Search Results

Search found 2782 results on 112 pages for 'it policy'.

Page 19/112 | < Previous Page | 15 16 17 18 19 20 21 22 23 24 25 26  | Next Page >

  • Upgraded AGPM Server cannot connect to relocated archive

    - by thommck
    We were using the Advanced Group Policy Management (AGPM) v3.0 on out Windows Server 2008 DC. It kept the archive on the C: drive. When we upgraded to AGPM v4 we relocated the archive to the D: drive. Now when we try to look at a GPO's hisory in GPMC we get the following error Failed to connect to the AGPM Server. The following error occurred: The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework 3.0 SDK documentation and inspect the server trace logs. System.ServiceModel.FaultException (80131501) You are able to click Retry or Cancel. Retry brings up the same error and Cancel takes you back to GPMC and the History tab displays "Archive not found". I installed the client on a Windows 7 computer (which is a n unsupported set up) and it could read the server archive without any issues. I followed the TechNet article "Move the AGPM Server and the Archive" but that didn't make a difference How can I tell the server where the archive is?

    Read the article

  • signed applet automatically running as insecure

    - by Terje Dahl
    My application is deployed as a self-signed applet to several thousand users at more than 50 schools across the country (in Norway). The user is presented with the standard Java security warning asking if they will accept the signature. When they do, the applet runs perfectly. However, about half a year ago a group of 7 school, all under a common IT department, stopped getting the security warning. In stead the applet loads and starts running in untrusted mode, without first giving the user an option to accept or reject the signature. The problem is on Windows machines, and only when the machine is connected to the schools network. If they take the same machine home with them, the program functions as it should, with security warnings and everything. I know little about Window systems in general, but I would think it would be some sort of policy-file or something that is loaded when a machine hooks up to/through the schools network. Furthermore, the problem only started occurring in these 7 schools after changes made after a security breach they had a while back. The IT department is stumped. I am stumped. Any thoughts, comments, suggestions?

    Read the article

  • Where in the stack is Software Restriction Policies implemented?

    - by Knox
    I am a big fan of Software Restriction Policies for Microsoft Windows and was recently updating our settings for this. I became curious as to where Microsoft implemented this technology in the stack. I can imagine a very naive implementation being in Windows Explorer where when you double click on an exe or other blocked file type, that Explorer would check against the policy. I call this naive because obviously this wouldn't protect against someone typing something in a CMD window. Or worse, Adobe Reader running an external application. On the other hand, I can imagine that software restriction policies could be implemented deep in the stack almost at the metal. In this case, the low level loader would load into memory the questionable file, but mark the memory in the memory manager as non-executable data. I'm pretty sure that Microsoft did not do the most naive implementation, because if I block Java using a path block, Internet Explorer will crash if it attempts to load Java. Which is what I want. But I'm not sure how deep in the stack it's implemented and any insight would be appreciated.

    Read the article

  • Cisco ASA 5510 Time of Day Based Policing

    - by minamhere
    I have a Cisco ASA 5510 setup at a boarding school. I determined that many (most?) of the students were downloading files, watching movies, etc, during the day and this was causing the academic side of our network to suffer. The students should not even be in their rooms during the day, so I configured the ASA to police their network segment and limit their outbound bandwidth. This resolved all of our academic issues, and everyone was happy. Except the resident students. I have been asked to change/remove the policing policy at the end of the day, to allow the residents access to the unused bandwidth at night. There's no reason to let bandwidth sit unused at night just because it would be abused during the day. Is there a way to setup Time of Day based Policies on the ASA? Ideally I'd like to be able to open up the network at night and all day during weekends. If I can't set Time based policies, is is possible to schedule the ASA to load a set of commands at a specific time? I suppose I could just setup a scheduled task on one of our servers to log in and make the changes with a simple script, but this seems like a hack, and I'm hoping there is a better or more standard way to accomplish this. Thanks. Edit: If there is a totally different solution that would accomplish a similar goal, I'd be interested in that as well. Free/Cheap would be ideal, but if a separate internet connection is my only other option, it might be worth fighting for money for hardware or software to do this better or more efficiently.

