Quick Mac Tip: Disabling download warning prompt

by dimikagi

I’ve converted over to using a Mac full-time for work, and its not been without its challenges.  But one of the most annoying things is when I download something, and then go to open it, I get prompted as to whether I actually want to open.  This smacks of Window’s UAC which is one thing I was glad to leave behind in the conversion.  Thankfully, through a lot of searching, I was able to find this solution.  Create a text file with the following text:

<!DOCTYPE plist PUBLIC “-//Apple//DTD PLIST 1.0//EN”
“http://www.apple.com/DTDs/PropertyList-1.0.dtd”>
<plist version=”1.0?>
<dict>
<key>LSRiskCategoryNeutral</key>
<dict>
<key>LSRiskCategoryContentTypes</key>
<array>
<string>public.item</string>
</array>
</dict>
</dict>
</plist>

Now, simply put the file in ~/Library/Preferences/com.apple.DownloadAssessment.plist .  This is a user-specific setting, so the ~ indicates the user’s home folder.  Every user will need this file in their preferences if they don’t want this behavior.

Will this make your machine more ‘insecure?’  Absolutely, so be sure to know what you’re doing by choosing this option.  And if you do it, and are not satisfied, its on you – I take no responsibility for you downloading some malware.

{ Comments on this entry are closed }

The Politics of IDM

by dimikagi

(this post was originally started on 21st Oct 2009 whilst I was still in the UK).

I’m heading home from a good client meeting about my company’s AD Bridge product (QAS – pronounced Vintela) and am still surprised at the politics involved in IDM, even after everyone has agreed something needs to be done for audit/compliance reasons and the product is fit for purpose. My colleagues and I were there to help with technical and commercial questions but there’s nothing we do for the politics.

Unix Engineering, AD Architecture, InfoSec, End-User Services and the PMO were well represented and from all regions.  And I think that’s the big problem with IDM in general.  This is a common scenario, and I often have 3-5 different groups represented in my meetings. Having worked in Dev, DB, Infrastructure, Support and other IT functions, I’ve never gotten involved in anything that included all these groups at once.  Usually, some group was left out, which made things easier.  But with IDM, everyone is involved and stays engaged throughout the project.

And, of course, each group wants the project to succeed but everyone also realised that territories were getting re-arranged. So each lobbied for things to make their part easier or better. On the one hand, I can see every person’s position having done all of those jobs in the past. But if I were an exec, I’d try to figure out a way to have more cooperation and less posturing.  When it comes to IT processes, an IDM project is going to quickly uncover everyone’s motives and show the unlying politics which may seem dormant or non-existent with other projects.

And so it goes . . . with all large projects, its the people, and not the process or tools, that complicate things.

As an aside, when I managed folks and a re-org was needed, I’ve often (half jokingly) asked who would you put where if you “fired” everyone and started over. Not for real, of course, and you can have all the same people, but would you put them in different roles? Would you let anyone go?  Are there any roles that are missing?  What about necessary people in unnecessary roles?

{ Comments on this entry are closed }

Porn, the pop-under and innovation

by dimikagi

A long time, when dotcoms rules the land, I was a Dev Manager for www.eTour.com (don’t bother following the link – they’re gone). In those days, we were still trying to introduce people to the web and there was a buzz in the industry that I hadn’t seen before or since. And one that will probably never occur again.

Well, one of the funniest, yet instructional moments came during our death throes. The conversation with the Product Manager went something like this:

Brian: Dmitry, check this out – we need to do this one the site.

Dmitry (walking over): BC, put that site away – this is the workplace – go look at that stuff at home.

BC: no, look at this (closes browser window). See that? There’s another window under it.

DK: yeah, ok. A porn site with pop-ups – what’s your point?

BC: No – check it out.  They manage to put the pop-up under the main window.  Watch again.

DK: OK – I see.  Definitely interesting . . . send me the URL and we’ll figure it out.

