Re: Measurements
@Joe, Please find answers to your queries in black: Is your solution good for NON-ITSM - home grown type of Remedy applications, that are web driven (Mid-Tier).. - Yes, Vyom Performance TestEdge support NON-ITSM (home grown / customized) type of Remedy applications that are web driven (Mid-tier). Does it fire/execute Active Links (process client side workflow)? - Vyom Performance TestEdge supports browser based client. Active links are supported. We do not support user tool. What if I need to test for more than 100 users? What does it cost? - Cost details are dynamic, based on various parameters. We can take this conversation offline to discuss in detail. I will connect you with our team in a separate mail. We are travelling to WWRUG'13, if you are there we can speak in person as well! Warm Regards, Kunal Sonawala Manager, Marketing, Vyom Labs Pvt. Ltd. Email: kunal.sonaw...@vyomlabs.com || Web Site: www.vyomlabs.com http://www.vyomlabs.com/ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Joe D'Souza Sent: Friday, September 06, 2013 3:58 AM To: arslist@ARSLIST.ORG Subject: Re: Measurements ** Kunal, Is your solution good for NON-ITSM - home grown type of Remedy applications, that are web driven (Mid-Tier).. Does it fire/execute Active Links (process client side workflow)? What if I need to test for more than 100 users? What does it cost? Joe _ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Kunal Sonawala Sent: Thursday, September 05, 2013 2:32 AM To: arslist@ARSLIST.ORG Subject: Re: Measurements @Koyb, if you have 100 users, you can try out Vyom Performance TestEdge (BMC Remedy Performance Testing Solution) for free. You can demand 'Free Trial for 100 Users' using this url: http://ow.ly/ozXwN Feel free to reach out in case of any questions. Warm Regards, Kunal Sonawala Manager, Marketing, Vyom Labs Pvt. Ltd. Email: kunal.sonaw...@vyomlabs.com || Web Site: www.vyomlabs.com http://www.vyomlabs.com/ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Koyb P. Liabt Sent: Thursday, September 05, 2013 12:48 AM To: arslist@ARSLIST.ORG Subject: Measurements ** Hi, Are there any tools to measure the performance of the ITSM workflow, and possibly the server? We are having major performance issues and hoping to get some metrics to see where the bottlenecks are. Hopefully there are free tools also. _ARSlist: Where the Answers Are and have been for 20 years_ _ARSlist: Where the Answers Are and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Incident Management Console showing wrong incidents
Hi List, our Incident console in ITSM 7.6.03 seems to show the wrong incidents. It also contains incidents that were previously assigned to the group of the user and then routed to another. This is only happening in Incident Management Console, but not in Overview Console. Has anyone of you noticed the same behaviour and found a solution for it? Regards, Thomas ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Removing links in Email notifications?
Listers, I want to remove the links at top of the Customer Receipt Information and Customer Resolution notification mails from our ITSM 7.6.03, but those links are not shown in the respective template. Is there a chance we can only remove this from the two notifications towards customer, and keep the link for the others? Thanks, Thomas ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Measurements
Thanks for your response. I got your invite on LinkedIn - lets chat there. Joe _ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Kunal Sonawala Sent: Friday, September 06, 2013 2:54 AM To: arslist@ARSLIST.ORG Subject: Re: Measurements @Joe, Please find answers to your queries in black: Is your solution good for NON-ITSM - home grown type of Remedy applications, that are web driven (Mid-Tier).. - Yes, Vyom Performance TestEdge support NON-ITSM (home grown / customized) type of Remedy applications that are web driven (Mid-tier). Does it fire/execute Active Links (process client side workflow)? - Vyom Performance TestEdge supports browser based client. Active links are supported. We do not support user tool. What if I need to test for more than 100 users? What does it cost? - Cost details are dynamic, based on various parameters. We can take this conversation offline to discuss in detail. I will connect you with our team in a separate mail. We are travelling to WWRUG'13, if you are there we can speak in person as well! Warm Regards, Kunal Sonawala Manager, Marketing, Vyom Labs Pvt. Ltd. Email: kunal.sonaw...@vyomlabs.com || Web Site: www.vyomlabs.com http://www.vyomlabs.com/ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Joe D'Souza Sent: Friday, September 06, 2013 3:58 AM To: arslist@ARSLIST.ORG Subject: Re: Measurements ** Kunal, Is your solution good for NON-ITSM - home grown type of Remedy applications, that are web driven (Mid-Tier).. Does it fire/execute Active Links (process client side workflow)? What if I need to test for more than 100 users? What does it cost? Joe _ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] mailto:%5bmailto:arslist@ARSLIST.ORG%5d On Behalf Of Kunal Sonawala Sent: Thursday, September 05, 2013 2:32 AM To: arslist@ARSLIST.ORG Subject: Re: Measurements @Koyb, if you have 100 users, you can try out Vyom Performance TestEdge (BMC Remedy Performance Testing Solution) for free. You can demand 'Free Trial for 100 Users' using this url: http://ow.ly/ozXwN Feel free to reach out in case of any questions. Warm Regards, Kunal Sonawala Manager, Marketing, Vyom Labs Pvt. Ltd. Email: kunal.sonaw...@vyomlabs.com || Web Site: www.vyomlabs.com http://www.vyomlabs.com/ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] mailto:%5bmailto:arslist@ARSLIST.ORG%5d On Behalf Of Koyb P. Liabt Sent: Thursday, September 05, 2013 12:48 AM To: arslist@ARSLIST.ORG Subject: Measurements ** Hi, Are there any tools to measure the performance of the ITSM workflow, and possibly the server? We are having major performance issues and hoping to get some metrics to see where the bottlenecks are. Hopefully there are free tools also. _ARSlist: Where the Answers Are and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Removing links in Email notifications?
You can modify the filters which sends these notification and uncheck the url option. From: Anders, Thomas (ext)-2 [via ARS (Action Request System)] [mailto:ml-node+s1093659n7591507...@n2.nabble.com] Sent: 06 September 2013 14:03 To: Dhananjay Deshpande Subject: Removing links in Email notifications? Listers, I want to remove the links at top of the Customer Receipt Information and Customer Resolution notification mails from our ITSM 7.6.03, but those links are not shown in the respective template. Is there a chance we can only remove this from the two notifications towards customer, and keep the link for the others? Thanks, Thomas ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.orghttp://www.arslist.org Where the Answers Are, and have been for 20 years If you reply to this email, your message will be added to the discussion below: http://ars-action-request-system.1093659.n2.nabble.com/Removing-links-in-Email-notifications-tp7591507.html To start a new topic under ARS (Action Request System), email ml-node+s1093659n1093659...@n2.nabble.commailto:ml-node+s1093659n1093659...@n2.nabble.com To unsubscribe from ARS (Action Request System), click herehttp://ars-action-request-system.1093659.n2.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_codenode=1093659code=ZGhhbmFuamF5LmRlc2hwYW5kZUBpbi5mdWppdHN1LmNvbXwxMDkzNjU5fC04NjQwNTQzOTI=. NAMLhttp://ars-action-request-system.1093659.n2.nabble.com/template/NamlServlet.jtp?macro=macro_viewerid=instant_html%21nabble%3Aemail.namlbase=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespacebreadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml -- View this message in context: http://ars-action-request-system.1093659.n2.nabble.com/Removing-links-in-Email-notifications-tp7591507p7591509.html Sent from the ARS (Action Request System) mailing list archive at Nabble.com. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
ADM: Timing test, please ignore
12:15 pm ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
ADM: timing test two, lets see if it is down from 22 hours
8:33am EST ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
BMC Official License Management.
Hi folks, i'd need of an official document by BMC that describe the licence management type of Remedy. in particulary BMC:Incident Mgmt User Floating. i.e. Bmc Remedy 7.1 1. when a user do login,the system checks the availability of license (checks Write Pool) if a license is available this is 'detached' (assigned to the user logged in)! 2. the release occurs at the time of logoff I hope i'm clear !!! Thanks in advance, Pietro ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Incident Management Console showing wrong incidents
You might want to check if the Incident ownership is still with the original group (this can be found in the date/system tab). Incident Console display tickets owned by a support group too. Anusha Das NRC-ITISS Remedy Developer ITIL V3 Foundations Dell | Services, Federal Government Office + 1 240.406.9864 anusha_...@federal.dell.com -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Thomas Sent: Friday, September 06, 2013 3:24 AM To: arslist@ARSLIST.ORG Subject: Incident Management Console showing wrong incidents Hi List, our Incident console in ITSM 7.6.03 seems to show the wrong incidents. It also contains incidents that were previously assigned to the group of the user and then routed to another. This is only happening in Incident Management Console, but not in Overview Console. Has anyone of you noticed the same behaviour and found a solution for it? Regards, Thomas ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Estimate Licenses needed - fixed/floating etc
Hi all, I have seen this doc earlier (white paper for older version) but can not seem to find it now. Any help would be appreciated Need to estimate (for a new project) how many licenses to get (read and fixed) � Thanks Atul ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Categorizations
Hi, How do I change the CTIs that came from ADDM thru normalization? We configured the product catalog with Normalization type = CTI. To configure the product catalog, we are only allowed 1 unique value. ADDM provides 2 different values. For example ADDM send the CMDB both: Hardware Peripheral Printer...OR Hardware /peripheral/printer We observed inconsistent data like this in the BMC.ASSET. We cleaned up BMC.ASSET and now want to correct the source data. If you are saying this can be done via normalization, then I must be missing a step. How would normalization resolve this issue - if the Product Catalog only allows 1 unique entry? From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Tomasiewicz, Mike (Information Technology) Sent: Thursday, September 05, 2013 4:55 PM To: arslist@ARSLIST.ORG Subject: Re: Categorizations ** Kathy, Is there a reason not to use the normalization engine from within the CMDB and leave the ADDM out-of-the-box categorizations alone? You may box yourself into a corner regarding pattern updates and ADDM upgrades if you alter the existing TPLs. .: Mike T :. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Kathy Morris Sent: Thursday, September 05, 2013 1:28 PM To: arslist@ARSLIST.ORG Subject: Categorizations ** Hi, We are looking to use TPL to correct the name on Category, Type, Item for some assets discovered in ADDM. About how long would this take to fix in ADDM using TPL? (1/2 hour, 1 hour, 2 hours? ) _ARSlist: Where the Answers Are and have been for 20 years_ _ARSlist: Where the Answers Are and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Categorizations
You need to open an issue with ADDM support this appears to be a bug since the CTI is hard coded. -Original Message- From: Kathy Morris kathymorris...@aol.com To: arslist arslist@ARSLIST.ORG Sent: Fri, Sep 6, 2013 10:28 am Subject: Re: Categorizations ** Hi, How do I change the CTIs that came from ADDM thru normalization? We configured the product catalog with Normalization type = CTI. To configure the product catalog, we are only allowed 1 unique value. ADDM provides 2 different values. For example ADDM send the CMDB both: Hardware Peripheral Printer…..OR Hardware /peripheral/printer We observed inconsistent data like this in the BMC.ASSET. We cleaned up BMC.ASSET and now want to correct the source data. If you are saying this can be done via normalization, then I must be missing a step. How would normalization resolve this issue – if the Product Catalog only allows 1 unique entry? From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Tomasiewicz, Mike (Information Technology) Sent: Thursday, September 05, 2013 4:55 PM To: arslist@ARSLIST.ORG Subject: Re: Categorizations ** Kathy, Is there a reason not to use the normalization engine from within the CMDB and leave the ADDM out-of-the-box categorizations alone? You may box yourself into a corner regarding pattern updates and ADDM upgrades if you alter the existing TPLs. .: Mike T :. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Kathy Morris Sent: Thursday, September 05, 2013 1:28 PM To: arslist@ARSLIST.ORG Subject: Categorizations ** Hi, We are looking to use TPL to correct the name on Category, Type, Item for some assets discovered in ADDM. About how long would this take to fix in ADDM using TPL? (1/2 hour, 1 hour, 2 hours? ) _ARSlist: Where the Answers Are and have been for 20 years_ _ARSlist: Where the Answers Are and have been for 20 years_ _ARSlist: Where the Answers Are and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Categorizations
We did and BMC told us to use TPL. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Roger Justice Sent: Friday, September 06, 2013 10:43 AM To: arslist@ARSLIST.ORG Subject: Re: Categorizations ** You need to open an issue with ADDM support this appears to be a bug since the CTI is hard coded. -Original Message- From: Kathy Morris kathymorris...@aol.com To: arslist arslist@ARSLIST.ORG Sent: Fri, Sep 6, 2013 10:28 am Subject: Re: Categorizations ** Hi, How do I change the CTIs that came from ADDM thru normalization? We configured the product catalog with Normalization type = CTI. To configure the product catalog, we are only allowed 1 unique value. ADDM provides 2 different values. For example ADDM send the CMDB both: Hardware Peripheral Printer…..OR Hardware /peripheral/printer We observed inconsistent data like this in the BMC.ASSET. We cleaned up BMC.ASSET and now want to correct the source data. If you are saying this can be done via normalization, then I must be missing a step. How would normalization resolve this issue – if the Product Catalog only allows 1 unique entry? From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG mailto:arslist@ARSLIST.ORG? ] On Behalf Of Tomasiewicz, Mike (Information Technology) Sent: Thursday, September 05, 2013 4:55 PM To: arslist@ARSLIST.ORG Subject: Re: Categorizations ** Kathy, Is there a reason not to use the normalization engine from within the CMDB and leave the ADDM out-of-the-box categorizations alone? You may box yourself into a corner regarding pattern updates and ADDM upgrades if you alter the existing TPLs. .: Mike T :. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Kathy Morris Sent: Thursday, September 05, 2013 1:28 PM To: arslist@ARSLIST.ORG Subject: Categorizations ** Hi, We are looking to use TPL to correct the name on Category, Type, Item for some assets discovered in ADDM. About how long would this take to fix in ADDM using TPL? (1/2 hour, 1 hour, 2 hours? ) _ARSlist: Where the Answers Are and have been for 20 years_ _ARSlist: Where the Answers Are and have been for 20 years_ _ARSlist: Where the Answers Are and have been for 20 years_ _ARSlist: Where the Answers Are and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Prevent MT Login
Good point. I had a different idea of redirecting the user to another URL altogether but thought to myself, That's not appropriate for work so I changed it before I sent the email. Thanks, Shawn Pierson Remedy Developer | Energy Transfer -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Joe D'Souza Sent: Friday, September 06, 2013 3:43 PM To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login Perform-action-exit-app is the better to use than just calling the logout page using the open url page.. I'm not sure it will actually do a logout by opening the logout page that way.. Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Pierson, Shawn Sent: Friday, September 06, 2013 4:34 PM To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login I could see this being useful for automation as well. For example, you create an account to integrate with a monitoring tool that uses the Remedy API to create Incidents, but you don't want the owner of that account to log in and manually use Remedy with that account. If you wanted to do a mean approach, you could probably just create an Active Link that is triggered On Display whenever they log in to the Remedy Home Page that checks for $USER$ = usernametoblock and do a Run Process of PERFORM-ACTION-OPEN-URL http://yourremedyserver/arsys/shared/logout.jsp; Thanks, Shawn Pierson Remedy Developer | Energy Transfer -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 3:30 PM To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login Client tool I do not only refer to User Tool.. It can be dev studio, spoon client, import tool etc.. this solution if possible through a non-workflow mechanism can help in preventing unnecessary login through generic accounts over web URL which is available over internet.. Client tools access we can restrict through VPN or other ways. If there can be a mechanism to blacklist some accounts to login through web; This can be one of the major security requirements to make sure Admin accounts are not misused. Sent from my BlackBerry(r) smartphone from !DEA -Original Message- From: Joe D'Souza jdso...@shyle.net Sender: Action Request System discussion list(ARSList) arslist@ARSLIST.ORG Date: Fri, 6 Sep 2013 16:02:47 To: arslist@ARSLIST.ORG Reply-To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login PERFORM-APPLICATION-LOGOUT from the home page or any other page that the user might have access too if the $CLIEMT-TYPE$ = 9.. Why would you have such a requirement though when the future versions does not support access through the native User client? This is a workflow mechanism - it will be impossible to do it with a non workflow mechanism. Unless you are free to employ a security guard to stand besides that employee and beat the crap out of him if he tries to log in through the mid tier.. That would be a non workflow mechanism :) - primitive - but will work.. :) Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 3:59 PM To: arslist@ARSLIST.ORG Subject: Prevent MT Login Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerryR smartphone from !DEA ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years Private and confidential as detailed here: http://www.energytransfer.com/mail_disclaimer.aspx . If you cannot access the link, please e-mail sender. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years Private and confidential as detailed here: http://www.energytransfer.com/mail_disclaimer.aspx . If you cannot access the link, please e-mail sender. ___ UNSUBSCRIBE or access ARSlist
