Wallpaper GPO + Loop-back Merge mode+ security filtering. issue

Similar Messages

• Loop back adapter host file configuration issue?

  i did not exactly follow the following instructions :
  Add a line to the C:\winnt\system32\drivers\etc\hosts file with the following format, right after the localhost line:
  IP_address hostname.domainname hostname
  instead I have the following in my host file
  IP_address hostname
  that should be fine too right?

  i have actually reintalled oracle infra and then mid tier and it installed fine this time... I was able to log in to the portal at first with the the url
  http://localhost:7778/pls/portal
  but then I changed the portal database password with the command since I could not log into it
  alter user portal account unlock;
  alter user portal identified by password
  and I am getting the following error in the web page:
  Servlet Error
  An unexpected servlet error was encountered.
  Please check the log file for more details.
  where are the log files I looked in the server.log at C:\OraHome_midtier\j2ee\OC4J_Portal\log\OC4J_Portal_default_island_1 one of them and they say:
  java.lang.NullPointerException
       at com.evermind.server.rmi.RMIServer.run(RMIServer.java:464)
       at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:186)
       at java.lang.Thread.run(Thread.java:534)
  06/04/09 15:11:15 Internal server error
  java.lang.NullPointerException
       at com.evermind.server.rmi.RMIServer.run(RMIServer.java:464)
       at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:186)
       at java.lang.Thread.run(Thread.java:534)
  what does this is going wrong

• Security Filtering for GPO processing

  Hi,
  I have an OU which contains all the servers accounts. I have multiple GPOs that are linked to this OU but I have a GPO that contains only User configuration part witha script to map files. Requirement is that this policy should be applied when a groups of
  users logs on to a group of servers only.
  If I add the required User group & required computer accounts to the Security filtering of this GPO, will it work good? Is there any other way that will give required result but with lesser GPO processing time.
  Thanks
  Vipin Tyagi (MCSE 2003) Windows Admin

  In our environment, all GPOs are applied to Computer OUs, not a single GPO applied to User OU. Do we need to enable Loopback processing for all GPOs having user setting?
  No.
  Loopback Processing is rather special, in the way that, if enabled in any GPO, and that GPO is linked to an OU, all GPOs linked to that OU will operate in Loopback mode.
  When you enable Loopback Processing, this changes the way that GPO is processed on computers in the linked OU.
  e.g. if you enable Loopback Processing on a single GPO linked to an OU, and there are 3 other GPOs linked to that same OU, all 4 GPOs will operate in Loopback Processing mode for that OU.
  For this reason, there are suggestions on how to implement Loopback Processing, e.g. create a new GPO, name that GPO something like "Enable GPO Loopback in Merge mode" or "Enable GPO Loopback in Replace mode", then link this GPO to the relevant OUs where
  you need it.
  Don't enable Loopback Processing in a GPO that also performs other GPO settings.
  Using this method, you can quickly see (due to the display name) when Loopback Processing is applying to any OU, and, clearly see in all RSOP/GPresult data when Loopback is occurring.
  [troubleshooting GPO can be tricky, particularly when you don't know Loopback is occurring]
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• AGPM and security security filtering: gpos not showing up in uncontrolled tab

  Why Does a gpo not show up in uncontrolled tab? The only thing that is removed is "authenticated users" from security filtering of said gpo. Once I add authenticated users back, bang! its back visible in uncontrolled tab.
  Adding specific groups and removing authenticated users from security filtering is a standard practice to apply group policy. Can this not be used with AGPM?
  version 4.2

  Hi,
  For AGPM questions, in order to get accurate help, it's recommended that we ask for advice in the following dedicated AGPM forum.
  Microsoft Advanced Group Policy Management (AGPM)
  https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopagpm
  Best regards,
  Frank Shen
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• HT5642 my ipod touch 5th gen is not recognized since I tried to update ios. It says it is in recovery mode but it just keeps looping back to recovery mode. I tried holging power button for 3 sec. then both home and power for 10 sec then home button for 20

  My ipod touch 5th generation went into recovery mode when I tried to update ios. When I try to recover it just keeps looping back to recovery mode. I tried to hold the power button for 3 secs. then simultaneously hold the home button for 10 secs. then hold only power button for 20 secs. I tried this several times to no avail. This is my daughter's ipod. I am computer illiterate and I'm not sure what else to try.

  Maybe:
  Restore loop (being prompted to restore again after a restore successfully completes)
  Troubleshoot your USB connection. If the issue persists, out-of-date or incorrectly configured third-party security software may be causing this issue. Please follow Troubleshooting security software issues. .
  Next try placing in DFU mode and then restoring.
  How to put iPod touch / iPhone into DFU mode « Karthik's scribblings
  Then try restoring on another computer.
  Last, make an appointment at the Genius Bar of an Apple store.
  Apple Retail Store - Genius Bar

• Is there a way to get GPO's security filtering groups only.

  Hello,
  Is there a way to get the GPO and the Security filtering groups assigned or configured for that GPO.
  A VBSCRIPT would be greatfull
  Thanks,
  Schan.

  > A VBSCRIPT would be greatfull
  Have a look at the GPMC samle scripts:
  http://www.microsoft.com/en-us/download/details.aspx?id=14536
  Also a good starter to learn about how to use the GPMC COM interface :)
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• How to prevent changes to a GPO's Security Filtering?

  Hi all
  We can prevent GPOs being edited but how can we prevent changes to a GPO's
  Security Filtering? Is there a way to lockdown the Add and Remove options to prevent accidental
  changes please?
  Thanks
  Scott

  Hi,
  Configure properly in t-code OIS2
  Select serial number profile >>> Double click on serialization procedure
  Maintain procedures
  SDCC     - Completness check for delivery
  SDLS     - Maintain delivery
  Kapil

• How to apply Computer Configuration to users with Security Filtering?

  I have a gpo that contains both user and computer settings.  In order to test it, I want to link it to an OU that contains users and their computers, but I want to use Security Filtering to apply it only to certain users (I don't have their computer
  names).
  Is there a way to filter it to only certain users without losing the computer settings?

  > Is there a way to filter it to only certain users without losing the
  > computer settings?
   Computers look for computer settings in a GPO they have access to.
  Users look for user settings in a GPO they have access to.
  SO you might simply remove "Authenticated Users" (which includes both
  computers and users) from security filtering. Then add "Domain
  computers" which gives all computers access to computer settings, and
  add the users in question, which gives THESE users access to user settings.
  Don't enable loopback and play around with it unless you are sure you
  fully understand what it is doing!
  http://evilgpo.blogspot.de/2012/02/loopback-demystified.html
  http://blogs.technet.com/b/askds/archive/2013/02/08/circle-back-to-loopback.aspx
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Postfix, mail loop back to myself