    Read the article

  • Change default profile directory per group

    - by Joel Coel
    Is it possible to force windows to create profiles for members of one active directory group in a different folder from members in another active directory group? The school here uses DeepFreeze to protect public computers. In a nutshell, DeepFreeze prevents all changes to a hard drive such that every time you restart the machine the disk is identical to it was at the time you froze it. This is a bit different than restoring to an image, in that it never really wrote changes to disk in a permanent way in the first place. This has a few advantages over images: faster recover times, and it's easy to thaw the machine for a few minutes to perform maintenance such as windows updates (which can even be automated). DeepFreeze also allows you to configure a "thawspace" partition, where changes are persistent across reboots. One of the weaknesses of DeepFreeze is that you end up needing to create a new profile every time you log in, unless your profile existed at the time the machine was frozen. And even then, any changes you make to your profile while working on a frozen machine are lost. As students have frequent legitimate needs to log in to our classroom machines, there is currently a lot of cleanup involved from time to time in removing their old profiles and changes, so I want to extend DeepFreeze to protect our classroom computers as well as public computers. The problem is that faculty have a real need to keep a stateful profile locally on these classroom computers. The solution I would like to use is to configure Windows via group policy (or even manually, if that's the way I'll have to do it) to place profile folders on the thawspace partition, but only for members of the faculty security group. Is this possible?

    Read the article

  • Users and Groups management on 7 Home Premium

    - by AviD
    Recently upgraded the home pc from XP pro, to Windows 7 Home Premium. I'm looking for a solution for a few things that seem to be missing from this edition... Since Local Users and Groups is blocked on Home Premium, I can't figure out how to manage groups, or even do anything even slightly advanced to users (basically, create/group/picture is it). net localgroup, net users, net etc dont seem to work - getting "system error 5". While I'm on the topic, I cant activate (what was once) "Local Security Policy"... Looking for any help, advice, or even a new direction cuz things is differ'nt on Winnows7... To clarify, I'm looking to do some of the following, which were simply back in XP-land: remote user only (i.e. no local logon) Grant special privileges for specific user grant access to e.g. C$ share for specific remote user create custom groups for users, to be able to separate privileges of say, my wife's from my kids define quite specifically what each user can do (beyond just standard users) Harden OS (hmm, i guess maybe what i'm looking for is security hardening guide for 7...?)

    Read the article

  • How can I make WSUS less invasive for our users?

    - by Cypher
    We have WSUS pushing updates out to our user's workstations, and things are going relatively well with one annoying caveat: there seems to be an issue with a pop-up being displayed in front of some users informing them that their machine will be rebooted in 15 minutes, and they have nothing to say about it: This may be because they did not log out the prior night. Nevertheless, this is a bit too much and is very counter-productive for our users. Here is a bit about our environment: Our users are running Windows XP Pro and are part of an Active Directory Domain. WSUS is being applied via Group Policy. Here is a snapshot of the GPO that is enforcing the WSUS rules: Here is how I want WSUS to work (ideally - I'll take whatever can get me close): I want updates to automatically download and install every night. If a user is not logged in, I would like the machine to reboot. If a user is logged in, I would like their machine not to reboot, but instead wait until the next "installation period" where it can perform any other needed installations and reboot then (provided the a user account is not still logged in). If a user is to be prompted for reboot, it should only happen once per day (if possible), but every time they are prompted, they must have a way to postpone the reboot. I do not want users to be forced to restart their computer whenever the computer thinks it should happen (unless it's after an update installation and there are no logged in users). That doesn't seem productive to force a system restart in the midst of a person's workday. Is there something that I can do with the GPO that would help make WSUS less intrusive? Even if it gave the user an option to Restart Later - that would be better than what is happening now.

    Read the article

  • Single Sign On 802.1x Wireless - saying “Connecting to <SSID>”, hangs for 10 seconds, fails with “Unable to connect to <SSID>, Logging on…”.

