Search Results

Search found 11313 results on 453 pages for 'rampant creative group'.

Page 6/453 | < Previous Page | 2 3 4 5 6 7 8 9 10 11 12 13  | Next Page >

  • Group policy applied to AD OU attributes

    - by Eric Smith
    I'm not well-versed in AD, so would like to resolve a question I have with regards to AD information. I understand that it is possible to apply group policy to OU's, thereby restricting access. What I'd like to know is, is it possible to do the same with OU attributes. Some context would help. There's a requirement to store address information in AD (IMO, a natural fit), but for various reasons, although obviously things like name should be globally accessible, access restrictions are desired on the address. In this case, is it possible to apply security to the address portion of the OU attributes, or does each address have to be broken into a separate OU (a solution that feels smelly given that address doesn't have identity)?

    Read the article

  • How do I package this vbscript as a msi for Group Policy

    - by TheCleaner
    I had a developer that is no longer with us create an msi to do this for me, but the package is outdated now and we need to deploy new files. Basically I need to do the following: Take the code at the bottom of this question and deploy it to all users as a software install package in Group Policy. I don't want to use a computer startup script because I don't want this to run at every login...just once to install and be done. How can I take the below and turn it into an msi for deployment through GPO? @echo off delete "C:\Windows\Downloaded Program Files\jdeexpimp.inf" delete "C:\Windows\Downloaded Program Files\jdeexpimpU.ocx" delete "C:\Windows\Downloaded Program Files\jdewebctls.inf" delete "C:\Windows\Downloaded Program Files\jdewebctlsU.ocx" copy "\\tuldc01\EOneActiveXapplets\ActiveX898\jdeexpimpU\*" "C:\Windows\Downloaded Program Files\" copy "\\tuldc01\EOneActiveXapplets\ActiveX898\jdewebctlsU\*" "C:\Windows\Downloaded Program Files\" regsvr32 "C:\Windows\Downloaded Program Files\jdeexpimpU.ocx" regsvr32 "C:\Windows\Downloaded Program Files\jdewebctlsU.ocx"

    Read the article

  • Group policy results failing with "Invalid class" error

    - by bshacklett
    When trying to run the Group Policy Results Wizard against a specific workstation, I'm getting the following error: The wizard was unable to generate the computer or user's data due to insufficient permissions. Details: Invalid class I'm guessing that the class being referred to is a WMI class, but I haven't gotten much farther. I've run sfc /scannow on the machine with no luck. I've also followed all of the recommendations in this article: http://windowsxp.mvps.org/repairwmi.htm. I cannot find anything useful in the event logs and I can't think of anywhere else I could look to find out what's really happening here. Any help would be appreciated.

    Read the article

  • enable offline files for all users home drives via Group policy or other

    - by JohnyV
    I am trying to get all users of particular notebooks to make the users h drive offline. i know you can do it manually but is there a way to set this value somewhere so that users dont have to do it themselves? I am running 2008r2 domain controllers and windows 7 clients. I have folder redirection enabled but i want to make the users h: available to them when they are offline. I know the group policies are located in the computer configurationPoliciesadministrative templatesNetwork but there doesnt seem to be any place to select which folders/drives will be offline files without a users input. Even if there is another method not through GP. Thanks

    Read the article

  • Installing Office 2010 without through group policy without an msi

    - by Ri Caragol
    I have been breaking my head for several days now trying to install Microsoft office 2010 through group policy. Unfortunately Microsoft decided it would be fun to release office without an MSI and so I either 1) need to create an msi for it or 2) need to install it through a logon script that would run the setup.exe from a network location. Any advise would be greatlly appreciated. I tried to create a script but even though I double click it and it runs properly, it does not seem to kick in when users log in or when the machine is turned on. Also is there an easy way to create an msi? thanks! -Ri

    Read the article

  • Group policy doesn't let me execute Chrome (Win 7)

    - by George Katsanos
    where I work the admins just migrated us to Windows 7. They gave me admin rights but still I had to "run as administrator" my Google Chrome installation. After I managed to install it, I realized I even have to go through the 'run as administrator' shortcut every time I have to execute the application. I even edited the properties of the shortcut to check 'always run as administrator' but nothing changed. The message I get when I'm trying to launch Chrome is "This program is blocked by group policy. For more information contact your system administrator"... Is it something I could work out alone or I have to convince them to change the " policy " ?

