AppLocker Policy to stop executable running from User Profile
I am in process of implementing Applocker in our Environment.
To protect the clients from Malware attacks I want to configure a policy through which all the executable files can not run from User Profile. However I may have few executable files which must run as exception to this rule from the user profile.
Please help.
What exactly is your question?
You can set up applocker to prevent all exes from running and then list your exemptions.
You will also have to set up about 7 other exemptions for the users to actually be able to login.
Also note that Applocker only works with Windows 7 Enterprise and Ultimate. Not professional.
Similar Messages
-
Propagate Data from User Profile to Resource Process Form doesn't work
Hi,
i've created a new custom task for Propagate Data from User Profile to Resource Process Form with a gtc connector but the task is never triggered!!!
i need clues to resolve this .
thnks.!!
oim 11g 11.1.1.5 bp4. high availability with 2 nodes and a balancer.Hi Rajiv:
->Did you make that entry in Lookup as mentioned in that thread/post ?
ANSW: yes.
->Did you use exact naming convention for your tasks ?
ANSW: yes i put the same name that i put in the lookup into my process from.
In which process definition have you created your task. Make sure it should be other than "Xellerate User" process definition.
ANSW: PROCESS DEFINITION: * iPlanet User
*TB_BAN1_AUR_GTC
*TB_BAN5_AUR_GTC
*TB_BAN3_AUR_GTC
etc.. GTC conector.
i have a test environment where this functionality works succesfully and i put the same in my production environmnet and the task never is triggered. -
Approval work folw while Deleting the user from user profile
Hi
I have a requirement like
I configured AD as auto provisioned.
How to configure approval workflow, when administrator deleting the user from user profile (xellerate form).
FYI, Delete task assigned as undo task for the create user task
Thanks
Edited by: user11963802 on Dec 15, 2010 2:31 AMCreate one approval workflow and create one Process Determination Rule like
If
Request Action == "Revoke"
Attach this rule with RO.
Hey sorry
I shared the information for Revoking user from target Application.
Hide Delete User button from JSP
You can create Dummy Resource with Approval workflow for Deleting User. And after getting approval you can use DeleteUser API to delete user from OIM.
Edited by: Rajiv Dewan -
Use Department field from user profile
Hi,
When user uploads a document - "Created By" takes its name automatically.
We need the data of the department of the user also.
I see that i can change the column to display any field from user profile in the "Created By" (user name / email/ department...).
What should i do in order to use more than one field? (it's like set 2 "created by" columns to each doc - one to get the user name and one for department).
It is for use department values in search.
keren tsurHi keren,
According to your description, my understanding is that you want to get user name and department for the user who created the document.
I recommend to get the department using the default Created By column and use workflow to get the user name from Created By column in a new column.
Create a workflow associated with the library and set the workflow to start when an item is created.
Best regards.
Thanks
Victoria Xia
TechNet Community Support -
Disable or Remove some field from User Profile in Personalize iView
Hi All,
I have a requirement to Disable one field and Remove one field from User Profile in Personalize iView.
i want to disable Activate Accessibility Feature field and Remove Language field.
How to archive this.
Thanks and Regards
TrilochanHi,
You can use [Personalization|http://help.sap.com/saphelp_nw70/helpdata/en/42/ed3ce7f8593eebe10000000a1553f7/frameset.htm] to do this :
1. logon as an admin and navigate to Portal Content > Portal Users > Standard Portal Users and open Every User Core Role
2. right click on User Profile and select edit
3. click on the Preview button then right click + CTRL on the iView and personalize the User Profile iView
That's it.
Regards,
Pierre -
Install as Administrator, run from User account
I am using the Windows version of SQL Developer build 1454 with the included JDK, running on Windows XP x64.
I am having problems getting SQL developer to remember my user settings.
I unzipped the file into c:\oracle\product using a user account which is member of the Administrators group.
Now I am trying to run it using a user account that is a member of the Users group.
I have the user enviroment variable RAPTOR_USER_DIR set to %USERPROFILE%\.raptor, and I have created the .raptor directory.
What is happening is that every time I start SQL developer it keeps bringing up the Configure File Type Associations dialog. Other preferences seem to be saved correctly.Hi,
You can stop SQL Developer from attempting to establish file associations by passing the no.shell.integration system property:
sqldeveloper -J-Dno.shell.integration=true
Thanks,
Brian -
Stop flash running from player and accessing a web page
Let's say i have built a 2 player game. What if a user ( having a technical knowledge ) saves the swf, decompiles it, cheats into the code, and runs the game from flash player (As naturally it cannot be run from owner's server, without uploading it there with his permission).
How can i restrict him playing the game via flash player ?
What i think is, i must use PHP session on the page, where the flash is being loaded. Can that do the trick ?
ThanksIf you post something on the Internet, those files are almost always first downloaded to the Internet cache and played back from there... so the viewer already has a copy.
But with most games, there are many files that make up the "assets" of the game.. all pieced together ..... who knows how!!