  Hello. I have tried to set up postfix and dovecot. However, I cant seem to figure out what is causing this error messages when trying to send emails to other local users.
  My servers hostname is aurora.tholden.no
  MX host is aurora.tholden.no
  I have two domains. Tholden.no and srckurs.no
  srckurs.no have two email accounts. Both working fine, and I can send and recve mail between them, and the outside.
  However, for the tholden.no domain, reciving of emails does not work. I can send them though.
  What can be the problem?
  main.cf
  # Global Postfix configuration file. This file lists only a subset
  # of all parameters. For the syntax, and for a complete parameter
  # list, see the postconf(5) manual page (command: "man 5 postconf").
  # For common configuration examples, see BASIC_CONFIGURATION_README
  # and STANDARD_CONFIGURATION_README. To find these documents, use
  # the command "postconf html_directory readme_directory", or go to
  # [url]http://www.postfix.org/BASIC_CONFIGURATION_README.html[/url] etc.
  # For best results, change no more than 2-3 parameters at a time,
  # and test if Postfix still works after every change.
  # COMPATIBILITY
  # The compatibility_level determines what default settings Postfix
  # will use for main.cf and master.cf settings. These defaults will
  # change over time.
  # To avoid breaking things, Postfix will use backwards-compatible
  # default settings and log where it uses those old backwards-compatible
  # default settings, until the system administrator has determined
  # if any backwards-compatible default settings need to be made
  # permanent in main.cf or master.cf.
  # When this review is complete, update the compatibility_level setting
  # below as recommended in the RELEASE_NOTES file.
  # The level below is what should be used with new (not upgrade) installs.
  compatibility_level = 2
  # SOFT BOUNCE
  # The soft_bounce parameter provides a limited safety net for
  # testing. When soft_bounce is enabled, mail will remain queued that
  # would otherwise bounce. This parameter disables locally-generated
  # bounces, and prevents the SMTP server from rejecting mail permanently
  # (by changing 5xx replies into 4xx replies). However, soft_bounce
  # is no cure for address rewriting mistakes or mail routing mistakes.
  #soft_bounce = no
  # LOCAL PATHNAME INFORMATION
  # The queue_directory specifies the location of the Postfix queue.
  # This is also the root directory of Postfix daemons that run chrooted.
  # See the files in examples/chroot-setup for setting up Postfix chroot
  # environments on different UNIX systems.
  queue_directory = /var/spool/postfix
  # The command_directory parameter specifies the location of all
  # postXXX commands.
  command_directory = /usr/bin
  # The daemon_directory parameter specifies the location of all Postfix
  # daemon programs (i.e. programs listed in the master.cf file). This
  # directory must be owned by root.
  daemon_directory = /usr/lib/postfix/bin
  # The data_directory parameter specifies the location of Postfix-writable
  # data files (caches, random numbers). This directory must be owned
  # by the mail_owner account (see below).
  data_directory = /var/lib/postfix
  # QUEUE AND PROCESS OWNERSHIP
  # The mail_owner parameter specifies the owner of the Postfix queue
  # and of most Postfix daemon processes. Specify the name of a user
  # account THAT DOES NOT SHARE ITS USER OR GROUP ID WITH OTHER ACCOUNTS
  # AND THAT OWNS NO OTHER FILES OR PROCESSES ON THE SYSTEM. In
  # particular, don't specify nobody or daemon. PLEASE USE A DEDICATED
  # USER.
  mail_owner = postfix
  # The default_privs parameter specifies the default rights used by
  # the local delivery agent for delivery to external file or command.
  # These rights are used in the absence of a recipient user context.
  # DO NOT SPECIFY A PRIVILEGED USER OR THE POSTFIX OWNER.
  #default_privs = nobody
  # INTERNET HOST AND DOMAIN NAMES
  # The myhostname parameter specifies the internet hostname of this
  # mail system. The default is to use the fully-qualified domain name
  # from gethostname(). $myhostname is used as a default value for many
  # other configuration parameters.
  #myhostname = host.domain.tld
  myhostname = aurora.tholden.no
  # The mydomain parameter specifies the local internet domain name.
  # The default is to use $myhostname minus the first component.
  # $mydomain is used as a default value for many other configuration
  # parameters.
  #mydomain = tholden.no
  # SENDING MAIL
  # The myorigin parameter specifies the domain that locally-posted
  # mail appears to come from. The default is to append $myhostname,
  # which is fine for small sites. If you run a domain with multiple
  # machines, you should (1) change this to $mydomain and (2) set up
  # a domain-wide alias database that aliases each user to
  # [email protected].
  # For the sake of consistency between sender and recipient addresses,
  # myorigin also specifies the default domain name that is appended
  # to recipient addresses that have no @domain part.
  #myorigin = $myhostname
  #myorigin = $mydomain
  # RECEIVING MAIL
  # The inet_interfaces parameter specifies the network interface
  # addresses that this mail system receives mail on. By default,
  # the software claims all active interfaces on the machine. The
  # parameter also controls delivery of mail to user@[ip.address].
  # See also the proxy_interfaces parameter, for network addresses that
  # are forwarded to us via a proxy or network address translator.
  # Note: you need to stop/start Postfix when this parameter changes.
  inet_interfaces = all
  inet_protocols = all
  #inet_interfaces = $myhostname
  #inet_interfaces = $myhostname, localhost
  # The proxy_interfaces parameter specifies the network interface
  # addresses that this mail system receives mail on by way of a
  # proxy or network address translation unit. This setting extends
  # the address list specified with the inet_interfaces parameter.
  # You must specify your proxy/NAT addresses when your system is a
  # backup MX host for other domains, otherwise mail delivery loops
  # will happen when the primary MX host is down.
  #proxy_interfaces =
  #proxy_interfaces = 1.2.3.4
  # The mydestination parameter specifies the list of domains that this
  # machine considers itself the final destination for.
  # These domains are routed to the delivery agent specified with the
  # local_transport parameter setting. By default, that is the UNIX
  # compatible delivery agent that lookups all recipients in /etc/passwd
  # and /etc/aliases or their equivalent.
  # The default is $myhostname + localhost.$mydomain. On a mail domain
  # gateway, you should also include $mydomain.
  # Do not specify the names of virtual domains - those domains are
  # specified elsewhere (see VIRTUAL_README).
  # Do not specify the names of domains that this machine is backup MX
  # host for. Specify those names via the relay_domains settings for
  # the SMTP server, or use permit_mx_backup if you are lazy (see
  # STANDARD_CONFIGURATION_README).
  # The local machine is always the final destination for mail addressed
  # to user@[the.net.work.address] of an interface that the mail system
  # receives mail on (see the inet_interfaces parameter).
  # Specify a list of host or domain names, /file/name or type:table
  # patterns, separated by commas and/or whitespace. A /file/name
  # pattern is replaced by its contents; a type:table is matched when
  # a name matches a lookup key (the right-hand side is ignored).
  # Continue long lines by starting the next line with whitespace.
  # See also below, section "REJECTING MAIL FOR UNKNOWN LOCAL USERS".
  #mydestination = $myhostname, localhost.$mydomain, localhost
  #mydestination = $myhostname, localhost.$mydomain, localhost, $mydomain
  mydestination = aurora, localhost.localdomain, localhost
  # mail.$mydomain, www.$mydomain, ftp.$mydomain
  # REJECTING MAIL FOR UNKNOWN LOCAL USERS
  # The local_recipient_maps parameter specifies optional lookup tables
  # with all names or addresses of users that are local with respect
  # to $mydestination, $inet_interfaces or $proxy_interfaces.
  # If this parameter is defined, then the SMTP server will reject
  # mail for unknown local users. This parameter is defined by default.
  # To turn off local recipient checking in the SMTP server, specify
  # local_recipient_maps = (i.e. empty).
  # The default setting assumes that you use the default Postfix local
  # delivery agent for local delivery. You need to update the
  # local_recipient_maps setting if:
  # - You define $mydestination domain recipients in files other than
  # /etc/passwd, /etc/aliases, or the $virtual_alias_maps files.
  # For example, you define $mydestination domain recipients in
  # the $virtual_mailbox_maps files.
  # - You redefine the local delivery agent in master.cf.
  # - You redefine the "local_transport" setting in main.cf.
  # - You use the "luser_relay", "mailbox_transport", or "fallback_transport"
  # feature of the Postfix local delivery agent (see local(8)).
  # Details are described in the LOCAL_RECIPIENT_README file.
  # Beware: if the Postfix SMTP server runs chrooted, you probably have
  # to access the passwd file via the proxymap service, in order to
  # overcome chroot restrictions. The alternative, having a copy of
  # the system passwd file in the chroot jail is just not practical.
  # The right-hand side of the lookup tables is conveniently ignored.
  # In the left-hand side, specify a bare username, an @domain.tld
  # wild-card, or specify a [email protected] address.
  #local_recipient_maps = unix:passwd.byname $alias_maps
  #local_recipient_maps = proxy:unix:passwd.byname $alias_maps
  #local_recipient_maps =
  # The unknown_local_recipient_reject_code specifies the SMTP server
  # response code when a recipient domain matches $mydestination or
  # ${proxy,inet}_interfaces, while $local_recipient_maps is non-empty
  # and the recipient address or address local-part is not found.
  # The default setting is 550 (reject mail) but it is safer to start
  # with 450 (try again later) until you are certain that your
  # local_recipient_maps settings are OK.
  unknown_local_recipient_reject_code = 550
  # TRUST AND RELAY CONTROL
  # The mynetworks parameter specifies the list of "trusted" SMTP
  # clients that have more privileges than "strangers".
  # In particular, "trusted" SMTP clients are allowed to relay mail
  # through Postfix. See the smtpd_recipient_restrictions parameter
  # in postconf(5).
  # You can specify the list of "trusted" network addresses by hand
  # or you can let Postfix do it for you (which is the default).
  # By default (mynetworks_style = subnet), Postfix "trusts" SMTP
  # clients in the same IP subnetworks as the local machine.
  # On Linux, this does works correctly only with interfaces specified
  # with the "ifconfig" command.
  # Specify "mynetworks_style = class" when Postfix should "trust" SMTP
  # clients in the same IP class A/B/C networks as the local machine.
  # Don't do this with a dialup site - it would cause Postfix to "trust"
  # your entire provider's network. Instead, specify an explicit
  # mynetworks list by hand, as described below.
  # Specify "mynetworks_style = host" when Postfix should "trust"
  # only the local machine.
  #mynetworks_style = class
  #mynetworks_style = subnet
  #mynetworks_style = host
  # Alternatively, you can specify the mynetworks list by hand, in
  # which case Postfix ignores the mynetworks_style setting.
  # Specify an explicit list of network/netmask patterns, where the
  # mask specifies the number of bits in the network part of a host
  # address.
  # You can also specify the absolute pathname of a pattern file instead
  # of listing the patterns here. Specify type:table for table-based lookups
  # (the value on the table right-hand side is not used).
  mynetworks = 213.239.218.93, 127.0.0.0/8
  #mynetworks = $config_directory/mynetworks
  #mynetworks = hash:/etc/postfix/network_table