Re: Ha! Remedy Developer T-Shirts
Im leaning towards Engineer 1 and 2 being the same person :-).. On a more serious note, why isnt there ever a recommendation by BMC Software on what Group IDs would be an ideal User Range.. Off late I have resorted to a fairly large number starting at 5 and above for custom development work, and to be on the safer side that BMC would not coincidentally use that I throw a random digit or two in the middle of it so lets say 50001, and then next group as 500010001 and so on in the same application, 50002 for another unrelated application and so on.. I know we have the archgid to save us in case BMC ever uses one of our defined group IDs, but it tends to get messy at times when you do that as there is a chance those IDs were used in application data, which will result in a lengthy cleanup process even if you do have utilities to do that.. I guess what Im saying is that it would be nice to get BMC to declare a standard on user range for Group IDs too. Joe _ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Mueller, Doug Sent: Friday, September 06, 2013 2:03 PM To: arslist@ARSLIST.ORG Subject: Re: Ha! Remedy Developer T-Shirts Or maybe, it was just one poor sole who thought that the field ID being 32 bits gives a maxint of about 2 billion so why not give Remedy about ¼ of that space and customers ¾ and then to say that OK, a way to do that is 2^29 since 2^31 is the total, that is about ¼ so let's go with that . .. Doug Mueller From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Jason Miller Sent: Friday, September 06, 2013 10:05 AM To: arslist@ARSLIST.ORG Subject: Re: Ha! Remedy Developer T-Shirts ** So I started to wonder why 536870912 at the beginning. Seems a bit of on odd first ID number. I wonder if it was because that is 512 megabits? Because it is 64 megabytes? There must be some kind of meaning. Engineer 1: Hey, we need a really large number for the first field ID in the customer range Engineer 2: What is 64 megabytes in bits? Engineer 1: 536870912 Engineer 1+2: Yeah, let's use that note: this is a reenactment of how it may have happened. It is possible Engineer 1 and 2 was the same person :) Inline image 1 http://www.matisse.net/bitcalc/?input_amount=536%2C870%2C912+ http://www.matisse.net/bitcalc/?input_amount=536%2C870%2C912+input_units=b itsnotation=legacy input_units=bitsnotation=legacy On Fri, Sep 6, 2013 at 8:16 AM, Longwing, Lj llongw...@usgs.gov wrote: ** I would hafta say that because that the 'current' first field ID :) On Fri, Sep 6, 2013 at 9:06 AM, John J Reiser john.j.rei...@lmco.com wrote: Might be showing my (Remedy) age hear but why 536870913 instead of 536870912. (before VUIs) That number will forever be burned into my brain as the first user defined field. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years _ARSlist: Where the Answers Are and have been for 20 years_ _ARSlist: Where the Answers Are and have been for 20 years_ _ARSlist: Where the Answers Are and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years image001.gif
Re: Prevent MT Login
That is an interesting requirement. I can see where this would be desirable though. I have just started to work with MyIT but so far I haven't seen any way to do this without adding workflow in Remedy since MyIT uses the User record for authentication. If there isn't a way you might want to put in an enhancement request: https://communities.bmc.com/create-idea!input.jspa?containerType=14containerID=3615 Jason On Fri, Sep 6, 2013 at 12:58 PM, SUBSCRIBE arslist Aditya Sharma heloits...@gmail.com wrote: Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerry® smartphone from !DEA ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Prevent MT Login
Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerry® smartphone from !DEA ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Friday Humor: Prevent MT Login
Chop off his fingers? -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Joe D'Souza Sent: Friday, September 06, 2013 3:06 PM To: arslist@ARSLIST.ORG Subject: Re: Friday Humor: Prevent MT Login Oh ya that would work too.. I was thinking of slightly violent alternatvies :) Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Tauf Chowdhury Sent: Friday, September 06, 2013 4:04 PM To: arslist@ARSLIST.ORG Subject: Friday Humor: Prevent MT Login Hmm non workflow. Uninstall IE/Firefox/Chrome/Opera etc. That'll do it! Sent from my iPhone On Sep 6, 2013, at 3:59 PM, SUBSCRIBE arslist Aditya Sharma heloits...@gmail.com wrote: Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerryR smartphone from !DEA ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Prevent MT Login
That would also break the MyIT Universal Client if they are supposed to be using it from their desktop (assuming Chrome is their browser). Also I can see that one going through CAB to get approval to push that down to x thousands of machines based on username. And then they just use their friends computer who is allowed access :) On Fri, Sep 6, 2013 at 1:10 PM, Tauf Chowdhury taufc...@gmail.com wrote: Seriously though, assuming the user is using a Widows OS, you can edit the HOST file and put a bogus IP address in for the web server DNS name. Make sure they either: 1: Don't see you doing it or 2: Don't have permissions to change it back. Sent from my iPhone On Sep 6, 2013, at 3:59 PM, SUBSCRIBE arslist Aditya Sharma heloits...@gmail.com wrote: Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerry® smartphone from !DEA ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Incident Management Console showing wrong incidents
We created an application assignment rule for Incident Owner which defaults all tickets to our Service Desk. This prevents those tickets from displaying in the originators queue after they have been transferred. It also provides our service desk with access and views to all of the incidents. Win-win. .: Mike T :. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Thomas Sent: Friday, September 06, 2013 2:24 AM To: arslist@ARSLIST.ORG Subject: Incident Management Console showing wrong incidents Hi List, our Incident console in ITSM 7.6.03 seems to show the wrong incidents. It also contains incidents that were previously assigned to the group of the user and then routed to another. This is only happening in Incident Management Console, but not in Overview Console. Has anyone of you noticed the same behaviour and found a solution for it? Regards, Thomas ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: OT: Prevent MT Login
** You could use Disable-Client-Operation: 9 in ar.conf You can specify times and an exclusion group of users it should not apply to.Not code, configuration...Look in your config guide for exact syntax.. Sent from my BlackBerry 10 smartphone on the Bell network. From: Joe D'SouzaSent: Friday, September 6, 2013 4:18 PMTo: arslist@ARSLIST.ORGReply To: arslist@ARSLIST.ORGSubject: OT: Prevent MT Login** Na.. those were beautiful! I wish I get to see them at least once again before I donât have to travel to Alaska no more.. My next trip is scheduled to be my last.. I like the DNS spoofing idea from Tauf â only that these days most IT employees are smart enough to realize whatâs happening, and if they have access to edit their own host file, could revert it back. I really donât think there is a fool proof non workflow mechanism that canât get in legal trouble to do what needs to be done. Workflow seems to be the safest bet. Joe From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Jason Miller Sent: Friday, September 06, 2013 4:11 PM To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login ** Wow Joe, wow 8-) I wonder if there is some radiation coming off the Aurora and soaking into your brain... On Fri, Sep 6, 2013 at 1:02 PM, Joe D'Souza jdso...@shyle.net wrote: PERFORM-APPLICATION-LOGOUT from the home page or any other page that the user might have access too if the $CLIEMT-TYPE$ = 9.. Why would you have such a requirement though when the future versions does not support access through the native User client? This is a workflow mechanism - it will be impossible to do it with a non workflow mechanism. Unless you are free to employ a security guard to stand besides that employee and beat the crap out of him if he tries to log in through the mid tier.. That would be a non workflow mechanism :) - primitive - but will work.. :) Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 3:59 PM To: arslist@ARSLIST.ORG Subject: Prevent MT Login Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerryR smartphone from !DEA ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years" _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_
Re: Friday Humor: Prevent MT Login
Oh ya that would work too.. I was thinking of slightly violent alternatvies :) Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Tauf Chowdhury Sent: Friday, September 06, 2013 4:04 PM To: arslist@ARSLIST.ORG Subject: Friday Humor: Prevent MT Login Hmm non workflow. Uninstall IE/Firefox/Chrome/Opera etc. That'll do it! Sent from my iPhone On Sep 6, 2013, at 3:59 PM, SUBSCRIBE arslist Aditya Sharma heloits...@gmail.com wrote: Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerryR smartphone from !DEA ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: How many escalation pools do you have...?
I believe the limit is based on hardware capacity On Fri, Sep 6, 2013 at 11:34 AM, Pruitt, Christopher (Bank of America Account) christopher.pru...@hp.com wrote: ** I have a question regarding this topic. Is there a limit on the number of Escalation Pools you can have on a server? We currently run with 4 but I was wondering if we can increase that to a number higher than that and if so what it the maximum number allowed? ** ** *Christopher Pruitt* Business Consulting III Remedy Developer *HP Enterprises Services* *christopher.pru...@hp.com* www.hp.com [image: HP_logo] ** ** ** ** *Confidentiality Notice:* This message and any files transmitted with it are intended for the sole use of the entity or individual to whom it is addressed, and may contain information that is confidential, privileged, and exempt from disclosure under applicable law. If you are not the intended addressee for this e-mail, you are hereby notified that any copying, distribution, or dissemination of this e-mail is strictly prohibited. If you have received this e-mail in error, please immediately destroy, erase, or discard this message. Please notify the sender immediately by return e-mail if you have received this e-mail by mistake.* *** ** ** *From:* Action Request System discussion list(ARSList) [mailto: arslist@ARSLIST.ORG] *On Behalf Of *Thad Esser *Sent:* Friday, September 06, 2013 11:19 AM *To:* arslist@ARSLIST.ORG *Subject:* Re: How many escalation pools do you have...? ** ** ** My first thought was the same as Fred's - do you have enough queues defined, so I can't offer much more in that regard. However, you mention that you are restarting the server to clear up the dead thread. Back in the 6.3 days, there was a version (patch 21 I think), where you could end up with ghost threads for escalations. The fix was to disable escalations on the server settings, which would kill all the escalation threads, and then re-enable the setting, which starts them back up. Changing this setting doesn't require a restart of the AR server. So while your issue is slightly different, maybe doing that will clear your dead thread without having to restart the whole server. ** ** Thad ** ** On Thu, Sep 5, 2013 at 5:35 PM, William Rentfrow wrentf...@stratacominc.com wrote: ** I can see it in the logs. All of the escalations that have no pool defined will run in a random thread. For example, our 4th thread was defined for a custom notification-type escalation. It is the only thing that is assigned to pool 4 - but in the logs I see other threads accessing that pool - especially during those times when the escalation defined for pool 4 has died. B. *From:* Action Request System discussion list(ARSList) [mailto: arslist@ARSLIST.ORG] *On Behalf Of *Grooms, Frederick W *Sent:* Thursday, September 05, 2013 5:27 PM *To:* arslist@ARSLIST.ORG *Subject:* Re: How many escalation pools do you have...? ** We currently have 3 pools on a pure custom (NON ITSM) system. Where did you hear that pools are shared? According to the docs the only time an escalation specified to run in a pool (thread) will run in a different pool is if you don’t define enough thread queues for the number of pools you are using. (i.e. You tell an escalation to run in pool 4 but you only have 2 escalation queues defined. The escalations set for pools 3 and 4 run in the first one instead). Escalations are delayed if another is running in the pool. Straight from the docs Escalations can be assigned to pools so the escalations from each pool run in parallel on separate threads within the escalation queue. To use escalation pools, you must first configure multiple threads for the escalation queue as described in the Configuration Guide, “Queues,” page 27. If you assign an escalation to a pool that has no thread configured, the escalation is run by the first thread. All escalations in a particular pool run on the same thread, so the execution of escalations within a pool is serialized. Escalations run in the order of their firing times, but an escalation is delayed if an escalation from the same pool is currently running. If two or more escalations have dependencies and must not run at the same time, put them into the same pool to make sure they run in sequence. Fred *From:* Action Request System discussion list(ARSList) [mailto: arslist@ARSLIST.ORG] *On Behalf Of *William Rentfrow *Sent:* Thursday, September 05, 2013 5:06 PM *To:* arslist@ARSLIST.ORG *Subject:* How many escalation pools do you have...? ** Hi listers - So we have an infrequent but recurring problem. One of our mission-critical escalations (interval, 5 minutes) will every once in a while
Re: Prevent MT Login
Yeah what happened to peace, love, and happiness Joe? Now it's punch, kick, and choke Joe. Sent from my iPhone On Sep 6, 2013, at 4:11 PM, Jason Miller jason.mil...@gmail.com wrote: ** Wow Joe, wow 8-)I wonder if there is some radiation coming off the Aurora and soaking into your brain... On Fri, Sep 6, 2013 at 1:02 PM, Joe D'Souza jdso...@shyle.net wrote: PERFORM-APPLICATION-LOGOUT from the home page or any other page that the user might have access too if the $CLIEMT-TYPE$ = 9.. Why would you have such a requirement though when the future versions does not support access through the native User client? This is a workflow mechanism - it will be impossible to do it with a non workflow mechanism. Unless you are free to employ a security guard to stand besides that employee and beat the crap out of him if he tries to log in through the mid tier.. That would be a non workflow mechanism :) - primitive - but will work.. :) Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 3:59 PM To: arslist@ARSLIST.ORG Subject: Prevent MT Login Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerryR smartphone from !DEA ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years _ARSlist: Where the Answers Are and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: OT: Prevent MT Login
True.. java scripts written on the login page are subject to break when you update a patch unless you manually fix the page again. Workflow approach will not have that limitation.. Joe _ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Tauf Chowdhury Sent: Friday, September 06, 2013 4:23 PM To: arslist@ARSLIST.ORG Subject: Re: OT: Prevent MT Login It would Ken. It's up to the poster. I would think writing workflow is easier then getting JavaScript in so who knows. Sent from my iPhone On Sep 6, 2013, at 4:20 PM, Cecil, Ken kce...@hubbell.com wrote: ** My suggestion was neither. Use javascript to catch the user id in the submit of the midtier login.jsp page and redirect that user to an error page. Ken. Would it not work? Ken. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Jason Miller Sent: Friday, September 06, 2013 4:19 PM To: arslist@ARSLIST.ORG Subject: Re: OT: Prevent MT Login ** I agree it it is either workflow or a BMC provided option baked into the product. On Fri, Sep 6, 2013 at 1:17 PM, Joe D'Souza jdso...@shyle.net wrote: ** Na.. those were beautiful! I wish I get to see them at least once again before I don't have to travel to Alaska no more.. My next trip is scheduled to be my last.. I like the DNS spoofing idea from Tauf - only that these days most IT employees are smart enough to realize what's happening, and if they have access to edit their own host file, could revert it back. I really don't think there is a fool proof non workflow mechanism that can't get in legal trouble to do what needs to be done. Workflow seems to be the safest bet. Joe _ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Jason Miller Sent: Friday, September 06, 2013 4:11 PM To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login ** Wow Joe, wow 8-)I wonder if there is some radiation coming off the Aurora and soaking into your brain... On Fri, Sep 6, 2013 at 1:02 PM, Joe D'Souza jdso...@shyle.net wrote: PERFORM-APPLICATION-LOGOUT from the home page or any other page that the user might have access too if the $CLIEMT-TYPE$ = 9.. Why would you have such a requirement though when the future versions does not support access through the native User client? This is a workflow mechanism - it will be impossible to do it with a non workflow mechanism. Unless you are free to employ a security guard to stand besides that employee and beat the crap out of him if he tries to log in through the mid tier.. That would be a non workflow mechanism :) - primitive - but will work.. :) Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 3:59 PM To: arslist@ARSLIST.ORG Subject: Prevent MT Login Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerryR smartphone from !DEA ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years _ARSlist: Where the Answers Are and have been for 20 years_ _ARSlist: Where the Answers Are and have been for 20 years_ _ARSlist: Where the Answers Are and have been for 20 years_ _ Confidentiality Requirement: This communication, including any attachment(s), may contain confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, you are hereby notified that you have received this communication in error and any unauthorized review, use, disclosure, dissemination, distribution or copying of it or its contents is strictly prohibited. If you have received this communication in error, please notify the sender immediately by telephone or e-mail and destroy all copies of this communication and any attachments. _ARSlist: Where the Answers Are and have been for 20 years_ _ARSlist: Where the Answers Are and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
