I am developing an application which I need to register an OID (Object Identifier) for monitoring purposes. However I am not familiar with OIDs and how to get this created/registered/assigned. Can I create a custom one?
If I have the Company parent OID, would that help in creating custom one? Should be that be registered officially with the certifying authority? could someone help provide some insight on how to create and register an OID?
You can get a free one instantly here
This will give you an OID from the branch 1.3.6.1.4.1.54392.4.*
Full disclosure: I created this service.
You can't just create a custom OID yourself, you have to apply for one. It can take a week or three, but the registration is free. You don't necessarily have to be an organisation - I applied for, and was granted, one for my own personal use a few years ago without any problem.
There are OID branches where you can essentially create your OID without any registration. See 2.25. Simply generate a new UUID/GUID, treat it as a 128-bit number, and use it as an identifier in the subtree.
UUIDs are octet strings of 16 octets (128 bits) which can be interpreted as an integer that can be used as a child OID of {joint-iso-itu-t uuid(25)} without formal registration (in particular in this OID repository). This enables users to generate OIDs without registering them with a registration authority.
It however also warns that some software may not support such large OIDs. I have managed to find another branch, 1.2.840.113556.1.8000.2554 from Microsoft, which uses the individual components instead.
You can create any OID you want under your enterprise number. Outside of your enterprise branch, you cannot.
If you want to create one under your enterprise number, you probably need to coordinate with the cognizant individual in your company who is responsible for managing that, but anything under your enterprise number remains totally under your company's purview.
Related
I created a Group using
https://learn.microsoft.com/en-us/graph/api/group-post-groups?view=graph-rest-1.0&tabs=http
and then used
https://learn.microsoft.com/en-us/graph/api/team-put-teams?view=graph-rest-1.0&tabs=http
to create a Team. Now I am facing issue when adding a plan using a Planner app
"Failed to create the plan."
How I can fix this issue?
In my investigations, I found that the other team members are able to create plans. As an owner of the team, I am not able to create them. if I am trying graph API I'm getting an error:
You do not have the required permissions to access this item, or the item may not exist.
I'm glad you came right and that I was able to help. I'm updating the answer so that it's more clear on a few points:
Technically, this actually has nothing to do with Teams at all, it relates to Office 365 Groups, which forms the core underneath Teams, Planner, and more. You actually link in your question to the Groups docs, incidentally. I've updated the question title to reflect this.
I haven't tested this exactly, but I doubt that it needs your account exactly in the Owners and Members - I suspect the main constraint is that there needs to be at least one person in each of those roles (that means there has to be at least one Owner and at least one Member). Arguably, this is actually a bug in Planner, but it was maybe never detected by Microsoft because if you create a Group from the web interface, it automatically puts your user in as Owner and Member.
If you do put your own account into both positions, but that's not what you want long term, you could probably just take them out after creating the Planner plan.
Just a reminder that best practice is to have more than one owner of a Group, in case/when the original Owner is not/no longer available.
It's fixed after adding the creator of teams as a member too. So I had to add the user who is creating Teams in Team members too.
I made sure that there was another owner on the Team, demoted and removed the owner and the re-added them to the team. This resolved the issue that I had with multiple teams
I am currently using 8191 for the 'AccessRights' variable required for the MDM payload (com.apple.mdm).
Now when using this the users gets the following message:
The administrator may collect personal data, add/remove accounts and
restrictions, list, install and manage apps, and remotely erase data
on your iPhone
Telling him/her the MDM-server are allowed to wipe the device remotely. Now I don't want the MDM-server to be able to do this at all.
When I change the AccessRights to 4161 for instance, the message changes into:
The administrator may collect personal data, and list, install and
manage apps on your iPhone
Now I can't find ANY reference to this AccessRights variable and its values. Can anyone enlighten me on what the value actually represents?
Here is the table that describes all flags for access rights:
You can mix these values to configure necessary list of access rights.
In your particular cases:
8191 - is a combination of all above values.
4161 - is a combination of 4096, 64 and 1.
Update:
Visput's printscreen of "Mobile Device Management Protocol Reference" provides the desired numerical values for AccessRights . However this answer will remain for context, the lessons learned along the way and the mention that said material may be subject to NonDisclosure Agreements due to the nature of the Apple confidential material.
For clear understanding of the answer's scope as well as for the sake of explaining to novices i will provide a little context.
Context
First off Mobile Device Management (MDM) provides you with features which are organized into a collection of settings called configuration profiles - features like real management capabilities, including convenient configuration, self-service tools, and enhanced protection etc.
These profiles are just XML file that allow you to distribute configuration information.
Configuration profiles are in property list format.
From the document that describes the keys in a configuration profile and provides examples of the resulting XML payloads, PayloadContent is one of the keys. It is also the one you meant that contains the AccessRights property.
PayloadContent[optional] is an Array of payload dictionaries (payload objects). Not
present if IsEncrypted is true.
The docs specify that these are the Payload Dictionary Keys Common to All Payloads: PayloadType,PayloadVersion,PayloadIdentifier,PayloadUUID,PayloadDisplayName,PayloadDescription,PayloadOrganization.
In addition to the standard payload keys above, each payload type contains keys that are specific to that payload type.
You are working with PayloadType "com.apple.mdm" and are looking for payload-specific keys for the MDM payload.
Conclusion
I have looked long and hard for all references of mdm payload keys. All i could find where a couple of AccessRights values, there is none in the official documentation available to the public.