    - by Phaedrus
    We are implementing WiFi on Windows 7 machines in our corporate environment. Machines should be able to log into the domain by WiFi as the Machine (Pre-Logon), and as the User (Post-Logon). We have everything working correctly except for 2 things: 1) Sometimes the login scripts don't run 2) The user VLAN is sometimes different than the machine vlan, and no DHCP renew occurs after user logon. I am clear that both these problems should be fixable by using the "Single Sign On" Option under the 802.1x Wireless Vista GPO, and setting the wireless to connect immediately before user logon and also by enabling "This network uses different VLAN for authentication with machine and user credentials" If I enable these GPO settings in a lab, the computer does authenticate & gets WIFI before the user logs on, so when the login box is displayed, it says “Windows will try to connect to ”, even though it is already connected (which should be ok?). Enter the user credentials and it goes to a screen saying “Connecting to ”, hangs for 10 seconds, fails with “Unable to connect to , Logging on…”. Desktop fires up and then the user re-authenticates with no problem as himself instead of the machine, but by that point, we defeat the point of the WiFi SSO “before user logon”. Also by that point, no DHCP renew seems to occur, and the user is still stuck with the wrong IP address for the new VLAN. When the “Connecting to ” screen comes up, there’s no indication on the AP or the Radius server that anything whatsoever is happening after credentials are entered until after the domain logon. Also with this policy enabled, sometimes windows hangs on a black screen indefinitely until I disable the Wireless NIC, so something is knackered for sure. What have I missed? Suggestions are much appreciated... /P

    Read the article

  • How to script GPO in Windows computers without Active Directory?

    - by Peteris Krumins
    Does anyone know how to script GPO for users in a Windows computer that is not on any Active Directory network? I can't use GPMC because it doesn't work without a domain. I have been searching the net for the last couple of hours and all the solutions that I find are related to GPMC. I'd imagine there are some objects in the GPO that are accessible via WMI? Does anyone know anything about that? I was unable to find any information about that. Here is the situation I am trying to script: I have 10 users on the machine, and I want to restrict what they are able to do on the machine. So I created 10 GPOs for each one of them. Now I want to apply a common policy to all of them. The only way to do it is to go through each of the GPO and do it manually. This is too time consuming, therefore I am seeking for a simpler solution. I was unable to find a way to copy GPO from a user to a user. That would make it much easier, I would create a GPO for 1st user, then copy it over to all the other users, but no luck, couldn't find a way to copy GPOs. The other method I tried was creating a GPO for the whole user group but it turns out you can't apply GPO to a group unless you use GPMC, which I can't cause the computer is not on any domain. So I am thinking about scripting this whole process, but again I can't find any examples of how to access particular GPO objects for particular users and modify properties through WMI. Any suggestions on the issue I am having? Thanks!

    Read the article

  • Provide a user with service start/stop permissions

    - by slakr007
    I have a very basic domain that I use for development. I want to create a GPO that provides users in the Backup Operators group with start/stop permissions for two specific services on a specific server. I have read several articles about this, and they all indicate that this is very easy. Create a GPO, give the user start/stop permissions to the services under Computer Configuration Policies Windows Settings Security Settings System Services, and voila. Done. Not so much, but I have to be doing something wrong. My install is pretty much the default. The domain controller is in the Domain Controllers OU, the Backup Operators group is under Builtin, and I created a user called Backup under Users. I created a GPO and linked it to the Domain Controllers OU. In the GPO I give the Backup user permission to start/stop two specific services on the server. I forced an update with gpupdate. I used Group Policy Results to verify that my GPO is the winning GPO giving the user the permission to start/stop the two services. However, the user is still unable to start/stop the services. I attempted different loopback settings on the GPO to no avail. I'm sort of at a loss here.

    Read the article

  • Please clarify how create/update happens against child entities of an aggregate root