OT: Prevent MT Login
Na.. those were beautiful! I wish I get to see them at least once again before I don't have to travel to Alaska no more.. My next trip is scheduled to be my last.. I like the DNS spoofing idea from Tauf - only that these days most IT employees are smart enough to realize what's happening, and if they have access to edit their own host file, could revert it back. I really don't think there is a fool proof non workflow mechanism that can't get in legal trouble to do what needs to be done. Workflow seems to be the safest bet. Joe _ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Jason Miller Sent: Friday, September 06, 2013 4:11 PM To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login ** Wow Joe, wow 8-)I wonder if there is some radiation coming off the Aurora and soaking into your brain... On Fri, Sep 6, 2013 at 1:02 PM, Joe D'Souza jdso...@shyle.net wrote: PERFORM-APPLICATION-LOGOUT from the home page or any other page that the user might have access too if the $CLIEMT-TYPE$ = 9.. Why would you have such a requirement though when the future versions does not support access through the native User client? This is a workflow mechanism - it will be impossible to do it with a non workflow mechanism. Unless you are free to employ a security guard to stand besides that employee and beat the crap out of him if he tries to log in through the mid tier.. That would be a non workflow mechanism :) - primitive - but will work.. :) Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 3:59 PM To: arslist@ARSLIST.ORG Subject: Prevent MT Login Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerryR smartphone from !DEA ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years _ARSlist: Where the Answers Are and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Prevent MT Login
Wow Joe, wow 8-)I wonder if there is some radiation coming off the Aurora and soaking into your brain... On Fri, Sep 6, 2013 at 1:02 PM, Joe D'Souza jdso...@shyle.net wrote: PERFORM-APPLICATION-LOGOUT from the home page or any other page that the user might have access too if the $CLIEMT-TYPE$ = 9.. Why would you have such a requirement though when the future versions does not support access through the native User client? This is a workflow mechanism - it will be impossible to do it with a non workflow mechanism. Unless you are free to employ a security guard to stand besides that employee and beat the crap out of him if he tries to log in through the mid tier.. That would be a non workflow mechanism :) - primitive - but will work.. :) Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 3:59 PM To: arslist@ARSLIST.ORG Subject: Prevent MT Login Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerryR smartphone from !DEA ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Friday Humor: Prevent MT Login
Hmm non workflow. Uninstall IE/Firefox/Chrome/Opera etc. That'll do it! Sent from my iPhone On Sep 6, 2013, at 3:59 PM, SUBSCRIBE arslist Aditya Sharma heloits...@gmail.com wrote: Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerry® smartphone from !DEA ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: How many escalation pools do you have...?
My first thought was the same as Fred's - do you have enough queues defined, so I can't offer much more in that regard. However, you mention that you are restarting the server to clear up the dead thread. Back in the 6.3 days, there was a version (patch 21 I think), where you could end up with ghost threads for escalations. The fix was to disable escalations on the server settings, which would kill all the escalation threads, and then re-enable the setting, which starts them back up. Changing this setting doesn't require a restart of the AR server. So while your issue is slightly different, maybe doing that will clear your dead thread without having to restart the whole server. Thad On Thu, Sep 5, 2013 at 5:35 PM, William Rentfrow wrentf...@stratacominc.com wrote: ** I can see it in the logs. All of the escalations that have no pool defined will run in a random thread. ** ** For example, our 4th thread was defined for a custom notification-type escalation. It is the only thing that is assigned to pool 4 - but in the logs I see other threads accessing that pool - especially during those times when the escalation defined for pool 4 has died. ** ** B. ** ** *From:* Action Request System discussion list(ARSList) [mailto: arslist@ARSLIST.ORG] *On Behalf Of *Grooms, Frederick W *Sent:* Thursday, September 05, 2013 5:27 PM *To:* arslist@ARSLIST.ORG *Subject:* Re: How many escalation pools do you have...? ** ** ** We currently have 3 pools on a pure custom (NON ITSM) system. ** ** Where did you hear that pools are shared? According to the docs the only time an escalation specified to run in a pool (thread) will run in a different pool is if you don’t define enough thread queues for the number of pools you are using. (i.e. You tell an escalation to run in pool 4 but you only have 2 escalation queues defined. The escalations set for pools 3 and 4 run in the first one instead). Escalations are delayed if another is running in the pool. ** ** Straight from the docs Escalations can be assigned to pools so the escalations from each pool run in parallel on separate threads within the escalation queue. To use escalation pools, you must first configure multiple threads for the escalation queue as described in the Configuration Guide, “Queues,” page 27. If you assign an escalation to a pool that has no thread configured, the escalation is run by the first thread. ** ** All escalations in a particular pool run on the same thread, so the execution of escalations within a pool is serialized. Escalations run in the order of their firing times, but an escalation is delayed if an escalation from the same pool is currently running. If two or more escalations have dependencies and must not run at the same time, put them into the same pool to make sure they run in sequence. ** ** Fred ** ** ** ** *From:* Action Request System discussion list(ARSList) [mailto: arslist@ARSLIST.ORG] *On Behalf Of *William Rentfrow *Sent:* Thursday, September 05, 2013 5:06 PM *To:* arslist@ARSLIST.ORG *Subject:* How many escalation pools do you have...? ** ** ** Hi listers - ** ** So we have an infrequent but recurring problem. One of our mission-critical escalations (interval, 5 minutes) will every once in a while die. It will stop appearing in the escalation log, and the only way to fix it is to bounce the admin server. ** ** There's 204 total escalations on this server, the vast majority of which are ITSM 7.6.04 base product. ** ** We are entering 4000-5000 tickets a day, with additional data being entered in CM, CMDB, etc., so the data load even for things like the 5-minute recurring SLM Measurement escalation can be significant. ** ** We have configured the one that breaks it to run on a specific pool and no others are configured to use that pool. Unfortunately that doesn't mean that pool isn't shared - others can hop in that pool too if the others pools are busy. (Kind of thinking of submitting an RFE for a dedicated pool option that prevents sharing but that's another issue altogether).** ** ** ** So - how many pools do you use? We currently have a max of 4 and obviously that's not enough. ** ** William Rentfrow wrentf...@stratacominc.com Office: 715-204-3061 Cell: 715-398-5056 ** ** -- No virus found in this message. Checked by AVG - www.avg.com Version: 2013.0.3392 / Virus Database: 3222/6639 - Release Date: 09/04/13* *** _ARSlist: Where the Answers Are and have been for 20 years_ _ARSlist: Where the Answers Are and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: How many escalation pools do you have...?
I have a question regarding this topic. Is there a limit on the number of Escalation Pools you can have on a server? We currently run with 4 but I was wondering if we can increase that to a number higher than that and if so what it the maximum number allowed? Christopher Pruitt Business Consulting III Remedy Developer HP Enterprises Services christopher.pru...@hp.com www.hp.comhttp://www.hp.com/ [HP_logo] Confidentiality Notice: This message and any files transmitted with it are intended for the sole use of the entity or individual to whom it is addressed, and may contain information that is confidential, privileged, and exempt from disclosure under applicable law. If you are not the intended addressee for this e-mail, you are hereby notified that any copying, distribution, or dissemination of this e-mail is strictly prohibited. If you have received this e-mail in error, please immediately destroy, erase, or discard this message. Please notify the sender immediately by return e-mail if you have received this e-mail by mistake. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Thad Esser Sent: Friday, September 06, 2013 11:19 AM To: arslist@ARSLIST.ORG Subject: Re: How many escalation pools do you have...? ** My first thought was the same as Fred's - do you have enough queues defined, so I can't offer much more in that regard. However, you mention that you are restarting the server to clear up the dead thread. Back in the 6.3 days, there was a version (patch 21 I think), where you could end up with ghost threads for escalations. The fix was to disable escalations on the server settings, which would kill all the escalation threads, and then re-enable the setting, which starts them back up. Changing this setting doesn't require a restart of the AR server. So while your issue is slightly different, maybe doing that will clear your dead thread without having to restart the whole server. Thad On Thu, Sep 5, 2013 at 5:35 PM, William Rentfrow wrentf...@stratacominc.commailto:wrentf...@stratacominc.com wrote: ** I can see it in the logs. All of the escalations that have no pool defined will run in a random thread. For example, our 4th thread was defined for a custom notification-type escalation. It is the only thing that is assigned to pool 4 - but in the logs I see other threads accessing that pool - especially during those times when the escalation defined for pool 4 has died. B. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG] On Behalf Of Grooms, Frederick W Sent: Thursday, September 05, 2013 5:27 PM To: arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG Subject: Re: How many escalation pools do you have...? ** We currently have 3 pools on a pure custom (NON ITSM) system. Where did you hear that pools are shared? According to the docs the only time an escalation specified to run in a pool (thread) will run in a different pool is if you don't define enough thread queues for the number of pools you are using. (i.e. You tell an escalation to run in pool 4 but you only have 2 escalation queues defined. The escalations set for pools 3 and 4 run in the first one instead). Escalations are delayed if another is running in the pool. Straight from the docs Escalations can be assigned to pools so the escalations from each pool run in parallel on separate threads within the escalation queue. To use escalation pools, you must first configure multiple threads for the escalation queue as described in the Configuration Guide, Queues, page 27. If you assign an escalation to a pool that has no thread configured, the escalation is run by the first thread. All escalations in a particular pool run on the same thread, so the execution of escalations within a pool is serialized. Escalations run in the order of their firing times, but an escalation is delayed if an escalation from the same pool is currently running. If two or more escalations have dependencies and must not run at the same time, put them into the same pool to make sure they run in sequence. Fred From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG] On Behalf Of William Rentfrow Sent: Thursday, September 05, 2013 5:06 PM To: arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG Subject: How many escalation pools do you have...? ** Hi listers - So we have an infrequent but recurring problem. One of our mission-critical escalations (interval, 5 minutes) will every once in a while die. It will stop appearing in the escalation log, and the only way to fix it is to bounce the admin server. There's 204 total escalations on this server, the vast majority of which are ITSM 7.6.04 base product. We are entering 4000-5000 tickets a day, with additional data being entered in CM, CMDB, etc., so the data load even for things like the 5-minute recurring SLM
Re: OT: Prevent MT Login
Yup that should work too.. Joe _ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Cecil, Ken Sent: Friday, September 06, 2013 4:20 PM To: arslist@ARSLIST.ORG Subject: Re: OT: Prevent MT Login My suggestion was neither. Use javascript to catch the user id in the submit of the midtier login.jsp page and redirect that user to an error page. Ken. Would it not work? Ken. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Jason Miller Sent: Friday, September 06, 2013 4:19 PM To: arslist@ARSLIST.ORG Subject: Re: OT: Prevent MT Login ** I agree it it is either workflow or a BMC provided option baked into the product. On Fri, Sep 6, 2013 at 1:17 PM, Joe D'Souza jdso...@shyle.net wrote: ** Na.. those were beautiful! I wish I get to see them at least once again before I don't have to travel to Alaska no more.. My next trip is scheduled to be my last.. I like the DNS spoofing idea from Tauf - only that these days most IT employees are smart enough to realize what's happening, and if they have access to edit their own host file, could revert it back. I really don't think there is a fool proof non workflow mechanism that can't get in legal trouble to do what needs to be done. Workflow seems to be the safest bet. Joe _ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Jason Miller Sent: Friday, September 06, 2013 4:11 PM To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login ** Wow Joe, wow 8-)I wonder if there is some radiation coming off the Aurora and soaking into your brain... On Fri, Sep 6, 2013 at 1:02 PM, Joe D'Souza jdso...@shyle.net wrote: PERFORM-APPLICATION-LOGOUT from the home page or any other page that the user might have access too if the $CLIEMT-TYPE$ = 9.. Why would you have such a requirement though when the future versions does not support access through the native User client? This is a workflow mechanism - it will be impossible to do it with a non workflow mechanism. Unless you are free to employ a security guard to stand besides that employee and beat the crap out of him if he tries to log in through the mid tier.. That would be a non workflow mechanism :) - primitive - but will work.. :) Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 3:59 PM To: arslist@ARSLIST.ORG Subject: Prevent MT Login Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerryR smartphone from !DEA ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years _ARSlist: Where the Answers Are and have been for 20 years_ _ARSlist: Where the Answers Are and have been for 20 years_ _ARSlist: Where the Answers Are and have been for 20 years_ _ Confidentiality Requirement: This communication, including any attachment(s), may contain confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, you are hereby notified that you have received this communication in error and any unauthorized review, use, disclosure, dissemination, distribution or copying of it or its contents is strictly prohibited. If you have received this communication in error, please notify the sender immediately by telephone or e-mail and destroy all copies of this communication and any attachments. _ARSlist: Where the Answers Are and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Ha! Remedy Developer T-Shirts
So I started to wonder why 536870912 at the beginning. Seems a bit of on odd first ID number. I wonder if it was because that is 512 megabits? Because it is 64 megabytes? There must be some kind of meaning. Engineer 1: Hey, we need a really large number for the first field ID in the customer range Engineer 2: What is 64 megabytes in bits? Engineer 1: 536870912 Engineer 1+2: Yeah, let's use that note: this is a reenactment of how it may have happened. It is possible Engineer 1 and 2 was the same person :) [image: Inline image 1] http://www.matisse.net/bitcalc/?input_amount=536%2C870%2C912+input_units=bitsnotation=legacy On Fri, Sep 6, 2013 at 8:16 AM, Longwing, Lj llongw...@usgs.gov wrote: ** I would hafta say that because that the 'current' first field ID :) On Fri, Sep 6, 2013 at 9:06 AM, John J Reiser john.j.rei...@lmco.comwrote: Might be showing my (Remedy) age hear but why 536870913 instead of 536870912. (before VUIs) That number will forever be burned into my brain as the first user defined field. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years _ARSlist: Where the Answers Are and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years image.png
Re: How many escalation pools do you have...?
