Adobe and Group policies

Similar Messages

• Maximum number of connection profiles and group policies for Cisco ASA

  Hi,
  We have a Cisco ASA 5520 running 8.0(2) that we use only for Remote Access VPN.
  Does anyone know how many connection profiles and group policies that are supported on the box? I have not been able to find this in the manual.
  Thanks in advance for your help!
  Best regards,
  Harry

  There is no limit for connection profiles or group policies that can be configured on ASA. However the numbers do depend upon the memory available in the device as the profiles are stored in memory during execution.

• Where is the file which stores the users and groups policies?

  Hi, as mentioned in the title..i would like to know which file stores the policies of the users and groups which i've defined. And where is this file stored? Thanks.

  SteveGrisetti wrote:
  Okay if I move this into our Tips & Tricks area for easy reference?
  If you're asking me, I have no objections.

• Encore DVD and Group policies....

  Has anyone ever had a problem running Encore DVD 2.0 with group policies applied to a machine? Anyone have any info on Encore DVD 2.0 in relation to group policies? I can't get it to run on a machine with group policies enabled....

  imoore wrote:
  > I'll have to do a bit more testing I think, but it looks as if the new
  > agent is the problem - is there an earlier agent still available that
  > doesn't have the black screen (WMRUNDLL.EXE) problem that I can
  > experiment with to get my group policies back? Or any suggestions for
  > getting 7.1.0.4 working correctly?
  >
  > Cheers,
  > Ian
  >
  I still have the files for SP1, IR1, and IR3aHP1, HP2, and HP3. I can
  send you an older one if you want.

• Flex and group policies

  Hi Guys,
  is there a difference between regular flash applet and flex
  enabled applets ?
  I'm asking because we are on a tight security network and for
  some reason flash objects that are done with flex just don't work.
  On a windows machine, if I log on with an administrator
  account, I can see all flash objects from the page (
  http://www.cdmv.com) but if I
  connect from a regular user account, I can't. From that regular
  account, I can see flash objects on other sites without any
  problem.
  For testing purposes, I added the regular user to
  administrator groups, gave him full access in the isa server, etc
  but can't find what's wrong.
  It gotta be something in the group policies but I really
  don't understand why flash applets run while those made by flex
  don't.
  We are running flash player 10
  Any help would be greatly appreciated as I have tried stuff
  for the past 8 hours :(
  Regards

  That particular item cannot be configured.
  Aandi Inston

• Office 2013 OEM and Group Policies

  Has anyone been able to apply group policy to a OEM (or Retail) version of Office 2013.
  Particularly I am not able to set the Workgroup Templates Location.
  Thank you.

  1st, group policy for Office 2013 will apply to all license editions of Office 2013.
  2nd, however, there is no such build-in policy for setting the Workgroup Templates Location. To manage the Workgroup Templates Location, we need to add the "SharedTemplates" string under the following registry key (via group policy
  or any method you prefer):
  HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\Common\General
  The workgroup templates location is stored in the
  SharedTemplates
  string value.
  Max Meng
  TechNet Community Support
  Max that doesn't appear to be the case.  We have volume media and click to run installs of Office 2013 and the latter simply do not pick up the Group Policy settings whilst the volume media installs do.