    Read the article

  • Group policy doesn't let me execute Chrome

    - by George Katsanos
    Where I work, the admins just migrated us to Windows 7. They gave me admin rights but still, I had to "Run as Administrator" my Google Chrome installation. After I managed to install it, I realized I even have to go through the "Run as Administrator" shortcut every time I have to execute the application. I even edited the properties of the shortcut to check "Always run as Administrator" but nothing changed. The message I get when I'm trying to launch Chrome is "This program is blocked by group policy. For more information contact your system administrator"... Is it something I could work out alone or I have to convince them to change the "policy"?

    Read the article

  • Group policies - WSUS

    - by cory
    Hello, I am really lost as to what is the reason as to why my group policy is not working on my domain. I have setup a GPO for my wsus server to a specific OU in my domain. It seems as of right now, none of my machines have inherited that GPO. I have manually put it in quite a few computers. Most of my computers in the domain are linked up to my wsus server, but all my desired settings are not there. If I run gpresult /R, On one computer I ran this on, it is linking to my backup domain controller and not my main. On another computer I checked this on, it is linking to my main DC, but it did no inherit the GPO. When looking on my DC on gpmc - I see the policy is forced to the OU as #1 precedence. Thank for any help.

    Read the article

  • Need a GUI app for group policy login script

    - by jayPal
    I wrote a C# 4.0 application that works on a Windows computer but when using Group Policy to set it as a login script, it does not run. The application is being called from the same location and using rsop.msc shows that the application should be run. I see that using C# 4.0 may be a little overkill for this purpose, but it just seems wrong to write a VB6 application to do the same thing. The requirements for the application states that there need to be specific GUI elements that can't be just text on the window. I need larger fonts and color elements. Is there something more appropriate (and current) that I should be using?

    Read the article

  • vsftpd per group configuration

    - by roqs
    I want to configure a vsftpd in a per group fashion instead of per user configuration. It's possible? Suppose i have two groups: groupA and groupB, so my goal is: users in groupA have permission (wrx) to all files in directory dir1 users in groupB have permission (wrx) to all files in directory dir2 users of the system have permission (wrx) to all files in directory dir3 For example: ftp@test:/home/ftp# ls -l drwxrwxr-x 16 root groupA 4096 Jun 3 10:45 dir1 drwxrwxr-x 2 root groupB 4096 Jun 3 10:56 dir2 drwxrwxr-x 8 root users 4096 Jun 3 11:01 dir3 How to do that with vsftpd?

    Read the article

  • Entering the user's name in a URL for Chrome through Group Policy

    - by Automate Everything
    I am managing a Windows Server 2008 R2 server, with several Windows 7 machines, and we have recently deployed Google Chrome using Group Policy. We also have a locally hosted intranet for storing procedures, forms, and so on, as well as reports that pull directly from our databases. I am trying to put the user's name in the startup URL for Chrome, so that when they open Chrome at the beginning of the day, it can pull a list of items from the database that contains their username. The report works, and I have it using a drop down right now, but I would like to be able to put their username in the URL as a GET variable instead. Does anybody know how I would go about doing that for Chrome? I tried putting ${user_name} in the URL, and I tried putting %username% in the URL, but that didn't translate to anything. Is there some way to escape it so that it gets translated by the system into a username? Any help would be greatly appreciated.

    Read the article

  • PowerShell Script to Enumerate SharePoint 2010 or 2013 Permissions and Active Directory Group Membership