So while it's pretty easy to grab the main .swf (and perhaps decompile as you suggest), there may be dozens of other related files that must be coded in also.... that's the tough part.
So while the game may be a really good game, it you post it on the Internet, it's almost always possible to download it.... but to reassemble, much, much harder. And I just don't think that many people would take the trouble to decompile and reassemble.
Best wishes,
Adninjastrator -
List with user data from User Profile Service
Hi there!
I got SP intranet site up and running with more then 2000+ users on it.
User Profile Services is getting users attributes from Active Directory.
How can i make a list with all of those users and columns like Department, Manager, Office number, etc..
After that i'm going to apply a filter by current user department.
I would really appreciate some offer.
Thanks!There is a sharepoint hidden list called User Information List , if you want to filter by current user department I recommend that you use ser search API and search People using SourceID
public static ResultTable SearchUsers(string query,int limit,string [] selectproperties)
KeywordQuery kq = new KeywordQuery(SPContext.Current.Site);
//select properties
foreach (string property in selectproperties)
kq.SelectProperties.Add(property);
kq.SourceId = new Guid("B09A7990-05EA-4AF9-81EF-EDFAB16C4E31");
kq.QueryText = query;
kq.RowLimit = limit;
ResultTableCollection results = new SearchExecutor().ExecuteQuery(kq);
return results.Filter("TableType", KnownTableTypes.RelevantResults).FirstOrDefault<ResultTable>();
you need to pass the query Department:CurrentUserDepartment and to get current user department
UserProfileManager manager = new UserProfileManager(SPServiceContext.GetContext(SPContext.Current.Site));
UserProfile currentUser = manager.GetUserProfile(SPContext.Current.Web.CurrentUser.LoginName);
string department=currentUser["Department"].toString();
Hope that helps|Amr Fouad|MCTS,MCPD sharePoint 2010 -
User Group Policy Settings not applied to new user profiles at first logon
Good Afternoon,
We have an issue that occurs to a new user when they first log on to their machines. They log on and a new profile creates from the Default User Profile. We can see that a number of our Group Policy Settings applied as "User Configuration" are
not applying.A log off and back on is required before the policies apply.
Any thoughts to this behaviour please?
Regards
LeeB
Lee Bowman MCITP MCTSHi,
How about your problem now? How many system encounter this problem? Is all policy couldn't be applied? Is there any feedback when using gpresult to check policy applied status?
As Group Policy applies after user identity authentication, generally speaking, user logoff and back doesn't helpful with this problem.
When this problem occures, have you checked event log if it identify this problem?
Roger Lu
TechNet Community Support -
Running multiple User Profile Service Applications -- recommendations, pitfalls, etc.
I have a farm with one WFE, one APP, and one SQL server. The User Profile Service runs on both WFE and APP, the User Profile Sync Service is on the APP server. There is a single User Profile service application running that pulls from 4 different AD
import sources: two in the US, one in London, and one in Mexico.
There is a nightly incremental synch.
There is an issue where the London users need the synch to occur hourly.
There are some complexities with one of the US sources in that would make it difficult to run the current User Profile service hourly, plus there is a performance concern.
I'm interested in possibly creating a second User Profile Service Application that reads only from London and runs hourly.
Beyond creating the User Profile service and scheduling hourly, what should I be concerned about?
Will I need to (re)create new Audiences based on those from the original User Profile Service App? Run them immediately after User Profiles? Will there be an interruption in access during that gap?
Recreate custom User Properties?
Recreate any Forefront modifications?
New Profile/Sync/Social DBs?
etc?
Thanks,
ScottHi Scott,
According to your description, my understanding is that you want to use multiple user profile service application.
Yes, you can do it. Only one user profile application can be configured to work with the Profile Synchronization Instance. If you want more UPS instance, you need to start UPS on different server.
Here are some similar posts for you to take a look at:
https://social.technet.microsoft.com/Forums/en-US/c922d0a8-db7f-4bdd-87a2-686c836bf406/is-it-possible-to-have-multiple-user-profile-service-applications-on-a-single-server-farm?forum=sharepointadminprevious
https://social.technet.microsoft.com/Forums/sharepoint/en-US/c771591b-bff6-4d57-99a1-7d46ca1d9903/multiple-user-profiles-service-applications?forum=sharepointgeneralprevious
https://social.technet.microsoft.com/Forums/en-US/26da9723-70a5-43a2-a2b5-faebe60dbe1a/is-it-possible-to-have-multiple-user-profile-service-applications-on-a-single-farm?forum=sharepointadminprevious
Best Regards,
Wendy
Forum Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
[email protected]
Wendy Li
TechNet Community Support -
Аdding department export data from a survey list from user profile services in Sharepoint 2013.
When voting, survey Sharepoint 2013, there is a field created by whom. But the name is not enough. Necessary to add the department name of the profile data in the exported list excel.
