https://community.cisco.com/t5/network-access-control/nvram-startup-config-security/m-p/1506054#M321107 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Here are some links for command authorization which might be helpful for you:-</P><P></P><H2 class="title-page"><SPAN style="font-size: 10pt;">ACS Shell Command Authorization Sets on IOS and ASA/PIX/FWSM Configuration Example</SPAN></H2><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml">http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml</A></P><P></P><P><SPAN class="content"></SPAN></P><H3 class="p_H_Head2"><SPAN style="font-size: 10pt;">Configuring Command Authorization on ASA:-</SPAN></H3><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/access_management.html#wp1042034">http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/access_management.html#wp1042034</A></P><P></P><P><STRONG>Configuring Command authorization on router:-</STRONG></P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800946a3.shtml#t1">http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800946a3.shtml#t1</A></P><P></P><P>Thanks,</P><P></P><P>Shilpa</P></BODY></HTML> Mon, 04 Oct 2010 16:06:14 GMT Shilpa Gupta 2010-10-04T16:06:14Z https://community.cisco.com/t5/network-access-control/nvram-startup-config-security/m-p/1506052#M321105 <P>How can i prevent a user from writing to the startup-config?</P> Mon, 11 Mar 2019 00:27:44 GMT https://community.cisco.com/t5/network-access-control/nvram-startup-config-security/m-p/1506052#M321105 aquadisco 2019-03-11T00:27:44Z https://community.cisco.com/t5/network-access-control/nvram-startup-config-security/m-p/1506053#M321106 <HTML><HEAD></HEAD><BODY><P>Using command authorization and denying that user the execution of "copy running-config startup-config" (and other variations of same, i.e. "write memory", etc)</P></BODY></HTML> Mon, 04 Oct 2010 15:55:57 GMT https://community.cisco.com/t5/network-access-control/nvram-startup-config-security/m-p/1506053#M321106 Javier Henderson 2010-10-04T15:55:57Z https://community.cisco.com/t5/network-access-control/nvram-startup-config-security/m-p/1506054#M321107 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Here are some links for command authorization which might be helpful for you:-</P><P></P><H2 class="title-page"><SPAN style="font-size: 10pt;">ACS Shell Command Authorization Sets on IOS and ASA/PIX/FWSM Configuration Example</SPAN></H2><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml">http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00808d9138.shtml</A></P><P></P><P><SPAN class="content"></SPAN></P><H3 class="p_H_Head2"><SPAN style="font-size: 10pt;">Configuring Command Authorization on ASA:-</SPAN></H3><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/access_management.html#wp1042034">http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/access_management.html#wp1042034</A></P><P></P><P><STRONG>Configuring Command authorization on router:-</STRONG></P><P></P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800946a3.shtml#t1">http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00800946a3.shtml#t1</A></P><P></P><P>Thanks,</P><P></P><P>Shilpa</P></BODY></HTML> Mon, 04 Oct 2010 16:06:14 GMT https://community.cisco.com/t5/network-access-control/nvram-startup-config-security/m-p/1506054#M321107 Shilpa Gupta 2010-10-04T16:06:14Z https://community.cisco.com/t5/network-access-control/nvram-startup-config-security/m-p/1506055#M321108 <HTML><HEAD></HEAD><BODY><P>Good comments so far, but i need a little more hand holding as some of the options don't seem to be available on my configuration.&nbsp; Is this approach dependent on a TACACS server?</P><P></P><P>Here is some background information that i should have supplied originally.</P><P></P><UL><LI>Using 2811 router with Advanced Enterprises Services IOS</LI><LI>Would like to restrict users from changing the startup-config without use of the external AAA systems (TACACS, etc).</LI></UL><P></P><P>Thanks!</P></BODY></HTML> Mon, 04 Oct 2010 20:09:44 GMT https://community.cisco.com/t5/network-access-control/nvram-startup-config-security/m-p/1506055#M321108 aquadisco 2010-10-04T20:09:44Z