    - by Brian T. Jackett
    Originally posted on: http://geekswithblogs.net/bjackett/archive/2013/07/01/powershell-script-to-enumerate-sharepoint-2010-or-2013-permissions-and.aspx   In this post I will present a script to enumerate SharePoint 2010 or 2013 permissions across the entire farm down to the site (SPWeb) level.  As a bonus this script also recursively expands the membership of any Active Directory (AD) group including nested groups which you wouldn’t be able to find through the SharePoint UI.   History     Back in 2009 (over 4 years ago now) I published one my most read blog posts about enumerating SharePoint 2007 permissions.  I finally got around to updating that script to remove deprecated APIs, supporting the SharePoint 2010 commandlets, and fixing a few bugs.  There are 2 things that script did that I had to remove due to major architectural or procedural changes in the script. Indenting the XML output Ability to search for a specific user    I plan to add back the ability to search for a specific user but wanted to get this version published first.  As for indenting the XML that could be added but would take some effort.  If there is user demand for it (let me know in the comments or email me using the contact button at top of blog) I’ll move it up in priorities.    As a side note you may also notice that I’m not using the Active Directory commandlets.  This was a conscious decision since not all environments have them available.  Instead I’m relying on the older [ADSI] type accelerator and APIs.  It does add a significant amount of code to the script but it is necessary for compatibility.  Hopefully in a few years if I need to update again I can remove that legacy code.   Solution    Below is the script to enumerate SharePoint 2010 and 2013 permissions down to site level.  You can also download it from my SkyDrive account or my posting on the TechNet Script Center Repository. SkyDrive TechNet Script Center Repository http://gallery.technet.microsoft.com/scriptcenter/Enumerate-SharePoint-2010-35976bdb   001 002 003 004 005 006 007 008 009 010 011 012 013 014 015 016 017 018 019 020 021 022 023 024 025 026 027 028 029 030 031 032 033 034 035 036 037 038 039 040 041 042 043 044 045 046 047 048 049 050 051 052 053 054 055 056 057 058 059 060 061 062 063 064 065 066 067 068 069 070 071 072 073 074 075 076 077 078 079 080 081 082 083 084 085 086 087 088 089 090 091 092 093 094 095 096 097 098 099 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 ########################################################### #DisplaySPWebApp8.ps1 # #Author: Brian T. Jackett #Last Modified Date: 2013-07-01 # #Traverse the entire web app site by site to display # hierarchy and users with permissions to site. ########################################################### function Expand-ADGroupMembership {     Param     (         [Parameter(Mandatory=$true,                    Position=0)]         [string]         $ADGroupName,         [Parameter(Position=1)]         [string]         $RoleBinding     )     Process     {         $roleBindingText = ""         if(-not [string]::IsNullOrEmpty($RoleBinding))         {             $roleBindingText = " RoleBindings=`"$roleBindings`""         }         Write-Output "<ADGroup Name=`"$($ADGroupName)`"$roleBindingText>"         $domain = $ADGroupName.substring(0, $ADGroupName.IndexOf("\") + 1)         $groupName = $ADGroupName.Remove(0, $ADGroupName.IndexOf("\") + 1)                                     #BEGIN - CODE ADAPTED FROM SCRIPT CENTER SAMPLE CODE REPOSITORY         #http://www.microsoft.com/technet/scriptcenter/scripts/powershell/search/users/srch106.mspx         #GET AD GROUP FROM DIRECTORY SERVICES SEARCH         $strFilter = "(&(objectCategory=Group)(name="+($groupName)+"))"         $objDomain = New-Object System.DirectoryServices.DirectoryEntry         $objSearcher = New-Object System.DirectoryServices.DirectorySearcher         $objSearcher.SearchRoot = $objDomain         $objSearcher.Filter = $strFilter         # specify properties to be returned         $colProplist = ("name","member","objectclass")         foreach ($i in $colPropList)         {             $catcher = $objSearcher.PropertiesToLoad.Add($i)         }         $colResults = $objSearcher.FindAll()         #END - CODE ADAPTED FROM SCRIPT CENTER SAMPLE CODE REPOSITORY         foreach ($objResult in $colResults)         {             if($objResult.Properties["Member"] -ne $null)             {                 foreach ($member in $objResult.Properties["Member"])                 {                     $indMember = [adsi] "LDAP://$member"                     $fullMemberName = $domain + ($indMember.Name)                                         #if($indMember["objectclass"]                         # if child AD group continue down chain                         if(($indMember | Select-Object -ExpandProperty objectclass) -contains "group")                         {                             Expand-ADGroupMembership -ADGroupName $fullMemberName                         }                         elseif(($indMember | Select-Object -ExpandProperty objectclass) -contains "user")                         {                             Write-Output "<ADUser>$fullMemberName</ADUser>"                         }                 }             }         }                 Write-Output "</ADGroup>"     } } #end Expand-ADGroupMembership # main portion of script if((Get-PSSnapin -Name microsoft.sharepoint.powershell) -eq $null) {     Add-PSSnapin Microsoft.SharePoint.PowerShell } $farm = Get-SPFarm Write-Output "<Farm Guid=`"$($farm.Id)`">" $webApps = Get-SPWebApplication foreach($webApp in $webApps) {     Write-Output "<WebApplication URL=`"$($webApp.URL)`" Name=`"$($webApp.Name)`">"     foreach($site in $webApp.Sites)     {         Write-Output "<SiteCollection URL=`"$($site.URL)`">"                 foreach($web in $site.AllWebs)         {             Write-Output "<Site URL=`"$($web.URL)`">"             # if site inherits permissions from parent then stop processing             if($web.HasUniqueRoleAssignments -eq $false)             {                 Write-Output "<!-- Inherits role assignments from parent -->"             }             # else site has unique permissions             else             {                 foreach($assignment in $web.RoleAssignments)                 {                     if(-not [string]::IsNullOrEmpty($assignment.Member.Xml))                     {                         $roleBindings = ($assignment.RoleDefinitionBindings | Select-Object -ExpandProperty name) -join ","                         # check if assignment is SharePoint Group                         if($assignment.Member.XML.StartsWith('<Group') -eq "True")                         {                             Write-Output "<SPGroup Name=`"$($assignment.Member.Name)`" RoleBindings=`"$roleBindings`">"                             foreach($SPGroupMember in $assignment.Member.Users)                             {                                 # if SharePoint group member is an AD Group                                 if($SPGroupMember.IsDomainGroup)                                 {                                     Expand-ADGroupMembership -ADGroupName $SPGroupMember.Name                                 }                                 # else SharePoint group member is an AD User                                 else                                 {                                     # remove claim portion of user login                                     #Write-Output "<ADUser>$($SPGroupMember.UserLogin.Remove(0,$SPGroupMember.UserLogin.IndexOf("|") + 1))</ADUser>"                                     Write-Output "<ADUser>$($SPGroupMember.UserLogin)</ADUser>"                                 }                             }                             Write-Output "</SPGroup>"                         }                         # else an indivdually listed AD group or user                         else                         {                             if($assignment.Member.IsDomainGroup)                             {                                 Expand-ADGroupMembership -ADGroupName $assignment.Member.Name -RoleBinding $roleBindings                             }                             else                             {                                 # remove claim portion of user login                                 #Write-Output "<ADUser>$($assignment.Member.UserLogin.Remove(0,$assignment.Member.UserLogin.IndexOf("|") + 1))</ADUser>"                                                                 Write-Output "<ADUser RoleBindings=`"$roleBindings`">$($assignment.Member.UserLogin)</ADUser>"                             }                         }                     }                 }             }             Write-Output "</Site>"             $web.Dispose()         }         Write-Output "</SiteCollection>"         $site.Dispose()     }     Write-Output "</WebApplication>" } Write-Output "</Farm>"      The output from the script can be sent to an XML which you can then explore using the [XML] type accelerator.  This lets you explore the XML structure however you see fit.  See the screenshot below for an example.      If you do view the XML output through a text editor (Notepad++ for me) notice the format.  Below we see a SharePoint site that has a SharePoint group Demo Members with Edit permissions assigned.  Demo Members has an AD group corp\developers as a member.  corp\developers has a child AD group called corp\DevelopersSub with 1 AD user in that sub group.  As you can see the script recursively expands the AD hierarchy.   Conclusion    It took me 4 years to finally update this script but I‘m happy to get this published.  I was able to fix a number of errors and smooth out some rough edges.  I plan to develop this into a more full fledged tool over the next year with more features and flexibility (copy permissions, search for individual user or group, optional enumerate lists / items, etc.).  If you have any feedback, feature requests, or issues running it please let me know.  Enjoy the script!         -Frog Out