I may be really old school here but ... Why not update the ones with no pool to be in the 1st pool (unless there is a reason you want them to access any pool) From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of William Rentfrow Sent: Thursday, September 05, 2013 7:36 PM To: arslist@ARSLIST.ORG Subject: Re: How many escalation pools do you have...? ** I can see it in the logs. All of the escalations that have no pool defined will run in a random thread. For example, our 4th thread was defined for a custom notification-type escalation. It is the only thing that is assigned to pool 4 - but in the logs I see other threads accessing that pool - especially during those times when the escalation defined for pool 4 has died. B. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Grooms, Frederick W Sent: Thursday, September 05, 2013 5:27 PM To: arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG Subject: Re: How many escalation pools do you have...? ** We currently have 3 pools on a pure custom (NON ITSM) system. Where did you hear that pools are shared? According to the docs the only time an escalation specified to run in a pool (thread) will run in a different pool is if you don't define enough thread queues for the number of pools you are using. (i.e. You tell an escalation to run in pool 4 but you only have 2 escalation queues defined. The escalations set for pools 3 and 4 run in the first one instead). Escalations are delayed if another is running in the pool. Straight from the docs Escalations can be assigned to pools so the escalations from each pool run in parallel on separate threads within the escalation queue. To use escalation pools, you must first configure multiple threads for the escalation queue as described in the Configuration Guide, Queues, page 27. If you assign an escalation to a pool that has no thread configured, the escalation is run by the first thread. All escalations in a particular pool run on the same thread, so the execution of escalations within a pool is serialized. Escalations run in the order of their firing times, but an escalation is delayed if an escalation from the same pool is currently running. If two or more escalations have dependencies and must not run at the same time, put them into the same pool to make sure they run in sequence. Fred From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of William Rentfrow Sent: Thursday, September 05, 2013 5:06 PM To: arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG Subject: How many escalation pools do you have...? ** Hi listers - So we have an infrequent but recurring problem. One of our mission-critical escalations (interval, 5 minutes) will every once in a while die. It will stop appearing in the escalation log, and the only way to fix it is to bounce the admin server. There's 204 total escalations on this server, the vast majority of which are ITSM 7.6.04 base product. We are entering 4000-5000 tickets a day, with additional data being entered in CM, CMDB, etc., so the data load even for things like the 5-minute recurring SLM Measurement escalation can be significant. We have configured the one that breaks it to run on a specific pool and no others are configured to use that pool. Unfortunately that doesn't mean that pool isn't shared - others can hop in that pool too if the others pools are busy. (Kind of thinking of submitting an RFE for a dedicated pool option that prevents sharing but that's another issue altogether). So - how many pools do you use? We currently have a max of 4 and obviously that's not enough. William Rentfrow wrentf...@stratacominc.commailto:wrentf...@stratacominc.com Office: 715-204-3061 Cell: 715-398-5056 ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Prevent MT Login
I could see this being useful for automation as well. For example, you create an account to integrate with a monitoring tool that uses the Remedy API to create Incidents, but you don't want the owner of that account to log in and manually use Remedy with that account. If you wanted to do a mean approach, you could probably just create an Active Link that is triggered On Display whenever they log in to the Remedy Home Page that checks for $USER$ = usernametoblock and do a Run Process of PERFORM-ACTION-OPEN-URL http://yourremedyserver/arsys/shared/logout.jsp; Thanks, Shawn Pierson Remedy Developer | Energy Transfer -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 3:30 PM To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login Client tool I do not only refer to User Tool.. It can be dev studio, spoon client, import tool etc.. this solution if possible through a non-workflow mechanism can help in preventing unnecessary login through generic accounts over web URL which is available over internet.. Client tools access we can restrict through VPN or other ways. If there can be a mechanism to blacklist some accounts to login through web; This can be one of the major security requirements to make sure Admin accounts are not misused. Sent from my BlackBerry(r) smartphone from !DEA -Original Message- From: Joe D'Souza jdso...@shyle.net Sender: Action Request System discussion list(ARSList) arslist@ARSLIST.ORG Date: Fri, 6 Sep 2013 16:02:47 To: arslist@ARSLIST.ORG Reply-To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login PERFORM-APPLICATION-LOGOUT from the home page or any other page that the user might have access too if the $CLIEMT-TYPE$ = 9.. Why would you have such a requirement though when the future versions does not support access through the native User client? This is a workflow mechanism - it will be impossible to do it with a non workflow mechanism. Unless you are free to employ a security guard to stand besides that employee and beat the crap out of him if he tries to log in through the mid tier.. That would be a non workflow mechanism :) - primitive - but will work.. :) Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 3:59 PM To: arslist@ARSLIST.ORG Subject: Prevent MT Login Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerryR smartphone from !DEA ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years Private and confidential as detailed here: http://www.energytransfer.com/mail_disclaimer.aspx . If you cannot access the link, please e-mail sender. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Prevent MT Login
First of all why is your Demo user not password protected? That's a bad bad thing.. No other user on your system except your admins should have admin access rights. Configure your system that no guest users are allowed to login - simple check box on the server information page.. Plus you can use any combination you are comfortable with on suggestions given on this thread.. Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 4:40 PM To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login For ex. User- Demo Is default admin account, not all thousands of user has access to dev studio or client tool in cloud world, but if somehow that account is left as it is and randomly some guy try to login to the URL with this and able to get in, no wonder there is an easy chance he can blow up configs and inturn the system if he want's ;) So just looking for all possible ways to prevent such situations. We do have workflow mechanism implemented, but non-workflow can make it more portable to add or remove such restrictions for multiple users easily. Thanks for all suggestions. Sent from my BlackBerryR smartphone from !DEA -Original Message- From: Joe D'Souza jdso...@shyle.net Sender: Action Request System discussion list(ARSList) arslist@ARSLIST.ORG Date: Fri, 6 Sep 2013 16:32:05 To: arslist@ARSLIST.ORG Reply-To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login Prevent guest logins.. Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 4:30 PM To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login Client tool I do not only refer to User Tool.. It can be dev studio, spoon client, import tool etc.. this solution if possible through a non-workflow mechanism can help in preventing unnecessary login through generic accounts over web URL which is available over internet.. Client tools access we can restrict through VPN or other ways. If there can be a mechanism to blacklist some accounts to login through web; This can be one of the major security requirements to make sure Admin accounts are not misused. Sent from my BlackBerryR smartphone from !DEA -Original Message- From: Joe D'Souza jdso...@shyle.net Sender: Action Request System discussion list(ARSList) arslist@ARSLIST.ORG Date: Fri, 6 Sep 2013 16:02:47 To: arslist@ARSLIST.ORG Reply-To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login PERFORM-APPLICATION-LOGOUT from the home page or any other page that the user might have access too if the $CLIEMT-TYPE$ = 9.. Why would you have such a requirement though when the future versions does not support access through the native User client? This is a workflow mechanism - it will be impossible to do it with a non workflow mechanism. Unless you are free to employ a security guard to stand besides that employee and beat the crap out of him if he tries to log in through the mid tier.. That would be a non workflow mechanism :) - primitive - but will work.. :) Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 3:59 PM To: arslist@ARSLIST.ORG Subject: Prevent MT Login Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerryR smartphone from !DEA ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: OT: Prevent MT Login
** Yep, and the other problem with _javascript_ on login.jsp is that if he knows the "login trick" giving credentials in the url the "sorry pal I got you" trap in login.jsp wouldn't work.In this case you could alter the LoginServlet instead I guess, though that would mean quite some work...Another solution would be to create a keylogger that would detect what keystrokes he hits and automatically delete according text. (and send him back a 110V jolt through his keyboard).On 06 Sep, 2013,at 10:29 PM, Joe D'Souza jdso...@shyle.net wrote:True.. _javascript_s written on the login page are subject to break when you update a patch unless you manually fix the page again. Workflow approach will not have that limitation..JoeFrom: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Tauf Chowdhury Sent: Friday, September 06, 2013 4:23 PM To: arslist@ARSLIST.ORG Subject: Re: OT: Prevent MT LoginIt would Ken. It's up to the poster. I would think writing workflow is easier then getting _javascript_ in so who knows. Sent from my iPhone On Sep 6, 2013, at 4:20 PM, "Cecil, Ken" kce...@hubbell.com wrote:** My suggestion was neither.Use _javascript_ to catch the user id in the submit of the midtier login.jsp page and redirect that user to an error page.Ken.Would it not work?Ken.From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Jason Miller Sent: Friday, September 06, 2013 4:19 PM To: arslist@ARSLIST.ORG Subject: Re: OT: Prevent MT Login** I agree it it is either workflow or a BMC provided option baked into the product.On Fri, Sep 6, 2013 at 1:17 PM, Joe D'Souza jdso...@shyle.net wrote:** Na.. those were beautiful! I wish I get to see them at least once again before I don’t have to travel to Alaska no more.. My next trip is scheduled to be my last..I like the DNS spoofing idea from Tauf – only that these days most IT employees are smart enough to realize what’s happening, and if they have access to edit their own host file, could revert it back.I really don’t think there is a fool proof non workflow mechanism that can’t get in legal trouble to do what needs to be done. Workflow seems to be the safest bet.JoeFrom: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Jason Miller Sent: Friday, September 06, 2013 4:11 PM To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login** Wow Joe, wow 8-) I wonder if there is some radiation coming off the Aurora and soaking into your brain...On Fri, Sep 6, 2013 at 1:02 PM, Joe D'Souza jdso...@shyle.net wrote:PERFORM-APPLICATION-LOGOUT from the home page or any other page that the user might have access too if the $CLIEMT-TYPE$ = 9.. Why would you have such a requirement though when the future versions does not support access through the native User client? This is a workflow mechanism - it will be impossible to do it with a non workflow mechanism. Unless you are free to employ a security guard to stand besides that employee and beat the crap out of him if he tries to log in through the mid tier.. That would be a non workflow mechanism :) - primitive - but will work.. :) Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 3:59 PM To: arslist@ARSLIST.ORG Subject: Prevent MT Login Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, AdityaSent from my BlackBerryR smartphone from !DEA ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"_ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ Confidentiality Requirement: This communication, including any attachment(s), may contain confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, you are hereby notified that you have received this communication in error and any unauthorized review, use, disclosure, dissemination, distribution or copying of it or its contents is strictly prohibited. If you have received this communication in error, please notify the sender immediately by telephone or e-mail and destroy all copies of this communication and any attachments. _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_ _ARSlist: "Where the Answers Are" and have been for 20 years_**_ARSlist: "Where the Answers Are" and have been for 20 years_
Re: Prevent MT Login
PERFORM-APPLICATION-LOGOUT from the home page or any other page that the user might have access too if the $CLIEMT-TYPE$ = 9.. Why would you have such a requirement though when the future versions does not support access through the native User client? This is a workflow mechanism - it will be impossible to do it with a non workflow mechanism. Unless you are free to employ a security guard to stand besides that employee and beat the crap out of him if he tries to log in through the mid tier.. That would be a non workflow mechanism :) - primitive - but will work.. :) Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 3:59 PM To: arslist@ARSLIST.ORG Subject: Prevent MT Login Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerryR smartphone from !DEA ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: OT: Prevent MT Login
It would Ken. It's up to the poster. I would think writing workflow is easier then getting JavaScript in so who knows. Sent from my iPhone On Sep 6, 2013, at 4:20 PM, Cecil, Ken kce...@hubbell.com wrote: ** My suggestion was neither. *Use javascript to catch the user id in the submit of the midtier login.jsp page and redirect that user to an error page.* * * * * *Ken.* Would it not work? Ken. *From:* Action Request System discussion list(ARSList) [ mailto:arslist@ARSLIST.ORG arslist@ARSLIST.ORG] *On Behalf Of *Jason Miller *Sent:* Friday, September 06, 2013 4:19 PM *To:* arslist@ARSLIST.ORG *Subject:* Re: OT: Prevent MT Login ** I agree it it is either workflow or a BMC provided option baked into the product. On Fri, Sep 6, 2013 at 1:17 PM, Joe D'Souza jdso...@shyle.net wrote: ** Na.. those were beautiful! I wish I get to see them at least once again before I don’t have to travel to Alaska no more.. My next trip is scheduled to be my last.. I like the DNS spoofing idea from Tauf – only that these days most IT employees are smart enough to realize what’s happening, and if they have access to edit their own host file, could revert it back. I really don’t think there is a fool proof non workflow mechanism that can’t get in legal trouble to do what needs to be done. Workflow seems to be the safest bet. Joe -- *From:* Action Request System discussion list(ARSList) [mailto: arslist@ARSLIST.ORG] *On Behalf Of *Jason Miller *Sent:* Friday, September 06, 2013 4:11 PM *To:* arslist@ARSLIST.ORG *Subject:* Re: Prevent MT Login ** Wow Joe, wow 8-)I wonder if there is some radiation coming off the Aurora and soaking into your brain... On Fri, Sep 6, 2013 at 1:02 PM, Joe D'Souza jdso...@shyle.net wrote: PERFORM-APPLICATION-LOGOUT from the home page or any other page that the user might have access too if the $CLIEMT-TYPE$ = 9.. Why would you have such a requirement though when the future versions does not support access through the native User client? This is a workflow mechanism - it will be impossible to do it with a non workflow mechanism. Unless you are free to employ a security guard to stand besides that employee and beat the crap out of him if he tries to log in through the mid tier.. That would be a non workflow mechanism :) - primitive - but will work.. :) Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 3:59 PM To: arslist@ARSLIST.ORG Subject: Prevent MT Login Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerryR smartphone from !DEA ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years _ARSlist: Where the Answers Are and have been for 20 years_ _ARSlist: Where the Answers Are and have been for 20 years_ _ARSlist: Where the Answers Are and have been for 20 years_ -- Confidentiality Requirement: This communication, including any attachment(s), may contain confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, you are hereby notified that you have received this communication in error and any unauthorized review, use, disclosure, dissemination, distribution or copying of it or its contents is strictly prohibited. If you have received this communication in error, please notify the sender immediately by telephone or e-mail and destroy all copies of this communication and any attachments. _ARSlist: Where the Answers Are and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