The closest i could find was Inside the mdm protocol (pdf). A project with the goal of not creating a simple, turn-key, stand-alone MDM server, nor probing the protocol for weaknesses or hidden features, but simply to document as much of the protocol as possible.
From this document:
Unfortunately, documentation of the underlying protocol has never been
freely available. Obviously, third parties selling MDM servers were
provided access to the documentation by Apple, but it’s not been
available for researchers or smaller development shops. This
hampers risk analysis for enterprises making use of MDM. In order to aid such risk
assessments, and to enable and encourage future research, this project was born.
Now i consider the document to be very useful for understanding MDM. On access rights it provides an image page 8 representing a print screen of a GUI tool which presents access rights as check boxes. As for generated values, your best chance is to google anything like:
<key>AccessRights</key>
<integer>8191</integer>
I've also found the value 2047 somewhere.
I've also found mentions of access rights in this Security Configuration Recommendations from the NSA for Apple iOS devices. On page 16 you have Access Rights for Remote Administrators:
The following settings control what an MDM server is permitted to
query from an iOS device. For an enterprise-owned,
enterprise-controlled device, permitting the enterprise administrator
to query as much information as possible is appropriate. Some MDM
products may simply include these access rights by default and offer
options to retrieve less information from the device.
And it goes on to actually list the check boxes which where also illustrated in the previous guide. No correspondence to xml generated data/ids.
The closest i got to the actual id's was in this mdm-settings.xml which enumerates the access rules along with some other data used on the device for iOS6.
Your best change is to contact apple support and ask for details.
The info you are looking for may be subject to NonDisclosure Agreements due to the nature of the Apple confidential material. The document above was based on data available in Developer Preview
We have one client having two account numbers and single trading partner id. Now
the client sends PO(s) through VAN (Value added Network),
My Question: Is there any way to identify for which
account number's PO is received?
Our Van process is identifying the PO on the basis of Trading Partner ID.
We need to sort the PO(s) according to account number.
The N104 would be a good way to do it. Most of the time, the N104 would designate store location, which you would cross-reference in your application to your account number.
A REF02 could also work, but the N104 was really made for this.
yes, that can be problematic.
check andrew's answer for this, maybe other options:
- GS02 (sender)
- I one had to check the items numbers to find out the right accountID.
Check why the edi-partner has 2 accounts. This often gives a good clue on how to handle this.
And check if it is still needed ;-))
I'm using trying to interface with Quickbooks Online for an internal application that will push and pull transactions using qbXML. My problem is that I can't figure out which message I need to send in order to list and add the items listed under the "Banking" > "Registers" page. I've gone through the messages listed in the Onscreen Reference for Intuit Software Development Kits and none of them seem to give me this information.
Also, does anyone know of a list that explains what each message does?
If you're in a bank account register, you're writing checks. There are 3 kinds of checks in QuickBooks:
Expense checks - if you added a check directly in the register window, you would be adding an expense check.
Bill payment checks - these appear in a check register, but you can only add them with a bill payment operation.
Payroll checks - these appear in the check register, but they can only be added using the Intuit Payroll Service or by enabling manual payroll (almost no one does manual payroll in actual practice, but it is good to know about for testing purposes).
The first 2 types of checks have their own message type: the Add/Mod Check and Add/Mod BillPayment messages respectively. Payroll checks can't be added by the SDK. You can query all 3 types using a Transaction query message. I should also mention that it's possible to add an entry in any register using a journal entry, but that's not a good idea unless you are certain you know what you're doing.
I hate to tell you this, but the best reference for QuickBooks messages is the one you're already using. There are also XML files in the <sdk root>\docs directory that describe SDK operations. But there is really no substitute for understanding how QuickBooks operates from a user's perspective.
If you're going to be working with QuickBooks integration, it's a good idea to make friends with one or more QuickBooks Pro Advisors so you can run these kinds of issue by them. The relationship is generally mutually beneficial, since QuickBooks Pro Advisors often find it handy to have access to an SDK programmer.
Does anyone know if it is possible to prevent a work item from being assigned to a specific user account in TFS?
After migrating a TFS from one domain to another, some of my team members have two user accounts, the original one from the old domain, and a new one from the new domain. I'd like to stop work items from being assigned to the old account.
Most process templates restrict username fields with the rule. (If yours doesn't, you should do so.) Then all you need to do is remove the invalid accounts from TFS Valid Users group.
Unfortunately, you can't do this directly -- TFS manages this group automatically based on ACLs found throughout the rest of the system. You have to hunt them down. See these threads for more details:
http://social.msdn.microsoft.com/Forums/en-US/tfsadmin/thread/6e5af2ab-1cbc-4d12-9078-454147926316
http://social.msdn.microsoft.com/forums/en-US/tfsadmin/thread/1ce8b5b0-9924-45ed-919b-49a6a61bb7c7
Once you find all instances where the old domain is being referenced, the general strategy for cleaning up orphans is to add a new ACL, wait for TFS to sync (or iisreset), then remove everything.
However, this may not be possible if you've taken the old domain offline, or there's no trust relationship between the two domains, etc etc. At some point it becomes easier to edit TfsIntegration manually. I usually don't recommend mucking in the TFS databases since it's unsupported and subject to change with every patch. For optimum safety, I'd still strongly suggest using stored procedures rather than trying to interpret the schema relationships (and make sure you hold the necessary locks, etc). prc_security_delete_identity is your best entry point: all you need to know is the old account's SID.