    Read the article

  • Deploying Windows Service through group policy fails with Event ID 102

    - by Sören Kuklau
    I'm trying to deploy a custom Windows Service (written in C#; installed through a VS setup project) using a group policy. To help debug this, I also have two additional MSIs in the same policy. All three packages are deployed as a machine policy, not a user one. On one machine (runs Windows Server 2008; no UAC), all three deploy fine. The service is set to Automatic, as expected. On two machines (run Windows 7; UAC), the two other MSIs deploy fine, but my service fails to install. The event log gives an event ID of 102, which appears to be a permissions problem: The install of application "Package Name" from policy "Policy Name" failed. The error was The installation source for this product is not available. Verify that the source exists and that you can access it. However, all three packages come from the same share linked through UNC, so this is unlikely. My guess is that UAC is the problem; that the service requires additional permissions. Do I need to alter the MSI somehow?

    Read the article

  • Group Policy - Published software not upgrading

    - by VokinLoksar
    I'm testing this with mercurial MSIs, but it's the same for other packages. I've created a new group policy and added an old version of mercurial to User software installation as a Published package. On a Windows 7 client I install the package through Programs and Features. The installation works fine. Now, I would like to publish an updated version of mercurial. I create a new Published package. Under 'Upgrades' I configure it to replace (upgrade also doesn't work) the old version and mark this upgrade as 'Required'. The old package is not removed. The Windows 7 client is then restarted. When I log back in, I see a status message saying something like 'Removing managed software Mercurial ...'. There is no message about installation of the upgrade. If I look in Programs and Features, I can see the new version of mercurial listed. However, the actual mercurial directory under Program Files is missing. It's as though the installation recorded information about the MSI, but didn't actually install anything after removing the old version. As I mentioned, this isn't specific to mercurial. I've tried using other apps and have yet to find one that can be upgraded via a Published package. Using Assigned packages in Computer Configuration works without problems, but I would like this software to be optional rather than required. Ideas?

    Read the article

  • Sound driver for motherboard gigabyte ga-g1975x-c (Creative Sound Blaster Live 24-bit) (alsa, ca0106)

    - by Mikl
    My motherboard is gigabyte ga-g1975x-c with integrated audio "Creative Sound Blaster Live 24-bit". I have installed Ubuntu 10.10, and there was no sound at all. Alsa drivers was already installed. Finally after long searching, i have found how to make my sound work. /etc/modprobe.d/alsa-base.conf: options snd-ca0106 subsystem=0x10121102 //i have added this line and restart After restarting my speakers and microfon works fine. Maybe somebody knows different/better subsystem code for my sound card???

    Read the article

  • Get Creative soundcard working correctly

    - by schwiz
    I am trying to get sound going on my fresh install of 10.10. I have a creative fatlity branded sound card. My ALSA information. Most things seems to be working out of the box, once I turned off my onboard sound in my BIOS the soundcard kicked in. However, the system sounds aren't working (I love those drums and the road runner sound when you press backspace). Also, with a 7.1 setup my center channel and subwoofer don't work at all. All other channels are working like a champ. So I am trying to accomplish two things, get system sounds working and get center/sub channels working. How should I try to fix this?

    Read the article

  • Which creative framework can create these games? [closed]

    - by Rahil627
    I've used a few game frameworks in the past and have run into limitations. This lead me to "creative frameworks". I've looked into many, but I cannot determine the limitations of some of them. Selected frameworks ordered from highest to lowest level: Flash, Unity, MonoGame, OpenFrameworks (and Cinder), SFML. I want to be able to: create a game that handles drawing on an iPad create a game that uses computer vision from a webcam create a multi-device iOS game create a game that uses input from Kinect Can all of the frameworks handle this? What is the highest level framework that can handle all of them?

    Read the article

  • No sound with a Creative Labs Soundblaster live EMU10K1X

    - by Geo
    I just installed ubuntu. things seems great but I have no sound. When I go to the settings menu I chose from various setup. I found one that work which had 4 speakers a subwofer and a front speaker. When I test it the sound works fine. However, when I try playing an *.mp3 file or try to watch a video on you tube I get no sound at all. I have a dual boot with windows XP and there is no problem in windows at all. Below is my setup. OS: ubuntu 11.10 machine: dell dimension 8300 speakers: dell creative lab sounblaster live EMU10K1X video: ATI RADEON R350 [Radeon 9800 Pro] secondary Following https://wiki.ubuntu.com/DebuggingSoundProblems did not help.

    Read the article

  • using count and group by at the same select statement

    - by Stavros
    Hello, I have an sql select query that has a group by. I want to count all the records after the group by statement. Is there a way for this directly from sql? For example, having a table with users I want to select the different towns and the total number of users select town, count(*) from user group by town I want to have a column with all the towns and another with the number of users in all rows.

