How to limit Ganymede user to logon to another device of base on the location profile group

Does anyboby knows how to prevent a user from Ganymede to logon to another device? Our company has a manufacturing in many place around the world, and we wanted to keep all of our engineers based on their geographic location. For example engineers networks base on Asia is limited to access all devices located in the United States needs but we engineers access to all devices that are installed in different locations. I am using Cisco Secure ACS 5.3 and I am not able to do this. The test account I created which is belong to a specific group (i.e. ASIA) can connect to a set of devices that are located in the United States with read access but do not write access because of the restriction that I created. All I wanted is for this test user to block his access to these devices located in the United States.

Well, lets assume that you have created two American and Asian communities

you have defined two clients AAA US1 and Asia 1

also, you have two identity of the groups USgroup and Asiagroup

(1) If a user tries to access the peripheral USgroup Asia should be rejected

(2) If a user attempts to access US Asiagroup device should be rejected as well

other access

If you need to customize the authorization policy in respect of the device admin access service

to register the identity group and NDG:location where you can put in the result of the conditions

What shell never set of profile or the command you want.

Rule 1: Usgroup NDG:location y US grnat access to profiles of shell and command the necessary value

Rule 2: Asiagroup NDG:location we Asia grant access to profiles of shell and set of commands necessary

default: deny access

----------------------------------------------------------------------

Please ensure good answers to rate

Tags: Cisco Security

Similar Questions

I am trying to create dynamic landing pages that reflect the locations of my Google ads. How can I create a dynamic text on my landing page to specify the location in the title?

I am trying to create dynamic landing pages that reflect the locations of my Google ads. How can I create a dynamic text on my landing page to specify the location in the title?

Thanks a lot for your answer. I've sorted it now.

Kind regards

Gill

How can I book / download 10 Windows on another device?

Windows 8.1 has stopped working and will not finish loading on my other laptop. Therefore, I don't have the icon but want to reformat using Windows 10. How will I be able to book, then to download 10 Windows on another device to put it on disk so I can reformat?

(My work laptop is Windows 7 but the I want to reformat is 8.1)

Hi momo,.

I understand that you want to reserve a copy for Windows 10.

You can create an ISO disk and install Windows 10.

Please see the Wiki Article created by Andre Da Costa (MVP, author of moderator & Wiki community).
How to: upgrade previous versions of Windows using the file ISO for Windows 10
http://answers.Microsoft.com/en-us/Insider/wiki/insider_wintp-insider_install/how-to-upgrade-from-previous-versions-of-Windows/31722b30-1da9-42BB-B331-0edc4649bf43

See also the Wiki Article created by Andre Da Costa (MVP, author of moderator & Wiki community).
How to book your free update of Windows 10
http://answers.Microsoft.com/en-us/Windows/wiki/windows_10-win_upgrade/how-to-reserve-your-free-upgrade-to-Windows-10/6c5fa167-467a-42F4-B4D2-91ac2be43c31

Hope the helps of information. Let us know if you need more assistance.

Thank you.

How to limit some users from a group of tunnel with access hours

I created under ldap attribute-map and applied to the AD server used for authentication. Then created the beach hourly and applied to group policy.

In ad server for users who need access to the VPN only during office hours, I put "OfficeHours" value in the field office. However, for users who need access to the vpn for 24 hours, I left this field empty.

Now, only users with the "OfficeHours" value in the field of the Office are to connect in the specified time interval. However other users never connect. How can I solve this problem?

LDAP attribute-map AccessHours_LDAPMAP

name of the map msNPAllowDialin Tunneling protocols

msNPAllowDialin card-value FALSE 1

map-value msNPAllowDialin 20 TRUE

physicalDeliveryOfficeName access-hours card name

time-range OfficeHours

periodical Monday Tuesday Wednesday Thursday Saturday Sunday from 08:30 to 18:00

attributes of Group Policy GroupPolicy_employees.domain.com

WINS server no

4.2.2.2 DNS server value

VPN-access-hour value OfficeHours

client ssl-VPN-tunnel-Protocol ikev2

by default no

WebVPN

AnyConnect value domain.com_client_profile type user profiles

Thank you, Rachel.

The soultion you suggest works.

Thank you for taking the time to solve this problem.

Concerning

Harvinder

How do you keep users from creating directories deeper than 260 characters of the root of the drive?

In Windows, it seems impossible to create/join the files with a path longer than 260 characters.

Well, not completely: you can create these files if you create a shortcut or point a reader shared inside the path, but that's exactly how this problem gets so bad: a user creates a share X: pointing to \\myserver\longdirname\evenlongerdirname\verylongdirname\etc\verylongfilename

then it creates a file in X:\evenlongerdirnamethanYouHaveEverSeen\SuperLongDirNameJustLongEnoughToBe260FromTheRoot

Note: the names of directories must be long, you can also create a shorter longer string of names of directories (a\b\c\d\e\f\g...)

now, someone trying to open this file of \\myserver fail miserable. In fact, windows behaves a bit ridiculous and sometimes silently ignores files. I've seen this happen when people copy a folder of installation deep inside a fileshare: the installation program is a DVD or CD and a subscription contains 1000 directories, some are more than 260 tank when opened from the root. Then you get really weird behaviour: files ignored!