Plain and simple, they came up with the ‘pop under’ which was much less obnoxious than the ‘pop-up’ that was so prevalent at the time.  I then had to go to one of our (female) developers and ask her to reverse engineer how it was done.  It turns out it was a simple call to a window.blur() function.

Its interesting that porn (followed by gambling) lead innovation in terms of technology.  It certainly was the only thing making money at the time of the dotcom meltdown and a lot of the things you now see with streaming video (a la YouTube) was not developed by Google or some other well-known company, but by those in the ‘seedy part’ of the internet.

What does this have to do with ‘Identity Management?’ I’m not sure, but I’m willing to bet they will continue to innovate, and it will have some sort of impact on the rest of the computing field.

{ Comments on this entry are closed }

SSO Adventures in Luxembourg

by dimikagi

I spent the better part of a week in October in Luxembourg, and most of this post was written on October 21st, 2009.  However, its been sitting in my Drafts queue this whole time.

In any case, it was about what I expected.  It was a cute little city/country nestled inside of Europe with a good mix of people from various other countries.  The one thing that did truly surprise me was a Greek developer name Michael P.  What surprised me most was that he was able to take Quest VSJ and get it running in about 30 minutes, with minimal instructions, and having a machine on a different domain, with no DNS resolution to the AD domain where VSJ was installed.

Now, I should point out that Barry G and I have gone out of our way to make VSJ accessible to customers trying it out the first time, but its still a hard product for developers to truly ‘grok.’  And the product itself is not difficult but the whole notion of ‘Java using Microsoft for authentication and authorisation’ seems to really trouble some people.  Even though its really a code library, like many others, and is often used as a servlet filter, like many others, developers get really hung up with the fact that its working with Active Directory.  Its some sort of stumbling block for them, even though it behaves like any other piece of Java code.

But Mike just nodded when I told him it was a servlet filter, and grabbed the USB stick from me with the binaries.  One of a few developers I’ve met in a long time that didn’t subscribe to any sort of ‘religion.’

Within 10 minutes, he came back saying he was getting licensing errors!  Perfect – it was ‘as expected’ as I forgot to give him a file called vsj-license.jar and he disappeared when I did.  About 5 minutes after that, he came back with ‘access denied’ error messages, which meant that he installed it, and it was behaving ‘as expected.’

Some things Mike saw when he first tried to log in turn into good tips to keep in mind if you’re actually deploying or testing VSJ:

  • Kerberos didn’t work, which was expected, so he failed to login.  This was not a surprise, as VSJ defaults to leaving NTLM and Basic Auth turned off.  Good settings for a production environment, but one that trips people up when they first using VSJ in a development and test environment.  So he checked the vsj.properties file and turned both options on for testing.
  • Internet Explorer is an abysmal browser.  Once it starts doing something (like NTLM) there is no way to get it to stop.  Even turning NTLM off in the servlet filter doesn’t stop it from trying.  Nothing short of a reboot stops it from behaving this way.  So we enabled SP-NEGO in Firefox and continued on.  We also turned off NTLM, but left Basic Auth on, which then has the servlet filter requesting the Kerberos ticket on the user’s behalf.
  • Mike P was not in the test domain, so Kerberos would never work for him off his machine.  Unless . . . he used the “runas” command.  But even runas doesn’t work well off machines that are on another domain.  However, we used the “runas /netonly” command which gets past that.
  • Finally, we did reconfigure Mike’s machine to use the test domain’s DNS.  There is no way to do proper Kerberos without good name resolution, and we needed to get host and SRV records to get a ticket onto Mike’s machine.

There are definitely a lot more things to keep in mind when working with VSJ.  If you do need help, check out these forums or call your Quest rep to get you in touch with some knowledgable people.