    Read the article

  • MPI difference between Communicator and Group

    - by iamrohitbanga
    I have read the definitions of these terms and my interpretation is that there is a one to one relation between a group and a communicator. A group is a set of processes which wish to communicate with each other and a communicator is an implementation for a group. Is this correct? Why have two different terms if this is so?

    Read the article

  • Dynamic parameters for XSLT 2.0 group-by

    - by Ophileon
    I got this input <?xml version="1.0" encoding="UTF-8"?> <result> <datapoint poiid="2492" period="2004" value="1240"/> <datapoint poiid="2492" period="2005" value="1290"/> <datapoint poiid="2492" period="2006" value="1280"/> <datapoint poiid="2492" period="2007" value="1320"/> <datapoint poiid="2492" period="2008" value="1330"/> <datapoint poiid="2492" period="2009" value="1340"/> <datapoint poiid="2492" period="2010" value="1340"/> <datapoint poiid="2492" period="2011" value="1335"/> <datapoint poiid="2493" period="2004" value="1120"/> <datapoint poiid="2493" period="2005" value="1120"/> <datapoint poiid="2493" period="2006" value="1100"/> <datapoint poiid="2493" period="2007" value="1100"/> <datapoint poiid="2493" period="2008" value="1100"/> <datapoint poiid="2493" period="2009" value="1110"/> <datapoint poiid="2493" period="2010" value="1105"/> <datapoint poiid="2493" period="2011" value="1105"/> </result> and I use this xslt 2.0 <?xml version="1.0" encoding="UTF-8"?> <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:xs="http://www.w3.org/2001/XMLSchema" exclude-result-prefixes="xs" version="2.0"> <xsl:output method="xml" indent="yes"/> <xsl:template match="result"> <xsl:for-each-group select="datapoint" group-by="@poiid"> <node type="poiid" id="{@poiid}"> <xsl:for-each select="current-group()"> <node type="period" id="{@period}" value="{@value}"/> </xsl:for-each> </node> </xsl:for-each-group> </xsl:template> </xsl:stylesheet> to convert it into <?xml version="1.0" encoding="UTF-8"?> <node type="poiid" id="2492"> <node type="period" id="2004" value="1240"/> <node type="period" id="2005" value="1290"/> <node type="period" id="2006" value="1280"/> <node type="period" id="2007" value="1320"/> <node type="period" id="2008" value="1330"/> <node type="period" id="2009" value="1340"/> <node type="period" id="2010" value="1340"/> <node type="period" id="2011" value="1335"/> </node> <node type="poiid" id="2493"> <node type="period" id="2004" value="1120"/> <node type="period" id="2005" value="1120"/> <node type="period" id="2006" value="1100"/> <node type="period" id="2007" value="1100"/> <node type="period" id="2008" value="1100"/> <node type="period" id="2009" value="1110"/> <node type="period" id="2010" value="1105"/> <node type="period" id="2011" value="1105"/> </node> Works smoothly. Where I got stuck is when I tried to make it more dynamic. The real life input has 6 attributes for each datapoint instead of 3, and the usecase requires the possibility to set the grouping parameters dynamically. I tried using parameters <xsl:param name="k1" select="'poiid'"/> <xsl:param name="k2" select="'period'"/> but passing them to the rest of the xslt is something that I can't get right. The code below doesn't work, but clarifies hopefully, what I'm looking for. <xsl:template match="result"> <xsl:for-each-group select="datapoint" group-by="@{$k1}"> <node type="{$k1}" id="@{$k1}"> <xsl:for-each select="current-group()"> <node type="{$k2}" id="@{$k2}" value="{@value}"/> </xsl:for-each> </node> </xsl:for-each-group> </xsl:template> Any help appreciated..

    Read the article

  • Oracle: how to "group by" over a range?

