain Admins group... I'm not sure what other permission you'd need in a domain? We've gone as far as explicitly giving them local admin access on this server and still
nothing changes.
Is there a Group Policy or something that I can change to provide install rights and possibly remove these accounts as Domain Admin and more along the line of Power User?
Thanks much for your help!
RyanHi,
You could use Software Restriction Policies (SRP’s) or Applocker(supported on Windows server 2008 R2/Windows 7 only) to restrict the running
of the application for specific user.
Description of the Software Restriction Policies
http://support.microsoft.com/kb/310791
HOW TO: Restrict Users from Running Specific Windows Programs
http://support.microsoft.com/kb/323525
How to Implement Group Policy Security Filtering
http://www.windowsnetworking.com/articles_tutorials/Group-Policy-Security-Filtering.htmlPlease remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. -
Flash Player works for Administrator but not other users
I have Flash Player 10.2.153.1 installed and I am running Windows Vista 32-bit and Windows Internet Explorer 8. If I am logged in as the Administrator I have no problem watching video previews from the Odeon and other similar websites. However, if logged on a Standard user account Odeon film previews cannot be seen - all I get is a blank white viewing box with a small square box in the top left corner with the colours red, green and blue in it (it is too vague to make out what the logo is even when zoomed in). The inability to watch video clips for Standard users seems to be random as some sites work while others do not? Can anyone help solve this problem? Why do I have this problems for the standard user accounts on some websites but not at all for the Administrator account on any website ???
Experienced same problems: http://forums.adobe.com/thread/790415
Would very much appreciate a solution.
Glocke -
Firefox won't install for all users in Windows 8.1; only installs for administrator
Since moving to Windows 8.1, I have been unable to install Firefox for multiple users on this laptop. Firefox installs only for the Administrator (me), and does not appear on any other user account. When I try installing from one of the other user accounts (after entering my administrator password), it simply won't install.
Check that Firefox isn't set to run as Administrator.
Right-click the Firefox desktop shortcut and choose "Properties".
Make sure that all items are deselected in the "Compatibility" tab of the Properties window.
* Privilege Level: "Run this program as Administrator" should not be selected
* "Run this program in compatibility mode for:" should not be selected
Also check the Properties of the firefox.exe program in the Firefox program folder (C:\Program Files\Mozilla Firefox\). -
MacOSX AIR Permissions for non-administrator user folders
We're making final changes to our installer for PowerPC Macs, which cannot get the fixes in Adobe AIR 2.7.
What are the ownership AND permissions expected to be for normal Adobe AIR operation in the following user folders?
~/Library/Application Support/Adobe/AIR
~/Library/Preferences/Macromedia/Flash Player/www.macromedia.com/
/Users/Shared/Library/Application Support/Adobe
We would like to know if it is advisable to apply the permissions fixes to user folders other than those under the administrator user. Neither the AIR Install Repair.zip posted on the forums nor the MacOSX Adobe AIR 2.7 Installer logs show that any user folders other than those under the administrator user are modified.
Thanks for your advice.Hi,
I don't believe you'll need to make adjustments to these folders. Here's what mine are set to:
/Users/chris/Library/Application Support/Adobe/AIR
755 / owner:chris group:chris
/Users/chris/Library/Preferences/Macromedia/Flash Player/www.macromedia.com
755 / owner:chris group:chris
/Users/Shared/Library/Application Support/Adobe
755 / owner:chris group:wheel
Fwiw, the reason we had to fix up permissions was due to beta versions of past Creative Suite installers (the shipping installers were corrected.) As far as I know, the only folders effected were the ones we corrected in the installer and I addressed in the script.
Thanks,
Chris -
Hi All,
Our problem is, we have Cisco Works LMS 3.0.1. cannot archieve configuration for cisco 3000 series vpn concentrator.
Any help would be greatly appreciated.
Thanks in advance.
SamirMake sure you have filled out all of the HTTP/HTTPS credential data in DCR for these devices. RME will only use HTTPS to fetch VPN concentrator configurations.
-
Performance Tuning for non Administrator users
Hi,
Since i had performance issue on my cube i have followed tutorial:
http://www.oracle.com/technology/obe/obe_bi/bi_ee_1013/aggpersist/aggpersist.htm
to obtain best performance using aggregate tables.
All works, but opening NQSQuery.log i've seen that only Administrator User uses aggregate tables, and not other users. In fact:
Administrator User:
WITH
SAWITH0 AS (select sum(T209.SPESA_PRES0000004A) as c1,
T202.Sesso00000057 as c2
from
SA_Nominat00000090 T202, (Aggregated table)
ag_Fatti T209 (Aggregated table)
where ( T202.Nominativo0000005F = T209.Nominativo0000005F )
group by T202.Sesso00000057)
select distinct SAWITH0.c2 as c1,
SAWITH0.c1 as c2
from
SAWITH0
Other user:
WITH
SAWITH0 AS (select sum(T32.SPESA_PRESCRITTA) as c1,
T32.ASSISTITO__SESSO_LVLDSC as c2,
T32.TEMPO_DIM_ANNO_LVLDSC as c3
from
STORDO_CUBE_CUBEVIEW T32
where ( T32.TEMPO_DIM_LEVEL = 'ANNO' and T32.ASSISTITO__LEVEL = 'SESSO' )
group by T32.TEMPO_DIM_ANNO_LVLDSC, T32.ASSISTITO__SESSO_LVLDSC)
select distinct SAWITH0.c2 as c1,
SAWITH0.c3 as c2,
SAWITH0.c1 as c3
from
SAWITH0
How can I do to obtain a query similar even for a non Administrator User?