{ Comments on this entry are closed }

Oracle Database Users and Quest ActiveRoles Server

by dimikagi

One thing that has come up a lot recently is how to provision Oracle DB users from ActiveRoles Server.  Oracle DB users are not very hard to create but most people using ARS have little to no experience with managing DB users.  And, unlike applications, DB users can’t simply be inserted into a table as tables like SYSUSER may have dependencies to other parts of the DB.

There are a lot of different ways to do this, but below is an outline of something I wrote almost 2 years ago, and is still applicable today.  Note: this is all in VB Script and is compatible with any version of ARS 6.x.  It may even work with 5.x.  I do have plans on converting this to PowerShell for use in 6.5, but this ought to be enough to get you moving.

Start off with a script library called “DB Code.”   The idea is to have all the connection and DB execution code in one place, and then decide which DB code (the actual SQL commands) gets called into the ARS event handlers.  Here is that code with a hard-coded connection string.

Option Explicit

' ************************************************************
' This function executes any SQL command sent to it against
' the Oracle DB
' ************************************************************
Function ExecuteSQLScript(p_sSQLToExecute)
 Dim oFS
 Dim oFSFile
 Dim strConnectionString
 Dim oConnection
 Dim oCmd

 Const cnstCommand = 1 'Command type - 1 is for standard query
 Const ForReading = 1
 Const ForWriting = 2
 Const ForAppending = 8

 ' sample connection string from www.connectionstrings.com
 ' Driver={Microsoft ODBC For Oracle};Server=myServerAddress;Uid=myUsername;Pwd=myPassword;

 ' connection string - only server name and DB name should change
 strConnectionString = "Driver={Microsoft ODBC for Oracle};Server=OraDB1;Uid=SYSTEM;Pwd=Password1;"

' uncomment next 3 lines for debugging
 On Error Resume Next
 Set oFS = CreateObject("Scripting.FileSystemObject")
 Set oFSFile = oFS.OpenTextFile("C:\\Log.txt", ForAppending , False) 

 ' connect to oracle db
 Set oConnection = CreateObject("ADODB.Connection") 

 'Open connection using ConectionString
 oConnection.Open strConnectionString 

 Set oCmd = CreateObject("ADODB.Command")

 ' prepare SQL Statement

 ' create the user to be external
 oCmd.CommandText = p_sSQLToExecute
 oCmd.CommandType = cnstCommand
 oCmd.ActiveConnection = oConnection
 oCmd.Execute

 ' uncomment next line for debugging and put them right where you think the error is happening
 oFSFile.WriteLine(p_sSQLToExecute & " *** Error: " & Err.Number & " " & Err.Description)

 ' close the connection and disconnect from oracle db
 Set oCmd = Nothing

 oConnection.Close
 Set oConnection = Nothing

' uncomment next 3 lines for debugging
 oFSFile.Close
 Set oFSFile = Nothing
 Set oFS = Nothing
End Function

Note that I’ve got some debugging coded in there, and this will write every SQL command sent to a file called c:\Log.txt.  You may wish to turn this off in production.  Also, this script is meant to go into “Script Modules/QSC Scripts” and is called “DB Code”.  If you alter any of this, you’ll need to change the objLib references below.

Next, you simply create some script policies that have event handlers which will execute this code.  My suggestion is to use the OnPost set of events so that if something happens, the rest of the action can continue. The first bit of sample code is for creating the account in Oracle.  Now, keep in mind that creating a user doesn’t do anything until you GRANT the user some rights.  So its OK to create users since they cannot connect up and do anything just yet.

