Cionsystems Multifactor install fail with error “You need to be an administrator to install this product”!

To Resolve this issue on the domain join machine need to follow the below steps for the Installation of Cionsystems Multifactor Auth for all.

STEPS TO BE FOLLOWED WHILE INSTALLING CIONSYSTEMS MULTIFACTOR ..

1. Login to your machine with the user name and password.

2. Start–> command prompt –>Right click on cmd and run as administrator.

3. After that it will prompt for local administrator credentials. Provide local administrator credentials and click yes (local admin on machine).

4. Type the command lusrmgr.msc and press enter.

5. Click on groups.

6. Here you need to add the domain user to the local admin administrator group or local user group, double click on Administrators or Users group as shown.

7. Click on add button.

8. Type the domain user name and click on ok button.

9 Type the domain user name and password and click on ok and apply button.

10.After adding the user restarts your machine.(mandatory)

11. After rebooting double click on the multifactor Auth Installer.exe file.

12. Proceed with installation setup process.

13. Once you click on the Installation button it will prompt for the user name and password type the local admin user name and password.

14. The installation proceeds further and finishes successfully.



Automate Report Generation on Daily /Weekly Basis in ADM Pro.

  1. Login into ADM Pro Manager with admin user

2. Go to Admin option –>Click on Server Settings –> Click on SMTP  Server Settings

3. Enter SMTP Server information, Enter Email address from which mail  id, email has to be send and enter User name and Password then authenticate  it. Now select User Secure Connection (SSL/TLS) option and enter port number. Click on Save button to save SMTP Settings.

4. Go to AD Reports àClick on User à Click on “Recently Not Logged on Users” from Logon Reports as shown below

5. When we click on Recently Not Logged on Users then it will open a Pop up window as shown below


6. As shown above select the domain and select OUS (optional). If OUs selected then it will generate report for that OUs only. Otherwise it will generate complete Domain report. Enter No.of Days value and click on generate button.

7. Report will be generated as shown above

8. Now we need to schedule this report to be generate automatically and the same report will be send to the required mail id on daily or weekly or monthly basis on scheduled time.

9. Go to AD Reports –>Click on User –> Click on Recently Not Logged on Users from Logon Reports and click on Schedule this report option as shown below.

10. Once we click on “Schedule This Report” link button, window will open as below.

11.As shown above click on create button it will redirected to the Report Schedule Settings screen as below .Here enter the Schedule Name and select Schedule Frequency as Daily or Weekly or Monthly and select Email format as anyone from the list.

12. Click on Reports ‘+’ button it will open the popup as shown below

13. Now Select User Reports option by clicking on ‘+’ .It will shows the list of reports. Now select the “Recently Not Logged on Users” report and click on Ok button as shown below.

14. Once we click on ok this report will be added in Reports list as shown below. Now select the date on which date report need to be generate automatically. By Selecting Start from Date option.

15. Now set the time of scheduling .Select Account Status as Active and Enter the Required Email Address to which mail need to be send as shown below.

16. Now click on save button. Once Schedule created it will shows the scheduled list as below

17. Will receive the generated report through mail.

18 Check the mail after schedule time and check the mail attachments.


Features to be enable on Windows server to get SysInv Details and Local Admin Group Members All Reports

Go to Server Manager Select add roles and features. Select Features-> Remote Server Administration Tools

Select Role Administration Tools-> AD DS and AD LDS Tools-> Active Directory module for Windows Powershell-> Click on Next

Allow the WMI Control Permission and DCOM remote launch and activation permissions for a Service Account user of ADMPro to get the following Reports in ADMPro

ADMPro > ADReports > Computer and Contact > ComputerGeneral Reports

1. Details of Installed Applications(PS)

2. Details of Installed Patches(PS)

Below are the steps:

1. Start menu, click Run and type wmimgmt.msc

2. WMI Control window appear, right-click WMI Control, choose Properties, and then select the Security tab.

3. Click on Security button, and then add the user and permissions.

DCOM remote launch and activation permissions for a Service Account user

1. Click Start, click Run, type DCOMCNFG, and then click OK.

WMI1

2. In the Component Services dialog box, expand Component Services>Computers and then right-click My Computer and click Properties.

3. In the My Computer Properties dialog box, click on COM Security tab.

4. Under Launch and Activation Permissions, click  on Edit Limits.

5. In the Launch Permission dialog box, follow the below steps

  • In the Launch Permission dialog box, click Add.
  • In the Select Users, Computers, or Groups dialog box, add your name and then click OK

6. In the  Launch Permission dialog box, select your user in the user names box. In the Allow column under Permissions for User, select Remote Launch and select Remote Activation, and then click OK.

Also grant the DCOM remote access permissions to ANONYMOUS LOGON

  1. Repeat the above 1 to 6 step.
  2. In the Access Permission dialog box, select ANONYMOUS LOGON name in the Group or user names box. In the Allow column under Permissions for User, select Remote Access, and then click OK.

Exchange and Lync Domain Account Settings

Exchange and Lync Domain Account Settings
For exchange and lync user creation the configured domain account should be a member of the following 2 groups.
1. Organization Management (This is required for Exchange to work properly)
2. RTCUniversalUserAdmins (This is required for Lync  to work properly)

Basic openldap queries and config files

To list no of establish connections
netstat -an | grep “:389.*EST” | wc -l
netstat -an | grep -c “:389”
To list all the connections with ip detaials
lsof -i tcp:389
To view the config.ldif file from the openldap command line prompt
vi /etc/openldap/slapd.d/cn=config.ldif
To edit the file from the particular path in openldap using command line to edit the olcIdletimeout setting
gedit /etc/openldap/slapd.d/cn=config.ldif
To Come out of the editor use : then type quit (:quit)
To edit no of concurrent connections in openldap
gedit etc/security/limits.d/90-nproc.conf
To see the version of openldap
slapd -VV
To list the directories
ls
Commands to start ,stop and restart
service slapd stop
service slapd start
service slapd restart
service slapd status

For changing concurrent connections go to the following file

Places –> Computer –> Filesystem ->etc ->Security -> limits.d -> 90-nproc.conf

For changing idletimeout

Filesystem ->etc ->openldap -> slapd.d -> config.ldif change olcIdleTimeOut value by default it is 0 which means dont clear the connections ,if you change this to 60 , the connections will get cleared in 1min

This file is use to set the size limit.

Filesystem -> etc -> openldap -> ldap.conf