When trying to connect to a Firepower 1010 ASDM I was met with this;
“Cisco ASDM-IDM.app” cannot be opened because the developer cannot be verified.
macOS cannot verify that this ap is free from malware
Solution
If you’ve spent much time using macOS then this is quite common, Open System Preferences > Security and Privacy > General tab > You will see a warning about the Cisco ASDM-IDM > Click ‘Open Anyway‘.
If you are prompted again simply click ‘Open‘.
Related Articles, References, Credits, or External Links
Yesterday I wrote a post about Deploying a ‘Mapped’ Drive to a couple of users using Group Policy. This received a comment that was basically ‘Why not simply use Client Targeting?’ To be fair that’s a good point, I was using a Group Policy Preference and they can be specifically targeted. So here’s how to do that.
Solution
If you do not already have one, create a group for your users.
Add the users, (as appropriate).
On a Domain Controller > Administrative Groups > Locate the OU that contains your users (Note: if your users are in multiple OU’s, then after you have created the policy simply ‘Link‘ it to the applicable OUs).
Edit the policy.
User Configuration > Preferences > Windows Settings > Drive Maps > New > Mapped Drive > Action = Create > Location = Set the UNC path to the mapped drive > Tick ‘reconnect’ > Label as ‘What you want the user to see it called’ > Select the drive letter you want.
Common tab > Select Item-level targeting > Targeting > New Item.
Security Group. (Look at all the other cool stuff you can specify to target this group policy preference!)
I work with text files a a lot, and while Notepad is great, sometimes I want to look at line numbers or do some spell checking, so I prefer EditPlus. The biggest problem with that is, by default word wrap is disabled. You can simply go to Document > Word-wrap, but it only affects the open document. I want word wrap enabled globally!
Solution
1. Whilst in EditPlus > Tools > Preference > File > Settings & syntax > Word Wrap > Tick “Enable word wrap” > OK > Apply > OK.
Related Articles, References, Credits, or External Links
I use EditPlus 3 a lot for editing firewall configs, and just taking notes. But freshly installed it has the annoying habit of creating .bak (backup) files for every file you work on. I tend to keep the notes I’m working on on my desktop, so this can clutter it up with annoying icons.
Solution
1. Launch EditPlus > Tools > Preferences > Files.
2. Untick ‘Create backup file when saving’ > Apply > OK.
Related Articles, References, Credits, or External Links
I’ve briefly mentioned this before when I wrote about Group Policy Preferences so when I had to do this on-site this week, I jumped straight into the group policy management console, and found that because my ODBC connection was using SQL authentication (with the SQL sa account), this would NOT WORK, (it only works with Windows authentication and even then it needs a tweak). If you are using SQL authentication jump down to the bottom of the article.
Solution
NOTE: Below I’m dealing with user DSNODBC connections, so I’m looking at User Policies, if you want to send out Machine DSNODBC connections then you need to be looking at Computer Policies.
Deploy ODBC Settings via Group Policy Preferences (Windows Authentication)
The GPP is pretty easy to locate you will find it in;
[box]
User Configuration > Preferences > Control Panel Settings > Data Sources
OR
Computer Configuration > Preferences > Control Panel Settings > Data Sources
[/box]
However you will find there is a bug in the system which means it does not deploy.
ODBC Settings fail to Deploy via GPO
1. Locate the ODBC connection that you are trying to deploy > right click > Copy.
2. Right click your desktop and ‘paste’ > You will get an XML file > Open it with notepad > Delete the username and the cpassword information > Save the file.
3. Then delete the original ODBC file from your group policy.
4. Drag the XML file into the policy, in its place > Select ‘Yes’ to import it.
WARNING: Do not open its settings/properties from this point forward, or it will break again.
Getting ODBC Settings from a Clients Registry
1. You may wish to locate and extract the ODBC settings from a working client, you can locate the settings in a working client machines registry and simply export them so you can import them on a target machine, or deploy them via GPP or logon script.
[box]
User DSN's
Computer>HKEY_CURRENT_USER>Software>ODBC>ODBC.INI
Machine DSN's
Computer>HKEY_LOCAL_MACHINE>Software>ODBC>ODBC.INI
[/box]
2. Simply right click the key that corresponds to the ‘name’ of the ODBC connector that you wish to export, > right click > Export > Save.
Deploy ODBC Settings via Group Policy Preferences (SQL Authentication)
In this example I’ve merged the ODBC connection details into the registry, you could just as easily set them up manually, as long as they exist, either on the machine you are creating the policy on, or another machine you have ‘remote registry’ rights to.
I’ve touched on this briefly in KB0000389, I suggest you read through that first so you understand what the requirements are to deploy a GPP instead of the GPO’s you are probably used to.
Solution
1. First thing to do is install the printer that needs deploying on a print server. Make sure if your clients are NOT x64 bit that you also add the x86 drivers for your clients to use.
2. The following is a “Gotcha” (especially on HP printers), on the Printer Properties page, General tab > Select “Print Processor” > Ensure it’s set to winprint and RAW.
3. On a domain controller, Start > administrative tools > Group Policy Editor > Either edit an existing policy or create a new one (Remember its a computer policy you need to link it to something with computers in it, if you link it to a users OU nothing will happen).
4. Give the policy a sensible name.
5. Edit the policy you have just created.
6. Navigate to > Computer Configuration > Preferences > Control Panel Settings > Printers > In the right hand window, right click > New > TCP/IP Printer.
7. Select Create > I prefer to use the IP address of the printer but you can use the DNS name if you wish > The Local Name is what the client will see > Enter the Path to the printer (In UNC format) > You can also enter a location and comment if you wish > Apply > OK.
8. All being well you should see the printer listed.
9. Now for another “Gotcha” in the same policy navigate to > Computer Configuration > Policies > Administrative Templates > Printers > Locate the “Point and Print Restrictions” policy.
10. Change the settings for this policy so that it is disabled.
12. Close the Policy editor, then either reboot the clients, wait a couple of hours, or manually run “gpupdate /force” on them.
Related Articles, References, Credits, or External Links