Application Control Policy white listing
How do I configure Application Control Policy white listing?
I can only get blacklisting to work.
If I create a policy to block *.exe and then allow all the windows executables it doesn't work.
It looks like wildcards don't work.
Thanks Brent!
Note: It is possible to combine the Current ZESM product with Windows
Software Restriction Policies and get much stronger protection than
Software Restriction Policies alone. (Both Types of Policies are
deliverable via ZCM)
On 4/25/2012 11:46 AM, bbeachem wrote:
>
> That documentation refers to the old ZESM 4.1 product that is EOL.
> We're working to update that documentation. Application White-Listing
> is currently not supported in the ZESM version integrated into the
> ZENworks Communication Console. It is being researched for possible
> inclusion in a future revision.
>
>
Craig Wilson - MCNE, MCSE, CCNA
Novell Knowledge Partner
Novell does not officially monitor these forums.
Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.
Similar Messages
-
ZMM 2.5 Policy Suite, Application Control, Whitelisting
Reference: Novell Documentation: ZENworks Mobile Management - Table of Contents
The ZMM manuals are not quite clear what they mean by "Whitelisting" under the Policy Suite, Application Control sections. I'm assuming ZMM application "whitelisting" means that only listed apps can run or at least only listed apps can be installed and run. Is assumption correct? Has anyone done this successfully on Android devices with the ZMM agent an enrolled Touchdown? If so, could you provide details on how it was done? Ideally we'd like to take an inventory list of a working device set of applications, add them to the whitelist, and force the user to come to the administrator for new applications, regardless of their google play/alternative market access.
Thoughts?
KevinOriginally Posted by nop1983
salisburyk wrote:
>
> Reference:
> 'SureLock for Android | Kiosk Mode Lockdown for Tablets, Smartphones &
> Rugged Devices' (SureLock for Android | Kiosk Mode Lockdown for Tablets, Smartphones & Rugged Devices)
>
> Bryce,
>
> Another very interesting product is SureLock for Android - we are
> testing it to see how it compliments Novell ZMM...
>
> Kevin
This looks like a Endpoint security product for Android, right?
Niels
Hi Niels,
Did you happen see the link? No, the SureLock product allows Application Control/Application whitelisting right on the android device with full administrator control. We wrongly thought ZMM could whitelist Android apps (shame on us - we neglected to test that before we purchased. Lessons learned - give yourself time to test everything in your requirements list prior to purchase). Our initial testing of SureLock went very smoothly, it does not interfere with the ZMM agent or Touchdown. The users see only what you want them to see - apparently even without root access on the android device. We are now using it in conjunction with ZMM on our Mobile devices. There are others that offer similar functionality in conjunction with ZMM - take a look at Clutch Mobile App Protector Pro that is coming soon for iOS as well ( https://www.clutchmobile.com/products/appprotector ). We do not have iOS, so SureLock is fine for our needs in conjunction with ZMM...
Kevin -
Hey, i need some help with removing my applications. Whenever i try to the error pops up and says: It policy application control. When i try to delete the module stuff it says that to. I personally have never ben involved in any company or IT network. Now LONG story short i kind of have a reycled-part blackberry (everything works perfectly except this!), so the IT policy part might of had connections to a IT network at sometime. I tried using the desktop manager to delete the apps, hell i even reset the OS (i did however backup/recover the phone.... could this be the problem?) In conclusion: How do i delete the It policy?
some info:
phone: 8310
Carrier: ATT
Os: 4.5
thanks in advance!
Solved!
Go to Solution.hello, what you need to do is remove the IT policy from the previous life of your Blackberry device.
You have many tutorials on how to do that here :
http://www.google.com/search?hl=en&ie=UTF-8&btnG=Google+Search&q=blackberry%20policy.bin
good luck
The search box on top-right of this page is your true friend, and the public Knowledge Base too: -
Application Control Policies - Is that it?
Restrictions based on executable name only seems very restrictive, maybe I came in with the wrong mindset. I was looking at this been an SRP like replacement but the inability to do path based rules or default deny all but allowed programs. Been executable name only without a default deny would mean simple executable rename defeats the policy.