• ASA 5505 VPN Group Policies (RADIUS) and tunnel group

  I have a single ASA firewall protecting a small private developing network, and I need it in order to access remotely to two distinct network spaces both of wich are VLAN tagged: 1 is LAN and 3 is management. Each net has its own IP address space and DNS server.
  I'd like to set up Anyconnect to land on lan 1, and SSL VPN in order to see the IPMI and management websites sitting on VLAN 3. In order to make things "safer" I have found a free OTP solution, OpenOTP, and I decided to implement it on a virtual machine, setting up a radius bridge to allow user authentication for VPN. I can pass wichever attribute I'd like to using this radius bridge (for example "Class" or "Group-Policy" or whatever is included in the radius dictionaries). 
  Actually all I need is quite simple. I have to segregate my remote users in 2 groups, one for Anyconnect, and one for SSL based on the radius response from authentication. (I don't need authorization nor accounting) I'm no Cisco Pro, what I've learnt is based on direct "on the field" experience.
  I'm using two radius users for testing right now, one is called "kaisaron78" associated to a group policy "RemoteAC" and a second one called "manintra" associated to a group policy called "SSLPolicy". "kaisaron78" after logging in should only see the Anyconnect "deployment portal", while "manintra" should see the webvpn portal populated with the links specified in the URL list "Management_List". However, no matter what I do, I only see the default "clean" webvpn page. This is an example of "sh vpn-sessiondb webvpn" for both users..
  Session Type: WebVPN
  Username     : kaisaron78             Index        : 1
  Public IP    : 172.16.0.3
  Protocol     : Clientless
  License      : AnyConnect Premium
  Encryption   : Clientless: (1)RC4     Hashing      : Clientless: (1)SHA1
  Bytes Tx     : 518483                 Bytes Rx     : 37549
  Group Policy : RemoteAC               Tunnel Group : DefaultWEBVPNGroup
  Login Time   : 10:59:33 CEDT Mon Aug 18 2014
  Duration     : 0h:00m:23s
  Inactivity   : 0h:00m:00s
  VLAN Mapping : N/A                    VLAN         : none
  Audt Sess ID : c0a801fa0000100053f1c075
  Security Grp : none
  Asa5505# sh vpn-sessiondb webvpn
  Session Type: WebVPN
  Username     : manintra               Index        : 2
  Public IP    : 172.16.0.3
  Protocol     : Clientless
  License      : AnyConnect Premium
  Encryption   : Clientless: (1)RC4     Hashing      : Clientless: (1)SHA1
  Bytes Tx     : 238914                 Bytes Rx     : 10736
  Group Policy : SSLPolicy              Tunnel Group : DefaultWEBVPNGroup
  Login Time   : 11:01:02 CEDT Mon Aug 18 2014
  Duration     : 0h:00m:05s
  Inactivity   : 0h:00m:00s
  VLAN Mapping : N/A                    VLAN         : none
  Audt Sess ID : c0a801fa0000200053f1c0ce
  Security Grp : none
  As you can see, it seems like the policies are assigned correctly by radius attribute Group-Policy. However, for example you'll notice no vlan mapping, even if I have declared them explicit in group policies themselves. This is the webvpn section of the CLI script I used to setup remote access.
  ! ADDRESS POOLS AND NAT
  names
  ip local pool AnyConnect_Pool 192.168.10.1-192.168.10.20 mask 255.255.255.0
  object network NETWORK_OBJ_192.168.10.0_27
   subnet 192.168.10.0 255.255.255.224
  access-list Split_Tunnel_Anyconnect standard permit 192.168.1.0 255.255.255.0
  nat (inside,outside) source static any any destination static NETWORK_OBJ_192.168.10.0_27 NETWORK_OBJ_192.168.10.0_27 no-proxy-arp route-lookup
  ! RADIUS SETUP
  aaa-server OpenOTP protocol radius
  aaa-server OpenOTP (inside) host 192.168.1.8
   key ******
   authentication-port 1812
   accounting-port 1814
   radius-common-pw ******
   acl-netmask-convert auto-detect
  webvpn
   port 10443
   enable outside
   dtls port 10443
   anyconnect image disk0:/anyconnect-win-3.1.05170-k9.pkg 1
   anyconnect profiles AnyConnect_Profile_client_profile disk0:/AnyConnect_Profile_client_profile.xml
   anyconnect enable
  ! LOCAL POLICIES
  group-policy SSLPolicy internal
  group-policy SSLPolicy attributes
   vpn-tunnel-protocol ssl-clientless
   vlan 3
   dns-server value 10.5.1.5
   default-domain value management.local
   webvpn
    url-list value Management_List
  group-policy RemoteAC internal
  group-policy RemoteAC attributes
   vpn-tunnel-protocol ikev2 ssl-client
   vlan 1
   address-pools value AnyConnect_Pool
   dns-server value 192.168.1.4
   split-tunnel-policy tunnelspecified
   split-tunnel-network-list value Split_Tunnel_Anyconnect
   default-domain value home.local
   webvpn
    anyconnect profiles value AnyConnect_Profile_client_profile type user
  group-policy SSLLockdown internal
  group-policy SSLLockdown attributes
    vpn-simultaneous-logins 0
  ! DEFAULT TUNNEL
  tunnel-group DefaultRAGroup general-attributes
   authentication-server-group OpenOTP
  tunnel-group DefaultWEBVPNGroup general-attributes
   authentication-server-group OpenOTP
  tunnel-group VPN_Tunnel type remote-access
  tunnel-group VPN_Tunnel general-attributes
   authentication-server-group OpenOTP
   default-group-policy SSLLockdown
  !END
  I had to set up DefaultWEBVPNGroup and RAGroup that way otherwise I couldn't authenticate using radius (login failed every time). Seems like in ASDM the VPN_Tunnel isn't assigned to AnyConnect nor to Clientless VPN client profiles. Do I have to disable both default tunnel groups and set VPN_Tunnel as default on both connections in ASDM ? I know I'm doing something wrong but I can't see where the problem is. I'm struggling since may the 2nd on this, and I really need to finish setting this up ASAP!!!!
  Any help will be more than appreciated.
  Cesare Giuliani