  # The relay_domains parameter restricts what destinations this system will
  # relay mail to. See the smtpd_recipient_restrictions description in
  # postconf(5) for detailed information.
  # By default, Postfix relays mail
  # - from "trusted" clients (IP address matches $mynetworks) to any destination,
  # - from "untrusted" clients to destinations that match $relay_domains or
  # subdomains thereof, except addresses with sender-specified routing.
  # The default relay_domains value is $mydestination.
  # In addition to the above, the Postfix SMTP server by default accepts mail
  # that Postfix is final destination for:
  # - destinations that match $inet_interfaces or $proxy_interfaces,
  # - destinations that match $mydestination
  # - destinations that match $virtual_alias_domains,
  # - destinations that match $virtual_mailbox_domains.
  # These destinations do not need to be listed in $relay_domains.
  # Specify a list of hosts or domains, /file/name patterns or type:name
  # lookup tables, separated by commas and/or whitespace. Continue
  # long lines by starting the next line with whitespace. A file name
  # is replaced by its contents; a type:name table is matched when a
  # (parent) domain appears as lookup key.
  # NOTE: Postfix will not automatically forward mail for domains that
  # list this system as their primary or backup MX host. See the
  # permit_mx_backup restriction description in postconf(5).
  #relay_domains = $mydestination
  # INTERNET OR INTRANET
  # The relayhost parameter specifies the default host to send mail to
  # when no entry is matched in the optional transport(5) table. When
  # no relayhost is given, mail is routed directly to the destination.
  # On an intranet, specify the organizational domain name. If your
  # internal DNS uses no MX records, specify the name of the intranet
  # gateway host instead.
  # In the case of SMTP, specify a domain, host, host:port, [host]:port,
  # [address] or [address]:port; the form [host] turns off MX lookups.
  # If you're connected via UUCP, see also the default_transport parameter.
  #relayhost = $mydomain
  #relayhost = [gateway.my.domain]
  #relayhost = [mailserver.isp.tld]
  #relayhost = uucphost
  #relayhost = [an.ip.add.ress]
  # REJECTING UNKNOWN RELAY USERS
  # The relay_recipient_maps parameter specifies optional lookup tables
  # with all addresses in the domains that match $relay_domains.
  # If this parameter is defined, then the SMTP server will reject
  # mail for unknown relay users. This feature is off by default.
  # The right-hand side of the lookup tables is conveniently ignored.
  # In the left-hand side, specify an @domain.tld wild-card, or specify
  # a [email protected] address.
  #relay_recipient_maps = hash:/etc/postfix/relay_recipients
  # INPUT RATE CONTROL
  # The in_flow_delay configuration parameter implements mail input
  # flow control. This feature is turned on by default, although it
  # still needs further development (it's disabled on SCO UNIX due
  # to an SCO bug).
  # A Postfix process will pause for $in_flow_delay seconds before
  # accepting a new message, when the message arrival rate exceeds the
  # message delivery rate. With the default 100 SMTP server process
  # limit, this limits the mail inflow to 100 messages a second more
  # than the number of messages delivered per second.
  # Specify 0 to disable the feature. Valid delays are 0..10.
  #in_flow_delay = 1s
  # ADDRESS REWRITING
  # The ADDRESS_REWRITING_README document gives information about
  # address masquerading or other forms of address rewriting including
  # username->Firstname.Lastname mapping.
  # ADDRESS REDIRECTION (VIRTUAL DOMAIN)
  # The VIRTUAL_README document gives information about the many forms
  # of domain hosting that Postfix supports.
  # "USER HAS MOVED" BOUNCE MESSAGES
  # See the discussion in the ADDRESS_REWRITING_README document.
  # TRANSPORT MAP
  # See the discussion in the ADDRESS_REWRITING_README document.
  # ALIAS DATABASE
  # The alias_maps parameter specifies the list of alias databases used
  # by the local delivery agent. The default list is system dependent.
  # On systems with NIS, the default is to search the local alias
  # database, then the NIS alias database. See aliases(5) for syntax
  # details.
  # If you change the alias database, run "postalias /etc/aliases" (or
  # wherever your system stores the mail alias file), or simply run
  # "newaliases" to build the necessary DBM or DB file.
  # It will take a minute or so before changes become visible. Use
  # "postfix reload" to eliminate the delay.
  #alias_maps = dbm:/etc/aliases
  #alias_maps = hash:/etc/aliases
  #alias_maps = hash:/etc/aliases, nis:mail.aliases
  #alias_maps = netinfo:/aliases
  alias_maps = hash:/etc/postfix/aliases
  # The alias_database parameter specifies the alias database(s) that
  # are built with "newaliases" or "sendmail -bi". This is a separate
  # configuration parameter, because alias_maps (see above) may specify
  # tables that are not necessarily all under control by Postfix.
  #alias_database = dbm:/etc/aliases
  #alias_database = dbm:/etc/mail/aliases
  #alias_database = hash:/etc/aliases
  #alias_database = hash:/etc/aliases, hash:/opt/majordomo/aliases
  alias_database = $alias_maps
  # ADDRESS EXTENSIONS (e.g., user+foo)
  # The recipient_delimiter parameter specifies the separator between
  # user names and address extensions (user+foo). See canonical(5),
  # local(8), relocated(5) and virtual(5) for the effects this has on
  # aliases, canonical, virtual, relocated and .forward file lookups.
  # Basically, the software tries user+foo and .forward+foo before
  # trying user and .forward.
  #recipient_delimiter = +
  # DELIVERY TO MAILBOX
  # The home_mailbox parameter specifies the optional pathname of a
  # mailbox file relative to a user's home directory. The default
  # mailbox file is /var/spool/mail/user or /var/mail/user. Specify
  # "Maildir/" for qmail-style delivery (the / is required).
  #home_mailbox = Mailbox
  home_mailbox = Maildir/
  # The mail_spool_directory parameter specifies the directory where
  # UNIX-style mailboxes are kept. The default setting depends on the
  # system type.
  #mail_spool_directory = /var/mail
  #mail_spool_directory = /var/spool/mail
  # The mailbox_command parameter specifies the optional external
  # command to use instead of mailbox delivery. The command is run as
  # the recipient with proper HOME, SHELL and LOGNAME environment settings.
  # Exception: delivery for root is done as $default_user.
  # Other environment variables of interest: USER (recipient username),
  # EXTENSION (address extension), DOMAIN (domain part of address),
  # and LOCAL (the address localpart).
  # Unlike other Postfix configuration parameters, the mailbox_command
  # parameter is not subjected to $parameter substitutions. This is to
  # make it easier to specify shell syntax (see example below).
  # Avoid shell meta characters because they will force Postfix to run
  # an expensive shell process. Procmail alone is expensive enough.
  # IF YOU USE THIS TO DELIVER MAIL SYSTEM-WIDE, YOU MUST SET UP AN
  # ALIAS THAT FORWARDS MAIL FOR ROOT TO A REAL USER.
  #mailbox_command = /some/where/procmail
  #mailbox_command = /some/where/procmail -a "$EXTENSION"
  # The mailbox_transport specifies the optional transport in master.cf
  # to use after processing aliases and .forward files. This parameter
  # has precedence over the mailbox_command, fallback_transport and
  # luser_relay parameters.
  # Specify a string of the form transport:nexthop, where transport is
  # the name of a mail delivery transport defined in master.cf. The
  # :nexthop part is optional. For more details see the sample transport
  # configuration file.
  # NOTE: if you use this feature for accounts not in the UNIX password
  # file, then you must update the "local_recipient_maps" setting in
  # the main.cf file, otherwise the SMTP server will reject mail for
  # non-UNIX accounts with "User unknown in local recipient table".
  # Cyrus IMAP over LMTP. Specify ``lmtpunix cmd="lmtpd"
  # listen="/var/imap/socket/lmtp" prefork=0'' in cyrus.conf.
  #mailbox_transport = lmtp:unix:/var/imap/socket/lmtp
  # Cyrus IMAP via command line. Uncomment the "cyrus...pipe" and
  # subsequent line in master.cf.
  #mailbox_transport = cyrus
  # The fallback_transport specifies the optional transport in master.cf
  # to use for recipients that are not found in the UNIX passwd database.
  # This parameter has precedence over the luser_relay parameter.
  # Specify a string of the form transport:nexthop, where transport is
  # the name of a mail delivery transport defined in master.cf. The
  # :nexthop part is optional. For more details see the sample transport
  # configuration file.
  # NOTE: if you use this feature for accounts not in the UNIX password
  # file, then you must update the "local_recipient_maps" setting in
  # the main.cf file, otherwise the SMTP server will reject mail for
  # non-UNIX accounts with "User unknown in local recipient table".
  #fallback_transport = lmtp:unix:/file/name
  #fallback_transport = cyrus
  #fallback_transport =
  # The luser_relay parameter specifies an optional destination address
  # for unknown recipients. By default, mail for unknown@$mydestination,
  # unknown@[$inet_interfaces] or unknown@[$proxy_interfaces] is returned
  # as undeliverable.
  # The following expansions are done on luser_relay: $user (recipient
  # username), $shell (recipient shell), $home (recipient home directory),
  # $recipient (full recipient address), $extension (recipient address
  # extension), $domain (recipient domain), $local (entire recipient
  # localpart), $recipient_delimiter. Specify ${name?value} or
  # ${name:value} to expand value only when $name does (does not) exist.
  # luser_relay works only for the default Postfix local delivery agent.
  # NOTE: if you use this feature for accounts not in the UNIX password
  # file, then you must specify "local_recipient_maps =" (i.e. empty) in
  # the main.cf file, otherwise the SMTP server will reject mail for
  # non-UNIX accounts with "User unknown in local recipient table".
  #luser_relay = [email protected]
  #luser_relay = [email protected]
  #luser_relay = admin+$local
  # JUNK MAIL CONTROLS
  # The controls listed here are only a very small subset. The file
  # SMTPD_ACCESS_README provides an overview.
  # The header_checks parameter specifies an optional table with patterns
  # that each logical message header is matched against, including
  # headers that span multiple physical lines.
  # By default, these patterns also apply to MIME headers and to the
  # headers of attached messages. With older Postfix versions, MIME and
  # attached message headers were treated as body text.
  # For details, see "man header_checks".
  #header_checks = regexp:/etc/postfix/header_checks
  # FAST ETRN SERVICE
  # Postfix maintains per-destination logfiles with information about
  # deferred mail, so that mail can be flushed quickly with the SMTP
  # "ETRN domain.tld" command, or by executing "sendmail -qRdomain.tld".
  # See the ETRN_README document for a detailed description.
  # The fast_flush_domains parameter controls what destinations are
  # eligible for this service. By default, they are all domains that
  # this server is willing to relay mail to.
  #fast_flush_domains = $relay_domains
  # SHOW SOFTWARE VERSION OR NOT
  # The smtpd_banner parameter specifies the text that follows the 220
  # code in the SMTP server's greeting banner. Some people like to see
  # the mail version advertised. By default, Postfix shows no version.
  # You MUST specify $myhostname at the start of the text. That is an
  # RFC requirement. Postfix itself does not care.
  #smtpd_banner = $myhostname ESMTP $mail_name
  #smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
  # PARALLEL DELIVERY TO THE SAME DESTINATION
  # How many parallel deliveries to the same user or domain? With local
  # delivery, it does not make sense to do massively parallel delivery
  # to the same user, because mailbox updates must happen sequentially,
  # and expensive pipelines in .forward files can cause disasters when
  # too many are run at the same time. With SMTP deliveries, 10
  # simultaneous connections to the same domain could be sufficient to
  # raise eyebrows.
  # Each message delivery transport has its XXX_destination_concurrency_limit
  # parameter. The default is $default_destination_concurrency_limit for
  # most delivery transports. For the local delivery agent the default is 2.
  #local_destination_concurrency_limit = 2