    - by Mark Harrison
    If I have a table like this: pkey age ---- --- 1 8 2 5 3 12 4 12 5 22 I can "group by" to get a count of each age. select age,count(*) n from tbl group by age; age n --- - 5 1 8 1 12 2 22 1 What query can I use to group by age ranges? age n ----- - 1-10 2 11-20 2 20+ 1

    Read the article

  • Cisco ASA: Allowing and Denying VPN Access based on membership to an AD group

    - by milkandtang
    I have a Cisco ASA 5505 connecting to an Active Directory server for VPN authentication. Usually we'd restrict this to a particular OU, but in this case users which need access are spread across multiple OUs. So, I'd like to use a group to specify which users have remote access. I've created the group and added the users, but I'm having trouble figuring out how to deny users which aren't in that group. Right now, if someone connects they get assigned the correct group policy "companynamera" if they are in that group, so the LDAP mapping is working. However, users who are not in that group still authenticate fine, and their group policy becomes the LDAP path of their first group, i.e. CN=Domain Users,CN=Users,DC=example,DC=com, and then are still allowed access. How do I add a filter so that I can map everything that isn't "companynamera" to no access? Config I'm using (with some stuff such as ACLs and mappings removed, since they are just noise here): gateway# show run : Saved : ASA Version 8.2(1) ! hostname gateway domain-name corp.company-name.com enable password gDZcqZ.aUC9ML0jK encrypted passwd gDZcqZ.aUC9ML0jK encrypted names name 192.168.0.2 dc5 description FTP Server name 192.168.0.5 dc2 description Everything server name 192.168.0.6 dc4 description File Server name 192.168.0.7 ts1 description Light Use Terminal Server name 192.168.0.8 ts2 description Heavy Use Terminal Server name 4.4.4.82 primary-frontier name 5.5.5.26 primary-eschelon name 172.21.18.5 dmz1 description Kerio Mail Server and FTP Server name 4.4.4.84 ts-frontier name 4.4.4.85 vpn-frontier name 5.5.5.28 ts-eschelon name 5.5.5.29 vpn-eschelon name 5.5.5.27 email-eschelon name 4.4.4.83 guest-frontier name 4.4.4.86 email-frontier dns-guard ! interface Vlan1 nameif inside security-level 100 ip address 192.168.0.254 255.255.255.0 ! interface Vlan2 description Frontier FiOS nameif outside security-level 0 ip address primary-frontier 255.255.255.0 ! interface Vlan3 description Eschelon T1 nameif backup security-level 0 ip address primary-eschelon 255.255.255.248 ! interface Vlan4 nameif dmz security-level 50 ip address 172.21.18.254 255.255.255.0 ! interface Vlan5 nameif guest security-level 25 ip address 172.21.19.254 255.255.255.0 ! interface Ethernet0/0 switchport access vlan 2 ! interface Ethernet0/1 switchport access vlan 3 ! interface Ethernet0/2 switchport access vlan 4 ! interface Ethernet0/3 switchport access vlan 5 ! interface Ethernet0/4 ! interface Ethernet0/5 ! interface Ethernet0/6 ! interface Ethernet0/7 ! ftp mode passive clock timezone PST -8 clock summer-time PDT recurring dns domain-lookup inside dns server-group DefaultDNS name-server dc2 domain-name corp.company-name.com same-security-traffic permit intra-interface access-list companyname_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0 access-list companyname_splitTunnelAcl standard permit 172.21.18.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip any 172.21.20.0 255.255.255.0 access-list inside_nat0_outbound extended permit ip any 172.21.18.0 255.255.255.0 access-list bypassingnat_dmz extended permit ip 172.21.18.0 255.255.255.0 192.168.0.0 255.255.255.0 pager lines 24 logging enable logging buffer-size 12288 logging buffered warnings logging asdm notifications mtu inside 1500 mtu outside 1500 mtu backup 1500 mtu dmz 1500 mtu guest 1500 ip local pool VPNpool 172.21.20.50-172.21.20.59 mask 255.255.255.0 no failover icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 global (outside) 1 interface global (outside) 2 email-frontier global (outside) 3 guest-frontier global (backup) 1 interface global (dmz) 1 interface nat (inside) 0 access-list inside_nat0_outbound nat (inside) 2 dc5 255.255.255.255 nat (inside) 1 192.168.0.0 255.255.255.0 nat (dmz) 0 access-list bypassingnat_dmz nat (dmz) 2 dmz1 255.255.255.255 nat (dmz) 1 172.21.18.0 255.255.255.0 