However, in your opinion, to have a TOTAL level for all dimensions, can me help to improve performances?
p.s. In addition, aggregate measure value is wrong. It's 900, but it must be 300, infact the total of all rows in fact table is 300 and not 900. In this way, even the report result is wrong!!! Why?
Thanks
Giancarlo
Edited by: user5380662 on 10-mag-2010 4.44
Edited by: user5380662 on 10-mag-2010 5.47Hi daqstudent,
What versions of Windows (with service packs), LabVIEW, and the DAQmx
drivers do you have? It looks like this issue should have been
fixed in DAQmx version 7.4. As a work-around, you should be able
to use the Measurement & Automation Explorer (MAX) to create
DAQmx Global Channels, and then use those saved Global Channels in LabVIEW. The
configuration for DAQmx Global Channels in MAX is the same as that of
the DAQ Assistant in LabVIEW. The only experience lost is seeing the
actual DAQ Assistant icon in LabVIEW.
Thaison V -
Administrative user only for install software but prevent intercative session
Hello,
as an university, we are not allowing domain users di write anything on the C:\ drive on our Win7/64 PCs; therefore users are unable to install any software and that is what we - usually - want.
But there are some users (researchers, Teachers or labs) who sometimes need to install software in order to test it. So we created on their PCs a local user "install" as member of the local administrator Group. They should use it when
UAC prompts them to give administrative rights to install software or with the "Run as administrator" right click. This works fine but unfortunately we noticed that many users are using the "install" account to do their daily work, so they
are working the whole day long with the highest privileges and we do not want this for obvious security reasons.
We want to leave the administrative user "install" for the software installation purpose but we want prevent users using it interactively; we couldn't find a way to do this. Is it possible ?
In order to discourage users, we also made some tests giving the "install" local user, deny permission on the start menu, desktop and some other folders, so that they couldn't find programs and be very limited in using the installa account
interactively, but this does not give the expected results (for example the user is able to create a folder on the desktop after a couple of popus warnings, or the start menu is not completely empty).
Any ideas ?
Thank you in advance.
Best regards,
EricHi,
In my opinion, you can try to use AppLocker to accomplish this task. You can create a new pricple the allow specific user or group install application. Also the type of about to be installed app could be customized.
You can allocate User group app install permission to make sure they could install APP unrestricted but doesn't have administrator rights.
Please refer to the link below for more details about APP Locker:
http://technet.microsoft.com/en-us/library/dd723678(v=ws.10).aspx
Roger Lu
TechNet Community Support -
Roles for the user to Edit the Dimension without being an administrator
Dear Users,
I have a query based on Planning security.
I want the user to edit the dimensions and members in planning application. However, the user cannot be administrator.
I have created a user and assigned the role of "Interactive User" on Planning roles and of "Dimension Editor" on Shared Services access. With this provisioning user the "Administration-->Dimension" is grayed out for the user.
Please suggest if roles can be assigned to the user in order to Edit the Dimension without being an administrator?
Regards,
Praveen.I am sure this question gets asked over and over, they need to be an administrator.
Cheers
John
http://john-goodwin.blogspot.com/
Maybe you are looking for
-
Returning my Yoga 2 Pro. What a shame...
What a shame... I like the computer, I don;t have any of the issues many of teh people in these forums brought up and yet, Lenovo screwed up big time with the mini HDMI. I must be able to connect my laptop to my external Apple monitor. This monitor h
-
How do I Get songs to download off the cloud when that isn't an option?
there are various songs listed in my library that are greyed out. Some of them have the opition next to them to download them off from the cloud and most of them don't. How can I get those songs onto my library and be able to play?
-
Hi All.... Where in spro can I maintain Output types , pls msg the path and the output determination procedure.... Regards
-
My IPod Mini Won't Update, Restore or be recognized!
I updated iTunes and my iPod software because iTunes wouldn't reconize my iPod. But it wouldn't update sucessfully and when I restore it, it stops at the end and says "Firmware Update Failure. Disk Write Error" I changed drive to "I" and tried to ref
-
Hi, I am using raise_application_error(code,message) for customized exception messages. I am getting it correctly. but with that message I am also getting Ora-06512 , why it is coming there ? E.g. EXEC PKG_PRODADJORDERS.PROC_CREATEORDER(200304,2,7,'C