  Ok, it makes sense.
  Last question then I'll try and report any success / failure. In this Cisco webpage, http://www.cisco.com/c/en/us/td/docs/security/asa/asa84/configuration/guide/asa_84_cli_config/ref_extserver.html#wp1661512 there's a list of supported radius attributes. Actually I'm using number 25 Group-Policy, in order to get the correct group policy assigned to users. I see, in that list an attribute 146 Tunnel-Group-Name. Will it work out for the purpose you explained in the previous post ? I mean, if I set up two tunnel groups instead of 1, 1 for anyconnect with its own alias and its own url, and 1 for SSL VPN again with its own alias and url, do you think that using that attribute will place my users logging in into the correct tunnel group ?
  Thank you again for your precious and kind help, and for your patience as well!
  Cesare Giuliani

• Problem with Group policies and Administrator count

  I have one problem with Group policies and Admnistrator count.
  Win XP, Client 4.91, Client Zen 4
  I use DLU for users.
  the Group policies are well applied and i keep them after logout for
  security reasons.
  But my problem is, after logout, the Administrator count becomes this
  Group policies, and the only technique that I use, is to remove the
  repertories c:\windows\system32\GroupPolicy*. Administrator must
  loguing again for having good policies.
  Can you help me?

  Bill,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
  - Check all of the other support tools and options available at
  http://support.novell.com.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://support.novell.com/forums)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://support.novell.com/forums/faq_general.html
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• SubOUs and Delegation of Group Policies

  Hello,
  We have 5 departments in our single domain forest and some departments do not want other departments to see their Group Policies, which makes delegation complicated. Is it possible to create sub OUs under the System\Policies folder and assign permission
  to departmental admins to their folder and deny them read to the other folders? Central IT would control linking of policies.
  If anyone knows another way to allow departments to see only their own GPOs or a useful 3rd party tool, I'd love to know.
  Thanks,
  Robert

  Hello,
  We have 5 departments in our single domain forest and some departments do not want other departments to see their Group Policies, which makes delegation complicated. Is it possible to create sub OUs under the System\Policies folder and assign permission
  to departmental admins to their folder and deny them read to the other folders? Central IT would control linking of policies.
  If anyone knows another way to allow departments to see only their own GPOs or a useful 3rd party tool, I'd love to know.
  Thanks,
  Robert
  seems no... 
  why you want to do this? Didn’t find others configure as this… may ask in gp forum
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverGP
  Best,
  Howtodo

• QuickTime 7.1.3 and Group Policey

  I have been trying to get the new version to push to my windows XP workstations from my windows server 2003 AD group policies.
  First I have got it to install but the Language is set for something like Chinese or something. I unfortunately need to be in English. In the older versions it came with a “1033.MST” file to set the language to English this file does not exist in the current version.
  Second I would like to change the defaults from running in the systray to NOT running in the systray and to have the auto update turned off for the auto update causes problems with the deployment system.
  I have used Orca to make the Transform.mst file so I can set the changes and or defaults, but only some of my changes are taking effect, like no desktop icon.
  Any help with this would be greatly appreciated.
  Thank you in advance.

