Allow only certain users to use the Security Server

Hi all

I'm looking at a way to allow users to work from home using a security server (works like a charm) BUT I don't want all my users can connect at home. This is the default behavior.

Tags are an option, but it requires me to create a separate pool for users, who use desktop clone thin even as an "ordinary" users

Is there a way to activate this feature (because it works in vpn etc.)?

You can enable VPN for those users only. the other way is if you have the RSA in your environment, you can enable these people in a pool that would have required RSA authentication...  http://communities.VMware.com/thread/306690?TSTART=0

Tags: VMware

Similar Questions

  • A report that will show how a user has used the secure area?

    Hello everyone.

    I need to view a generated in the report on the activities of the Member section to securezone.

    The ideas are greatly appreciated.

    I've tried selecting the protected area (in the areas of Secure), click on action -> View Secure area usage report

    But it just displays: no data available for the period selected. no matter how to set the filter of time.

    Best regards

    Jones

    It seems that it is a duplicate to your message in this thread: is there a report that will show you how a user has used the secure area? . I will follow on this issue on the same thread.

  • Allowing only certain users (or groups) make profile changes

    Hello

    I work on a requirement here that has the following scenario:
    -Permanent employee cannot change their own attributes through my account profile
    -Employee can change their attributes through my account profile
    -Permanent/temporary employee Type field values are

    So, we follow the steps:
    -Created 2 groups of users on IOM (permanent and temporary)
    -Definition of membership rules that checks the Employee Type attribute and add the user automatically to a group of IOM (permanent and temporary)
    -Set up permissions for object data, form = users and unchecked "allow Update" the temporary group. I have not configured for the Standing Group

    Test 1:
    -The end user test is part of the Group standing (and all USERS by default. It cannot be deleted)
    -Login as the end user test and on his family name change
    Performance(1):
    -The name has been changed, but should not
    Pharmacodependance1: I have implemented only the temporary group to be able to change this IOM should block this change request


    Test 2:
    -J' deleted user test by the Standing Group and only all USERS, which is by default on the left
    -Set up permissions for object data, form = users and unchecked "allow Update" for the group all USERS. I removed the other groups
    Result 2:
    -It worked! I could make no change because the group all USERS cannot change their values (update permission is not checked)
    Problem2:
    Am I misunderstood the real meaning of the data object permissions? Why it worked for all USERS but not for other custom groups?

    Concerning
    Hugo

    It is a common use case. The classic solutions to this problem are the following:

    1. create a custom menu item or a custom user interface. Not bad work but also a lot of flexibility.
    2. change the OOTB JSP to get the features you want. Some work and IOM upgrade issues but less work than option 1.
    3. apply the update of the USR form as a resource object. You can access the workflow approval etc.. Not that much work. He must find a way to stop users 'HR reliable source' ask the object (or implement an automated system of rejection)

    Hope this helps
    / Martin

  • Allow only specific users based on the list of users in a table

    We have a situation where we allow specific users that are stored in a table.
    create table ALLOW_USERS (username varchar2(30) );
    
    CREATE OR REPLACE TRIGGER USERS_TRIGGER
       AFTER LOGON
       ON DATABASE
    DECLARE
    BEGIN
      IF DBMS_STANDARD.LOGIN_USER NOT IN (SELECT USERNAME FROM ALLOW_USERS)
    
             THEN
                   RAISE_APPLICATION_ERROR (-20001, 'Unauthorized login');
           END IF;
    END;
    /
    
    Warning: Trigger created with compilation errors.
    
    SQL> show error
    Errors for TRIGGER USERS_TRIGGER:
    
    LINE/COL ERROR
    -------- -----------------------------------------------------------------
    3/3      PL/SQL: Statement ignored
    3/38     PLS-00405: subquery not allowed in this context
    How to use the subquery above the trigger? or is there a better way to achieve required results.