As 260 characters was probably very well when the disks were<10GB but="" if="" you="" have="" 1="" tb="" drive,="" it's="" not="" too="" hard="" to="" end="" up="" with="" directories="" that="" are="" way="" deeper="" than="" 260="" characters.="" so="" i="" predict="" that="" there="" will="" be="" a="" time="" soon="" where="" ntfs="" needs="" to="" be="" adapted="" to="" be="" able="" to="" use="" large="" disks="" decently.="" this="" is="" also="" made="" worse="" because="" people="" create="" files="" with="" really="" bad="" names="" (e.g.="" a="" outlook="" msg="" files="" will="" be="" called="" the="" same="" as="" its="" subject="" line,="" fun="">

Don't tell people don't do that, I see it in my everyday environment, and it breaks a lot of programs (and then the bad programmer is blamed for drawback of Windows: "you can't even open a file named a.txt")

Question: How do you keep the users to create a file that is > 260 characters if we take into account the root of the drive, rather than a part under?

Hi PM3.141592

Your question of Windows is more complex than what is generally answered in the Microsoft Answers forums. It is better suited for the IT Pro TechNet public.

Please ask your question in the Forums Pro Windows XP IT.

How to delete incorrect user names that have accumulated on gmail? Clear the cache and history do not help.

Over time, because of me hitting the keys hard, my gmail login has accumulated several misspelled usernames. Every time I have access to gmail, all pop-up. I want to clean first, but I can't get rid of them. I followed your instructions to clear my cache and history, but nothing helped. I followed the instructions, click in the user name and then use the arrow and delete keys - also without success. I'm on a Mac OSX 10.4.11. Thank you!

See:
http://KB.mozillazine.org/Deleting_autocomplete_entries
http://KB.mozillazine.org/Password_Manager

How to remove a user-defined brush in Illustrator CS 6? (With the help of OSX 10.9.5)

Accidentally saved a png in the user defined brushes and want to delete it, but I can not find the folder, it's the life of me (I tried both to research with Terminal but don't know if I'm doing it correctly).

ALT click on Go > library. It comes to your user folder. Then Application support > Adobe > Illustrator CS6 > en_US (or whatever language) > brushes

How can I download my apps cc to another device?

Hi, I have photoshop and lightroom installed on my iMac, but you must download and install on my new macbook for College. Can someone give me some advice on how to get there?

Bephoto please see install and update apps - https://helpx.adobe.com/creative-cloud/help/install-apps.html for more information on how to install 2014 CC Photoshop and Lightroom.

How can I create a button with alpha background and text? When the alpha element group influence all elements, but the text remains 100%

When the alpha element group influence all elements, but the text remains 100%
I try with the Group of elements and no group, but include elements in the 'State' of the widget library button. Nothing!
Explain dough my problem and please excuse my English...
I need to have a transparent background with text (name and job) at the start. When I rollon with the cursor of the mouse on the button background should take a color with 60% alpha, required text full color stay, but if I group or insert State of the item on Rollo button mouse everything take alpha 60%
I need to regroup or insert in elements went State button because if they are ungruoped to mouse Rollo on bottom its all is ok, but when the mouse passes over the background of text out you of you initial state.
Can someone help me please?

I think I know your problem - are you using the opacity of the 'effects' rather than opacity to "fill" - one of the effects will affect the entire element rather than just the rectangle.

Use this opacity

not this one

How to execute a jar file which needs another pot to be in the class path
Hello

I need to run a pot, which needs another pot to be in the classpath.

If I run as

Java - classpath < name jar1 > - < main jar > jar

It gives classnotfoundexception, while the class is available under the name < jar1 >.

so, currently I like that

In the manifest file, I gave as
Main-Class: < class name >
Class-Path: < jar name > < name2 jar >

so it works well. But, if I want to change the location of the pot I changed again the file manifest.
Is it possible to do this? Pls help me.
What is

Java - cp jar1.jar; jar2.jar com.acme.MainClass

You won't have to worry about the manifest file after that and you can make a bat file (or .sh file in * nix) for her.

How to make a user able to connect only once? and how do I restrict a user authorized to vote only 15 candidates and the brand of vote count?