    - by christian
    After much reading and thinking as I begin to get my head wrapped around DDD, I am a bit confused about the best practices for dealing with complex hierarchies under an aggregate root. I think this is a FAQ but after reading countless examples and discussions, no one is quite talking about the issue I'm seeing. If I am aligned with the DDD thinking, entities below the aggregate root should be immutable. This is the crux of my trouble, so if that isn't correct, that is why I'm lost. Here is a fabricated example...hope it holds enough water to discuss. Consider an automobile insurance policy (I'm not in insurance, but this matches the language I hear when on the phone w/ my insurance company). Policy is clearly an entity. Within the policy, let's say we have Auto. Auto, for the sake of this example, only exists within a policy (maybe you could transfer an Auto to another policy, so this is potential for an aggregate as well, which changes Policy...but assume it simpler than that for now). Since an Auto cannot exist without a Policy, I think it should be an Entity but not a root. So Policy in this case is an aggregate root. Now, to create a Policy, let's assume it has to have at least one auto. This is where I get frustrated. Assume Auto is fairly complex, including many fields and maybe a child for where it is garaged (a Location). If I understand correctly, a "create Policy" constructor/factory would have to take as input an Auto or be restricted via a builder to not be created without this Auto. And the Auto's creation, since it is an entity, can't be done beforehand (because it is immutable? maybe this is just an incorrect interpretation). So you don't get to say new Auto and then setX, setY, add(Z). If Auto is more than somewhat trivial, you end up having to build a huge hierarchy of builders and such to try to manage creating an Auto within the context of the Policy. One more twist to this is later, after the Policy is created and one wishes to add another Auto...or update an existing Auto. Clearly, the Policy controls this...fine...but Policy.addAuto() won't quite fly because one can't just pass in a new Auto (right!?). Examples say things like Policy.addAuto(VIN, make, model, etc.) but are all so simple that that looks reasonable. But if this factory method approach falls apart with too many parameters (the entire Auto interface, conceivably) I need a solution. From that point in my thinking, I'm realizing that having a transient reference to an entity is OK. So, maybe it is fine to have a entity created outside of its parent within the aggregate in a transient environment, so maybe it is OK to say something like: auto = AutoFactory.createAuto(); auto.setX auto.setY or if sticking to immutability, AutoBuilder.new().setX().setY().build() and then have it get sorted out when you say Policy.addAuto(auto) This insurance example gets more interesting if you add Events, such as an Accident with its PolicyReports or RepairEstimates...some value objects but most entities that are all really meaningless outside the policy...at least for my simple example. The lifecycle of Policy with its growing hierarchy over time seems the fundamental picture I must draw before really starting to dig in...and it is more the factory concept or how the child entities get built/attached to an aggregate root that I haven't seen a solid example of. I think I'm close. Hope this is clear and not just a repeat FAQ that has answers all over the place.

    Read the article

  • Working with Active Directory and Windows Small Business Server 2008

    - by AreYouSerious
    I have to say that in most of my time as a network engineer I have had the opportunity to play with servers, but mostly it's been to put our management software on, and that was about it. I have been a Systems Network Engineer for about three months now, and as such I have been respnosible for the configuration of our test devices... this being said, I have had to start working through how to configure and apply such things as GPO through a new forest, domain and OU. This being said I have configured about three different GPO's and applied them to different locations. The first laptop that I brought into the domain took the default Domain group Policy... this was cool, I got excited... then When I tried to bring in the second Laptop, it didn't take the policy. I looked at the configuration, and the default domain policy was applied to domain computers, however since the laptop resides in the SBS Computers of the OU that was created, SBS created individual policies for XP and Vista for that OU, which I was unaware of. So the default policy for that ou overrode the domain policy and none of the options that were defined in the Domain policy were applied... this being said, I am now working on putting the default Domain as an applicable policy in the OU, thus I won't have to reconfigure another policy to mirror the Domain Policy... here goes nothing!!!.... More to follow Later.

    Read the article

  • Any hosted versions of jQuery that have the 'Access-Control-Allow-Origin: *' header set?

    - by Greg Bray
    I have been working with jQuery recently and ran into a problem where I couldn't include it in a userscript because xmlhttpRequest uses the same origin policy. After further testing I found that most browsers also support the Cross-Origin Resource Sharing access control defined by W3C as a workaround for issues with same origin policy. I tested this by hosting the jQuery script on a local web server that included the Access-Control-Allow-Origin: * http header, which allowed the script to be downloaded using xmlhttpRequest so that it could be included in my userscript. I'd like to use a hosted version of jQuery when releasing the script, but so far testing with tools like http://www.seoconsultants.com/tools/headers I have not found any sites that allow cross-origin access to the jQuery script. Here is the list I have tested so far: http://www.asp.net/ajaxlibrary/CDN.ashx http://code.google.com/apis/ajaxlibs/documentation/index.html#jquery http://docs.jquery.com/Downloading_jQuery#CDN_Hosted_jQuery Are there any other hosted versions of jQuery that do allow cross origin access?

