Group NAR for ACS 4.2

Similar Questions

• apply the group policy for the screen saver without copying the screen saver on all computers

  Hello
  I have applied the group policy for server screen saver 2008 but do run
  I copied the file on each computer .scr.
  is there a way to push file of screen directly from the server without copying it to each computer on the network?
  or is there a software that can automatically run the screensaver on the network?

  Hello

  The business support, you can find forums on TechNet, see the following links:

  http://social.technet.Microsoft.com/forums/en/category/WindowsServer/

  http://social.technet.Microsoft.com/forums/en/category/w7itpro/

• Why used to address changes Proxy stick of group policy for all users in Active Directory?

  We re-installed the Customer Site Proxy on a BDC service, we published all the strategies of Active Directory for the new DC IP address group however for many users in Internet Explorer LAN settings always keep coming back to the old address when adding in group policy, any ideas of what we missed?

  Hi MikeButterworth,

  Your question of Windows is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the IT Pro TechNet public. Please post your question in the TechNet forum.

  http://social.technet.Microsoft.com/forums/en/itproxpsp/threads

• VPN access query remote ASA - several group policies for the unique connection profile

  Hi all

  Two quick questions here that I need to help.

  1. in an ASA 5525, is it possible to have several group policies for a single connection profile?

  Scenario: A customer is running F5 Firepass to their VPN solution and this device is used by them to have multiple strategies group by the connection profile. We plan to migrate them to ASA (5525) and I don't know if the ASA can support that.

  2. in an ASA-5525 for Clientless Remote access VPN, can pass us the page to connect to an external server? For example, if I have a connection with a URL profile setup: "'https://wyz.vpn.com/ ';" for the LDAP/Radius Authentication, but for https://wyz.vpn.com/data and https://wyz.vpn.com/test I want to HTTP based authentication form and this page needs to be sent to an external server that is to say ASA step will manage this page, but rather the first page for this is served by the external server.

  Scenario: One of our clients is running F5 Firepass to their VPN solution. On the F5 they have pages of configuration such as the https://wyz.vpn.com/ that the F5 shows to the user when they connect via VPN without client; However if the user types https://wyz.vpn.com/data in the browser, the traffic comes to the F5, but F5 redirects this traffic to an external server (with an external url as well). Then it's this external server that transfers the first page of the user requesting authentication for HTTP form based authentication information.

  Thanks in advance to all!

  Hello

  You can have fallback to LOCAL only primary method.

  http://www.Cisco.com/c/en/us/TD/docs/security/ASA/asa90/configuration/gu...

  HTH

  Averroès.

• How to apply for ACS 5.5 Upgrade License

  We bought the license to upgrade ACS 5.5 (R-CSACS-55VMUP-K9 =). I read below the steps of the migration of 4.x to 5.5, I have found anywhere you need a licence. Is it really necessary?

  In fact I intend to reconfigure all about ACS 5.5 from scratch. Can I use the license? or to buy a standard license to download GBA 5.5?

  Since we have already purchased the upgrade license, can I 'pretend' to migrate an ACS 4.x and wipe it and redo the configuration, just to use the Upgrade License?

  What is the best approach to get the job of license with decent cost?

  Thank you

  5.5 Cisco secure access control system migration guide
  Using the Migration utility to migrate data to ACS 4.x for ACS 5.5

  http://www.Cisco.com/c/en/us/TD/docs/net_mgmt/cisco_secure_access_contro...

  Hello Hujian. The "migration license" is the same as that of "standard". The only difference is that you put on it, since you already have ACS 4.x. If you were buying ACS 5.x today and you have not previously ACS then you would have been ineligible for migration license.

  That being said, there isn't really a direct from 4.x to 5.x migration since the whole system has been rewritten. For example, as you know 4.x ran on Windows and did not require not a vs 5.x license runs on Linux and does not require a license. You can use the utility 'migration' to help you migrate some of the configurations but it does not migrate everything. I personally never liked to use it and always what you plan to do is build the new server from scratch :)

  I hope this helps!