    -Thank you

    I'm surpised nobody reported to functions attribute Event for customer event triggers and ora_login_user in particular:

    CREATE OR REPLACE
      TRIGGER NOT_SYS.RESTRICTED_USERS_TRIG
        AFTER LOGON
        ON DATABASE
        DECLARE
            v_cnt NUMBER;
        BEGIN
            SELECT  COUNT(*)
              INTO  v_cnt
              FROM  not_system.ALLOW_RESTRICTED_USERS
              WHERE username = ora_login_user;
            IF v_cnt = 0
              THEN
                RAISE_APPLICATION_ERROR(-20001,'Unauthorized login');
            END IF;
    END;
    / 
    

    SY.

    Published by: Solomon Yakobson on June 3, 2013 15:43

  • Allow only authenticated users to access the internet

    Hi guys.

    I have a 5510 ASA with IOS 8.4. I want that only authenticated active directory of users can get through the firewall.

    I don't have any idea how to resolve this.

    Can someone give me a hint?

    WBR

    Robert Fenz

    Robert,

    You can also take a look at the ASA next feature:

    PIX / ASA: Passage of the Proxy for access network using GANYMEDE + and RADIUS Server Configuration Example

    http://www.Cisco.com/en/us/partner/products/HW/vpndevc/ps2030/products_configuration_example09186a00807349e7.shtml

    The foregoing applies only if you have a GANYMEDE + or RADIUS of a backend if authentication server server.

    Kind regards.

  • Is it possible to set up a slideshow in Muse that will allow a user to use the arrow keys on the keyboard to advance the slides in a browser?

    Is it possible to set up a slideshow in Muse that will allow a user to use the arrow keys on the keyboard to advance the slides in a browser?

    Hello

    Take a look at a similar debate here

    Re: To navigate in the slide show with the arrow on the keyboard?

    keyboard control arrows to slideshow and lightbox Widget

  • Other users in using the software

    Is it possible to restrict the use of a program for a specific user.

    Is it possible to use a program only for a user without having to reinstall the program

    There are several ways to do so.  You can use the security settings for the family for the "children" Setup accounts and restrict what they are allowed to use.

    You can also browse for the exe program directly and modify security permissions so that it ' ' allows you complete control specifically, but remove the permissions for all the world.

  • How can I limit access (within my home group) for only certain user accounts on my 'portable' computer to view certain user accounts on my "desktop pc"?

    Hello

    I created a homegroup, in which my "Desktop PC" and "Notebook" are members. I have 4 user accounts on my desktop PC and 3 user accounts on my laptop. I wish that only certain user accounts on my laptop and desktop PC in order to access some user accounts on the other machine. I.e. "Sally" account user on my laptop only access account user 'Sally' on my desktop PC and vice versa. Rather than user account 'Sally' on laptop or desktop PC being able to access 'Martin' account on laptop or desktop PC.

    In other words, I wish that every Member of the family must be able to connect to my laptop or my desktop PC and access their files that are stored on the desktop originally.

    Can you help me?

    Thank you.

    Hello

    It seems that you want to restrict access to certain user accounts in the homegroup.

    I will definitely help you with this.

    I suggest you to refer to the advice given by David. F 24 August 2012 and check if it helps.

    http://answers.Microsoft.com/en-us/Windows/Forum/Windows_7-security/HomeGroup-how-to-identify-different-users-and/a0e41608-5691-43D0-8FB0-1a677690edef?msgId=c4104da0-64F5-42AD-8bb2-8734fcfd3962

    For more information, visit the following link.

    Homegroup: frequently asked questions

    http://Windows.Microsoft.com/is-is/Windows7/HomeGroup-frequently-asked-questions

    It will be useful. If you have any other questions, feel free to let us know. We will be happy to help you.

    Thank you.

  • Account not allowed to log on by using the current workstation

    Is this a bug in ACS 5.3.0.40.4?

    We have some AD user accounts that are allowed to connect on some computers. I am able to connect to computers are allowed with the AD-account, but the 802. 1 x fails and the client cannot obtain a network connection. It's on the vlan right, but he cannot ping the default gateway and is not set to the guest VLAN. In the ACS journal, we see the error "" EAP session expired: 24441 account not allowed to log on using the current workstation".

    I checked it by testing another user. I limited the user to only connect to a single computer. I then logged on this computer, and shortly after I lost the network connection and the same error in the log.

    This means that the 802. 1 x fails if you try to limit which computers a user account can connect to AD. If anyone has experienced this before?