Hello

I'm just doing my project which is the voting system. So my first question is how to make a user or a voter can connect once only using their username and password? After that they brought their vote, they can not be able to connect to a vote. Here, the user name, I replace it with IC and the password I can replace the ID (student ID). Here is my code for the connection:

<?php
if(isset($_POST["submit"])){
$user=$_POST['IC'];
$pass=$_POST['ID'];


$con=mysql_connect('localhost','root','pass') or die(mysql_error());
mysql_select_db('ses') or die("Cannot select DataBase");


$query=mysql_query("SELECT * FROM voters WHERE IC='".$user."' AND ID='".$pass."'" );
$numrows=mysql_num_rows($query);
if($numrows!=0)
{
while($row=mysql_fetch_assoc($query))
{
$dbusername=$row['IC'];
$dbpassword=$row['ID'];


}


if($user == $dbusername && $pass == $dbpassword )
{
session_start();
$_SESSION['sess_user']=$user;
$_SESSION['sess_pass']=$pass;




/*Redirect browser*/
header("Location: main.php");
}
}else{
echo "Invalid IC Number and ID Number!";
}
}
?>

for the second question is how to limit a voter to vote only 15 candidates and counting of the vote that voters go? When the vote is made with 15, then the popup script appears informed that the elector make themselves with their vote.for this I use box as a method of voting and each checkbox have the id which is the primary key. I appoint the id as 'No' and set it as the primary key. Here is the code for voting:

<?php
$servername = "localhost";
$username = "root";
$password = "pass";
$dbname = "ses";


// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
     die("Connection failed: " . $conn->connect_error);
}
    
$sql = "SELECT No, Calon, ID, Jurusan, Image FROM candidates";
$result = $conn->query($sql);

if(isset($_POST['vote'])) {
    
//get the ID value from the radio button form field and store in an array.
$update_vote = $_POST['candidate_id'];

//loop through the array and update the database
foreach ($update_vote as $value) {
$vote_sachin = "UPDATE candidates SET Undi=Undi+1 WHERE No=".$value."";
$run_sachin = mysqli_query($conn, $vote_sachin);


    }

  header("Location:http://localhost/VotingSystem/");
}


?>


<form method="post" id="form1" action="main.php">
<?php
if ($result->num_rows > 0) {
echo "<table border >


<tr>
<th>NO</th>
<th>Candidate</th>
<th>INFO</th>
<th>Vote</th>
</tr>";
// output data of each row
while($row = $result->fetch_assoc()) {
echo "<tr>
<td align='center'>" . $row["No"]. "</td>
<td><img src=" . $row['Image'] . " width=120px height=150px></td>
<td><br/>" . $row["Calon"]. " <br/>" . $row["ID"]. " <br/>" . $row["Jurusan"]. "<br/></td>
<td align='center'><input type='checkbox' name='candidate_id[]' value='".$row['No']."'></td>
</tr>";
}
    echo "<tr><td></td><td></td><td></td>
    <td><input type='submit' name='vote' value='VOTE'</td>
    </tr>";
echo "</table>";


} else {
echo "0 results";
}
$conn->close();


?>

I hope someone can help me with this because I'm still trying to learn this by my own php code...

Thank you

# 1, add a Boolean column in the table (VoteSubmitted) and the value initially FALSE to follow if the user has already voted. Check this field when they connect. If the field is set to TRUE, displays a message and cannot vote again. When they get it vote, update the field from FALSE to TRUE.

# 2, I would like to do this with javascript to allow them to select all their candidates and submit once. You could start with something like this:

Cut paste & limit the number of boxes checked script

How to change the location of the files of user account files?

I had my hard drive partitioned and the need to change the location of my files of user account from c: to d:

An example is the location of the files from my office.

My user ID is Admin privilidge, but I can't find where to change of mapping file.

I would then change the default settings within the system, so that when new users are added to the data files to point to d:

Thank you!

http://www.vista4beginners.com/move-user-files-folders-to-another-partition

See if the information above helps you.

See you soon.

Mick Murphy - Microsoft partner

How can I share my library with all my devices

How can I share my library with all my devices?

In the article to share your iTunes library on your home - network Support Apple its pretty simple from what I've read, just make sure you have sharing options enabled in iTunes on your computer.

Just make sure that you are signed in the same Apple ID on all your devices and turn on sharing House on each of them as well and make sure that you are connected to the same network, trying to share the library.

How to recover files deleted from a removable storage device (memory stick)?

How to recover files deleted from a removable storage device (memory stick)? the only folder to recycle bin is on my network drive, there is none on my memory stick.

Monday, February 27, 2012, 15:13:17 + 0000, NealAtMOE wrote:

How to recover files deleted from a removable storage device (memory stick)? the only folder to recycle bin is on my network drive, there is none on my memory stick.

"Deleting" a file does not actually delete it marks just the space
also available to be used. There are third-party programs that can
sometimes recover deleted files. The problem is that the space used by
the file is likely to be replaced very quickly, and it makes
the unrecoverable file.

So your chances of successfully recover this file are decent if you
Try it again immediately after the deletion of it and go quickly
downhill from there if you write other files on the device.

But if the file is large enough, it's still worth a try. Stop
written on the memory stick immediately, if you did not
already. Download an undelete program (and here's one:)
http://www3.TELUS.NET/mikebike/restoration.html but there are several
others to choose from; Do a search)

Ken Blake, Microsoft MVP

How can I change one single subscription to another

How can I change one single subscription to another when I only have the option to cancel and not to change my subscription?

The change of regime is also possible (if any) by contacting support via Contact Customer Care

You can also cancel the present CC & buy the CC of your choice. Change of plan varies according to the current plan you have.

Concerning

Stéphane

How to limit Ganymede user to logon to another device of base on the location profile group

Similar Questions

Maybe you are looking for