CSA - Local Administrator
Nobody knows effectively, in which the CSA can be run in 'No user interaction' mode for a non administrator user a Win 2000 AD environment and when an administrator logs in they can interact.
I know that the CSA don't integrate well with win2000 AD, I have two separate agent kits and seems a bit tedious to re - install the interactive kit whenever an administrator opens a session and then come back to the local user.
Also, it's a bit tedious connecting ciscoworks and move the user to the interactive group as you can't flag in off-line mode so you can't repoll and wait and also reinstall striaght away the interactive client does still not hide the flag.
Is there anyway in which a script could be sent to the CSA server maybe?
Someone had a similar problem?
4.5 the CSA awareness status of users. Interaction with the user and even complete the effective security policy can be based on the logged in user or the groups to which the user belongs. It is flexible enough and it works well.
There are also States of the system which allow you to control the effective policy based on the IP address, if the CSA MC is accessible or not, etc..
Tags: Cisco Security
Similar Questions
-
Hello
We are studying the use of the Profile Manager of OS X as a way to manage our Enterprise macs.
One of the demands made by the team, is to create an administrator user, as part of the OS X Profile which is lowered to the customer. The rationale is that this would be a way for the it team get, if the fubar user had their Mac
I did not see this anywhere in the configuration options of the Profile Manager and so ask the people who use it as part of their everyday Toolbox, to find out if such an option is available.
Thank you and best regards,
Madan failed
No, not with the Profile Manager.
How you deploying your company Mac? As institutionally imagery or as BYOD devices? If image, then the image should contain a coherent local administrator account. If the active image also the Apple Remote Desktop or SSH, you have a method of mass, control and manage the devices. If BYOD style, then you are out of luck that the end user is the only one with the key of the device.
You can take a look at following JAMF Casper. Once devices are registered, you have the possibility to create accounts (However the common method is to create an account on registration). If you deploy a BYOD approach, you should also look into DEP program Apple (https://deploy.apple.com) as more DEP JAMF (or other MDM) is a very powerful tool for light to zero touch deployment of systems.
Reid
Apple Consultants Network
Author - "El Capitan Server - Foundation Services.
Author - "El Capitan Server - Collaboration & control»
Author - "El Capitan Server - Advanced Services '.
: IBooks exclusively available in Apple store
-
How to give some access to the system without giving local administrator access?
Hello
I'm looking for advice on how I can accomplish the following tasks without giving certain groups of rights of a local administrator on the server.
- Ability to query the status of all Windows Services
- Access WMI
- Ability to read all the event logs
- Ability of the State to the query of all services
- Activation of remote PowerShell commands
I need to give this kind of access to the servers are Windows Server 2008 R2, Windows Server 2008 Std Edition and Windows Server 2003.
Advice and guidance would be greatly appreciated.
Thanks in advance.
Hello
The question you have posted is better suited for the TechNet forums. Please post your question here.
http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer
-
I try to open a book downloaded from ebooks, but it wouldn't let me activate the microsoft account. It says error of activation you need to signed as a local administrator.
Hello
Which account you sign in as? He is an administrator on the computer? You're on a standalone computer?
What operating system do you use?
Which site do you use to activate the eBooks?See the link below and check if it helps.
http://www.Microsoft.com/reader/info/activation.aspx
Activation FAQ
http://www.Microsoft.com/reader/info/support/FAQ/activation.aspx -
give the user local administrator rights using local admin script
I would like to give a domain user with local administrator rights using scripts via sccm, now that user does not disconnect, and if the admin rights come into force. I want to get the user who is logged on rights and it shall take effect as it is connected. This is possible thanks to a script or restart a service or group policy update?
Thank you very much for your time.
Asher
Hey Asher,
Thanks for posting in the Microsoft Community.
As you try to give a domain user with local administrator rights using scripts via SCCM, the question you posted would be better suited for COMPUTING public Pro on TechNet. I would recommend posting your query in the TechNet Forums to get help:
-
What would prevent a local administrator to change the local policies?
