24. April 2014 · Comments Off on Creating Read-Only User Accounts on Cisco ASA5500 · Categories: Cisco · Tags: , , , , , ,

All users configured on the ASA are assigned a privilege level. This privilege level is specified when configuring the username as follows:

hostname(config)# username name password password privilege priv_level

The privilege level can be any value from 0 (least permissive) to 15 (most permissive), with 2 being the default. Do note that if you want to grant the user access to privileged EXEC mode, you should use the range from 2 to 15. For the purpose of assigning read-only access to a user, we will use a privilege level of 5.

AAA refers to authentication, authorization and accounting. It allows us to authenticate who the user is, authorize what that user is allowed to do, and then keep an accounting record showing what that user has done. In order to create a read-only user account, we need to define which commands the user should be granted access to. This requires knowledge of who the user is, so we first need to ensure that user authentication is configured.

To enable AAA authentication, use the following command:

More »

25. March 2013 · Comments Off on How can I stop users from using PST files · Categories: Microsoft · Tags: , , ,

PST files are a burden in many environments. They’re hard to manage, hard to perform discovery on, and prone to loss when stored on local machines. Many companies now use archiving solutions at the mail server, such as the Exchange 2010 archiving functionality, to avoid the need for user PST files.

Briefly, these are some of the problems with PST files:

  • Microsoft does not support using PST files over a LAN or WAN network (KB267019). Using PST files located on network shares can slow down Outlook and can cause corruption of the PST file.
  • Anti-virus countermeasures cannot be implemented on PST files as easily as Exchange Server mailbox databases.
  • It is difficult to accurately report on PST file use, making reporting on organizational mail storage and planning for future growth difficult.
  • Managing content of PST files is difficult.  Exchange Server provides tools to manage the content of mailboxes (such as Messaging Records Management) and to export or remove data from mailboxes (such as the Export-Mailbox cmdlet) but there are no such tools to manage the content of PST files.
  • Local PST files are difficult to back up, making them vulnerable to data loss.

To phase out PST files, take a two phase approach. First, you can stop users from writing to PST files but still allow them to read from then. You can then totally block PST files.
More »