Can someone enlighten me, have I just totally missed the point?Originally Posted by bbeachem
Application "white listing", which is what you're really requesting is on our roadmap for a future product version.
Is there a current time frame on the whitelist feature? Also do you know if path based rules will be included as part of that feature? -
LG G2 block text message black/white list ???
K, I just got the LG G2 the other day and say that when you go to block a text message there is a black and white list.
What are the differences?Dizzybandit, I want to make sure that we are getting you the correct information. I'm not exactly finding where this list is at. Can you please tell me where you see this? Are you going into Messaging (the Green smiley face conversation bubble)? Or are you using a different application? We really want to get to the bottom of this ASAP.
KevinR_VZW
Please follow us on Twitter @VZWSupport -
Hi Experts!
We have an issue when displaying originals(in DIRs) in PLM WUI, Portal.
The issue can be summarized like this:
JPG-Images or PDF files are stored on a shared folder. (Not in SAP System)
We then create an original in a DIR(document info record). We do NOT check in the original but only use file as a link.
(In our solution we will not check in the originals but the versioning will be controlled in the linked folder).
Example:
We create an original with the following link
sharedfolder\images\image01.jpg
Anyone can afterwards log on the system and click display original and the jpf or pdf is shown.
This procedure works perfectly fine when we are in SAPGUI.
But in the Portal the system acts different from case to case.
Case 1
When a colleague of mine has added an original in SAPGUI and I
then press display in Portal I get a security list error message, Wrong downloading server
(We have defined the white list, TCode wdr_acf_wlist, and downloaded it.
In this case we have tried
sharedfolder\images\ as downloading server for example)
Case 2
When I have added an original in SAPGUI and then press display in the Portal the image is shown
->Why do I NOT get the error message in this case?
Any ideas why the system works this way and how I can solve it?
Thanks in advance!
MikaelHi Mikael,
I was led to this thread via search on SDN for "white list". We need to set up an external facing portal and need to set up reverse proxy plus white list. We have an OSS message running with prio very high but don't seem to get a helpful answer. Can you give info on how to configure the revese proxy (we aim at citrix gateway as reverse proxy) with white list? or can you describe your architecture with focus on white list? very kind regards, Matthias Kasig -
White list of computer part nx7400
Hi
Can somebody say mi what is in white list of bios of my nx7400 computer
I want replace some part and do not know what will be by white list disabled.
Or it is some possibility how to disable white list in my computer.
(I have version with drDos and use linux in it )
I want to change
wifi
disk
memory
Thank you for helpYes this one is about supported HW by HP but mini pc cart which is on white list now is not possible to by I wont to replace broken one to new from Hardware and software point of view it must work (PCI atandart ) I do not know what is from business reason in white list enabled if only ID o HW vendors or also ID of equipment.
=> it is possible to change device from same vendor to new one.. or it must be same type
Other possibility is that control is done on MAC address of wifi (there is hardcoded vendor and type)
1) I do not know mechanism of white listing (parsing PCI ID, MAC, DMI or other information or mechanism)
2) I do not know what is in white list and what will be disable.
3) I do not know how to force this (business only restriction)
For me is not necessary to have support fro HP for spare part (notebook have 4 Years after Guarani period)
But I wont to upgrade myself broken parts and information's this one I can not find.
And other point of view , there is software restriction to fix hardware problem ("buggy bios with white list")
Thank for you -
Design Studio 1.3 applications shows only white screen on Mobile BI App (iPad)
Hello Design Studio friends,
after upgrading or BI platform (4.1) Design Studio Add-On from version 1.2 to 1.3 we could no errors, everything works fine. But now we have the issue, that all of our Design Studio Applications do not work on iPad.
All mobile Applications are listed correctly in the overview in the Mobile BI App. But after starting one application the loading screen is running and after loading only a white screen is displayed. No data, no components, no variables screen etc.
Do you have any idea about the reason of our problem?
Here some additonal information, what we have done:
After upgrade we restartet the BIP and checked that all services are running.
We saved new Design Studio 1.3 Applications on BIP.