OT - Prevent MT Login
This thread had me laughing like crazy and I needed it! From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Tauf Chowdhury Sent: Friday, September 06, 2013 3:13 PM To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login ** Yeah what happened to peace, love, and happiness Joe? Now it's punch, kick, and choke Joe. Sent from my iPhone On Sep 6, 2013, at 4:11 PM, Jason Miller jason.mil...@gmail.commailto:jason.mil...@gmail.com wrote: ** Wow Joe, wow 8-)I wonder if there is some radiation coming off the Aurora and soaking into your brain... On Fri, Sep 6, 2013 at 1:02 PM, Joe D'Souza jdso...@shyle.netmailto:jdso...@shyle.net wrote: PERFORM-APPLICATION-LOGOUT from the home page or any other page that the user might have access too if the $CLIEMT-TYPE$ = 9.. Why would you have such a requirement though when the future versions does not support access through the native User client? This is a workflow mechanism - it will be impossible to do it with a non workflow mechanism. Unless you are free to employ a security guard to stand besides that employee and beat the crap out of him if he tries to log in through the mid tier.. That would be a non workflow mechanism :) - primitive - but will work.. :) Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 3:59 PM To: arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG Subject: Prevent MT Login Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerryR smartphone from !DEA ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.orghttp://www.arslist.org Where the Answers Are, and have been for 20 years _ARSlist: Where the Answers Are and have been for 20 years_ _ARSlist: Where the Answers Are and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Prevent MT Login
LOL! So we'll touch all the desktops? I though we left that behind with WUT? On Fri, Sep 6, 2013 at 1:15 PM, Tauf Chowdhury taufc...@gmail.com wrote: ** I'm trying to work with the whole No Workflow thing! C'mon! Sent from my iPhone On Sep 6, 2013, at 4:14 PM, Jason Miller jason.mil...@gmail.com wrote: ** That would also break the MyIT Universal Client if they are supposed to be using it from their desktop (assuming Chrome is their browser). Also I can see that one going through CAB to get approval to push that down to x thousands of machines based on username. And then they just use their friends computer who is allowed access :) On Fri, Sep 6, 2013 at 1:10 PM, Tauf Chowdhury taufc...@gmail.com wrote: Seriously though, assuming the user is using a Widows OS, you can edit the HOST file and put a bogus IP address in for the web server DNS name. Make sure they either: 1: Don't see you doing it or 2: Don't have permissions to change it back. Sent from my iPhone On Sep 6, 2013, at 3:59 PM, SUBSCRIBE arslist Aditya Sharma heloits...@gmail.com wrote: Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerry® smartphone from !DEA ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years _ARSlist: Where the Answers Are and have been for 20 years_ _ARSlist: Where the Answers Are and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: OT: Prevent MT Login
That's a pretty sleek solution.. Joe _ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Randeep Atwal Sent: Friday, September 06, 2013 4:24 PM To: arslist@ARSLIST.ORG Subject: Re: OT: Prevent MT Login You could use Disable-Client-Operation: 9 in ar.conf You can specify times and an exclusion group of users it should not apply to. Not code, configuration... Look in your config guide for exact syntax.. Sent from my BlackBerry 10 smartphone on the Bell network. From: Joe D'Souza Sent: Friday, September 6, 2013 4:18 PM To: arslist@ARSLIST.ORG Reply To: arslist@ARSLIST.ORG Subject: OT: Prevent MT Login ** Na.. those were beautiful! I wish I get to see them at least once again before I don't have to travel to Alaska no more.. My next trip is scheduled to be my last.. I like the DNS spoofing idea from Tauf - only that these days most IT employees are smart enough to realize what's happening, and if they have access to edit their own host file, could revert it back. I really don't think there is a fool proof non workflow mechanism that can't get in legal trouble to do what needs to be done. Workflow seems to be the safest bet. Joe _ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Jason Miller Sent: Friday, September 06, 2013 4:11 PM To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login ** Wow Joe, wow 8-)I wonder if there is some radiation coming off the Aurora and soaking into your brain... On Fri, Sep 6, 2013 at 1:02 PM, Joe D'Souza jdso...@shyle.net wrote: PERFORM-APPLICATION-LOGOUT from the home page or any other page that the user might have access too if the $CLIEMT-TYPE$ = 9.. Why would you have such a requirement though when the future versions does not support access through the native User client? This is a workflow mechanism - it will be impossible to do it with a non workflow mechanism. Unless you are free to employ a security guard to stand besides that employee and beat the crap out of him if he tries to log in through the mid tier.. That would be a non workflow mechanism :) - primitive - but will work.. :) Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 3:59 PM To: arslist@ARSLIST.ORG Subject: Prevent MT Login Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerryR smartphone from !DEA ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years _ARSlist: Where the Answers Are and have been for 20 years_ _ARSlist: Where the Answers Are and have been for 20 years_ _ARSlist: Where the Answers Are and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: How many escalation pools do you have...?
30 escalation pools sounds high! Do you have many escalations in each of those pools? From: Campbell, Paul (Paul) Sent: Friday, September 06, 2013 6:53 PM Newsgroups: public.remedy.arsystem.general To: arslist@ARSLIST.ORG Subject: Re: How many escalation pools do you have...? ** We are currently running 30 From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Longwing, Lj Sent: Friday, September 06, 2013 1:45 PM To: arslist@ARSLIST.ORG Subject: Re: How many escalation pools do you have...? ** I believe the limit is based on hardware capacity On Fri, Sep 6, 2013 at 11:34 AM, Pruitt, Christopher (Bank of America Account) christopher.pru...@hp.com wrote: ** I have a question regarding this topic. Is there a limit on the number of Escalation Pools you can have on a server? We currently run with 4 but I was wondering if we can increase that to a number higher than that and if so what it the maximum number allowed? Christopher Pruitt Business Consulting III Remedy Developer HP Enterprises Services christopher.pru...@hp.com www.hp.com Confidentiality Notice: This message and any files transmitted with it are intended for the sole use of the entity or individual to whom it is addressed, and may contain information that is confidential, privileged, and exempt from disclosure under applicable law. If you are not the intended addressee for this e-mail, you are hereby notified that any copying, distribution, or dissemination of this e-mail is strictly prohibited. If you have received this e-mail in error, please immediately destroy, erase, or discard this message. Please notify the sender immediately by return e-mail if you have received this e-mail by mistake. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Thad Esser Sent: Friday, September 06, 2013 11:19 AM To: arslist@ARSLIST.ORG Subject: Re: How many escalation pools do you have...? ** My first thought was the same as Fred's - do you have enough queues defined, so I can't offer much more in that regard. However, you mention that you are restarting the server to clear up the dead thread. Back in the 6.3 days, there was a version (patch 21 I think), where you could end up with ghost threads for escalations. The fix was to disable escalations on the server settings, which would kill all the escalation threads, and then re-enable the setting, which starts them back up. Changing this setting doesn't require a restart of the AR server. So while your issue is slightly different, maybe doing that will clear your dead thread without having to restart the whole server. Thad On Thu, Sep 5, 2013 at 5:35 PM, William Rentfrow wrentf...@stratacominc.com wrote: ** I can see it in the logs. All of the escalations that have no pool defined will run in a random thread. For example, our 4th thread was defined for a custom notification-type escalation. It is the only thing that is assigned to pool 4 - but in the logs I see other threads accessing that pool - especially during those times when the escalation defined for pool 4 has died. B. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Grooms, Frederick W Sent: Thursday, September 05, 2013 5:27 PM To: arslist@ARSLIST.ORG Subject: Re: How many escalation pools do you have...? ** We currently have 3 pools on a pure custom (NON ITSM) system. Where did you hear that pools are shared? According to the docs the only time an escalation specified to run in a pool (thread) will run in a different pool is if you don't define enough thread queues for the number of pools you are using. (i.e. You tell an escalation to run in pool 4 but you only have 2 escalation queues defined. The escalations set for pools 3 and 4 run in the first one instead). Escalations are delayed if another is running in the pool. Straight from the docs Escalations can be assigned to pools so the escalations from each pool run in parallel on separate threads within the escalation queue. To use escalation pools, you must first configure multiple threads for the escalation queue as described in the Configuration Guide, Queues, page 27. If you assign an escalation to a pool that has no thread configured, the escalation is run by the first thread. All escalations in a particular pool run on the same thread, so the execution of escalations within a pool is serialized. Escalations run in the order of their firing times, but an escalation is delayed if an escalation from the same pool is currently running. If two or more escalations have dependencies and must not run at the same time, put them into the same pool to make sure they run in sequence. Fred From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of William Rentfrow Sent: Thursday,
Re: Email Template variable replacement not working on a notify action
A couple of easy things to check:
1. The email engine takes 30 minutes (by default) to re-read a template.
Either wait, or restart the email engine to make sure it's actually seeing
your template changes.
2. Do the fields have public permissions? If the recipient doesn't have
permissions to the fields (and I'm guessing your recipients don't), they
will be blank.
Thad
On Fri, Sep 6, 2013 at 8:08 AM, Campbell, Paul (Paul) p...@avaya.com wrote:
**
I’ve tried it with the fields on the notify action set to All, and
selected the specific fields, neither works.
** **
*From:* Action Request System discussion list(ARSList) [mailto:
arslist@ARSLIST.ORG] *On Behalf Of *Sanford, Claire
*Sent:* Friday, September 06, 2013 10:55 AM
*To:* arslist@ARSLIST.ORG
*Subject:* Re: Email Template variable replacement not working on a
notify action
** **
**
Have you added those fields to the filters?
** **
*From:* Action Request System discussion list(ARSList) [
mailto:arslist@ARSLIST.ORG arslist@ARSLIST.ORG] *On Behalf Of *Campbell,
Paul (Paul)
*Sent:* Friday, September 06, 2013 9:50 AM
*To:* arslist@ARSLIST.ORG
*Subject:* Email Template variable replacement not working on a notify
action
** **
**
So I am trying to build a notify action that will send an HTML formatted
email with variable replacements on a custom app on ARServer 7.6.04. I
have the full html document in one template and in the notify action on my
filter, I use that template as the Content Template, I also have just a
static value in the Text field since I really don’t want anything there,
but I can’t leave it blank, I also have the fields in the template included
in the selected fields list . When I trigger the notify action, I get no
values where the variables go. Below are my template html and what the
email looks like
** **
Any Ideas on what I am doing wrong here?
** **
!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Strict//EN
http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd;
** **
html xmlns=http://www.w3.org/1999/xhtml;
head
meta http-equiv=Content-Type
content=text/html; charset=utf-8 /
meta name=viewport
content=width=device-width, initial-scale=1.0/
title/title
meta
content=text/html;charset=iso-8859-1=http-equiv=content-type
style type=text/css
body {color: #161715;font-family: Helvetica
Neue, Calibri, Arial,= sans-serif;}
h2, h3 {font-weight: normal;}
a {color: #5572BC;font-weight:
bold;text-decoration: underline;}
/style
/head
body
div
table style=width:
800px; background-color: #CCC; margin: auto; padding: 0px; cellspacing=0
cellpadding=0 border=0 align=center
tr
td style=width: 800px;position:relative; margin: auto; padding: 0px;
background: #3B586E; height: 70px;
div style=z-index:2; margin-left: 20px; color:white; font:normal 30px
'Helvetica Neue','Helvetica',sans-serif;Update Notification/div
/td
/tr
tr
td style=width: 800px;margin: auto; padding: 0px; background: #e6e6e6;
height: 485px;
table style=padding: 20px; width: 800px; font:normal 14px 'Helvetica
Neue','Helvetica',sans-serif;
tr
td
Dear Customer,
br
pWe are working to resolve Service Request #$$WS.Core.SRNumber$$#./p**
**
Please see the update below. For more information regarding this Service
Request, please visit
a href=http://url target=_blankSupport/a.
/td
/tr
/table
table style=margin-left: 20px; width:760px;
margin-bottom: 25px; color: #33; border: 1px; border-style: solid;
border-color: #33; border-collapse: collapse;
tbody
tr
td style=width: 185px; border: solid black 1px; padding: 8px 0px 8px
20px;SR Number/td
td style=border: solid black 1px; padding: 8px 0px 8px 20px;a href=
http://url target=#$$WS.Core.SRNumber$$#/a/td
/tr
tr
td style=width: 185px; border: solid black 1px; padding: 8px 0px 8px
20px;Severity/td
td style=border: solid black 1px; padding: 8px 0px 8px
20px;#$$WS.Severity$$#/td
/tr
tr
td style=width: 185px; border: solid black 1px; padding: 8px 0px 8px
20px;Account/td
td style=border: solid black 1px; padding: 8px 0px 8px
20px;#$$WS.AccountId$$#/td
/tr
tr
td style=width: 185px; border: solid black 1px;
Re: How many escalation pools do you have...?