    I know that he is two years, but we just encountered the same problem, but with ISE 1.2.  ISE and ACS MUST be added to the list of computers that are allowed for the user.  Which does not require that the ISE or ACS is in the same domain as the users, which would be a problem for the person who started this chain.  The "current workstation" in the error message "account 24441 not allowed to log on by using the current workstation" refers to the ACS or ISE, not end machine, as explained above maldehne.  This is because, for the most part, the user logs in ACS or ISE in order to authenticate against AD.  Not directly, but it's how 802. 1 X.  Added once ACS or ISE, authentication works perfectly (as long as everything else is correct.)

  • RADIUS only on the Security Server?

    We have activated 2-factor by Ray and his excellent work. However now must also use 2-factor on internal connections on computers VDI. Is there a way to make the RADIUS only apply on the Security Server? We only want users outside to connect with Ray...

    I'm not totally it. You say you only want authentication RADIUS to be applied on the connections to the Security server used by remote users and internal users to authenticate with just AD?

    If so, the answer is Yes. Just have 2 servers connection, one for internal users and one for remote users (with a security server). A connection to the server is a standard instance and the other is a replica.

    Simply configure RADIUS server remote access connection.

    If I misunderstood the question, please let me know more information. Thank you.

    Mark

  • Access denied to user@localhost using the Yes password

    Hello world

    I try VERY hard to connect to my database
    I use dwcs3 and wamp phpmyadmin

    I get the...
    Access denied to user@localhost using the Yes password

    and even if I use the password only

    Now I'm using the username and password I chose when I created my database and user in cpanel, but it does not work so I go to phpmyadmin and I look at the homepage and it is said that
    Server = localhost
    user = mysitename@localhost
    and no information about a password

    SO what username and password choose I chose one that in phpmyadmin?

    So I try to make a connection using the info from phpmyadmin and... nothing same message access denied for mysitename@localhost
    using the password and password yes no

    Someone at - he had ideas why I use the exact user name and the password I chose, I know that my host automatiocally put a prefix in front of the name username and the database, so I use the same prefix and still nothing...

    Any help would be great

    Good day



    Mark this message as a response.

    The user name should not be 'mysitename@localhost', it should just be "mysitename".

    Now, here's the thing. In CPanel, there are 3 steps you need to take to get the connection of database for a user. The first step is to create the database. The second is to create the user (unless already created). The third step is to allow the user to access the database. There should be a box down from the window of CPanel (given that the theme of your host has not radically changed the provision) that says "add user to database". If the user does not have access to the database fails.

    Try and see if it helps. If you have already done this just after again.

  • problem with write access to truecrypt readers windows 7. The mounted drive is not writing priveliges. Read-only. Cannot change in the security permissions.

    problem with write access to truecrypt readers windows 7. The mounted drive is not writing priveliges. Read-only. Cannot change in the security permissions.

    Hi amcop4591,

    1. How is - that Mount you the drive on the computer?

    2 Di you use any third-party tool to mount the drive?

    I suggest that you remove the external drive using the disk management and check back later if you can change the permissions on the drive.

    If you change the permissions, make changes to the permissions on the drive and then mount the drive.

    Mount or dismount a drive

    http://Windows.Microsoft.com/en-us/Windows7/mount-or-dismount-a-drive

    I hope this helps!

    Halima S - Microsoft technical support.

    Visit our Microsoft answers feedback Forum and let us know what you think.

  • Cannot "connect as current user" via the Security Server

    Hello community,

    I had a problem using the "connect as current user" option against a network outside of the enterprise security server. Connection by manually keying in the name of user and password works very well from the outside the company network For internal connections using a connection to the server instead of security server, everything works as expected without having to manually type the name of user and password.