We run the Design Studio Applications local (everything works) over BIP on Desktop clients (everything workds), via Mobile BI App (iPad iOS7, newest iOS Version and newest App version) (only white screens are shown).
We deleted all metadata on iPad and reconnected to our BIP.
Our DataSources, integrated in the Design Studio 1.3 applications, are based on SAP BW Queries of a BW 7.4 system.
Many thanks for help and your support.
Kind regards
PatrickHi Tammy,
I deleted the mobile BI App from my iPad and installed it again (newest version).
No changes, after loading the Design Studio Application only a white screen is shown.
I cannot find a relevant Part in the App protocol (Debug Mode).
Thanks for your support.
kind regards
Patrick
protocol:
Application’s app store version:6.0.3
Application’s internal version: 6.0.3
SAP BusinessObjects Mobile server version:14.1.1.1036
SAP BusinessObjects Mobile server internal version:3.0
Work Offline:false
iOS Version:7.1.1
Device Type:IPad
2014-06-15 20:12:15.060 SAP BusinessObjects Mobile[1331:707] |I|: [IPadActivityIndicator.m initWithMessage:andCancelButtonTitle: 59] initWithMessage(): init Custom Activity Indicator Alert View
2014-06-15 20:12:15.065 SAP BusinessObjects Mobile[1331:707] |I|: [IPadActivityIndicator.m initWithMessage:andCancelButtonTitle: 64] initWithMessage(): init UI ActivityIndicator View
2014-06-15 20:12:15.068 SAP BusinessObjects Mobile[1331:707] |T|: {[HomeScreenData.m openOnlineDocument:withOption:withOpenParams: 2173 Clicking on document in homescreen document to view online]
2014-06-15 20:12:15.071 SAP BusinessObjects Mobile[1331:707] |T|: {[ConnectionUtils.m getNetworkReachability 345 network reachability = 1]
2014-06-15 20:12:15.088 SAP BusinessObjects Mobile[1331:707] |T|: }[HomeScreenData.m openOnlineDocument:withOption:withOpenParams: 2192]
2014-06-15 20:12:15.101 SAP BusinessObjects Mobile[1331:707] |I|: [IPadActivityIndicator.m initWithMessage:andCancelButtonTitle: 59] initWithMessage(): init Custom Activity Indicator Alert View
2014-06-15 20:12:15.105 SAP BusinessObjects Mobile[1331:707] |I|: [IPadActivityIndicator.m initWithMessage:andCancelButtonTitle: 64] initWithMessage(): init UI ActivityIndicator View
2014-06-15 20:12:15.109 SAP BusinessObjects Mobile[1331:707] |T|: {[ConnectionUtils.m getNetworkReachability 345 network reachability = 1]
2014-06-15 20:12:15.193 SAP BusinessObjects Mobile[1331:707] |T|: {[ConnectionUtils.m getNetworkReachability 345 network reachability = 1]
2014-06-15 20:12:20.391 SAP BusinessObjects Mobile[1331:707] |T|: {[ConnectionUtils.m getNetworkReachability 345 network reachability = 1]
2014-06-15 20:12:26.615 SAP BusinessObjects Mobile[1331:707] |T|: {[MobiRootViewController.m showSettings: 2298 showing Applicaiton settings page]
2014-06-15 20:12:26.622 SAP BusinessObjects Mobile[1331:707] |T|: }[MobiRootViewController.m showSettings: 2369]
2014-06-15 20:12:27.498 SAP BusinessObjects Mobile[1331:707] |T|: }[ApplicationSetting.m tableView:didSelectRowAtIndexPath: 792] -
Want to create white list. how to do so?
I want a white list but can't find a place for it. I see <Block Sender>, but I want to create an <Allow Sender> list. Thanks.
You can only white list people from any of your address books. Go to Hamburger button -> Options -> Account Settings -> [account] -> Junk Settings, enable adaptive junk mail controls for that account and check the address books you want addresses from to be whitelisted.
-
Add IP address ranges to my airport extreme firewall white list.
I need to add IP address ranges to my airport extreme firewall white list. This is so Security Metrics can access my computer and approve a scan for my credit card PCI compliance. How do i add ip ranges?