  #default_destination_concurrency_limit = 20
  # DEBUGGING CONTROL
  # The debug_peer_level parameter specifies the increment in verbose
  # logging level when an SMTP client or server host name or address
  # matches a pattern in the debug_peer_list parameter.
  debug_peer_level = 2
  # The debug_peer_list parameter specifies an optional list of domain
  # or network patterns, /file/name patterns or type:name tables. When
  # an SMTP client or server host name or address matches a pattern,
  # increase the verbose logging level by the amount specified in the
  # debug_peer_level parameter.
  #debug_peer_list = 127.0.0.1
  #debug_peer_list = some.domain
  # The debugger_command specifies the external command that is executed
  # when a Postfix daemon program is run with the -D option.
  # Use "command .. & sleep 5" so that the debugger can attach before
  # the process marches on. If you use an X-based debugger, be sure to
  # set up your XAUTHORITY environment variable before starting Postfix.
  debugger_command =
  PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
  ddd $daemon_directory/$process_name $process_id & sleep 5
  # If you can't use X, use this to capture the call stack when a
  # daemon crashes. The result is in a file in the configuration
  # directory, and is named after the process name and the process ID.
  # debugger_command =
  # PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont;
  # echo where) | gdb $daemon_directory/$process_name $process_id 2>&1
  # >$config_directory/$process_name.$process_id.log & sleep 5
  # Another possibility is to run gdb under a detached screen session.
  # To attach to the screen sesssion, su root and run "screen -r
  # <id_string>" where <id_string> uniquely matches one of the detached
  # sessions (from "screen -list").
  # debugger_command =
  # PATH=/bin:/usr/bin:/sbin:/usr/sbin; export PATH; screen
  # -dmS $process_name gdb $daemon_directory/$process_name
  # $process_id & sleep 1
  # INSTALL-TIME CONFIGURATION INFORMATION
  # The following parameters are used when installing a new Postfix version.
  # sendmail_path: The full pathname of the Postfix sendmail command.
  # This is the Sendmail-compatible mail posting interface.
  sendmail_path = /usr/bin/sendmail
  # newaliases_path: The full pathname of the Postfix newaliases command.
  # This is the Sendmail-compatible command to build alias databases.
  newaliases_path = /usr/bin/newaliases
  # mailq_path: The full pathname of the Postfix mailq command. This
  # is the Sendmail-compatible mail queue listing command.
  mailq_path = /usr/bin/mailq
  # setgid_group: The group for mail submission and queue management
  # commands. This must be a group name with a numerical group ID that
  # is not shared with other accounts, not even with the Postfix account.
  setgid_group = postdrop
  # html_directory: The location of the Postfix HTML documentation.
  html_directory = no
  # manpage_directory: The location of the Postfix on-line manual pages.
  manpage_directory = /usr/share/man
  # sample_directory: The location of the Postfix sample configuration files.
  # This parameter is obsolete as of Postfix 2.1.
  sample_directory = /etc/postfix
  # readme_directory: The location of the Postfix README files.
  readme_directory = /usr/share/doc/postfix
  #inet_protocols = ipv4
  meta_directory = /etc/postfix
  shlib_directory = /usr/lib/postfix
  # Configure Virtual Mail Addresses
  virtual_mailbox_domains = srckurs.no
  virtual_mailbox_base = /mail
  virtual_mailbox_maps = hash:/etc/postfix/vmailbox
  virtual_minimum_uid = 50
  virtual_uid_maps = static:73
  virtual_gid_maps = static:73
  virtual_alias_maps = hash:/etc/postfix/virtual
  mailbox_size_limit = 0
  virtual_mailbox_limit = 0
  # SASL SUPPORT FOR CLIENTS
  smtpd_sasl_auth_enable = yes
  smtpd_sasl_local_domain = $myhostname
  broken_sasl_auth_clients = no
  smtpd_sasl_security_options = noanonymous
  smtpd_tls_security_level=may
  smtpd_sasl_type = dovecot
  smtpd_sasl_path = private/auth
  smtpd_tls_auth_only = no
  smtpd_tls_loglevel = 1
  # With Postfix version before 2.10, use smtpd_recipient_restrictions
  smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
  smtpd_tls_cert_file = /etc/ssl/certs/server.crt
  smtpd_tls_key_file = /etc/ssl/certs/server.key
  master.cf
  # Postfix master process configuration file. For details on the format
  # of the file, see the master(5) manual page (command: "man 5 master" or
  # on-line: [url]http://www.postfix.org/master.5.html)[/url].
  # Do not forget to execute "postfix reload" after editing this file.
  # ==========================================================================
  # service type private unpriv chroot wakeup maxproc command + args
  # (yes) (yes) (no) (never) (100)
  # ==========================================================================
  smtp inet n - n - - smtpd
  587 inet n - n - - smtpd
  #submission inet n - n - - smtpd
  # -o smtpd_tls_security_level=encrypt
  # -o smtpd_sasl_auth_enable=yes
  # -o smtpd_sasl_type=dovecot
  # -o smtpd_sasl_path=/var/spool/postfix/private/auth
  # -o smtpd_sasl_security_options=noanonymous
  # -o smtpd_sasl_local_domain=$myhostname
  # -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  # -o smtpd_sender_login_maps=hash:/etc/postfix/virtual
  # -o smtpd_sender_restrictions=reject_sender_login_mismatch
  # -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
  #smtp inet n - n - 1 postscreen
  #smtpd pass - - n - - smtpd
  #dnsblog unix - - n - 0 dnsblog
  #tlsproxy unix - - n - 0 tlsproxy
  #submission inet n - n - - smtpd
  # -o syslog_name=postfix/submission
  # -o smtpd_tls_security_level=encrypt
  # -o smtpd_sasl_auth_enable=yes
  # -o smtpd_reject_unlisted_recipient=no
  # -o smtpd_client_restrictions=$mua_client_restrictions
  # -o smtpd_helo_restrictions=$mua_helo_restrictions
  # -o smtpd_sender_restrictions=$mua_sender_restrictions
  # -o smtpd_recipient_restrictions=
  # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  # -o milter_macro_daemon_name=ORIGINATING
  #smtps inet n - n - - smtpd
  # -o syslog_name=postfix/smtps
  # -o smtpd_tls_wrappermode=yes
  # -o smtpd_sasl_auth_enable=yes
  # -o smtpd_reject_unlisted_recipient=no
  # -o smtpd_client_restrictions=$mua_client_restrictions
  # -o smtpd_helo_restrictions=$mua_helo_restrictions
  # -o smtpd_sender_restrictions=$mua_sender_restrictions
  # -o smtpd_recipient_restrictions=
  # -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
  # -o milter_macro_daemon_name=ORIGINATING
  #628 inet n - n - - qmqpd
  pickup unix n - n 60 1 pickup
  cleanup unix n - n - 0 cleanup
  qmgr unix n - n 300 1 qmgr
  #qmgr unix n - n 300 1 oqmgr
  tlsmgr unix - - n 1000? 1 tlsmgr
  rewrite unix - - n - - trivial-rewrite
  bounce unix - - n - 0 bounce
  defer unix - - n - 0 bounce
  trace unix - - n - 0 bounce
  verify unix - - n - 1 verify
  flush unix n - n 1000? 0 flush
  proxymap unix - - n - - proxymap
  proxywrite unix - - n - 1 proxymap
  smtp unix - - n - - smtp
  relay unix - - n - - smtp
  # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
  showq unix n - n - - showq
  error unix - - n - - error
  retry unix - - n - - error
  discard unix - - n - - discard
  local unix - n n - - local
  virtual unix - n n - - virtual
  lmtp unix - - n - - lmtp
  anvil unix - - n - 1 anvil
  scache unix - - n - 1 scache
  # ====================================================================
  # Interfaces to non-Postfix software. Be sure to examine the manual
  # pages of the non-Postfix software to find out what options it wants.
  # Many of the following services use the Postfix pipe(8) delivery
  # agent. See the pipe(8) man page for information about ${recipient}
  # and other message envelope options.
  # ====================================================================
  # maildrop. See the Postfix MAILDROP_README file for details.
  # Also specify in main.cf: maildrop_destination_recipient_limit=1
  #maildrop unix - n n - - pipe
  # flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
  # ====================================================================
  # Recent Cyrus versions can use the existing "lmtp" master.cf entry.
  # Specify in cyrus.conf:
  # lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
  # Specify in main.cf one or more of the following:
  # mailbox_transport = lmtp:inet:localhost
  # virtual_transport = lmtp:inet:localhost
  # ====================================================================
  # Cyrus 2.1.5 (Amos Gouaux)
  # Also specify in main.cf: cyrus_destination_recipient_limit=1
  #cyrus unix - n n - - pipe
  # user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
  # ====================================================================
  # Old example of delivery via Cyrus.
  #old-cyrus unix - n n - - pipe
  # flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
  # ====================================================================
  # See the Postfix UUCP_README file for configuration details.
  #uucp unix - n n - - pipe
  # flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
  # ====================================================================
  # Other external delivery methods.
  #ifmail unix - n n - - pipe
  # flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
  #bsmtp unix - n n - - pipe
  # flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
  #scalemail-backend unix - n n - 2 pipe
  # flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
  # ${nexthop} ${user} ${extension}
  #mailman unix - n n - - pipe
  # flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  # ${nexthop} ${user}
  hosts
  ### Hetzner Online AG installimage
  # nameserver config
  # IPv4
  127.0.0.1 aurora.tholden.no aurora
  213.239.218.93 aurora.tholden.no aurora
  # IPv6
  ::1 ip6-localhost ip6-loopback
  fe00::0 ip6-localnet
  ff00::0 ip6-mcastprefix
  ff02::1 ip6-allnodes
  ff02::2 ip6-allrouters
  ff02::3 ip6-allhosts
  2a01:4f8:a0:8030::2 Archlinux-2014-64-minmal
  Here is the output of journalctl
  Apr 19 19:44:27 aurora dovecot[1044]: imap-login: Login: user=<[email protected]>, method=CRAM-MD5, rip=::1, lip=::1, mpid=1050, secured, session=<XaePChkUqgAAAAAAAAAAAAAAAAAAAAAB>
  Apr 19 19:44:27 aurora dovecot[1044]: imap([email protected]): Disconnected: Logged out in=32 out=449
  Apr 19 19:44:27 aurora dovecot[1044]: imap-login: Login: user=<[email protected]>, method=CRAM-MD5, rip=::1, lip=::1, mpid=1053, secured, session=<dcqRChkUqwAAAAAAAAAAAAAAAAAAAAAB>
  Apr 19 19:44:27 aurora dovecot[1044]: imap([email protected]): Disconnected: Logged out in=44 out=526
  Apr 19 19:44:51 aurora postfix/pickup[1041]: 342B0F8033D: uid=33 from=<[email protected]>
  Apr 19 19:44:51 aurora postfix/cleanup[1059]: 342B0F8033D: message-id=<[email protected]>
  Apr 19 19:44:51 aurora dovecot[1044]: imap-login: Login: user=<[email protected]>, method=CRAM-MD5, rip=::1, lip=::1, mpid=1062, secured, session=<3Ov5CxkUrQAAAAAAAAAAAAAAAAAAAAAB>
  Apr 19 19:44:51 aurora postfix/qmgr[1042]: 342B0F8033D: from=<[email protected]>, size=580, nrcpt=1 (queue active)
  Apr 19 19:44:51 aurora postfix/smtp[1063]: 342B0F8033D: to=<[email protected]>, relay=none, delay=0.08, delays=0.07/0.01/0.01/0, dsn=5.4.6, status=bounced (mail for tholden.no loops back to myself)
  Apr 19 19:44:51 aurora postfix/cleanup[1059]: 4BDE7F8033E: message-id=<[email protected]>
  Apr 19 19:44:51 aurora postfix/bounce[1064]: 342B0F8033D: sender non-delivery notification: 4BDE7F8033E
  Apr 19 19:44:51 aurora postfix/qmgr[1042]: 4BDE7F8033E: from=<>, size=2523, nrcpt=1 (queue active)
  Apr 19 19:44:51 aurora postfix/qmgr[1042]: 342B0F8033D: removed
  Apr 19 19:44:51 aurora postfix/virtual[1065]: 4BDE7F8033E: to=<[email protected]>, relay=virtual, delay=0.21, delays=0.13/0.01/0/0.07, dsn=2.0.0, status=sent (delivered to maildir)
  Apr 19 19:44:51 aurora postfix/qmgr[1042]: 4BDE7F8033E: removed
  Last edited by tzomatz (2015-04-19 20:04:18)