The problem occurred on a workstation XP (svc pk 3) within a W2K3 domain. It is the only station working (103 others) which I can't distance in via mstsc since my post (also under XP svc pk 3). I went (work to) the workstation and connected as a local administrator, and then have pulled-up gpedit so that I could change the local user rights policy for "Refusal to logon via the Terminal Services" to remove the Everyone group. But the two buttons are grayed (add user or group, and delete). After reviewing several other local policy settings, I found that they also had their gray button. I then tried the same thing connected as a domain administrator. No joy. The same problem. I couldn't change the local policy settings through my domain administrator account or the local administrator account. So I checked the default domain and all policy policies assigned to the ORGANIZATIONAL unit in which resides the problem workstation account. All of these policies had the "Deny logon via the Terminal Server Services of' value 'undefined '. Is it possible that one of our administrators changed the permissions on a registry key where the policy settings so that only he could change local policy on this box? Or is there another explanation?
I found the solution. I had to give administrators complete control over HKLM\SECURITY. Once I made this change I could once more change local policy. Now, I need to implement a method to push this change for all our workstations...
ICACLS?
-
Program running as local administrator in Windows XP needs to access a network drive
I just write a batch file to automatically run a program in Windows XP as a local administrator. I had to do to get the program to work right. However, the program cannot access network drives to save the files even if the user who is connected has access to these network resources. How can I give an a running program as a Windows XP local administrator the possibility to access and back up the files on a network share?
I found a solution for this. I had to add the same user a local administrator on the server with network drives. This solves the problem.
-
WinXP
user belongs to a domain and user does not belong to the local administrator or power users groups, or any custom group and the user is not part of the domain administrators group, but user show that it is adminI did a gpupdate/force and restart twice PC
Yet, user indicate it is always admin when we right click on Start menu and see the possibility to open all usersHi elena_ad,
Your question of Windows is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the public on the TechNet site. Please post your question in the below link:
http://social.technet.Microsoft.com/forums/en/winserverManagement/threads
-
Local administrator account and issue of local Group Policy permissions problem.
You have a local administrator account where it was defined
http://img26.imageshack.us/img26/5716/18112010133154.PNG
I think preventing the admin account to remove or install devices. This causes a problem. Looks like it's AD GP as is grayed out and I can't add locally. The network team claim there is no GPs AD to limit the admin account local they know of.
Also, I try to use the process on the machine monitor, but who needs administrator rights and he repeats that the local administrator account is not a member of the Administrators group, but it is.
Any ideas? Even if it's just he Process Monitor bit setting?
And looking at the photo can someone explain which means that icon next to load and unload device drivers. It is different from the others and think that it is linked, may be trying to tell me that it is a strategy of AD Group.
I talked to the networks, they said there is not together AD GP for this. I used the local administrator account to create a new local administrator account and put it in the Administrators group. Connected to it and it also has the same problem.
Any ideas?
The symbol, that you reference indicates that the setting has been locked by group policy and is not editable. When I saw it in the past, the only way I could replace, it is using "secedit". For more information about this command:
Starting-> help and support-> Search: Secedit"Elephant Gun" approach might also work:
"How to restore the security settings the default settings?
<>http://support.Microsoft.com/kb/313222 >HTH,
JW -
Access to local administration E3000 via HTTPS problem
I usually use a wired connection to the laptop to access the E3000 and http to access to local administration. I decided to simply to change to https and uncheck http. When I did this and use https to try to get web access, Firefox and IE say there is a certificate error and refuses to connect. In Firefox, I even said to use the certificate, but he refuses. I save a configuration file backup before proceeding with this change.
Any ideas on how to enter the web access with security 'mistakes '?
Also, if I have to reset the modem (shudder) completely restore configuration will set all my settings city MAC addresses? Since I also use MAC addresses for more security, I hope than those that are saved in the backup as I have entered him very much. I should re - establish links to all my devices like TVs and smartphones.
Thanks in advance.
No, if you upgrade the firmware do not use a backup saved configuration as it is specific firmware. If you upgrade your router reconfigure it back manually.
-
Change the account a local administrator on the domain controllers
Hello
I have a mix of domain controllers Server 2003-2012 of the running server.