  Okay. I got it fixed.
  Problem summary: After installing iTunes 7 and QT 7.1.3 yesterday, I noticed that my Photoshop CS (8.0) would not open or create new images. I also went back to my PS 7.0 and it would not work either.
  Deleting the Adobe cache folder and preferences did not help.
  I ran MacJanitor to repair permissions, then downloaded the QT 7.1.3 installer from Apple and re-installed QT.
  Photoshop works fine now.
  Don't know if it was the permission repair then re-install or just the re-install, but the problem went away.
  Best,
  Jim

• Lightroom 4 crashes when trying to open the slideshow module. I spent over three hours with both Adobe and Apple tech support and we know it is a permission issue but have not been able to get it solved.  It started with the last upgrade to 10.8

  Lightroom 4 crashes when trying to open the slideshow module. I spent over three hours with both Adobe and Apple tech support and we know it is a permission issue but have not been able to get it solved.  It started with the last upgrade to 10.8

  Back up all data.
  This procedure will unlock all your user files (not system files) and reset their ownership and access-control lists to the default. If you've set special values for those attributes on any of your files, they will be reverted. In that case, either stop here, or be prepared to recreate the settings if necessary. Do so only after verifying that those settings didn't cause the problem. If none of this is meaningful to you, you don't need to worry about it.
  Step 1
  If you have more than one user account, and the one in question is not an administrator account, then temporarily promote it to administrator status in the Users & Groups preference pane. To do that, unlock the preference pane using the credentials of an administrator, check the box marked Allow user to administer this computer, then reboot. You can demote the problem account back to standard status when this step has been completed.
  Triple-click the following line to select it. Copy the selected text to the Clipboard (command-C):
  { sudo chflags -R nouchg,nouappnd ~ $TMPDIR.. ; sudo chown -Rh $UID:staff ~ $_ ; sudo chmod -R u+rwX ~ $_ ; chmod -R -N ~ $_ ; } 2> /dev/null
  Launch the Terminal application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
  Paste into the Terminal window (command-V). You'll be prompted for your login password, which won't be displayed when you type it. You may get a one-time warning not to screw up. If you don’t have a login password, you’ll need to set one before you can run the command. If you see a message that your username "is not in the sudoers file," then you're not logged in as an administrator.
  The command will take a noticeable amount of time to run. Wait for a new line ending in a dollar sign (“$”) to appear, then quit Terminal.
  Step 2 (optional)
  The first step should give you usable permissions in your home folder. This step will restore special attributes set by OS X on some user folders to protect them from unintended deletion or renaming. You can skip this step if you don't consider that protection to be necessary.
  Boot into Recovery by holding down the key combination command-R at startup. Release the keys when you see a gray screen with a spinning dial.
  When the OS X Utilities screen appears, select
  Utilities ▹ Terminal
  from the menu bar. A Terminal window will open.
  In the Terminal window, type this:
  resetpassword
  That's one word, all lower case, with no spaces. Then press return. A Reset Password window will open. You’re not  going to reset a password.
  Select your boot volume ("Macintosh HD," unless you gave it a different name) if not already selected.
  Select your username from the menu labeled Select the user account if not already selected.
  Under Reset Home Directory Permissions and ACLs, click the Reset button.
  Select
   ▹ Restart
  from the menu bar.

• How can I configure FireFox security setting globally for all users on a PC? Is there something I can do in group policies or throught the registry to insure all users have the same settings?

  Our Bank's core processor has rewritten their product to run in a web browser. Their browser of choice is Firefox 3.6. The specifications from our core processor specify specific security and settings parameters that must be adhered to by all users for their product to run properly. Is there a way to globally configure these settings via the registry or group policies to insure everyone who logs in to a given workstation opens Firefox with the same settings? Thank you for any assistance you can provide - Steve Gish, First Bank Kansas.
  == User Agent ==
  Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

  You can try:
  *http://kb.mozillazine.org/Locking_preferences

• Office 2013 group policies - not working

  I'm using Office 2013 Pro Plus SP1 (volume license) on a Windows 7 Pro machine [both are 32 bit].   While I have Server 2003, it's configured to work with Windows 7 and Office 2013 Group Policy templates.  I use RSAT on a Win 7 computer to
  create/manage the Group Policies.
  Since we're not using Office 365, I'm trying to block some of those features, as well as disabling the Office Start screens.
  Thinking that SP1 might be the problem, I downloaded the group policy templates for SP1 and copied them to the server.
  If I create a policy (Office_2013_settings), with a few settings, like "Block singing into Office".  In Group Policy, I disabled the Computer Configuration, leaving the User Configuration enabled.  If I force group policy on the target
  computer and look at RSOP, I see the computer configuration settings disabled, but nothing for the user configuration, although it's enabled in the policy. 
  If I put a junk policy entry on the computer configuration and enable both policies on the backend, force group policy on the computer, and look at RSOP, under computer configuration, I see the Office_2013_settings policy, but the policy still doesn't appear
  in the user configuration.  If I scroll to the bottom of the file, where I can see other Administrative templates and their settings, my Office_2013_settings aren't visible.