I have 4 Escalation threads for ITSM 7.6.4 SP 4 we had some notifications that could hang for 20 mins in the evenings and would cause some headaches for our Help Desk since they were high priority tickets. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of William Rentfrow Sent: Thursday, September 05, 2013 3:06 PM To: arslist@ARSLIST.ORG Subject: How many escalation pools do you have...? ** Hi listers - So we have an infrequent but recurring problem. One of our mission-critical escalations (interval, 5 minutes) will every once in a while die. It will stop appearing in the escalation log, and the only way to fix it is to bounce the admin server. There's 204 total escalations on this server, the vast majority of which are ITSM 7.6.04 base product. We are entering 4000-5000 tickets a day, with additional data being entered in CM, CMDB, etc., so the data load even for things like the 5-minute recurring SLM Measurement escalation can be significant. We have configured the one that breaks it to run on a specific pool and no others are configured to use that pool. Unfortunately that doesn't mean that pool isn't shared - others can hop in that pool too if the others pools are busy. (Kind of thinking of submitting an RFE for a dedicated pool option that prevents sharing but that's another issue altogether). So - how many pools do you use? We currently have a max of 4 and obviously that's not enough. William Rentfrow wrentf...@stratacominc.com Office: 715-204-3061 Cell: 715-398-5056 _ARSlist: Where the Answers Are and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: OT: Prevent MT Login
I agree it it is either workflow or a BMC provided option baked into the product. On Fri, Sep 6, 2013 at 1:17 PM, Joe D'Souza jdso...@shyle.net wrote: ** Na.. those were beautiful! I wish I get to see them at least once again before I don’t have to travel to Alaska no more.. My next trip is scheduled to be my last.. ** ** I like the DNS spoofing idea from Tauf – only that these days most IT employees are smart enough to realize what’s happening, and if they have access to edit their own host file, could revert it back. ** ** I really don’t think there is a fool proof non workflow mechanism that can’t get in legal trouble to do what needs to be done. Workflow seems to be the safest bet. ** ** Joe ** ** -- *From:* Action Request System discussion list(ARSList) [mailto: arslist@ARSLIST.ORG] *On Behalf Of *Jason Miller *Sent:* Friday, September 06, 2013 4:11 PM *To:* arslist@ARSLIST.ORG *Subject:* Re: Prevent MT Login ** ** ** Wow Joe, wow 8-)I wonder if there is some radiation coming off the Aurora and soaking into your brain... ** ** On Fri, Sep 6, 2013 at 1:02 PM, Joe D'Souza jdso...@shyle.net wrote: PERFORM-APPLICATION-LOGOUT from the home page or any other page that the user might have access too if the $CLIEMT-TYPE$ = 9.. Why would you have such a requirement though when the future versions does not support access through the native User client? This is a workflow mechanism - it will be impossible to do it with a non workflow mechanism. Unless you are free to employ a security guard to stand besides that employee and beat the crap out of him if he tries to log in through the mid tier.. That would be a non workflow mechanism :) - primitive - but will work.. :) Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 3:59 PM To: arslist@ARSLIST.ORG Subject: Prevent MT Login Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerryR smartphone from !DEA ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ** ** _ARSlist: Where the Answers Are and have been for 20 years_ _ARSlist: Where the Answers Are and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Prevent MT Login
I think you need to sit with your security people and lay out all of these concerns to see what you can come up with. A lot of what you are saying looks like its a process issue. For the example you just gave, you should either be disabling the generic admin Accts like Demo or change your process so that if a person with Admin access gets canned or leaves the organization, you need to change those passwords immediately as he/she is being walked out of the door or in their exit interview with HR. I know this scenario from working with a lot of short term consultants and it's handled by: 1: Not giving them all the keys to the castle if they don't need it (Demo pw etc...) 2: Disabling their access when they are done touching the system. 3: Implement a layer of security on top of your public domain address like a token authentication or passphrase. Sent from my iPhone On Sep 6, 2013, at 4:57 PM, SUBSCRIBE arslist Aditya Sharma heloits...@gmail.com wrote: That is just an example.. Yes everything is password protected always. If I had an admin guy who knows one of the generic admin account present on the system and guy is now not part of organization, but he still can access the company URL through internet.. as the generic account may be used by several people at a time and those passwords may not be changed so frequently. May be too complex or have limitations for non-workflow implementation but this is a very genuine use case. Sent from my BlackBerry® smartphone from !DEA -Original Message- From: Joe D'Souza jdso...@shyle.net Sender: Action Request System discussion list(ARSList) arslist@ARSLIST.ORG Date: Fri, 6 Sep 2013 16:46:08 To: arslist@ARSLIST.ORG Reply-To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login First of all why is your Demo user not password protected? That's a bad bad thing.. No other user on your system except your admins should have admin access rights. Configure your system that no guest users are allowed to login - simple check box on the server information page.. Plus you can use any combination you are comfortable with on suggestions given on this thread.. Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 4:40 PM To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login For ex. User- Demo Is default admin account, not all thousands of user has access to dev studio or client tool in cloud world, but if somehow that account is left as it is and randomly some guy try to login to the URL with this and able to get in, no wonder there is an easy chance he can blow up configs and inturn the system if he want's ;) So just looking for all possible ways to prevent such situations. We do have workflow mechanism implemented, but non-workflow can make it more portable to add or remove such restrictions for multiple users easily. Thanks for all suggestions. Sent from my BlackBerryR smartphone from !DEA -Original Message- From: Joe D'Souza jdso...@shyle.net Sender: Action Request System discussion list(ARSList) arslist@ARSLIST.ORG Date: Fri, 6 Sep 2013 16:32:05 To: arslist@ARSLIST.ORG Reply-To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login Prevent guest logins.. Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 4:30 PM To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login Client tool I do not only refer to User Tool.. It can be dev studio, spoon client, import tool etc.. this solution if possible through a non-workflow mechanism can help in preventing unnecessary login through generic accounts over web URL which is available over internet.. Client tools access we can restrict through VPN or other ways. If there can be a mechanism to blacklist some accounts to login through web; This can be one of the major security requirements to make sure Admin accounts are not misused. Sent from my BlackBerryR smartphone from !DEA -Original Message- From: Joe D'Souza jdso...@shyle.net Sender: Action Request System discussion list(ARSList) arslist@ARSLIST.ORG Date: Fri, 6 Sep 2013 16:02:47 To: arslist@ARSLIST.ORG Reply-To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login PERFORM-APPLICATION-LOGOUT from the home page or any other page that the user might have access too if the $CLIEMT-TYPE$ = 9.. Why would you have such a requirement though when the future versions does not support access through the native User client? This is a workflow mechanism - it will be impossible to do it with a non workflow mechanism. Unless you are free to employ a security guard to stand besides that employee and beat the crap out of him
Re: How many escalation pools do you have...?
Each thread consumes an amount of memory and demands an amount of 'computacional power' to exist and the workflow that will run on this thread will consume another amoutn of memory and power too. In most cases, each thread represents one database connection so your database server needs to be involvend in this scenario. Tales P. Silva. 2013/9/6 Campbell, Paul (Paul) p...@avaya.com ** We are currently running 30 ** ** *From:* Action Request System discussion list(ARSList) [mailto: arslist@ARSLIST.ORG] *On Behalf Of *Longwing, Lj *Sent:* Friday, September 06, 2013 1:45 PM *To:* arslist@ARSLIST.ORG *Subject:* Re: How many escalation pools do you have...? ** ** ** I believe the limit is based on hardware capacity ** ** On Fri, Sep 6, 2013 at 11:34 AM, Pruitt, Christopher (Bank of America Account) christopher.pru...@hp.com wrote: ** I have a question regarding this topic. Is there a limit on the number of Escalation Pools you can have on a server? We currently run with 4 but I was wondering if we can increase that to a number higher than that and if so what it the maximum number allowed? *Christopher Pruitt* Business Consulting III Remedy Developer *HP Enterprises Services* *christopher.pru...@hp.com* www.hp.com *Confidentiality Notice:* This message and any files transmitted with it are intended for the sole use of the entity or individual to whom it is addressed, and may contain information that is confidential, privileged, and exempt from disclosure under applicable law. If you are not the intended addressee for this e-mail, you are hereby notified that any copying, distribution, or dissemination of this e-mail is strictly prohibited. If you have received this e-mail in error, please immediately destroy, erase, or discard this message. Please notify the sender immediately by return e-mail if you have received this e-mail by mistake.* *** *From:* Action Request System discussion list(ARSList) [mailto: arslist@ARSLIST.ORG] *On Behalf Of *Thad Esser *Sent:* Friday, September 06, 2013 11:19 AM *To:* arslist@ARSLIST.ORG *Subject:* Re: How many escalation pools do you have...? ** My first thought was the same as Fred's - do you have enough queues defined, so I can't offer much more in that regard. However, you mention that you are restarting the server to clear up the dead thread. Back in the 6.3 days, there was a version (patch 21 I think), where you could end up with ghost threads for escalations. The fix was to disable escalations on the server settings, which would kill all the escalation threads, and then re-enable the setting, which starts them back up. Changing this setting doesn't require a restart of the AR server. So while your issue is slightly different, maybe doing that will clear your dead thread without having to restart the whole server. Thad On Thu, Sep 5, 2013 at 5:35 PM, William Rentfrow wrentf...@stratacominc.com wrote: ** I can see it in the logs. All of the escalations that have no pool defined will run in a random thread. For example, our 4th thread was defined for a custom notification-type escalation. It is the only thing that is assigned to pool 4 - but in the logs I see other threads accessing that pool - especially during those times when the escalation defined for pool 4 has died. B. *From:* Action Request System discussion list(ARSList) [mailto: arslist@ARSLIST.ORG] *On Behalf Of *Grooms, Frederick W *Sent:* Thursday, September 05, 2013 5:27 PM *To:* arslist@ARSLIST.ORG *Subject:* Re: How many escalation pools do you have...? ** We currently have 3 pools on a pure custom (NON ITSM) system. Where did you hear that pools are shared? According to the docs the only time an escalation specified to run in a pool (thread) will run in a different pool is if you don’t define enough thread queues for the number of pools you are using. (i.e. You tell an escalation to run in pool 4 but you only have 2 escalation queues defined. The escalations set for pools 3 and 4 run in the first one instead). Escalations are delayed if another is running in the pool. Straight from the docs Escalations can be assigned to pools so the escalations from each pool run in parallel on separate threads within the escalation queue. To use escalation pools, you must first configure multiple threads for the escalation queue as described in the Configuration Guide, “Queues,” page 27. If you assign an escalation to a pool that has no thread configured, the escalation is run by the first thread. All escalations in a particular pool run on the same thread, so the execution of escalations within a pool is serialized. Escalations run in the order of their firing
Re: Friday Humor: Prevent MT Login
Use javascript to catch the user id in the submit of the midtier login.jsp page and redirect that user to an error page. Ken. -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Tauf Chowdhury Sent: Friday, September 06, 2013 4:04 PM To: arslist@ARSLIST.ORG Subject: Friday Humor: Prevent MT Login Hmm non workflow. Uninstall IE/Firefox/Chrome/Opera etc. That'll do it! Sent from my iPhone On Sep 6, 2013, at 3:59 PM, SUBSCRIBE arslist Aditya Sharma heloits...@gmail.com wrote: Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerry(r) smartphone from !DEA __ _ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years -- Confidentiality Requirement: This communication, including any attachment(s), may contain confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, you are hereby notified that you have received this communication in error and any unauthorized review, use, disclosure, dissemination, distribution or copying of it or its contents is strictly prohibited. If you have received this communication in error, please notify the sender immediately by telephone or e-mail and destroy all copies of this communication and any attachments. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Prevent MT Login
Client tool I do not only refer to User Tool.. It can be dev studio, spoon client, import tool etc.. this solution if possible through a non-workflow mechanism can help in preventing unnecessary login through generic accounts over web URL which is available over internet.. Client tools access we can restrict through VPN or other ways. If there can be a mechanism to blacklist some accounts to login through web; This can be one of the major security requirements to make sure Admin accounts are not misused. Sent from my BlackBerry® smartphone from !DEA -Original Message- From: Joe D'Souza jdso...@shyle.net Sender: Action Request System discussion list(ARSList) arslist@ARSLIST.ORG Date: Fri, 6 Sep 2013 16:02:47 To: arslist@ARSLIST.ORG Reply-To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login PERFORM-APPLICATION-LOGOUT from the home page or any other page that the user might have access too if the $CLIEMT-TYPE$ = 9.. Why would you have such a requirement though when the future versions does not support access through the native User client? This is a workflow mechanism - it will be impossible to do it with a non workflow mechanism. Unless you are free to employ a security guard to stand besides that employee and beat the crap out of him if he tries to log in through the mid tier.. That would be a non workflow mechanism :) - primitive - but will work.. :) Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 3:59 PM To: arslist@ARSLIST.ORG Subject: Prevent MT Login Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerryR smartphone from !DEA ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: How many escalation pools do you have...?