    Read the article

  • Browser for cross-site-script testing (for testing Mozilla Add-On)

    - by Anthony
    I am working on a Firefox extension that will involve ajax calls to domains that would normally fail due to the same-origin policy set by Firefox (and most modern browsers). I was wondering if there is a way to either turn off the same-origin restriction (in about:config, perhaps) or if there was a standard lite-browser that developers turn to for this. I really would like to avoid using any blackhat tools, if possible. Not because I'm against them, I just don't want to add another learning curve to the process. I can use curl in PHP to confirm that the requests work, but I want to get started on writing the js that the addon will actually use, so I need a client that will execute js. I also tried spidermonkey, but since I'm doing the ajax with jquery, it threw a fit at all of the browser-based default variables. So, short version: is there a reliable browser/client for cross site scripting that isn't primarily a hacker app? Or can I just turn off same-domain policy in Firefox?

    Read the article

  • Windows 2003 GPO Software Restrictions

    - by joeqwerty
    We're running a Terminal Server farm in a Windows 2003 Domain, and I found a problem with the Software Restrictions GPO settings that are being applied to our TS servers. Here are the details of our configuration and the problem: All of our servers (Domain Controllers and Terminal Servers) are running Windows Server 2003 SP2 and both the domain and forest are at Windows 2003 level. Our TS servers are in an OU where we have specific GPO's linked and have inheritance blocked, so only the TS specific GPO's are applied to these TS servers. Our users are all remote and do not have workstations joined to our domain, so we don't use loopback policy processing. We take a "whitelist" approach to allowing users to run applications, so only applications that we approve and add as path or hash rules are able to run. We have the Security Level in Software Restrictions set to Disallowed and Enforcement is set to "All software files except libraries". What I've found is that if I give a user a shortcut to an application, they're able to launch the application even if it's not in the Additional Rules list of "whitelisted" applications. If I give a user a copy of the main executable for the application and they attempt to launch it, they get the expected "this program has been restricted..." message. It appears that the Software Restrictions are indeed working, except for when the user launches an application using a shortcut as opposed to launching the application from the main executable itself, which seems to contradict the purpose of using Software Restrictions. My questions are: Has anyone else seen this behavior? Can anyone else reproduce this behavior? Am I missing something in my understanding of Software Restrictions? Is it likely that I have something misconfigured in Software Restrictions? EDIT To clarify the problem a little bit: No higher level GPO's are being enforced. Running gpresults shows that in fact, only the TS level GPO's are being applied and I can indeed see my Software Restictions being applied. No path wildcards are in use. I'm testing with an application that is at "C:\Program Files\Application\executable.exe" and the application executable is not in any path or hash rule. If the user launches the main application executable directly from the application's folder, the Software Restrictions are enforced. If I give the user a shortcut that points to the application executable at "C:\Program Files\Application\executable.exe" then they are able to launch the program. EDIT Also, LNK files are listed in the Designated File Types, so they should be treated as executable, which should mean that they are bound by the same Software Restrictions settings and rules.