    Single domain

    Customer of the horizon is 3.5.2 and joined to a domain

    2 Security Server 6.2.1 x

    2 Server 6.2.1 connection x

    On one of the servers of connection I got the following error message when you try to connect through the horizon customer using the option "connection as the current user:

    2015 12-28 T 20: 21:15.207 + 01:00 INFO (B 0, 08 - 0E34) < ajp-nio-8009-exec-7 > [PAEContext] (SESSION: a774_ * _b2fb) Idle Timer executor by using 1 thread (s)

    2015 12-28 T 20: 21:15.625 + 01:00 ERROR (0744-0AEC) < MessageFrameWorkDispatch > [ws_winauth] [GSSApiProcessServerContext]: negotiate failed. Error 0 x 0000000080090300 (not enough memory is available to complete this form) {SESSION: a774_ * _b2fb}

    2015 12-28 T 20: 21:15.626 + 01:00 (B 0, 08-04 B 8) WARN < ajp-nio-8009-exec-8 > [GssapiHandler] (SESSION: a774_ * _b2fb) failed connection GSSAPI: not enough memory is available to complete this application

    2015 12-28 T 20: 21:15.627 + 01:00 ERROR (B 0, 08-04 B 8) < ajp-nio-8009-exec-8 > [GssapiHandler] (SESSION: a774_ * _b2fb) cannot close the context 7 36 d-*-00D 3 with the error: unable to locate the context requested

    2015 12-28 T 20: 21:15.627 + 01:00 ERROR (B 0, 08-04 B 8) < ajp-nio-8009-exec-8 > [GssapiAuthFilter] (SESSION: a774_ * _b2fb) authenticate GSSAPI performance problem - GSSAPI_ERROR: GSSAPI failed: not enough memory is available to complete this application

    The connection to the server has 12 GB of memory in total and 9.5 GB of memory free/available.

    In the windows event log, the following error message appears:

    BROKER_USER_AUTHFAILED_GENERAL

    Failed to authenticate the user < UNAUTHENTICATED >

    Attributes:

    Node = hostnameofconnectionsserver.mydomain.com

    Gravity = AUDIT_FAIL

    Time = Mon 28 Dec 19:51:16 THIS 2015

    Module = broker

    UserDisplayName = < UNAUTHENTICATED >

    Source = com. VMware.VDI.Broker.filters.GssapiAuthFilter

    Recognized = true

    Just tried from a machine arrived in the area via the Security server. Cannot open a session as the current user. We also enabled on the external connections of MFA, but I don't think that should make a difference.

  • How many users can use the unique apps?

    How many users can use the unique apps?

    A... the owner

    Cloud license allows 2 activations http://www.adobe.com/legal/licenses-terms.html

    -Install on a 2nd computer http://forums.adobe.com/thread/1452292?tstart=0

    -Windows or Mac has no importance... 2 on the same operating system or 1 on each

    -Two activations may NOT be used at the same time (noted in the link above of the license)

  • How can I force Acrobat Professional 11 users to use the "save under" verses "Save"?

    How can I force Acrobat Professional 11 users to use the "save under" verses "Save"?  I want users to type in a form to fill out, but not to save their changes to the original formula.  I want them to be able to save with a different file name.

    You can not force it really, but you can encourage it... For example, you can set the file read-only and add a statement to do it before the file is saved using a script.

Maybe you are looking for

  • Problem with the mouse and trackpad

    I bought a MacBook Pro a week ago and am just learning how to use it - took computers from the 1970s, but it's like learning a new language.  New laptop has a memory of 8 GB and 256 GB SSD. The touchpad on the laptop is defined the way that Apple pre

  • Windows Memory diagnostic of hangman to halfway...

    Using Vista Home premium SP1, computer laptop lenovo Y430 during the analysis of the diagnostic memory tool he successfully scan first part but hung on the second part @ 25%. Tried using the ESC key no response... After a while you press the power/bu

  • BSOD CODE 116 BC

    I bought a new 760 GTX recently and now I get this error. I know it's a graphic error, but I have no idea of what is the real problem and if I need to return to the map or is it something I can fix it.  I checked the drivers and they have been update

  • Broken screen blackBerry BlackBerry of passport

    So I'm here, I don't think that I have to consider it by far, but it seems @BlackBerryHelp on Twitter can help me. I thought that I would try to waste time here. Then... I bought my Passport on September 26 (day out) to shopBlackBerry and have been s

  • How to set chkdsk weekend automatically?

    I would like to set the schedule to run chkdsk on Sunday automatically. Anyone have any suggestions on how to do it? Thanks in advance for your suggestions