Option Explicit

Sub onPostCreate(Request)
 Dim strsAMAccountName
 Dim strExecuteSQL
 Dim strTitle
 Dim objLib

 Set objLib = ScriptLib.Load("Script Modules/QSC Scripts/DB Code")

 Request.GetInfo
 strsAMAccountName = UCase(Request.Get("samaccountname"))
 strTitle = UCase(Request.Get("title"))

 ' if this change is not for a user, get out
 If (LCase(Request.Class) <> LCase("user")) Then Exit Sub    

 ' prepare SQL Statement

 ' write the new account into the table
 strExecuteSQL = " CREATE USER " & strsAMAccountName & " IDENTIFIED BY Password1 "

 Call objLib.ExecuteSQLScript(strExecuteSQL)

 'grant access if the new account is a production dba
 If strTitle = "PRODUCTION DBA" Then
 strExecuteSQL = " GRANT CONNECT TO " & strsAMAccountName & " "
 Call objLib.ExecuteSQLScript(strExecuteSQL)
 End If 

End Sub

Next, we have an example that shows a simple grant/revoke command based on someone’s job title (if the user is a Production DBA he gets connect access while anyone else is revoked).

Option Explicit

Sub onPostModify(Request)
 Dim strsAMAccountName
 Dim strExecuteSQL
 Dim objLib
 Dim strTitle

 Set objLib = ScriptLib.Load("Script Modules/QSC Scripts/DB Code")

 Dim objObj
 On Error Resume Next
 If (DirObj Is Nothing) Then
    Set objObj = Request
 Else
    Set objObj = DirObj
 End If
 On Error GoTo 0

 ' if this change is not for a user, get out
 If (LCase(objObj.Class) <> LCase("user")) Then Exit Sub    

 strsAMAccountName = UCase(objObj.Get("samaccountname"))
 strTitle = UCase(objObj.Get("title"))
 strEmpStatus = UCase(objObj.Get("edsvaEmpStatus"))

 ' prepare SQL Statement

 ' If you are DBA you should have connect rights
 If strTitle = "PRODUCTION DBA" Then
 ' write the new account into the table
 strExecuteSQL = " GRANT CONNECT TO " & strsAMAccountName & " IDENTIFIED BY Password1"

 Else
 ' delete the account from the table
 strExecuteSQL = " REVOKE CONNECT FROM """ & strsAMAccountName & " "
 End If

 Call objLib.ExecuteSQLScript(strExecuteSQL)

 If strEmpStatus = "TERMINATED" Then
 objObj.Put "edsvaDeprovisionType", 1
 objObj.SetInfo
 End If

End Sub

Finally, here’s an example of what you can do when someone is deprovisioned:

Option Explicit

Sub onPreDeprovision(Request)
 Dim strsAMAccountName
 Dim strExecuteSQL
 Dim objLib

 Set objLib = ScriptLib.Load("Script Modules/QSC Scripts/DB Code")

 ' if this change is not for a user, get out
 If (LCase(DirObj.Class) <> LCase("user")) Then Exit Sub    

 strsAMAccountName = UCase(DirObj.Get("samaccountname"))

 ' prepare SQL Statement

 ' delete the account from the table
 strExecuteSQL = " DROP USER " & strsAMAccountName & "" & " CASCADE "

 Call objLib.ExecuteSQLScript(strExecuteSQL)
End Sub

At the end of it all, all I’m doing is calling SQL statements that a DBA would use in creating and managing users within Oracle.  This same approach will actually work with MySQL, SQL Server, DB2 and most other RDBMS provided the correct syntax.  And, for example, if you want to get really clever, you could create AD groups that are analogous to Oracle Roles, like SYSDBA,

I would suggest you be careful with that last one as the CASCADE part of the command will drop any objects owned by the user within Oracle, and you could lose data.  Be sure to talk to the Oracle DBAs first, and walk them through what you’re doing.  And, as always, this post is made available with no guarantees, assurances, promises or commitments.  Your mileage may vary, and you really should contact Quest Professional Services if you need assistance with ActiveRoles Server.

{ Comments on this entry are closed }

Granular Delegation with Quest ActiveRoles Server

by dimikagi

I spent some time with a manufacturing client this week, and did quite a bit of hands on work with ActiveRoles Server.  The guy I worked with was quite good, “grokked” exactly how the product worked, and all the features it had.  However, there’s quite a lot there, and if you don’t spend your time in it day in and day out, you’ll probably forget some key points.  At the time, I made a note that I need to record some additional videos to show some of the functionality we reviewed.  This would help him later on as a refresher without having to schedule myself or someone else to walk him through it again.