    Read the article

  • How to Modify Data Security in Fusion Applications

    - by Elie Wazen
    The reference implementation in Fusion Applications is designed with built-in data security on business objects that implement the most common business practices.  For example, the “Sales Representative” job has the following two data security rules implemented on an “Opportunity” to restrict the list of Opportunities that are visible to an Sales Representative: Can view all the Opportunities where they are a member of the Opportunity Team Can view all the Opportunities where they are a resource of a territory in the Opportunity territory team While the above conditions may represent the most common access requirements of an Opportunity, some customers may have additional access constraints. This blog post explains: How to discover the data security implemented in Fusion Applications. How to customize data security Illustrative example. a.) How to discover seeded data security definitions The Security Reference Manuals explain the Function and Data Security implemented on each job role.  Security Reference Manuals are available on Oracle Enterprise Repository for Oracle Fusion Applications. The following is a snap shot of the security documented for the “Sales Representative” Job. The two data security policies define the list of Opportunities a Sales Representative can view. Here is a sample of data security policies on an Opportunity. Business Object Policy Description Policy Store Implementation Opportunity A Sales Representative can view opportunity where they are a territory resource in the opportunity territory team Role: Opportunity Territory Resource Duty Privilege: View Opportunity (Data) Resource: Opportunity A Sales Representative can view opportunity where they are an opportunity sales team member with view, edit, or full access Role: Opportunity Sales Representative Duty Privilege: View Opportunity (Data) Resource: Opportunity Description of Columns Column Name Description Policy Description Explains the data filters that are implemented as a SQL Where Clause in a Data Security Grant Policy Store Implementation Provides the implementation details of the Data Security Grant for this policy. In this example the Opportunities listed for a “Sales Representative” job role are derived from a combination of two grants defined on two separate duty roles at are inherited by the Sales Representative job role. b.) How to customize data security Requirement 1: Opportunities should be viewed only by members of the opportunity team and not by all the members of all the territories on the opportunity. Solution: Remove the role “Opportunity Territory Resource Duty” from the hierarchy of the “Sales Representative” job role. Best Practice: Do not modify the seeded role hierarchy. Create a custom “Sales Representative” job role and build the role hierarchy with the seeded duty roles. Requirement 2: Opportunities must be more restrictive based on a custom attribute that identifies if a Opportunity is confidential or not. Confidential Opportunities must be visible only the owner of the Opportunity. Solution: Modify the (2) data security policy in the above example as follows: A Sales Representative can view opportunity where they are a territory resource in the opportunity territory team and the opportunity is not confidential. Implementation of this policy is more invasive. The seeded SQL where clause of the data security grant on “Opportunity Territory Resource Duty” has to be modified and the condition that checks for the confidential flag must be added. Best Practice: Do not modify the seeded grant. Create a new grant with the modified condition. End Date the seeded grant. c.) Illustrative Example (Implementing Requirement 2) A data security policy contains the following components: Role Object Instance Set Action Of the above four components, the Role and Instance Set are the only components that are customizable. Object and Actions for that object are seed data and cannot be modified. To customize a seeded policy, “A Sales Representative can view opportunity where they are a territory resource in the opportunity territory team”, Find the seeded policy Identify the Role, Object, Instance Set and Action components of the policy Create a new custom instance set based on the seeded instance set. End Date the seeded policies Create a new data security policy with custom instance set c-1: Find the seeded policy Step 1: 1. Find the Role 2. Open 3. Find Policies Step 2: Click on the Data Security Tab Sort by “Resource Name” Find all the policies with the “Condition” as “where they are a territory resource in the opportunity territory team” In this example, we can see there are 5 policies for “Opportunity Territory Resource Duty” on Opportunity object. Step 3: Now that we know the policy details, we need to create new instance set with the custom condition. All instance sets are linked to the object. Find the object using global search option. Open it and click on “condition” tab Sort by Display name Find the Instance set Edit the instance set and copy the “SQL Predicate” to a notepad. Create a new instance set with the modified SQL Predicate from above by clicking on the icon as shown below. Step 4: End date the seeded data security policies on the duty role and create new policies with your custom instance set. Repeat the navigation in step Edit each of the 5 policies and end date them 3. Create new custom policies with the same information as the seeded policies in the “General Information”, “Roles” and “Action” tabs. 4. In the “Rules” tab, please pick the new instance set that was created in Step 3.

    Read the article

  • Enterprise SSO & Identity management / recommendations

    - by Maxim Veksler
    Hello Friends, We've discussed SSO before. I would like to re-enhance the conversation with defined requirements, taking into consideration recent new developments. In the past week I've been doing market research looking for answers to the following key issues: The project should should be: Requirements SSO solution for web applications. Integrates into existing developed products. has Policy based password security (Length, Complexity, Duration and co) Security Policy can be managed using a web interface. Customizable user interface (the password prompt and co. screens). Highly available (99.9%) Scalable. Runs on Red Hat Linux. Nice to have Contains user Groups & Roles. Written in Java. Free Software (open source) solution. None of the solutions came up so far are "killer choice" which leads me to think I will be tooling several projects (OWASP, AcegiSecurity + X??) hence this discussion. We are ISV delivering front-end & backend application suite. The frontend is broken into several modules which should act as autonomous unit, from client point of view he uses the "application" - which leads to this discussion regrading SSO. I would appreciate people sharing their experience & ideas regarding the appropriete solutions. Some solutions are interesting CAS Sun OpenSSO Enterprise JBoss Identity IDM JOSSO Tivoli Access Manager for Enterprise Single Sign-On Or more generally speaking this list Thank you, Maxim.