  tzomatz wrote:
  srckurs.no have two email accounts. Both working fine, and I can send and recve mail between them, and the outside.
  However, for the tholden.no domain, reciving of emails does not work. I can send them though.
  What can be the problem?
  virtual_mailbox_domains = srckurs.no
  But tholden.no is not configured (except in hostname which is for local @aurora.tholden.no users).

• System 9 Security Filters and VB Essbase API

  I currently maintain a lock and send Excel template sporting a custom login dialog which I use to capture the user's employee id. Having that, I then use a generic admin username/password and the API to get the security filter stored under the user's "underscored" ID on the Analytic server. I parse out the organizational entities stored in the write filter and use that to build a treeview to which the user can only select entities to which he/she can access. Basically, it gives me the ability to maintain a standard template across many lines of business. I also use the same code in a security management applet where superadmins can build/modify/delete the security filters of those people who have access to entities which are descendents of the entity to which the superadmin has access.
  Anyway, I understand in System 9, there is no longer an "underscored" id. I think I read that on the Planning forum. Other than a minor code change, will this have any further impact? The write filter has been migrated over to the non-underscored filter yes? We're going to System 9 soon and I'm just trying to get my hands around the impact this is going to have on all of the API (7.1.6) code I have deployed. This is just the first question that came to me. I expect I'll be on here for a few more. Any help or advice is appreciated.