  Thank you for evaluating useful messages!

• Essential tool for ACS 4.1

  Hey guys,.

  could you tell me if there is an essential tool for ACS 4.1? I need to create hundreds of customers AAA!

  Thanks in advance!

  You can try some RDBMS with action codes to add clients through an excel spreadsheet.

  http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.0/user/guide/AG.html

• Performance for acs v.5 figures

  Hello

  does anyone know how to get the figures on performance for acs v.5?  I have looked through the documents but could not get really no idea.

  I'm looking for numbers like:

  How many:

  authentications per second per unit

  Especially in a WLAN environment - how many clients can use a device as primary without putting the primary under strong support?

  Thanks for any advice / ideas

  Here are the numbers of the acs 5.3 software performance.

  http://www.Cisco.com/en/us/docs/net_mgmt/cisco_secure_access_control_sys...

  Thank you

  Tarik Admani

  Sent by Cisco Support technique iPad App

• apply the patch for acs unit

  I was wondering if someone can help me to update my ACS camera with patch 4.1.1.23.4 - SW. It's simple to apply it in a normal server, 2000. The ACS unit according to me is different because we can access through normal terminal, keyboard and mouse.

  Some I had to read it is necessary a tomcat server?

  Help, please

  ADI

  Hello

  ACS v4.1.1.23 patch 5 is available then go for this new patch.

  You should have a pc that can access the ACS through the web interface. Keep the file of fix on the PC.

  Follow the steps below on the PC:

  [1] extract zipped file

  [2] get? Autorun.exe? file and double-click it

  [3] it will start a server tomcat on your desk and you? 'll see a web page asking ACS

  IP SE:

  Provide the IP ACS SE and the press? Install?

  [4] he will ask for ACS admin username and password as shown below:

  Specify the user name and the password and connect.

  [5] then he raise ACS GUI, then go to

  System configuration > device upgrade status > download,.

  Then we? 'll get a screen where it will ask for the ip address of the server to install:

  Provide the ip address of the system where we apply this patch, in our case our

  ip address of office, and then click on connect.

  [6] he will show us after screen:

  Click on? Download now?

  Then he? show us this screen:

  Press? Refresh? Until we see the following screen:

  [7] now, press on? Apply the update? Then he? He wants confirmation:

  Press? Update?, then we? 'll get information about the patch.

  Click on? Yes?.

  It? LL take a few minutes to apply this hotfix on the device.

  Then he? show us a confirmation message:

  Press? Fact?, then the system will restart.

  To confirm that the patch has been applied successfully, goto

  System configuration > status upgrade unit

  After all right, stop the tomcat server by clicking on? stop server distribution? or

  If you want to apply this hotfix on a device more click on? Install following?

  I hope this helps.

  ~ Rohit

• Hello. I started with the DPS. Is it possible to publish a magazine for a limited specific target group? For example, in a Department of a large company? Or for the heads of the different services? If so, how should I do? Thank you for your help.

  Hello.

  I started with the DPS. Is it possible to publish a magazine for a limited specific target group? For example, in a Department of a large company?

  Or for the heads of the different services? If so, how should I do? Thank you for your help.

  The short answer is Yes.

  Click on the request of consultation in link Digital Publishing Suite help | DPS pricing options to receive a quote for your project of the DPS license.

• Grouping/HA for the content server

  Hello.

  
  Is it possible to operate the ACS in clustered environment (including all nodes a database storage and shared)? I would prepare a HA for ACS solution and would like to know if I can get two tomcats on two nodes running simultaneously or in stand by hot cluster?

  TIA,

  
  R.

  The only service which is (should be) directly facing the end user is the runtime.  Packaging is used to add books to your content server, Admin is used for the management - these two must be behind your firewall.

• Alternative of DRM for ACS 4.0 client?

  Hi all

  I'm building an ebook for Windows instead of draw reader party ADE for ACS 4.0.