Sorry, but this option is not available with the AirPort routers. The only control you have over the AirPort's NAT firewall is either to enable/disable it or to configure it for Port Mapping. There are no option that supports whitelisting/blacklisting IP addresses/ranges.
If this is an important requirement, you may need to replace your current AirPort with another vendor's product that will support this. -
2180us wifi card update? New card not on white list
I bought a dual band 802.11ac card with the intention of updating the single band 802.11n card in my laptop. It is a dm4-2180us. When I put it in I discovered that the BIOS will not boot the computer. I since learned that the BIOS has a white list of acceptable cards. All others are prevented from booting. All seemingly from 4 years ago!
What options do I have to go to 802.11ac dual band? Is my otherwise perfectly fine laptop stranded with sub par networking?
I have two of these laptops and two of these cards I cannot use.
I am frustrated.
-TomSo, it seems that HP agrees that the white list was a bad idea in that they no longer do it. But that does not solve the problem for people who have laptops from that period. My understanding is that a lot of the BIOS's have RSA keys, so that it is impossible for a user to modify them. Actually I have looked for a modded BIOS for this model and it seems to not be avialable.
Also there are no cards avilable that offer ac or dual band. For that matter how would I know what is on the whitelist other than a handful of cards from 5 years ago.
HP is still updating the BIOS from time to time. Mine is in the file sp60704.exe (01651.fd). It is probably a 2 line code change. I wish they would supply an update removing the white list.
I'd get a USB dongle but the machine has USB 2.0 and that is actually slower than the new wifi cards. Also USB has its own throughput issues, even if I had USB 3.0 it would run slover than the max data rate.
I feel that HP owes buyers of these older machines some kind of a fix. Especially given that their policy is to not implement white lists in BIOS anymore. -
How to create an application-specific policy file?
Hi Everybody:
I'm a .NET developer with C #. I have a few applications currently running on my computer using the ODP 10.1
Two weeks ago I installed on my computer the ODP 10.2 Release & now my previous applications have stopped working: when I try to make the connection to the database gives me this exception:
OraOLEDB (0x80004005)
ORA-12154: TNS: could not resolve the connect identifier specified
In FAQ section for ODP.NET I found the next:
Q: I have two .NET applications on the same machine running two different versions of ODP.NET. How do I ensure both these applications use the correct ODP.NET version?
A: Beginning with ODP.NET 10.1.0.3, the Oracle installer will register the following publisher policy DLLs in the Global Assembly Cache (GAC) that redirect 9.2, 10.1 and 10.2 ODP.NET applications to use the last installed version of ODP.NET: Policy.9.2.Oracle.DataAccess.dll and Policy.10.1.Oracle.DataAccess.dll.
ODP.NET 9.2 includes just the first policy DLL above. These policy files ensure that all your ODP.NET applications use the most recently installed version of ODP.NET.
You may undo the redirection manually. Policy DLLs can be de-installed through gacutil.exe using the /u option. Another approach is to navigate to the GAC directory (i.e. C:\WINNT\assembly) through the Windows Explorer and delete the policy folders. That will eliminate any policy enforcement for all your ODP.NET applications.
If you have applications on the same machine using different ODP.NET versions, you should create an application-specific policy file.
I'm trying to do that, but I don't know what is an application-specific policy file. Someone can give me an example of How can I create and application-specific policy file???
RegardsHi,
Binding redirection is a ".net thing" as opposed to a "odp.net thing", see if this helps:
http://msdn.microsoft.com/en-us/library/7wd6ex19(VS.71).aspx
Hope it helps,
Greg -
How can I control SMTP server list in Mail?
I've seen a lot of discussion about e.g. deleting servers, but it often includes smug replies like "click the delete button" when there is often no such button. I have found a possible 'get around' to this particular problem by changing the server data to something that doesn't exist, save that, then select the server again from the list and hey presto, there is now a Delete button you can use. But again, that is not the full story because if that server is used as the primary server for any other account, you cannot modify the data.