  I wouldn't copy Essbase.sec from one server to another. The server name is embedded in there and it's drive/folder dependent.
  What you can do is use MaxL's display filter all command and then pipe the output to a text file. In turn you can import those definitions back into Essbase with a little work.
  I wonder if OlapUnderground's Advanced Securtity Manager might be used to move filters across servers and versions:
  http://www.appliedolap.com/free-tools/advanced-security-manager
  I've personally never used it, but I'm sure someone on this board will chime in.
  Regards,
  Cameron Lackpour

• New Group Policy not working on 2008 RDS in 2012 Domain - Security Filtering problem?

  We have a Windows 2008 R2 RDS in a Windows 2012R2 Domain. We want to lockdown the 2008 RDS for Domain users that we have added to a new  security Group--named "Data Collection Users". These users are "Domain Users" and login to the
  2008 RDS using Windows XP SP3 machines to run a specific application -they do not use their local desktops for anything. WE added this group to the local RDU group on the RDS.  We do not have any other users that login to the RDS through terminal,
  including any Domain Admins.
  So far we have done these steps:
  On the DC, created new OU (called Terminal Servers) and moved the RDS into it.
  Opened Group Policy on the DC, and under GP Objects, created a new policy called "TS Users Lockdown".
  Linked the Policy to the OU.
  Under Security Filtering we removed the Authenticated Users, added the RDS computer account (called QS2), added the "Data Collection Users" and chose Allow for "Read" and "Apply Policy"
  Under Security Filtering, for Domain Admins, we chose Deny for "Apply Group Policy"
  We edited the Policy (under Computer Configuration>AT>SYS>GP) to Enable Loopback processing - Replace mode.
  We first tested the policy by trying to remove the "Run" from startup menu and "prohibit access to Control Panel".
  We ran the Group Policy force update from within GP Management - ran successfully.
  We did not reboot the RDS.
  Neither of the settings we tried in Step 7 worked.  Why Not?
  Here are images from the Security Filtering:

  Ok--Do I reboot the RDS or the DC?  or both?
  Does it look like my Security Filtering is correct?  I have seen posts where you should not remove the "Authenticated users"?

• After the latest updat to Mavericks 10.9.3, my imac continues to loop back to the login screen...Suggestions??? THANK YOU VERY MUCH!

  After the latest updat to Mavericks 10.9.3, my imac continues to loop back to the login screen...Suggestions??? THANK YOU VERY MUCH!