WOW nice to know. We have a very powerful production server and now we increase our Escalation threads. Not sure why I thought it was restricted to just 4 but 30 now that is impressive. Thanks for everyone's replies, It has really opened my eyes as to what I can do with Escalations and the number of threads we can add. Christopher Pruitt Business Consulting III Remedy Developer HP Enterprises Services christopher.pru...@hp.com www.hp.comhttp://www.hp.com/ [HP_logo] Confidentiality Notice: This message and any files transmitted with it are intended for the sole use of the entity or individual to whom it is addressed, and may contain information that is confidential, privileged, and exempt from disclosure under applicable law. If you are not the intended addressee for this e-mail, you are hereby notified that any copying, distribution, or dissemination of this e-mail is strictly prohibited. If you have received this e-mail in error, please immediately destroy, erase, or discard this message. Please notify the sender immediately by return e-mail if you have received this e-mail by mistake. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Campbell, Paul (Paul) Sent: Friday, September 06, 2013 12:54 PM To: arslist@ARSLIST.ORG Subject: Re: How many escalation pools do you have...? ** We are currently running 30 From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Longwing, Lj Sent: Friday, September 06, 2013 1:45 PM To: arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG Subject: Re: How many escalation pools do you have...? ** I believe the limit is based on hardware capacity On Fri, Sep 6, 2013 at 11:34 AM, Pruitt, Christopher (Bank of America Account) christopher.pru...@hp.commailto:christopher.pru...@hp.com wrote: ** I have a question regarding this topic. Is there a limit on the number of Escalation Pools you can have on a server? We currently run with 4 but I was wondering if we can increase that to a number higher than that and if so what it the maximum number allowed? Christopher Pruitt Business Consulting III Remedy Developer HP Enterprises Services christopher.pru...@hp.commailto:christopher.pru...@hp.com www.hp.comhttp://www.hp.com/ Confidentiality Notice: This message and any files transmitted with it are intended for the sole use of the entity or individual to whom it is addressed, and may contain information that is confidential, privileged, and exempt from disclosure under applicable law. If you are not the intended addressee for this e-mail, you are hereby notified that any copying, distribution, or dissemination of this e-mail is strictly prohibited. If you have received this e-mail in error, please immediately destroy, erase, or discard this message. Please notify the sender immediately by return e-mail if you have received this e-mail by mistake. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG] On Behalf Of Thad Esser Sent: Friday, September 06, 2013 11:19 AM To: arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG Subject: Re: How many escalation pools do you have...? ** My first thought was the same as Fred's - do you have enough queues defined, so I can't offer much more in that regard. However, you mention that you are restarting the server to clear up the dead thread. Back in the 6.3 days, there was a version (patch 21 I think), where you could end up with ghost threads for escalations. The fix was to disable escalations on the server settings, which would kill all the escalation threads, and then re-enable the setting, which starts them back up. Changing this setting doesn't require a restart of the AR server. So while your issue is slightly different, maybe doing that will clear your dead thread without having to restart the whole server. Thad On Thu, Sep 5, 2013 at 5:35 PM, William Rentfrow wrentf...@stratacominc.commailto:wrentf...@stratacominc.com wrote: ** I can see it in the logs. All of the escalations that have no pool defined will run in a random thread. For example, our 4th thread was defined for a custom notification-type escalation. It is the only thing that is assigned to pool 4 - but in the logs I see other threads accessing that pool - especially during those times when the escalation defined for pool 4 has died. B. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG] On Behalf Of Grooms, Frederick W Sent: Thursday, September 05, 2013 5:27 PM To: arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG Subject: Re: How many escalation pools do you have...? ** We currently have 3 pools on a pure custom (NON ITSM) system. Where did you hear that pools are shared? According to the docs the only time an escalation specified to run in a pool (thread) will run in a different pool is if you don't define enough thread queues for
Re: Ha! Remedy Developer T-Shirts
2^29 = 536870912 Am 06.09.2013 um 19:04 schrieb Jason Miller jason.mil...@gmail.com: ** So I started to wonder why 536870912 at the beginning. Seems a bit of on odd first ID number. I wonder if it was because that is 512 megabits? Because it is 64 megabytes? There must be some kind of meaning. Engineer 1: Hey, we need a really large number for the first field ID in the customer range Engineer 2: What is 64 megabytes in bits? Engineer 1: 536870912 Engineer 1+2: Yeah, let's use that note: this is a reenactment of how it may have happened. It is possible Engineer 1 and 2 was the same person :) image.png http://www.matisse.net/bitcalc/?input_amount=536%2C870%2C912+input_units=bitsnotation=legacy On Fri, Sep 6, 2013 at 8:16 AM, Longwing, Lj llongw...@usgs.gov wrote: ** I would hafta say that because that the 'current' first field ID :) On Fri, Sep 6, 2013 at 9:06 AM, John J Reiser john.j.rei...@lmco.com wrote: Might be showing my (Remedy) age hear but why 536870913 instead of 536870912. (before VUIs) That number will forever be burned into my brain as the first user defined field. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years _ARSlist: Where the Answers Are and have been for 20 years_ _ARSlist: Where the Answers Are and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years smime.p7s Description: S/MIME cryptographic signature
Re: Prevent MT Login
We will have time for all of that at the RUG :-) I still like the beat the user idea! I could put my fish bonker up for sale! Joe _ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Tauf Chowdhury Sent: Friday, September 06, 2013 4:13 PM To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login Yeah what happened to peace, love, and happiness Joe? Now it's punch, kick, and choke Joe. Sent from my iPhone On Sep 6, 2013, at 4:11 PM, Jason Miller jason.mil...@gmail.com wrote: ** Wow Joe, wow 8-)I wonder if there is some radiation coming off the Aurora and soaking into your brain... On Fri, Sep 6, 2013 at 1:02 PM, Joe D'Souza jdso...@shyle.net wrote: PERFORM-APPLICATION-LOGOUT from the home page or any other page that the user might have access too if the $CLIEMT-TYPE$ = 9.. Why would you have such a requirement though when the future versions does not support access through the native User client? This is a workflow mechanism - it will be impossible to do it with a non workflow mechanism. Unless you are free to employ a security guard to stand besides that employee and beat the crap out of him if he tries to log in through the mid tier.. That would be a non workflow mechanism :) - primitive - but will work.. :) Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 3:59 PM To: arslist@ARSLIST.ORG Subject: Prevent MT Login Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerryR smartphone from !DEA ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years _ARSlist: Where the Answers Are and have been for 20 years_ _ARSlist: Where the Answers Are and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Ha! Remedy Developer T-Shirts
Might be showing my (Remedy) age hear but why 536870913 instead of 536870912. (before VUIs) That number will forever be burned into my brain as the first user defined field. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: How many escalation pools do you have...?
We are currently running 30 From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Longwing, Lj Sent: Friday, September 06, 2013 1:45 PM To: arslist@ARSLIST.ORG Subject: Re: How many escalation pools do you have...? ** I believe the limit is based on hardware capacity On Fri, Sep 6, 2013 at 11:34 AM, Pruitt, Christopher (Bank of America Account) christopher.pru...@hp.commailto:christopher.pru...@hp.com wrote: ** I have a question regarding this topic. Is there a limit on the number of Escalation Pools you can have on a server? We currently run with 4 but I was wondering if we can increase that to a number higher than that and if so what it the maximum number allowed? Christopher Pruitt Business Consulting III Remedy Developer HP Enterprises Services christopher.pru...@hp.commailto:christopher.pru...@hp.com www.hp.comhttp://www.hp.com/ Confidentiality Notice: This message and any files transmitted with it are intended for the sole use of the entity or individual to whom it is addressed, and may contain information that is confidential, privileged, and exempt from disclosure under applicable law. If you are not the intended addressee for this e-mail, you are hereby notified that any copying, distribution, or dissemination of this e-mail is strictly prohibited. If you have received this e-mail in error, please immediately destroy, erase, or discard this message. Please notify the sender immediately by return e-mail if you have received this e-mail by mistake. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG] On Behalf Of Thad Esser Sent: Friday, September 06, 2013 11:19 AM To: arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG Subject: Re: How many escalation pools do you have...? ** My first thought was the same as Fred's - do you have enough queues defined, so I can't offer much more in that regard. However, you mention that you are restarting the server to clear up the dead thread. Back in the 6.3 days, there was a version (patch 21 I think), where you could end up with ghost threads for escalations. The fix was to disable escalations on the server settings, which would kill all the escalation threads, and then re-enable the setting, which starts them back up. Changing this setting doesn't require a restart of the AR server. So while your issue is slightly different, maybe doing that will clear your dead thread without having to restart the whole server. Thad On Thu, Sep 5, 2013 at 5:35 PM, William Rentfrow wrentf...@stratacominc.commailto:wrentf...@stratacominc.com wrote: ** I can see it in the logs. All of the escalations that have no pool defined will run in a random thread. For example, our 4th thread was defined for a custom notification-type escalation. It is the only thing that is assigned to pool 4 - but in the logs I see other threads accessing that pool - especially during those times when the escalation defined for pool 4 has died. B. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG] On Behalf Of Grooms, Frederick W Sent: Thursday, September 05, 2013 5:27 PM To: arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG Subject: Re: How many escalation pools do you have...? ** We currently have 3 pools on a pure custom (NON ITSM) system. Where did you hear that pools are shared? According to the docs the only time an escalation specified to run in a pool (thread) will run in a different pool is if you don't define enough thread queues for the number of pools you are using. (i.e. You tell an escalation to run in pool 4 but you only have 2 escalation queues defined. The escalations set for pools 3 and 4 run in the first one instead). Escalations are delayed if another is running in the pool. Straight from the docs Escalations can be assigned to pools so the escalations from each pool run in parallel on separate threads within the escalation queue. To use escalation pools, you must first configure multiple threads for the escalation queue as described in the Configuration Guide, Queues, page 27. If you assign an escalation to a pool that has no thread configured, the escalation is run by the first thread. All escalations in a particular pool run on the same thread, so the execution of escalations within a pool is serialized. Escalations run in the order of their firing times, but an escalation is delayed if an escalation from the same pool is currently running. If two or more escalations have dependencies and must not run at the same time, put them into the same pool to make sure they run in sequence. Fred From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG] On Behalf Of William Rentfrow Sent: Thursday, September 05, 2013 5:06 PM To: arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG Subject: How many escalation pools do you have...?
Re: Ha! Remedy Developer T-Shirts
I would hafta say that because that the 'current' first field ID :) On Fri, Sep 6, 2013 at 9:06 AM, John J Reiser john.j.rei...@lmco.comwrote: Might be showing my (Remedy) age hear but why 536870913 instead of 536870912. (before VUIs) That number will forever be burned into my brain as the first user defined field. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: OT: Prevent MT Login
My suggestion was neither. Use javascript to catch the user id in the submit of the midtier login.jsp page and redirect that user to an error page. Ken. Would it not work? Ken. From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Jason Miller Sent: Friday, September 06, 2013 4:19 PM To: arslist@ARSLIST.ORG Subject: Re: OT: Prevent MT Login ** I agree it it is either workflow or a BMC provided option baked into the product. On Fri, Sep 6, 2013 at 1:17 PM, Joe D'Souza jdso...@shyle.netmailto:jdso...@shyle.net wrote: ** Na.. those were beautiful! I wish I get to see them at least once again before I don't have to travel to Alaska no more.. My next trip is scheduled to be my last.. I like the DNS spoofing idea from Tauf - only that these days most IT employees are smart enough to realize what's happening, and if they have access to edit their own host file, could revert it back. I really don't think there is a fool proof non workflow mechanism that can't get in legal trouble to do what needs to be done. Workflow seems to be the safest bet. Joe From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG] On Behalf Of Jason Miller Sent: Friday, September 06, 2013 4:11 PM To: arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG Subject: Re: Prevent MT Login ** Wow Joe, wow 8-)I wonder if there is some radiation coming off the Aurora and soaking into your brain... On Fri, Sep 6, 2013 at 1:02 PM, Joe D'Souza jdso...@shyle.netmailto:jdso...@shyle.net wrote: PERFORM-APPLICATION-LOGOUT from the home page or any other page that the user might have access too if the $CLIEMT-TYPE$ = 9.. Why would you have such a requirement though when the future versions does not support access through the native User client? This is a workflow mechanism - it will be impossible to do it with a non workflow mechanism. Unless you are free to employ a security guard to stand besides that employee and beat the crap out of him if he tries to log in through the mid tier.. That would be a non workflow mechanism :) - primitive - but will work.. :) Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 3:59 PM To: arslist@ARSLIST.ORGmailto:arslist@ARSLIST.ORG Subject: Prevent MT Login Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerryR smartphone from !DEA ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.orghttp://www.arslist.org Where the Answers Are, and have been for 20 years _ARSlist: Where the Answers Are and have been for 20 years_ _ARSlist: Where the Answers Are and have been for 20 years_ _ARSlist: Where the Answers Are and have been for 20 years_ -- Confidentiality Requirement: This communication, including any attachment(s), may contain confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, you are hereby notified that you have received this communication in error and any unauthorized review, use, disclosure, dissemination, distribution or copying of it or its contents is strictly prohibited. If you have received this communication in error, please notify the sender immediately by telephone or e-mail and destroy all copies of this communication and any attachments. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: BMC Official License Management.
