Solved: ACS 5.1 default setting

achen2000 · ‎10-06-2011

Does anyone know if the following setting is a shipping default in the ACS 5.1? thanks

In the Access Policies ->Network Device Admin -> Identity -> Advanced Options, the If user not found was set to “Continue” .

jrabinow · ‎10-06-2011

It is not. By default upon installation the setting for this is Reject

When new rules are added to an identity policy the setting is similarly set to Reject. In order to change this need to expand the Advanced Options and choose your desired setting

View solution in original post

jrabinow · ‎10-06-2011

The best you can do is the following

- Go to "Launch Monitoring & Report Viewer" and then select "Monitoring & Reports > Reports > Catalog > ACS Instance"

- Select radio button and then Run->Qery and Run

- In object type enter "Access Service" and in Object Name set to "Default Device Admin"

You will be able to see who made and changes and when. Note it does not give the details of the specific change since policy is a complex data object with multiple rules, ordering etc

View solution in original post

jrabinow · ‎10-06-2011

Do the following:

- Go to "Launch Monitoring & Report Viewer"

- in navigation select "Monitoring & Reports > Reports > Catalog > ACS Instance"

- Select radio button next to "ACS_Configuration_Audit" and in bottom left select arrow on button called "Run" and then "Query and Run" option

- In object type enter "Access Service" and in Object Name set to "Default Device Admin" and then select "Run"

View solution in original post

jrabinow · ‎10-06-2011

It is not. By default upon installation the setting for this is Reject

When new rules are added to an identity policy the setting is similarly set to Reject. In order to change this need to expand the Advanced Options and choose your desired setting

achen2000 · ‎10-06-2011

Thank you very much jrabinow.!!

Then I'm curious to know whether I can find when the setting was changed? and by whom?

jrabinow · ‎10-06-2011

The best you can do is the following

- Go to "Launch Monitoring & Report Viewer" and then select "Monitoring & Reports > Reports > Catalog > ACS Instance"

- Select radio button and then Run->Qery and Run

- In object type enter "Access Service" and in Object Name set to "Default Device Admin"

You will be able to see who made and changes and when. Note it does not give the details of the specific change since policy is a complex data object with multiple rules, ordering etc

achen2000 · ‎10-06-2011

- Select radio button and then Run->Qery and Run

Which radio button should I select? anyone? or the ACS_Configuration_Audit?

Thanks again.

BTW, I did run a report on the ACS_Configuration_Audit but couldn't see anything except my change which was made this morning. I'm assuming the default was set to "Continue"..

jrabinow · ‎10-06-2011

Do the following:

- Go to "Launch Monitoring & Report Viewer"

- in navigation select "Monitoring & Reports > Reports > Catalog > ACS Instance"

- Select radio button next to "ACS_Configuration_Audit" and in bottom left select arrow on button called "Run" and then "Query and Run" option

- In object type enter "Access Service" and in Object Name set to "Default Device Admin" and then select "Run"

achen2000 · ‎10-06-2011

Yes, that's what I need. Thanks a lot for your help.