Of course, when I think to do these things, other tasks take over, and I never get to them.  However, as luck would have it, I got an internal email on the way home.  The email was asking for help with showing granular delegation through QARS.  So here is my 6 minute, really quick and off-the-cuff recording (this one has audio).  Enjoy:

https://www.idmwizard.com/quest/QARS6.1GranularDelegation/QARS6.1GranularDelegation.html

Hopefully, I’ll be able to find the time to post more of these recordings . . . or coerce someone else into doing a few as well.

{ Comments on this entry are closed }

Unique user IDs or account names

by dimikagi

I had a client a long time ago (in 2007) ask if they can have a way to never re-use an account name.  They were looking at Quest ActiveRoles Server (google for it), and this was a key requirement.  Well, this would be very easy to do with the built-in policies if they kept their disabled users around.  However, they didn’t want to clutter AD with similar account names, and disabled accounts.  Which meant that QARS wouldn’t be able to check AD for uniqueness as the accounts would be wiped out.  I initially suggested they use an ADAM (now called AD LDS) store for this, and have AD include it in the scope.  However, but they thought it was too cumbersome for this task (and, honestly, it was).

So I had to come up with a scripted solution to get past this hurdle and still provide them a way to create unique names into perpetuity without leaving objects in AD or ADAM.  This question has come up again internally, so I thought it would make sense to publish this to the rest of the world for future reference. First is a recording of how to install the bits and show you how it works.  The short version is that it:

a. creates a table in the QARS database to keep track of every user name created as the account is being provisioned.
b. it installs a policy that checks the table from part (a) and generates a new user name based on the previous names in the DB.

The way the script is written (and this is what the client wanted), they wanted to create a user with first name, then last initial.  If that was taken, use the next 2 letters, 3 letters, and so on.  At some point, you run out of options, and have to resort to numbering.  Obviously, the script needs to be modified to meet your needs, and there are some great Professional Services people at Quest to help if you need it, but perhaps this sample is enough.

This post, as with all others, implies no warranty, and I do NOT support this solution (unless you wish to pay me) and is posted as an example of what is possible with Quest ActiveRoles Server.  If you have questions, please contact your Quest account manager about what support options are available.

Now . . . without further ado, here are the links you want.  First, here is a recorded video of the installation and usage:

https://www.idmwizard.com/quest//UniqueUserID/index.html

And here is the zip file shown in the video (albeit renamed – but you should be able to figure it out):
https://www.idmwizard.com/quest/UniqueUserID/UniqueUserID_policy.zip

Cheers,
Dmitry

(note: edited 2009-09-22 – changed some text and updated links to open in new windows and work properly).

{ Comments on this entry are closed }

Scripting Mac OS X installs

by dimikagi

With the release of VAS 3.5 last year, there’s been a marked increase in Mac interest and activity for me.  One thing I had to do whilst on-site with an Italian client was give them a way to deploy VAS to 300+ Macs without visiting each machine.  Basically, they needed a scripted way to install an mpkg or dmg file onto the Mac.  In the unix and linux world, this is pretty common.  All of the major vendors have clear documentation on how to do this.

However, Apple’s approach is always through the GUI.  And finding an example on how to do this from the command line took quite some time.  So to save someone the trouble in the future, here is the script I sent over to the client.  Since writing it in March, I’ve had at least a half dozen requests for it inside of Quest, so it made sense to put this out there publicly.  And while this one is specific to VAS (extra bonus if you’re running VAS on Mac), it should work for most Mac packages, and should only require a minor tweaking.

Note: the only requirement is that some sort of remote login option be available – there’s simply no point to using this script if you’re going to sit in front of a Mac inside the terminal window.  The way to do this is to enable ‘Remote Login,’ which is off by default, and that will enable ssh on the mac so you can connect to it with something like Putty.