I need to rename the local administrator account.
Is there a tool I can use to determine what applications/services using the local administrator account, which is what would be compromised if I renamed the existing local administrator account before as I do?
Any advice or suggestions would be appreciated.
Thank you.
KO
(Moved from FFOS)
Hello
Post your question in the TechNet Server Forums, as your question kindly is beyond the scope of these Forums.
http://social.technet.Microsoft.com/forums/WindowsServer/en-us/home?category=WindowsServer
See you soon.
-
How to reset the Local administrator password in Windows Server 2008
Original title: reset Local Administrator
How can I reset all my password of Local administrator using a GPO on windows server 2008
Hey isaberthe,
Just for future reference, all the problems of Windows Server goes to TechNet forum. Microsoft Answers support only consumer related research. You can find professional support services in TechNet forum.
Here is the link from TechNet:
Windows Server forums
http://social.technet.Microsoft.com/forums/en-us/category/WindowsServer
Kind regards
Shinmila H - Microsoft Support
Visit our Microsoft answers feedback Forum and let us know what you think.
-
I gave my domain users with local administrator rights. But they do not get the Control Panel, rights to open the network and sharing Center, and they could not change the registry... etc what is the solution for this? domain administrator I could be able to make any changes in this PC. We are facing this problem in all of our VMWare PC 7 on windows. I tried to add everyone in the local system Local Administrator and add the domain users group to the local administrator groups, but no luck...
This issue is beyond the scope of this site and must be placed on Technet or MSDN
-
Win 7 bypass login screen and opens the local administrator account
Having a laptop computer on the school network. During the initialization of the logon screen is bypassed, and opens the local administrator account, which is not well with the children concerned. Even in Safe Mode. Laptop configured from an image by using Hyper-V, all others ok
Hello
Thanks for the reply.
If you have any other questions relating to computers on the domain network, you can post questions in the Forums TechNet Networking Windows 7: http://social.technet.microsoft.com/Forums/en-US/w7itpronetworking/threads
Thank you.
-
I want workstation installation a Windows 7 where regular users only have power user rights, because I do not want that they either accidentally change important settings or for malicious to be processes able to run Web sites. However that these will be remote users there maybe times when they need a local administrator account to allow them to perform installation, correction or updating. So, I created a local user account, added to the Administrators group and used the Panel of local security policy and the account added to the list "Deny log on locally '.
It works by refusing the admin account to connect directly. However when I log in under the power user account and run something that requires elevated privileges the admin account is refused to carry out the process.
What is the combination of security settings can I refuse a desktop session Admin account but allows it to be used for processes requiring elevated privileges?
Thank you!
Hello
Thank you for contacting Microsoft Community.This is quite normal. When you refuse the privileges of local access connection, local users can not use the administrator account information because it is be the local login. So, it is better to create a domain and restrict the use of administrative operations to the administrator.
Maybe you are looking for
-
Lost my cd of restoration for my Satellite A110
Hi I have a Toshiba Satellite A110-275 and it needs a restore but I lost my restore cd. How would I go to get a replacement from you guys? Cheers.
-
Satellite P300D - I need the latest version of the video driver
Hello I have 1 question;When will ATi www and go mobility radeon page for graphics drivers and can not find the driver for HD3650I try with 3600 series but it does not work. I wish the latest drivers get.
-
Exe works on my computer, but not on others...
Hello I had a my vi .exe file to test my application (measure). My remote vi a Spectrum Analyzer, read the data and distribute them on the screen (xy graph). Before, these data go through to create limit and limit test vi, so I have 3 plots: Signal,
-
How to display the information for the account of the past...
original title: old perental controll reports How to view information for a user account on my computer from the past? All I can shoot upwards is from today, when I walk them. I don't need any kind of detailed information just the password of the acc
-
Product key not valid even if I use the CD that came with the computer!
After 30 days, I get an error reading "product key high-end of Vista you typed is invalid for activation. I changed my HARD drive twice due to failures and since then I get this error message. I ran the Microsoft Genuine Advantage Diagnostic Tool a