  After reviewing the document, and the Adobe forum, I found the ACS client seems to be packaged with RMSDK to activation / authorization.

  It's the alternative to implement a customer of ACS windows without using the RMSDK?

  Any suggestions are welcome.

  Thanks in advance for the help.

  Kenneth

  N ° only the RMSDK customers are allowed for ACS4 (activaiton Adobe servers).

• Group repeated for each line column

  How a group column can appear in all the ranks? I have to develop a model of assets of the Group company, GL and Costcenter accounts. How can I make these group columns for each asset rather than appear once for each group?
  
  Thank you
  SN

  Hello

  in your case, the following should work:

  
  
  
  
  
  
  

  You see, the code depends on the structure of your of your xml, that's why vetsrini inquired.
  And please: publish a valid xml code in the future

  Concerning
  Rainer

• ACS Auth: Use of group data for the authentication of the user-> security problem?

  IM only using a VPN-installation (router, ACS, Cisco VPN Client) and I noticed that the name of the Group and the Group decrypted password can also be used in the second step of the authentication (the extent of authentication or authentication of users), which is a big security concern. What wrong with my setup.

  For the test I have set up a VPN configuration as described in cisco documents. Here, it also works. The identification information of the Working Group in the authentication of the user, too, which is quite logical, because the group credentials are also a user in the database of GBA. Of course, this user can be authenticated in the user authentication process.

  Who is wrong? How other admins to solve this problem? Am I wrong in my approach?

  Thank you!

  Yes, permission will have password for "cisco", at least for isakmp and pki. The group will send its name and password Cisco to receive the av pairs (ASA has a function to create a "good word of different past" but he's not here on IOS, AFAIR)

  It is a restriction known - you should not use the same server for authentication and authorization, with IOS and ASA.

  Did you give this property (either / or):

  -local isakmp authorization

  -l' authentication certificate (Group)

  -sharing features for authentication and authorization between servers.

  I don't think we can do much wise configuration to prohibit this behavior.

  Edit: spelling correction.

• Group-lock for users of vpn with acs

  Hello

  Is it possible to controll what VPN profile, a user is allowed to use by Cisco ACS or the router?

  2811 router IOS 12.4 worm, ACS 4.1 using

  I just want to be sure that the VPN allows the user only the Client Profile assigned to them and no other profile groups.

  Example:

  User123abc gets their hands on a profile of co-wokers.

  HR_User_Profile.pcf

  SALES_User_Profile.pcf

  User123abc belongs to the Department of human resources and should be able to authenticate with HR_User_Profile. If User123abc is trying to authenticate by using the access SALES_User_Profile should be rejected.

  Any documentation explaining how to set up?

  The ASA will be your option. This should be controlled by the values of tunnel-group and class-group policy, group-lock, ACS and ASA

• How to turn off turn on privilege for ACS Ganymede +.

  I have an MSFC with the following configuration.

  AAA new-model

  AAA authentication login default group Ganymede + local

  AAA authorization exec default group Ganymede + local

  orders accounting AAA 15 by default start-stop Ganymede group.

  I have an ACS v3.0 under NT.

  I have setup an advanced option of GANYMEDE + in the ACS which can activate the privileges for users. However, the user can still connect to the MSFC and question 'enable the command '.

  Is there a better way on the ACS to refuse a user to run the 'enable' command so that it can not go mode even though it may have the secret password that is located in the MSFC.

  Thank you

  David

  David

  You can make consent orders and refuse this command 'enable '.

  So now the router, you will have:

  AAA authorization commands 0 default local taca group

  The GBA, so that the user, under the authority of command, add the command like enable, deny arguments. '. Make sure you also unlisted arguments have denied.

  Once permission to order had been enabled on the router, each user will be checked for authorization. So for other users, in the GBA box, make sure that you have - unmatched orders Cisco IOS updated allowed and also arguments unlisted allowed nec.

  Make first Chang on GBA and then add the router config.

  Thank you

  Nisha