As an added bonus, here’s a 6 minute video showing this being done: https://www.idmwizard.com/quest/vas35_mac_install_manual/index.html

########################################################################
# install the mac client using the command line
# first, mount the dmg file
hdiutil attach /<somelocation>/VAS-3.5.0.33.dmg

# that should create a new volume which we can cd to
cd /Volumes/VAS-Installer 
# this is the actual install of VAS onto the machine
sudo /usr/sbin/installer -pkg VAS.mpkg/ -target / 
# install is done, so we can now unmount the dmg - change directories first, though!
cd /opt/quest/bin
hdiutil detach /Volumes/VAS-Installer 
# join the machine to the AD domain
# sudo /opt/quest/bin/vastool -u <aduser> join -c "ou=apple,ou=xxx,ou=yyyy,dc=root,dc=dom" root.dom 
# better yet, join the machine with a pre-created account
# HOST=`hostname | awk -F. '{print $1}'`; /opt/quest/bin/vastool -u host/ -w $HOST join -f -n ${HOST}.root.dom root.dom
# update DNS record in AD (DDNS is in the VAS package install)
# but if your mac is not using dhcp, I don't think this is run
sudo /opt/quest/sbin/dnsupdate <IP> 
# since macs are 'personal'
# there's usually 1 user on the machine - and you probably already have
# 1 AD user ready to use
# so copy the default user to the new AD user
# (this may take some time depending on the folder size)
sudo cp -R /Users/<localuser> /Users/<ADUser>
# reown all the files to the AD users (<ADGroup> can also be a local group)
sudo chown -R <ADUser>:<ADGroup> /Users/<ADUser> 
# later, when everyone is happy, and it is all working, run this to get rid of the local user profile
sudo rm -rf /Users/<localuser>

{ Comments on this entry are closed }

Quick One Liner – Add all unregistered GPOs to GPM

by dimikagi

I found this rattling around in my email from July 16th.  Its a quick 1 liner to add every unregistered GPO into GPM:

foreach($unregObj in ($VCManager.GetGpos($VCManager.GetDomainNames())  |
   Where-Object -FilterScript {$_.Registered -eq $False} ))
   {$VCManager.Register("00000000-0000-0000-0000-000000000000", $unregObj,
   "Registering automatically via PoSh script", 1.0);}

You do need to prefix this with something like:

& 'C:\Program Files\Quest Software\Quest Group Policy Manager\QGPMInit.ps1' -computerName localhost -portNumber 40200

but that’s what happens when there’s no PoSh cmdlets available. Hope it helps . . .

{ Comments on this entry are closed }

Demo: Additional Demos

by dimikagi

Here’s a list of some other recorded demos that are currently residing on www.idmwizard.com, but tucked away.  Instead of keeping the links to myself, I figured it would be easier to post them all up.  Most do not have audio so don’t be alarmed.  Enjoy.

First, some Defender demos – there is no audio on these and the titles should be self explanatory:

Defender
https://www.idmwizard.com/quest/Defender/1_Initial_Installation/index.html
https://www.idmwizard.com/quest/Defender/2_Server_and_Token_Licensing/index.html
https://www.idmwizard.com/quest/Defender/3_Initial_Setup/index.html
https://www.idmwizard.com/quest/Defender/4_Admin_Token_Assignment/index.html
https://www.idmwizard.com/quest/Defender/5_Reporting_Installation/index.html
https://www.idmwizard.com/quest/Defender/6_Self_Service_Site_Installation/index.html
https://www.idmwizard.com/quest/Defender/7_User_Self_Service_Token_Assignment/index.html
https://www.idmwizard.com/quest/Defender/8_User_Radius_Login/index.html
https://www.idmwizard.com/quest/Defender/9_Defender_User_and_Authentication_Reporting/index.html
https://www.idmwizard.com/quest/Defender/10_Desktop_Token_Installation/index.html
https://www.idmwizard.com/quest/Defender/11_Desktop_Token_User_Activation/index.html
https://www.idmwizard.com/quest/Defender/12_Desktop_Token_Usage/index.html
https://www.idmwizard.com/quest/Defender/13_GINA_Installation_and_Logon/index.html
https://www.idmwizard.com/quest/DefenderDesktopToken/index.html