access-group outside_access_in in interface outside access-group dmz_access_in in interface dmz route outside 0.0.0.0 0.0.0.0 4.4.4.1 1 track 1 route backup 0.0.0.0 0.0.0.0 5.5.5.25 254 timeout xlate 3:00:00 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 ldap attribute-map RemoteAccessMap map-name memberOf IETF-Radius-Class map-value memberOf CN=RemoteAccess,CN=Users,DC=corp,DC=company-name,DC=com companynamera dynamic-access-policy-record DfltAccessPolicy aaa-server ActiveDirectory protocol ldap aaa-server ActiveDirectory (inside) host dc2 ldap-base-dn dc=corp,dc=company-name,dc=com ldap-scope subtree ldap-login-password * ldap-login-dn cn=administrator,ou=Admins,dc=corp,dc=company-name,dc=com server-type microsoft aaa-server ADRemoteAccess protocol ldap aaa-server ADRemoteAccess (inside) host dc2 ldap-base-dn dc=corp,dc=company-name,dc=com ldap-scope subtree ldap-login-password * ldap-login-dn cn=administrator,ou=Admins,dc=corp,dc=company-name,dc=com server-type microsoft ldap-attribute-map RemoteAccessMap aaa authentication enable console LOCAL aaa authentication ssh console LOCAL http server enable http 192.168.0.0 255.255.255.0 inside no snmp-server location no snmp-server contact snmp-server enable traps snmp authentication linkup linkdown coldstart sla monitor 123 type echo protocol ipIcmpEcho 4.4.4.1 interface outside num-packets 3 frequency 10 sla monitor schedule 123 life forever start-time now crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac crypto ipsec security-association lifetime seconds 28800 crypto ipsec security-association lifetime kilobytes 4608000 crypto dynamic-map outside_dyn_map 20 set pfs crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map crypto map outside_map interface outside crypto isakmp enable outside crypto isakmp policy 10 authentication pre-share encryption 3des hash sha group 2 lifetime 86400 ! track 1 rtr 123 reachability telnet timeout 5 ssh 192.168.0.0 255.255.255.0 inside ssh timeout 5 ssh version 2 console timeout 0 management-access inside dhcpd auto_config outside ! threat-detection basic-threat threat-detection statistics access-list no threat-detection statistics tcp-intercept webvpn group-policy companynamera internal group-policy companynamera attributes wins-server value 192.168.0.5 dns-server value 192.168.0.5 vpn-tunnel-protocol IPSec password-storage enable split-tunnel-policy tunnelspecified split-tunnel-network-list value companyname_splitTunnelAcl default-domain value corp.company-name.com split-dns value corp.company-name.com group-policy companyname internal group-policy companyname attributes wins-server value 192.168.0.5 dns-server value 192.168.0.5 vpn-tunnel-protocol IPSec password-storage enable split-tunnel-policy tunnelspecified split-tunnel-network-list value companyname_splitTunnelAcl default-domain value corp.company-name.com split-dns value corp.company-name.com username admin password IhpSqtN210ZsNaH. encrypted privilege 15 tunnel-group companyname type remote-access tunnel-group companyname general-attributes address-pool VPNpool authentication-server-group ActiveDirectory LOCAL default-group-policy companyname tunnel-group companyname ipsec-attributes pre-shared-key * tunnel-group companynamera type remote-access tunnel-group companynamera general-attributes address-pool VPNpool authentication-server-group ADRemoteAccess LOCAL default-group-policy companynamera tunnel-group companynamera ipsec-attributes pre-shared-key * ! class-map type inspect ftp match-all ftp-inspection-map class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect ftp ftp-inspection-map parameters class ftp-inspection-map policy-map type inspect dns migrated_dns_map_1 parameters message-length maximum 512 policy-map global_policy class inspection_default inspect dns migrated_dns_map_1 inspect ftp inspect h323 h225 inspect h323 ras inspect http inspect ils inspect netbios inspect rsh inspect rtsp inspect skinny inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp inspect icmp inspect icmp error inspect esmtp inspect pptp ! service-policy global_policy global prompt hostname context Cryptochecksum:487525494a81c8176046fec475d17efe : end gateway# Thanks so much!

    Read the article

< Previous Page | 2 3 4 5 6 7 8 9 10 11 12 13  | Next Page >