  I have created a group policy with a few settings, and applied to my own computer. It seems to be very nice to me. Please first check the apply status on the client site based on the GPSVC.log
  Thinking the issue might be on the way how you create/manage the Group Policies on Windows Server side. Please check the model of how you deploy your group policy, on a domain or OU level?  Loopback Merge or Replace? This might affect whether the user
  would receive all settings from GPO applied to User or Computer. This article might be useful to you:
  http://blogs.technet.com/b/askds/archive/2013/02/08/circle-back-to-loopback.aspx
  This might be an issue on Windows server side, you may need to post your question to below forum to get more suggestions:
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/home?category=windowsserver

• Office 365 Group Policies question

  We initially deployed Office 365 with updates turned off so about half of our users have an old version of Office 365.  We want to now manage the updates using the new group policies for O365.    I read this statement ...In
  order for these four new policy settings to work, you will need to have at least the April 2014 build of Office 2013 Click-to-Run (Build 15.0.4605.1003) and download the latest Administrative templates files (ADMX/ADML).
  Does this mean that the version on the PC has to have at least the April 2014 build to use the policies?  If that's true how would I go about updating the users who have automatic updates turned off.  there are a couple of thousand users.

  Does this mean that the version on the PC has to have at least the April 2014 build to use the policies?  If that's true how would I go about updating the users who have automatic updates turned off.  there are a couple of thousand users.
  Yes.
  Depending on how you deployed/deploy Office365ProPlus, and, the tools/techniques available to you in your environment, there are some options.
  a) re-deploy Office365ProPlus to the computers. Use the latest build version.
  b) check the relevant registry settings, and if correction is needed, deploy the correct registry settings.
  These articles may help you to determine which of the multiple scenarios you have to deal with:
  http://community.office365.com/en-us/f/156/t/220142.aspx
  http://blogs.msdn.com/b/modonovan/archive/2014/04/09/office-365-pro-plus-fails-to-update-or-fails-with-error-code-30088-27.aspx
  http://social.technet.microsoft.com/Forums/office/en-US/4369357e-5de9-4755-8f2c-33ae948b14fb/manually-triggering-updates-in-office-2013?forum=officeitpro
  http://blogs.technet.com/b/office_resource_kit/archive/2013/06/17/automating-quick-repairs-in-office-365-proplus.aspx
  http://blogs.technet.com/b/odsupport/archive/2014/03/03/the-new-update-now-feature-for-office-2013-click-to-run-for-office365-and-its-associated-command-line-and-switches.aspx
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• SSL Multiple Tunnel Groups with Multiple group policies

  Hello folks.
  Have a query and cant seem to find an answer on the web.
  I have configured SSL Clientless VPN on a lab ASA5510, using 2 tunnel groups, one for enginneers and one for staff, mapped to 2 different group policies, each with different customisation. I have mapped the AD groups to the tunnel groups using both ACS and now LDAP (currently in use), both working successfully, using group lock and LDAP map of IETF-Radius-Class to Group name ensures engineers get assigned to the engineers tunnel group and staff get mapped to the staff tunnel group only.
  The question i have is....is there a way to use a single tunnel group to map the user based on AD group which will then use the correct Group-policy (1 tunnel group to multiple group-polciies). I have seen examples of doing this with different URLs but want to know if they can all use the same URL and avoid using the drop down list using aliases.
  It may be a simple "No" but it would be nice to know how to do it without using the URLs or drop down list. Users are easily confused ......

  Easy. Disable the drop-down list, and use the authentication-server (LDAP or Radius) in the DefaultWEBVPNGroup. By default when you browse to the ASA, it will be using the DefaultWEBVPNGroup. Let LDAP or Radius take care of the rest.
  You will get the functionality you are looking for.
  HTH
  PS. If this post was helpful, please rate it.