Not only that, but you CANNOT simply swap servers so that e.g. an account uses one of the other servers as its primary server. Unless I'm missing something major here, it is NOT possible to move servers. You can change the data for the server to be exactly the same as another server, but that just means you now have an identical duplicate. Once a server entry has been created, it is an independent data entity.
So I seem to have several problems here.
1. A server cannot be deleted if it's in use as a primary for any account.
2. Servers cannot be moved, i.e. swapped between 'Primary' and 'Other'
3. Simply editing the server data does not 'merge' it with any other entry that may have the exact same data.
4. When creating an account, you cannot pick the outgoing SMTP server from the list of ones already created. Simply entering the same data as one that already exists may use that existing server, but may create a new duplicate. I have seen both of these occur and once there's a duplicate, you cannot get rid of it.
I want 3 accounts to all use the same 'Primary' server and also have the same 'Other' server. IOW, only 2 actual servers. After the first 2 accounts are created, that's what I have. Somehow they seem to be able to 'share' the same servers. But when I create the third account and enter the same data for its SMTP server as the others use as their primary (i.e. exactly the same process as when creating the second account), for some reason it does NOT use the existing matching server and I now get a third server created. I simply cannot get around this since whatever I do, each of the duplicates is used as a primary and so cannot be deleted. If I could swap them around so that the third account was using another account as its primary, then I could delete the duplicate and all would be well, but as pointed out above, that's not possible.
I'm hoping that I'm simply wrong about all this and it is actually possible to do what I currently believe it impossible. Can anyone explain how to actually control this server list?can't edit SMTP server list in Mail
i have exactly the same problem using 10.9.4 - did you ever get a reply? -
I have a list which has a underlying infopath form for insert and edit a record.
The list has various views spread across different pages .
Now depending on different pages "New Item", a value for the form will have a corresponding value.
If there is a single line of text control in the list, and depending ona page name, the value for the single line text should be autofilled when Add new item is clicked.
How do i achieve that?
Thanks...Hi,
According to your description, there are several list views in your list, there is a textbox control which holds the “Single Line of Text” type of data in your custom
form. When users click the “Add new item” button in one of the existing list views, you want the textbox control in the custom form to be populated automatically.
By default, when user clicks the “Add new item” button in a list view, the URL of the custom form page will contain the name of that list view page, thus, a workaround
which requires custom code can be like this:
After the form page loaded, we can extract the name of the list view page from the URL, then populate it into the textbox control immediately. This can be achieved
using jQuery.
About how to
get URL parameters of current page using jQuery:
http://www.jquerybyexample.net/2012/06/get-url-parameters-using-jquery.html
About
adding jQuery into InfoPath form:
http://riteshudupak.blogspot.com/2010/09/add-jquery-to-browser-enabled-infopath.html
Best regards,
Patrick
Patrick Liang
TechNet Community Support -
Trying to clean up my iMac. Noticed that while in finder, I click on Applications and in the list I see another folder called applications that is a duplicator of the original folder. Is this truly a copy that can be deleted?
DO NOT remove either folder. DO NOT mess with any OS X system files either. If you have dupliocates check your files in iPhoto, iTunes and your iMovies libraries. Also check your data files, under ALL circumstances stay away from any OS X systems files or you will probably bork your Mac to the point it will not run.
Maybe you are looking for
-
Can I install Lion on mac mini 4.1 late 2009 ?
How can I install Lion on a mac mini Model 4.1 late 2009 ? I erased OX 10.6.8. Have tried numerous times. Iam using the usb card from apple store.
-
I loss BIOS password for my Portege S100
Hi I have toshiba portege s100 i loss bios password when i search about it so i found a method i pressed ctrl, teb and ctrl,enter my leptop screen shows s/n and challenge code and system need response code but i do not know response code pleas help m
-
XML: Using static & placeholder text inside element with children?
Hi there I'm working with simple XML data with the following structure: Root Row Company_name Physical_address Phone Website Email_address Row Company_name Physical_addre
-
Hi All, Can you please tell me how to use Espress Chart API to generate a chart in JSP. It would be really helpfull, if you give me a sample code. Thanks Martin
-
How do I change back to Safari PDF viewer and get rid of Adobe?