Next, are some demos of Quest’s ESSO product.  The first one is pretty quick, and has no audio:
https://www.idmwizard.com/quest/esso_personal_gmail/index.html

This next one shows integration between Quest’s ESSO, and the ActiveRoles Server Quick Connect module where a user is created from a CSV file and then the same user logs into Windows, registers with ESSO and is able to get SSO to the app afterwards:
https://www.idmwizard.com/quest/QARS-QC-and-ESSO/QARS-QC-and-ESSO.html

There are then a bunch of VAS videos, again with no audio:
https://www.idmwizard.com/quest/vas/vas35-01-preflight/index.html
https://www.idmwizard.com/quest/vas/vas35-02-install_and_join/index.html
https://www.idmwizard.com/quest/vas/vas35-03-installation_of_quest_ssh_and_getting_sso_through_it/index.html
https://www.idmwizard.com/quest/vas/vas35-04-unix_enable_user_and_group-password_change-sso_via_ssh/index.html
https://www.idmwizard.com/quest/vas/vas35-05-sudo_group_policy_usage_and_config/index.html
https://www.idmwizard.com/quest/vas/vas35-06-file_copy_policy_with_replacement_macro/index.html
https://www.idmwizard.com/quest/vas/vas35-07-access_controls_via_user_files/index.html
https://www.idmwizard.com/quest/vas/vas35-08-access_controls_via_windows_group_policy/index.html
https://www.idmwizard.com/quest/vas/vas35-09-self_enrollment-automatic_local_to_AD_mapping/index.html
https://www.idmwizard.com/quest/vas/vas35-10-installing_vasyp_proxy-getting_yp_maps_from_AD/index.html
https://www.idmwizard.com/quest/vas/vas35-11-using_the_nis_editor/index.html
https://www.idmwizard.com/quest/vas/vas35-12-importing_a_new_nis_map_via_windows/index.html
https://www.idmwizard.com/quest/vas/vas35-13-importing_a_new_nis_map_via_unix_nisedit/index.html
https://www.idmwizard.com/quest/vas/vas35-14-importing_and_enabling_users_with_vastool_load/index.html

People often have questions on what the VAS install looks like on the mac – here are 2 videos of that:
https://www.idmwizard.com/quest/vas35_mac_install/index.html
https://www.idmwizard.com/quest/vas35_mac_install_manual/index.html

Here is VAS’ self-enrollment feature on Solaris 10:
https://www.idmwizard.com/quest/Sol10-VASSelfEnrollment/Sol10-VASSelfEnrollment.html

Barry G also did some recordings for the Java Single Sign-On Product, VSJ here:
https://www.idmwizard.com/quest/vsj/index.html
https://www.idmwizard.com/quest/VSJ-ADFSFlash/VSJ-ADFS/index.html
https://www.idmwizard.com/quest/vsj_PetStore/index.html

(I particularly like Petstore since it was my idea – 😀 )

Paul H recorded a really slick (but poor in audio) demo of using Quest InSync to reset a Lotus Notes password (including the notes.id file!):

https://www.idmwizard.com/quest/NotesQPMandInSync.avi

Finally, there’s a pretty long (30 minute) video of configuring Webthority with a fictitious site called ‘SkySurf.’  This was done for internal consultants, but may be helpful if you’re looking to see how to configure Webthority:
https://www.idmwizard.com/quest/WebthoritySkySurf/index.html

{ Comments on this entry are closed }

← Previous Entries

Next Entries →