  1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.
  2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.
  There are ways to back up a computer that isn't fully functional. Ask if you need guidance.
  3. Below are instructions to run a UNIX shell script, a type of program. All it does is to collect information about the state of the computer. That information goes nowhere unless you choose to share it. However, you should be cautious about running any kind of program (not just a shell script) at the request of a stranger. If you have doubts, search this site for other discussions in which this procedure has been followed without any report of ill effects. If you can't satisfy yourself that the instructions are safe, don't follow them. Ask for other options.
  Here's a summary of what you need to do, if you choose to proceed:
  ☞ Copy a line of text in this window to the Clipboard.
  ☞ Paste into the window of another application.
  ☞ Wait for the test to run. It usually takes a few minutes.
  ☞ Paste the results, which will have been copied automatically, back into a reply on this page.
  The sequence is: copy, paste, wait, paste again. You don't need to copy a second time. Details follow.
  4. You may have started the computer in "safe" mode. Preferably, these steps should be taken in “normal” mode, under the conditions in which the problem is reproduced. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.
  5. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.
  6. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, though you may not see all of it in the browser window, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.
  Triple-click anywhere in the line of text below on this page to select it:
  PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(Software Hardware Memory Diagnostics Power FireWire Thunderbolt USB Fonts 51 4 1000 25 5120 KiB/s 1024 85 \\b%% 20480 1 MB/s 25000 ports 'com.autodesk.AutoCad com.evenflow.dropbox com.google.GoogleDrive' DYLD_INSERT_LIBRARIES\ DYLD_LIBRARY_PATH -86 ` route -n get default|awk '/e:/{print $2}' ` 25 N\\/A down up 102400 25600 recvfrom sendto CFBundleIdentifier 25 25 25 1000 MB );N5=${#p[@]};p[N5]=` networksetup -listnetworkserviceorder|awk ' NR>1 { sub(/^\([0-9]+\) /,"");n=$0;getline;} $NF=="'${p[45]}')" { sub(/.$/,"",$NF);print n;exit;} ' `;f=('\n%s: %s\n' '\n%s\n\n%s\n' '\nRAM details\n%s\n' %s\ %s '%s\n\t(%s)\n' );S0() { echo ' { q=$NF+0;$NF="";u=$(NF-1);$(NF-1)="";gsub(/^ +| +$/,"");if(q>='${p[$1]}')printf("%s (UID %s) is using %s '${p[$2]}'",$0,u,q);} ';};s=(' /^ *$|CSConfigDot/d;s/^ */   /;s/[-0-9A-Fa-f]{22,}/UUID/g;s/(ochat)\.[^.]+(\..+)/\1\2/;/Shared/!s/\/Users\/[^/]+/~/g ' ' s/^ +//;5p;6p;8p;12p;' ' {sub(/^ +/,"")};NR==6;NR==13&&$2<'${p[10]} ' 1s/://;3,6d;/[my].+:/d;s/^ {4}//;H;${ g;s/\n$//;/s: [^EO]|x([^08]|02[^F]|8[^0])/p;} ' ' 5h;6{ H;g;/P/!p;} ' ' ($1~/^Cy/&&$3>'${p[11]}')||($1~/^Cond/&&$2!~/^N/) ' ' /:$/{ s/ *:$//;x;s/\n//;/Apple|Capacity:|Genesy|Intel|SMSC/d;s/\n.*//;/\)$/p;};/^ *(V.+ [0N]|Man).+ /{ s/ 0x.... //;s/[()]//g;s/(.+: )(.+)/ (\2)/;H;} ' ' s/^.*C/C/;H;${ g;/No th|pms/!p;} ' '/= [^GO]/p' '{$1=""};1' ' /Of/!{ s/^.+is |\.//g;p;} ' ' $0&&!/:/;END { if(NR<100)print "com.apple.";} ' ' $3~/[0-9]:[0-9]{2}$/ { gsub(/:[0-9:a-f]{14}/,"");} { print|"tail -n'${p[12]}'";} ' ' NR==2&&$4<='${p[13]}' { print $4;} ' ' END { $2/=256;if($2>='${p[15]}')print int($2) } ' ' NR!=13{next};{sub(/[+-]$/,"",$NF)};'"`S0 21 22`" 'NR==2'"`S0 37 17`" ' NR!=5||$8!~/[RW]/{next};{ $(NF-1)=$1;$NF=int($NF/10000000);for(i=1;i<=3;i++){$i="";$(NF-1-i)="";};};'"`S0 19 20`" 's:^:/:p' '/\.kext\/(Contents\/)?Info\.plist$/p' ' s/^.{52}//;s/ .+//p ' ' /Launch[AD].+\.plist$/;END{if(NR<100)print "/System/";} ' '/\.xpc\/(Contents\/)?Info\.plist$/p' ' NR>1&&!/0x|\.[0-9]+$|com\.apple\.launchctl\.(Aqua|Background|System)$/ { print $3;} ' ' /\.(framew|lproj)|\):/d;/plist:|:.+(Mach|scrip)/s/:[^:]+//p ' '/root/p' ' !/\/Contents\/.+\/Contents|Applic|Autom|Frameworks/&&/Lib.+\/Info.plist$/;END{if(NR<100)print "/System/"};' '/^\/usr\/lib\/.+dylib$/p' '/\/etc\/(auto_m|hosts[^.]|peri)/s/^\.\/[^/]+//p' ' /\/(Contents\/.+\/Contents|Frameworks)\//d;p;' 's/\/(Contents\/)?Info.plist$//;p' ' { gsub("^| ","||kMDItem'${p[35]}'=");sub("^.."," ") };1 ' p '{print $3"\t"$1}' 's/\'$'\t''.+//p' 's/1/On/p' '/Prox.+: [^0]/p' '$2>'${p[9]}'{$2=$2-1;print}' ' BEGIN { i="'${p[26]}'";M1='${p[16]}';M2='${p[18]}';M3='${p[31]}';M4='${p[32]}';} !/^A/ { next;} /%/ { getline;if($5<M1) a="user "$2"%, system "$4"%";} /disk0/&&$4>M2 { b=$3" ops/s, "$4" blocks/s";} $2==i { if(c) { d=$3+$4+$5+$6;next;};if($4>M3||$6>M4) c=int($4/1024)" in, "int($6/1024)" out";} END { if(a) print "CPU: "a;if(b) print "I/O: "b;if(c) print "Net: "c" (KiB/s)";if(d) print "Net errors: "d" packets/s";} ' ' /r\[0\] /&&$NF!~/^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./ { print $NF;exit;} ' ' !/^T/ { printf "(static)";exit;} ' '/apsd|OpenD/!s/:.+//p' ' (/k:/&&$3!~/(255\.){3}0/ )||(/v6:/&&$2!~/A/ ) ' ' /lR/ { if($2<='${p[25]}')print $2;} ' ' BEGIN { FS=":";} $3~/(sh|ng|ic)$/ { n=split($3,a,".");sub(/_2[01].+/,"",$3);b=b"\n"$2" "$3" "a[n]" "$1;c=c$1;} END { d="sort|tail -n'${p[38]}'";print b|d;close(d);if(c)print("\n\t* Code injection");} ' ' NR!=4{next} {$NF/=10240} '"`S0 27 14`" ' END { if($3~/[0-9]/)print$3;} ' ' BEGIN { L='${p[36]}';} !/^[[:space:]]*(#.*)?$/ { l++;if(l<=L) f=f"\n   "$0;} END { F=FILENAME;if(!F) exit;if(!f) f="\n   [N/A]";"file -b "F|getline T;if(T!~/^(A.+ E.+ text$|POSIX sh.+ text ex)/) F=F" ("T")";printf("\nContents of %s\n%s\n",F,f);if(l>L) printf("\n   ...and %s more line(s)\n",l-L);} ' ' BEGIN{FS="= "} /Path/{print $2} ' ' /^ +B/{ s/.+= |(-[0-9]+)?\.s.+//g;p;} ' ' END{print NR} ' ' /id: N|te: Y/{i++} END{print i} ' ' /:/{$0="'"${p[28]}"'"};1;' '/ en/!s/\.//p' ' NR!=13{next};{sub(/[+-M]$/,"",$NF)};'"`S0 39 40`" );c1=(system_profiler pmset\ -g nvram fdesetup find syslog df vm_stat sar ps sudo\ crontab sudo\ iotop top pkgutil PlistBuddy whoami cksum kextstat launchctl sudo\ launchctl crontab 'sudo defaults read' stat lsbom mdfind ' for i in ${p[24]};do ${c1[18]} ${c2[27]} $i;done;' defaults\ read scutil sudo\ dtrace sudo\ profiles sed\ -En awk /S*/*/P*/*/*/C*/*/airport networksetup mdutil );c2=(com.apple.loginwindow\ LoginHook '-c Print /L*/P*/loginw*' '-c Print L*/P*/*loginit*' '-c Print L*/Saf*/*/E*.plist' '~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 \)' '.??* -path .Trash -prune -o -type d -name *.app -print -prune' '-c Print\ :'${p[35]}' 2>&1' '-c Print\ :Label 2>&1' '{/,}L*/{Con,Pref}* -type f ! -size 0 -name *.plist -exec plutil -s {} \;' "-f'%N: %l' Desktop L*/Keyc*" therm sysload boot-args status "-F '\$Time \$Message' -k Sender kernel -k Message Req 'Beac|caug|dead[^bl]|FAIL|GPU |hfs: Ru|inval|jnl:|last value [1-9]|n Cause: -|NVDA\(|pagin|proc: t|Roamed|rror|ssert|Thrott|tim(ed? ?|ing )o|WARN' -k Message Rne 'Goog|ksadm|SMC:' -o -k Sender fseventsd -k Message Req 'SL'" '-du -n DEV -n EDEV 1 10' 'acrx -o comm,ruid,%cpu' '-t1 10 1' '-f -pfc /var/db/*/*.{BS,Bas,Es,OSXU,Rem}*.bom' '{/,}L*/Lo*/Diag* -type f \( -exec grep -lq "^Thread c" {} \; -exec printf \* \; -o -true \) -execdir stat -f:%Sc:%N -t%F {} \;' '-L {/{S*/,},}L*/Lau* -type f' '-L /{S*/,}L*/StartupItems -type f -exec file {} +' '-L /S*/L*/{C*/Sec*A,E}* {/,}L*/{A*d,Compon,Ex,In,iTu,Keyb,Mail/B,P*P,Qu*T,Scripti,Sec,Servi,Spo}* -type f -name Info.plist' '/usr/lib -type f -name *.dylib' `awk "${s[31]}"<<<${p[23]}` "/e*/{auto_master,{cron,fs}tab,hosts,{launchd,sysctl}.conf} /usr/local/etc/periodic/*/* .launchd.conf" list getenv /Library/Preferences/com.apple.alf\ globalstate --proxy '-n get default' -I --dns -getdnsservers -getinfo\ "${p[N5]}" -P -m\ / '' -n1 '-R -l1 -n1 -o prt -stats command,uid,prt' '--regexp --only-files --files com.apple.pkg.*|sort|uniq' -kl -l -s\ / '-R -l1 -n1 -o mem -stats command,uid,mem' );N1=${#c2[@]};for j in {0..8};do c2[N1+j]=SP${p[j]}DataType;done;N2=${#c2[@]};for j in 0 1;do c2[N2+j]="-n ' syscall::'${p[33+j]}':return { @out[execname,uid]=sum(arg0) } tick-10sec { trunc(@out,1);exit(0);} '";done;l=(Restricted\ files Hidden\ apps 'Elapsed time (s)' POST Battery Safari\ extensions Bad\ plists 'High file counts' User Heat System\ load boot\ args FileVault Diagnostic\ reports Log 'Free space (MiB)' 'Swap (MiB)' Activity 'CPU per process' Login\ hook 'I/O per process' Mach\ ports kexts Daemons Agents launchd Startup\ items Admin\ access Root\ access Bundles dylibs Apps Font\ issues Inserted\ dylibs Firewall Proxies DNS TCP/IP RSSI Profiles Root\ crontab User\ crontab 'Global login items' 'User login items' Spotlight Memory );N3=${#l[@]};for i in 0 1 2;do l[N3+i]=${p[5+i]};done;N4=${#l[@]};for j in 0 1;do l[N4+j]="Current ${p[29+j]}stream data";done;A0() { id -G|grep -qw 80;v[1]=$?;((v[1]==0))&&sudo true;v[2]=$?;v[3]=`date +%s`;clear;};for i in 0 1;do eval ' A'$((1+i))'() { v=` eval "${c1[$1]} ${c2[$2]}"|'${c1[30+i]}' "${s[$3]}" `;[[ "$v" ]];};A'$((3+i))'() { v=` while read i;do [[ "$i" ]]&&eval "${c1[$1]} ${c2[$2]}" \"$i\"|'${c1[30+i]}' "${s[$3]}";done<<<"${v[$4]}" `;[[ "$v" ]];};A'$((5+i))'() { v=` while read i;do '${c1[30+i]}' "${s[$1]}" "$i";done<<<"${v[$2]}" `;[[ "$v" ]];};';done;A7(){ v=$((`date +%s`-v[3]));};B2(){ v[$1]="$v";};for i in 0 1;do eval ' B'$i'() { v=;((v['$((i+1))']==0))||{ v=No;false;};};B'$((3+i))'() { v[$2]=`'${c1[30+i]}' "${s[$3]}"<<<"${v[$1]}"`;} ';done;B5(){ v[$1]="${v[$1]}"$'\n'"${v[$2]}";};B6() { v=` paste -d: <(printf "${v[$1]}") <(printf "${v[$2]}")|awk -F: ' {printf("'"${f[$3]}"'",$1,$2)} ' `;};B7(){ v=`grep -Fv "${v[$1]}"<<<"$v"`;};C0(){ test "$v"&&echo "$_";};C1() { [[ "$v" ]]&&printf "${f[$1]}" "${l[$2]}" "$v";};C2() { v=`echo $v`;[[ "$v" != 0 ]]&&C1 0 $1;};C3() { v=`sed -E "$s"<<<"$v"`&&C1 1 $1;};for i in 1 2;do for j in 2 3;do eval D$i$j'(){ A'$i' $1 $2 $3; C'$j' $4;};';done;done;A0;{ A2 0 $((N1+1)) 2;C0;A1 0 $N1 1;C0;B0;C2 27;B0&&! B1&&C2 28;D12 15 37 25 8;A1 0 $((N1+2)) 3;C0;D13 0 $((N1+3)) 4 3;D22 0 $((N1+4)) 5 4;for i in 0 1 2;do D13 0 $((N1+5+i)) 6 $((N3+i));done;D13 1 10 7 9;D13 1 11 8 10;D22 2 12 9 11;D12 3 13 10 12;D23 4 19 44 13;D23 5 14 12 14;D22 6 36 13 15;D22 7 37 14 16;D23 8 15 38 17;D22 9 16 16 18;B1&&{ D22 11 17 17 20;for i in 0 1;do D22 28 $((N2+i)) 45 $((N4+i));done;};D22 12 44 54 45;D22 12 39 15 21;A1 13 40 18;B2 4;B3 4 0 19;A3 14 6 32 0;B4 0 5 11;A1 17 41 20;B7 5;C3 22;B4 4 6 21;A3 14 7 32 6;B4 0 7 11;B3 4 0 22;A3 14 6 32 0;B4 0 8 11;B5 7 8;B1&&{ A2 19 26 23;B7 7;C3 23;};A2 18 26 23;B7 7;C3 24;A2 4 20 21;B7 6;B2 9;A4 14 7 52 9;B2 10;B6 9 10 4;C3 25;D13 4 21 24 26;B4 4 12 26;B3 4 13 27;A1 4 22 29;B7 12;B2 14;A4 14 6 52 14;B2 15;B6 14 15 4;B3 0 0 30;C3 29;A1 4 23 27;B7 13;C3 30;D23 24 24 32 31;D13 25 37 32 33;A1 23 18 28;B2 16;A2 16 25 33;B7 16;B3 0 0 34;B2 21;A6 47 21&&C0;B1&&{ D13 21 0 32 19;D13 10 42 32 40;D22 29 35 46 39;};D23 14 1 48 42;D12 34 43 53 44;D22 0 $((N1+8)) 51 32;D13 4 8 41 6;D12 26 28 35 34;D13 27 29 36 35;A2 27 32 39&&{ B2 19;A2 33 33 40;B2 20;B6 19 20 3;};C2 36;D23 33 34 42 37;D22 32 31 43 38;D23 20 42 32 41;D23 14 2 48 43;D13 4 5 32 1;D22 4 4 50 0;D13 14 3 49 5;D23 22 9 37 7;A7;C2 2;} 2>/dev/null|pbcopy;exit 2>&-  
  Copy the selected text to the Clipboard by pressing the key combination command-C.
  7. Launch the built-in Terminal application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
  Click anywhere in the Terminal window and paste by pressing command-V. The text you pasted should vanish immediately. If it doesn't, press the return key.
  8. If you see an error message in the Terminal window such as "syntax error," enter
  exec bash
  and press return. Then paste the script again.
  9. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. In most cases, the difference is not important. If you don't know the password, or if you prefer not to enter it, press the key combination control-C or just press return three times at the password prompt. Again, the script will still run.
  If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.
  10. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, there will be nothing in the Terminal window and no indication of progress. Wait for the line
  [Process completed]
  to appear. If you don't see it within half an hour or so, the test probably won't complete in a reasonable time. In that case, close the Terminal window and report the results. No harm will be done.
  11. When the test is complete, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.
  At the top of the results, there will be a line that begins with "Model Identifier." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.
  If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.
  12. When you post the results, you might see the message, "You have included content in your post that is not permitted." It means that the forum software has misidentified something in the post as a violation of the rules. If that happens, please post the test results on Pastebin, then post a link here to the page you created.
  Note: This is a public forum, and others may give you advice based on the results of the test. They speak only for themselves, and I don't necessarily agree with them.
  Copyright © 2014 by Linc Davis. As the sole author of this work, I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed.