Hi, The write-token is not reserved for the user at login. It is reserved as soon as the user access any form tagged by BMC to belong to BMC:Incident Mgmt. If the user is directed directly to the Overview Console, the effect for all practical purposes would be what you describe - it is reserved immediately. I hear that this has been fixed as of version 8.1 :-) The same is true if the user access any other console that potentially shows a list of incidents. The license is released when the user logs out, OR when he/she has been inactive for the timeout period (2 hours default, minimum 1 hour). Inactive in this case means that the client/mid-tier has not accessed any of the forms belonging to BMC:Incident Mgmt. You might think that the write-token should not be reserved on a read/search in the forms. But this has actually been how Remedy has worked from the start. I would suggest that you upgrade to 8.1 if possible. If that is not possible, you might argue with your BMC sales rep that this should be considered a BUG, and to grant you additional licenses for free until it is fixed, or you have time to upgrade. Note that I have not heard of anyone doing this, it is just an idea. Best Regards - Misi, RRR AB, http://www.rrr.se (ARSList MVP 2011) Products from RRR Scandinavia (Best R.O.I. Award at WWRUG10/11/12): * RRR|License - Not enough Remedy licenses? Save money by optimizing. * RRR|Log - Performance issues or elusive bugs? Analyze your Remedy logs. Find these products, and many free tools and utilities, at http://rrr.se. Hi folks, i'd need of an official document by BMC that describe the licence management type of Remedy. in particulary BMC:Incident Mgmt User Floating. i.e. Bmc Remedy 7.1 1. when a user do login,the system checks the availability of license (checks Write Pool) if a license is available this is 'detached' (assigned to the user logged in)! 2. the release occurs at the time of logoff I hope i'm clear !!! Thanks in advance, Pietro ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Prevent MT Login
Seriously though, assuming the user is using a Widows OS, you can edit the HOST file and put a bogus IP address in for the web server DNS name. Make sure they either: 1: Don't see you doing it or 2: Don't have permissions to change it back. Sent from my iPhone On Sep 6, 2013, at 3:59 PM, SUBSCRIBE arslist Aditya Sharma heloits...@gmail.com wrote: Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerry® smartphone from !DEA ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Prevent MT Login
That is just an example.. Yes everything is password protected always. If I had an admin guy who knows one of the generic admin account present on the system and guy is now not part of organization, but he still can access the company URL through internet.. as the generic account may be used by several people at a time and those passwords may not be changed so frequently. May be too complex or have limitations for non-workflow implementation but this is a very genuine use case. Sent from my BlackBerry® smartphone from !DEA -Original Message- From: Joe D'Souza jdso...@shyle.net Sender: Action Request System discussion list(ARSList) arslist@ARSLIST.ORG Date: Fri, 6 Sep 2013 16:46:08 To: arslist@ARSLIST.ORG Reply-To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login First of all why is your Demo user not password protected? That's a bad bad thing.. No other user on your system except your admins should have admin access rights. Configure your system that no guest users are allowed to login - simple check box on the server information page.. Plus you can use any combination you are comfortable with on suggestions given on this thread.. Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 4:40 PM To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login For ex. User- Demo Is default admin account, not all thousands of user has access to dev studio or client tool in cloud world, but if somehow that account is left as it is and randomly some guy try to login to the URL with this and able to get in, no wonder there is an easy chance he can blow up configs and inturn the system if he want's ;) So just looking for all possible ways to prevent such situations. We do have workflow mechanism implemented, but non-workflow can make it more portable to add or remove such restrictions for multiple users easily. Thanks for all suggestions. Sent from my BlackBerryR smartphone from !DEA -Original Message- From: Joe D'Souza jdso...@shyle.net Sender: Action Request System discussion list(ARSList) arslist@ARSLIST.ORG Date: Fri, 6 Sep 2013 16:32:05 To: arslist@ARSLIST.ORG Reply-To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login Prevent guest logins.. Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 4:30 PM To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login Client tool I do not only refer to User Tool.. It can be dev studio, spoon client, import tool etc.. this solution if possible through a non-workflow mechanism can help in preventing unnecessary login through generic accounts over web URL which is available over internet.. Client tools access we can restrict through VPN or other ways. If there can be a mechanism to blacklist some accounts to login through web; This can be one of the major security requirements to make sure Admin accounts are not misused. Sent from my BlackBerryR smartphone from !DEA -Original Message- From: Joe D'Souza jdso...@shyle.net Sender: Action Request System discussion list(ARSList) arslist@ARSLIST.ORG Date: Fri, 6 Sep 2013 16:02:47 To: arslist@ARSLIST.ORG Reply-To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login PERFORM-APPLICATION-LOGOUT from the home page or any other page that the user might have access too if the $CLIEMT-TYPE$ = 9.. Why would you have such a requirement though when the future versions does not support access through the native User client? This is a workflow mechanism - it will be impossible to do it with a non workflow mechanism. Unless you are free to employ a security guard to stand besides that employee and beat the crap out of him if he tries to log in through the mid tier.. That would be a non workflow mechanism :) - primitive - but will work.. :) Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 3:59 PM To: arslist@ARSLIST.ORG Subject: Prevent MT Login Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerryR smartphone from !DEA ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at
Re: Prevent MT Login
Prevent guest logins.. Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 4:30 PM To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login Client tool I do not only refer to User Tool.. It can be dev studio, spoon client, import tool etc.. this solution if possible through a non-workflow mechanism can help in preventing unnecessary login through generic accounts over web URL which is available over internet.. Client tools access we can restrict through VPN or other ways. If there can be a mechanism to blacklist some accounts to login through web; This can be one of the major security requirements to make sure Admin accounts are not misused. Sent from my BlackBerryR smartphone from !DEA -Original Message- From: Joe D'Souza jdso...@shyle.net Sender: Action Request System discussion list(ARSList) arslist@ARSLIST.ORG Date: Fri, 6 Sep 2013 16:02:47 To: arslist@ARSLIST.ORG Reply-To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login PERFORM-APPLICATION-LOGOUT from the home page or any other page that the user might have access too if the $CLIEMT-TYPE$ = 9.. Why would you have such a requirement though when the future versions does not support access through the native User client? This is a workflow mechanism - it will be impossible to do it with a non workflow mechanism. Unless you are free to employ a security guard to stand besides that employee and beat the crap out of him if he tries to log in through the mid tier.. That would be a non workflow mechanism :) - primitive - but will work.. :) Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 3:59 PM To: arslist@ARSLIST.ORG Subject: Prevent MT Login Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerryR smartphone from !DEA ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Ha! Remedy Developer T-Shirts
damn *here* ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Prevent MT Login
Perform-action-exit-app is the better to use than just calling the logout page using the open url page.. I'm not sure it will actually do a logout by opening the logout page that way.. Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Pierson, Shawn Sent: Friday, September 06, 2013 4:34 PM To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login I could see this being useful for automation as well. For example, you create an account to integrate with a monitoring tool that uses the Remedy API to create Incidents, but you don't want the owner of that account to log in and manually use Remedy with that account. If you wanted to do a mean approach, you could probably just create an Active Link that is triggered On Display whenever they log in to the Remedy Home Page that checks for $USER$ = usernametoblock and do a Run Process of PERFORM-ACTION-OPEN-URL http://yourremedyserver/arsys/shared/logout.jsp; Thanks, Shawn Pierson Remedy Developer | Energy Transfer -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 3:30 PM To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login Client tool I do not only refer to User Tool.. It can be dev studio, spoon client, import tool etc.. this solution if possible through a non-workflow mechanism can help in preventing unnecessary login through generic accounts over web URL which is available over internet.. Client tools access we can restrict through VPN or other ways. If there can be a mechanism to blacklist some accounts to login through web; This can be one of the major security requirements to make sure Admin accounts are not misused. Sent from my BlackBerry(r) smartphone from !DEA -Original Message- From: Joe D'Souza jdso...@shyle.net Sender: Action Request System discussion list(ARSList) arslist@ARSLIST.ORG Date: Fri, 6 Sep 2013 16:02:47 To: arslist@ARSLIST.ORG Reply-To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login PERFORM-APPLICATION-LOGOUT from the home page or any other page that the user might have access too if the $CLIEMT-TYPE$ = 9.. Why would you have such a requirement though when the future versions does not support access through the native User client? This is a workflow mechanism - it will be impossible to do it with a non workflow mechanism. Unless you are free to employ a security guard to stand besides that employee and beat the crap out of him if he tries to log in through the mid tier.. That would be a non workflow mechanism :) - primitive - but will work.. :) Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 3:59 PM To: arslist@ARSLIST.ORG Subject: Prevent MT Login Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerryR smartphone from !DEA ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years Private and confidential as detailed here: http://www.energytransfer.com/mail_disclaimer.aspx . If you cannot access the link, please e-mail sender. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Ha! Remedy Developer T-Shirts
Or maybe, it was just one poor sole who thought that the field ID being 32 bits gives a maxint of about 2 billion so why not give Remedy about ¼ of that space and customers ¾ and then to say that OK, a way to do that is 2^29 since 2^31 is the total, that is about ¼ so let's go with that . Doug Mueller From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Jason Miller Sent: Friday, September 06, 2013 10:05 AM To: arslist@ARSLIST.ORG Subject: Re: Ha! Remedy Developer T-Shirts ** So I started to wonder why 536870912 at the beginning. Seems a bit of on odd first ID number. I wonder if it was because that is 512 megabits? Because it is 64 megabytes? There must be some kind of meaning. Engineer 1: Hey, we need a really large number for the first field ID in the customer range Engineer 2: What is 64 megabytes in bits? Engineer 1: 536870912 Engineer 1+2: Yeah, let's use that note: this is a reenactment of how it may have happened. It is possible Engineer 1 and 2 was the same person :) [cid:image001.png@01CEAAF0.B12F67B0] http://www.matisse.net/bitcalc/?input_amount=536%2C870%2C912+input_units=bitsnotation=legacy On Fri, Sep 6, 2013 at 8:16 AM, Longwing, Lj llongw...@usgs.govmailto:llongw...@usgs.gov wrote: ** I would hafta say that because that the 'current' first field ID :) On Fri, Sep 6, 2013 at 9:06 AM, John J Reiser john.j.rei...@lmco.commailto:john.j.rei...@lmco.com wrote: Might be showing my (Remedy) age hear but why 536870913 instead of 536870912. (before VUIs) That number will forever be burned into my brain as the first user defined field. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.orghttp://www.arslist.org Where the Answers Are, and have been for 20 years _ARSlist: Where the Answers Are and have been for 20 years_ _ARSlist: Where the Answers Are and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years inline: image001.png
Re: Friday Humor: Prevent MT Login
Alright, it looks like we are all ready for some free WWRUG13 drinks. On Fri, Sep 6, 2013 at 1:08 PM, Sanford, Claire claire.sanf...@memorialhermann.org wrote: Chop off his fingers? -Original Message- From: Action Request System discussion list(ARSList) [mailto: arslist@ARSLIST.ORG] On Behalf Of Joe D'Souza Sent: Friday, September 06, 2013 3:06 PM To: arslist@ARSLIST.ORG Subject: Re: Friday Humor: Prevent MT Login Oh ya that would work too.. I was thinking of slightly violent alternatvies :) Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Tauf Chowdhury Sent: Friday, September 06, 2013 4:04 PM To: arslist@ARSLIST.ORG Subject: Friday Humor: Prevent MT Login Hmm non workflow. Uninstall IE/Firefox/Chrome/Opera etc. That'll do it! Sent from my iPhone On Sep 6, 2013, at 3:59 PM, SUBSCRIBE arslist Aditya Sharma heloits...@gmail.com wrote: Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerryR smartphone from !DEA ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Prevent MT Login
I'm trying to work with the whole No Workflow thing! C'mon! Sent from my iPhone On Sep 6, 2013, at 4:14 PM, Jason Miller jason.mil...@gmail.com wrote: ** That would also break the MyIT Universal Client if they are supposed to be using it from their desktop (assuming Chrome is their browser). Also I can see that one going through CAB to get approval to push that down to x thousands of machines based on username. And then they just use their friends computer who is allowed access :) On Fri, Sep 6, 2013 at 1:10 PM, Tauf Chowdhury taufc...@gmail.com wrote: Seriously though, assuming the user is using a Widows OS, you can edit the HOST file and put a bogus IP address in for the web server DNS name. Make sure they either: 1: Don't see you doing it or 2: Don't have permissions to change it back. Sent from my iPhone On Sep 6, 2013, at 3:59 PM, SUBSCRIBE arslist Aditya Sharma heloits...@gmail.com wrote: Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerry® smartphone from !DEA ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years _ARSlist: Where the Answers Are and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Prevent MT Login
This is very true. We have a few integration service account where the those accounts should never login to any clients except web services. It would be nice to have a way of listing allowed client-types in the User record and having AR System enforce it natively. I haven't looked yet, does MyIT have its own $CLIENT-TYPE$? If it doesn't maybe it should. Jason On Fri, Sep 6, 2013 at 1:34 PM, Pierson, Shawn shawn.pier...@energytransfer.com wrote: I could see this being useful for automation as well. For example, you create an account to integrate with a monitoring tool that uses the Remedy API to create Incidents, but you don't want the owner of that account to log in and manually use Remedy with that account. If you wanted to do a mean approach, you could probably just create an Active Link that is triggered On Display whenever they log in to the Remedy Home Page that checks for $USER$ = usernametoblock and do a Run Process of PERFORM-ACTION-OPEN-URL http://yourremedyserver/arsys/shared/logout.jsp; Thanks, Shawn Pierson Remedy Developer | Energy Transfer -Original Message- From: Action Request System discussion list(ARSList) [mailto: arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 3:30 PM To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login Client tool I do not only refer to User Tool.. It can be dev studio, spoon client, import tool etc.. this solution if possible through a non-workflow mechanism can help in preventing unnecessary login through generic accounts over web URL which is available over internet.. Client tools access we can restrict through VPN or other ways. If there can be a mechanism to blacklist some accounts to login through web; This can be one of the major security requirements to make sure Admin accounts are not misused. Sent from my BlackBerry(r) smartphone from !DEA -Original Message- From: Joe D'Souza jdso...@shyle.net Sender: Action Request System discussion list(ARSList) arslist@ARSLIST.ORG Date: Fri, 6 Sep 2013 16:02:47 To: arslist@ARSLIST.ORG Reply-To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login PERFORM-APPLICATION-LOGOUT from the home page or any other page that the user might have access too if the $CLIEMT-TYPE$ = 9.. Why would you have such a requirement though when the future versions does not support access through the native User client? This is a workflow mechanism - it will be impossible to do it with a non workflow mechanism. Unless you are free to employ a security guard to stand besides that employee and beat the crap out of him if he tries to log in through the mid tier.. That would be a non workflow mechanism :) - primitive - but will work.. :) Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto: arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 3:59 PM To: arslist@ARSLIST.ORG Subject: Prevent MT Login Hi Listers, I have a requirement to prevent a particular user to be able login through mid tier but same user should be able to login to client tools. Has anyone implemented such requirement? What can be the best way to achieve this? Specifically looking for a non-workflow mechanism. Regards, Aditya Sent from my BlackBerryR smartphone from !DEA ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years Private and confidential as detailed here: http://www.energytransfer.com/mail_disclaimer.aspx . If you cannot access the link, please e-mail sender. ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org Where the Answers Are, and have been for 20 years
Re: Prevent MT Login
In a very security conscious environment the username of default admin account are usually changed and/or the account is disabled. In the Windows world I have heard of organizations renaming the 'Administrator' account so that is one less bit of info everybody knows about their environment. It might not be a bad idea to do the same thing with Demo. Now that installers use a special system account hopefully we will not have the dependency on Demo that we have had in the past. Jason On Fri, Sep 6, 2013 at 2:10 PM, Tauf Chowdhury taufc...@gmail.com wrote: I think you need to sit with your security people and lay out all of these concerns to see what you can come up with. A lot of what you are saying looks like its a process issue. For the example you just gave, you should either be disabling the generic admin Accts like Demo or change your process so that if a person with Admin access gets canned or leaves the organization, you need to change those passwords immediately as he/she is being walked out of the door or in their exit interview with HR. I know this scenario from working with a lot of short term consultants and it's handled by: 1: Not giving them all the keys to the castle if they don't need it (Demo pw etc...) 2: Disabling their access when they are done touching the system. 3: Implement a layer of security on top of your public domain address like a token authentication or passphrase. Sent from my iPhone On Sep 6, 2013, at 4:57 PM, SUBSCRIBE arslist Aditya Sharma heloits...@gmail.com wrote: That is just an example.. Yes everything is password protected always. If I had an admin guy who knows one of the generic admin account present on the system and guy is now not part of organization, but he still can access the company URL through internet.. as the generic account may be used by several people at a time and those passwords may not be changed so frequently. May be too complex or have limitations for non-workflow implementation but this is a very genuine use case. Sent from my BlackBerry® smartphone from !DEA -Original Message- From: Joe D'Souza jdso...@shyle.net Sender: Action Request System discussion list(ARSList) arslist@ARSLIST.ORG Date: Fri, 6 Sep 2013 16:46:08 To: arslist@ARSLIST.ORG Reply-To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login First of all why is your Demo user not password protected? That's a bad bad thing.. No other user on your system except your admins should have admin access rights. Configure your system that no guest users are allowed to login - simple check box on the server information page.. Plus you can use any combination you are comfortable with on suggestions given on this thread.. Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 4:40 PM To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login For ex. User- Demo Is default admin account, not all thousands of user has access to dev studio or client tool in cloud world, but if somehow that account is left as it is and randomly some guy try to login to the URL with this and able to get in, no wonder there is an easy chance he can blow up configs and inturn the system if he want's ;) So just looking for all possible ways to prevent such situations. We do have workflow mechanism implemented, but non-workflow can make it more portable to add or remove such restrictions for multiple users easily. Thanks for all suggestions. Sent from my BlackBerryR smartphone from !DEA -Original Message- From: Joe D'Souza jdso...@shyle.net Sender: Action Request System discussion list(ARSList) arslist@ARSLIST.ORG Date: Fri, 6 Sep 2013 16:32:05 To: arslist@ARSLIST.ORG Reply-To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login Prevent guest logins.. Joe -Original Message- From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of SUBSCRIBE arslist Aditya Sharma Sent: Friday, September 06, 2013 4:30 PM To: arslist@ARSLIST.ORG Subject: Re: Prevent MT Login Client tool I do not only refer to User Tool.. It can be dev studio, spoon client, import tool etc.. this solution if possible through a non-workflow mechanism can help in preventing unnecessary login through generic accounts over web URL which is available over internet.. Client tools access we can restrict through VPN or other ways. If there can be a mechanism to blacklist some accounts to login through web; This can be one of the major security requirements to make sure Admin accounts are not misused. Sent from my BlackBerryR smartphone from !DEA -Original Message- From: Joe D'Souza jdso...@shyle.net