    Read the article

  • How do I grant a site's applet an AllPermission privilege?

    - by nahsra
    I'd like to specify certain applets to run with java.security.AllPermission on my computer (for debugging and security testing). However, I don't want to enable all applets that I run to have this permission. So, editing my user Java policy file (which I have ensured is the correct policy file through testing), I try to put this value: grant codeBase "http://host_where_applet_lives/-" { permission java.security.AllPermission; }; This value fails when the applet tries to do something powerful (create a new Thread, in my case). However, when I put the following value: grant { permission java.security.AllPermission; }; The applet is able to perform the powerful operation. The only difference is the lack of a codeBase attribute. An answer to a similar question asked here [1] seemed to suggest (but never show or prove) that AccessController.doPrivileged() calls may be required. To me, this sounds wrong as I don't need that call when I grant the permissions to all applets (the second example I showed). Even if this is a solution, littering the applets I run with AccessController.doPrivileged() calls is not easy or necessarily possible. To top it off, my tests show that this just doesn't work anyway. But I'm happy to hear more ideas around it. [1] http://stackoverflow.com/questions/1751412/cant-get-allpermission-configured-for-intranet-applet-can-anyone-help

    Read the article

  • Altering policies in policy based management to look at even which happened only in last 24 hours

    - by Manjot
    Hi, I am using SQL server 2008 Standard edition. I am using Policy based management with policies which come with SQL server during installation. I want the policies to only look at events that happened in last 24 hours. For example for "Windows Event Log System Failure Error" policy if system restarted unexpectedly 5 days ago, i don't want to be alerted daily. Is there any way by which I can restrict a policy to look at events which happened in last 24 hours not older? Any help please? Thanks in advance.

    Read the article

  • How to display password policy information for a user (Ubuntu)?

    - by C.W.Holeman II
    Ubuntu Documentation Ubuntu 9.04 Ubuntu Server Guide Security User Management states that there is a default minimum password length for Ubuntu: By default, Ubuntu requires a minimum password length of 4 characters Is there a command for displaying the current password policies for a user (such as the chage command displays the password expiration information for a specific user)? > sudo chage -l SomeUserName Last password change : May 13, 2010 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7 This is rather than examining various places that control the policy and interpreting them since this process could contain errors. A command that reports the composed policy would be used to check the policy setting steps.

    Read the article

  • Exchange Activesync policy - can I make it not required for a user?

    - by TheCleaner
    Exchange 2010 sp2. I have a "C" level exec that wants to get his email on his android tablet. Easy enough. However, he doesn't want any Activesync policy applied to his device for remote wipe, etc. not even the default policy, and doesn't want to use OWA. I thought I knew Exchange pretty well, but can't find a Powershell command or anything that will allow a device to connect without enforcing at least some kind of policy. Is he out of luck using Activesync? I can set him up with POP3/IMAP, but would rather not.

    Read the article

  • How to grant AllPermission to not extracted war file in tomcat

    - by André
    Hello, I'm developing a web application and have created a war file. If I deploy it to my tomcat server, it is used without being unpacked (which is the setting I want to have for this server). For unpacked web apps I have a policy file to grant AllPermission to my application grant codeBase "file:${catalina.base}/webapps/tc/-" { permission java.security.AllPermission; }; But what has the codeBase to be for unpacked war files? Thanks, André

    Read the article

  • Applying Microsoft Management Console Policies

    - by Hipno
    Hello, I am using windows 7. i got a user on my computer a non-admin user, and i want to apply on him user policies from the Microsoft Management Console. i added group policy object editor, chose Non-admin group, set a setting, saved and close. but i when i logon to that user i applied to, it just won't effect! please tell me what i miss, thank you.

    Read the article

  • javascript to determine if page on remote domain has changed

    - by uku
    Hi, I am trying to find a client-side way to determine if a page on a remote domain has changed. I can't load the page in an iframe and examine its contents due to same origin policy. So I tried using .getResponseHeader("Content-Length") and .getResponseHeader("Last-Modified") but apparently these are also restricted by SOP even though FireBug shows Content-Length in the console. Is there a way to do this? I just need a way to know if the page has changed. Thx

    Read the article

< Previous Page | 15 16 17 18 19 20 21 22 23 24 25 26  | Next Page >