• Problem assigning Essbase Security filters in Shared Services

  We recently upgraded Planning/Essbase to System 9 version 931 in Test. Everything went smoothly except for few users Security didn't migrate properly.
  In Shared Services, it shows that user has access to Planning & Native Essbase Applications. But in Essbase, only Planning Application access is shown.
  Also when I try to apply security filters for these users in Native Essbase Applications (in Shared Services), I don't see these particular users.
  There is no problem with Planning security, except when I refresh Security from Shared Services in Analytic Admin Console it wipes out Planning Application access in Essbase.
  For other users there are no issues. Only for few users this is the problem. I have tried to deprovision user & provision back, but no use.
  Please Help

  Essbase/Planning security is multi tiered. In Shared Services you setup your groups. You provision your groups with adequate security access. Depending on whether you have updated a cetain .css file(to fix bug) you may have to assign the read, write calc access to the group not just calc, but all three if your users need the access to actually, read, write & calc. of need user to just read & write etc... then you have to go to EAS refresh, run maxl script to assign environment access to user, go back to shared services go into projects assign any needed access to calc & filter groups and essbase is setup. For planning you also have to go to workspace and migrate identities within the security setup for any of your dimensions. this comes into play when adding or removing users as filters are created in planning workspace. I just learned this from one good tech that helped me setup & remove users as I had issues getting them in and out of the system..Now to move on to actually getting security reports that make sense for planning with the associated access. If anyone has the maxl code let me know.

• Setup Assistant fails during file transfer and loops back to the beginnig

  I have a PPC G5 running 10.4.11 and just bought an Intel-based MacBook Pro. (I haven’t gotten it to fully start up yet, so I’m not sure about the OS.)
  I've tried to use the Setup Assistant to migrate my files and applications from my desktop to the laptop, but when I get to the Transfer Files option, the Users, Applications Folder, and Files and Folders options never finish calculating. Everytime I hit Transfer, a black-and-white wheel appears for less than a second then disappears, and Setup Assistant loops back to the beginning, where I get the multilingual welcome messages and bad music. Or, if I do nothing and wait for the Transfer Files step to calculate, Setup Assistant still just loops back to the beginning.
  I’ve tried the options for transferring from another Mac and from another volume. I’ve tried copying from the G5 in Target Disk Mode and tried copying from a cloned firewire hard drive. I’ve tried using the firewire 400 and 800 ports, different cables. I’ve run DiskWarrior on the G5 and the cloned disc to make sure no disc errors hung up the process. I tried booting into Safe Mode and following that protocol, though it seemed to address a different issue than the one I’m experiencing.
  Any ideas about what I can do? I’d rather do this in Setup Assistant than Migration Assistant, and I really don’t relish the idea of reinstalling all the software I have on the G5 onto the MacBook Pro. (Logic, for example, takes forever to install.)
  Let me know!

  Even if it's a demo, it's unlikely it's got 10.5 on it. Maybe 10.6. I've used the 10.6 SA from Leopard, which ran perfectly with no problems. As for MA, here's one way to go about it, if you can't finish with SA. (Thanks to MonkeyBoy at XYMer's)
  If you choose to use the migration assistant after installing SL to migrate settings over from Tiger, it'll copy over all your data intact from Tiger, as well as use the same account names & passwords.
  What I typically do is choose a dummy name during the installation, then use MA to import the "real" accounts from the old install. After I'm satisfied MA moved over the accounts properly (I've logged into them and used them for a few hours/days and generally feel satisfied with the lack of crashes and similarly "odd" events) then I delete the dummy account.

• IPhone Playlists Now Loop Back to First Entry

  Hi,
  Don't know if this is a new "feature" or problem. So I thought I would check here first.
  When I select the first entry in a Playlist, that entry and all others play in sequence just fine. When the last entry plays, the Playlist loops back and starts to play the first entry again. Prior to the 2.0 software upgrade, when the last entry was finished playing, the playlist would just end.
  Any one else run into this?

  When a song is playing, tap the artwork (in portrait mode). You will get a progress bar. The "racetrack" symbol on the left is the repeat control. White is mo repeat. Blue is repeat all. Blue with a number 1 is repeat one.