Hi,
The OOTB feature “Export to Spreadsheet” won’t contain the department in the exported report, we will need to create a custom one programmatically.
We can use SharePoint Object Model to retrieve the data from the Survey and the User Profile Service, then generate an Excel Spreadsheet with the data we need.
SharePoint Object Model -
SPListItem class
http://msdn.microsoft.com/en-us/library/microsoft.sharepoint.splistitem.aspx
Add, Update and Delete List Items Programmatically in SharePoint
http://www.mindfiresolutions.com/Add-Update-and-Delete-List-Items-Programmatically-in-Sharepoint-372.php
More information about
SharePoint Object Model:
http://msdn.microsoft.com/en-us/library/ms473633.ASPX
How to: Work with user profiles and organization profiles by using the server object model in SharePoint 2013
http://msdn.microsoft.com/en-us/library/office/jj163142(v=office.15).aspx
For about
generating an Excel document:
http://www.codeproject.com/Articles/20228/Using-C-to-Create-an-Excel-Document
Or you can post another question to
Excel for Developers for about creating an Excel file programmatically:
http://social.msdn.microsoft.com/Forums/office/en-US/home?forum=exceldev
Feel free to reply if there are still any questions.
Best regards
Patrick Liang
TechNet Community Support -
Should modifying an email address policy also remove e-Mail addresses from user profiles?
I am noticing that when I modify our standard corporate email address policy in Exchange 2010, via the EMC, I am able to apply the changes to all the email enabled account, groups, resources, etc. However, if I remove one of the email addressing
formats in the template and then attempt to apply that to all the same email-enabled resource, it does not remove the email address template.
I'm assuming this isn't the expected behavior when modifying E-Mail Address policies? Also, our small organization appears to have three separate policies; Defauly Policy and then two additional ones. Is there any good reason for a small
(< 50 mailboxes) organization to have any more than just the default policy?On Sun, 25 Mar 2012 23:39:07 +0000, onetech-it wrote:
>
>
>I am noticing that when I modify our standard corporate email address policy in Exchange 2010, via the EMC, I am able to apply the changes to all the email enabled account, groups, resources, etc. However, if I remove one of the email addressing formats
in the template and then attempt to apply that to all the same email-enabled resource, it does not remove the email address template.
That's correct. Just becasue you aren't assigning any new addresses
doesn't mean that new e-mail won't arrive addressed to the addresses
that thre previously assigned.
>I'm assuming this isn't the expected behavior when modifying E-Mail Address policies?
Ye, it is.
>Also, our small organization appears to have three separate policies; Defauly Policy and then two additional ones. Is there any good reason for a small (< 50 mailboxes) organization to have any more than just the default policy?
That depends on what the policies are doing. Perhaps you have a
different policy for groups?
Rich Matheisen
MCSE+I, Exchange MVP
--- Rich Matheisen MCSE+I, Exchange MVP -
Premiere Pro CS6 stopped working, for one user profile
So Premiere Pro CS6 wouldn't open today. Opened fine yesterday, and the days before that. The program didn't crash yesterday or close improperly. I just get the logo splash screen, but I don't see the usual text stream of applications starting up on it. After a long time I get a Windows message saying it can't open the program.
- I used Bridge to update to the latest version. No help.
- I made sure Quicktime was updated.
- I cleared the preferences by moving the whole My Documents\Adobe\Premiere Pro\6.0 folder somewhere else (as a backup). Next time I tried starting the program it created a new \6.0 folder but that's as far as it went.
- I deleted AppData\Roaming\Adobe\Adobe Premiere Pro. Starting the program recreated the folder, made a Trace Database file but only put two entries in it:
DynamicLink 1 5
FE.WinInit.LocPlugins 1 5
And then it stops there. No other files created.
- Tried starting the program holding the Shift Key, and again with the Alt key, and again with both. No change.
- Rebooted after every change.
I tried logging out as the video user account and logging in with my personal account, and then Premier Pro opened just fine.
Problem is, I need it to work on the video user account because it was created specifically for our video editing PC. Our company logins also tie into our email and other programs. This one was created specifically so more than one person could share Premiere Pro settings and resources, and there was a battle with our IT to get it because they despise generic accounts.
I've seen other threads here mentioning startup problems but the solutions listed there don't work for me. Manually trashing the \6.0 folder didn't help. I don't have a .pref file or Preferences folder other than the \6.0 one. I haven't made any changes to the PC. The video drivers must be OK or it wouldn't start under the other user account. How do I fix this one?This was Microsoft patch week... did you install Windows updates?
•What is your exact brand/model graphics adapter (ATI or nVidia or ???)
•What is your exact graphics adapter driver version?
•Have you gone to the vendor web site to check for a newer driver?
•For Windows, do NOT rely on Windows Update to have current driver information
•-you need to go direct to the vendor web site and check updates for yourself
•ATI Driver Autodetect http://support.amd.com/en-us/download/auto-detect-tool
•nVidia Driver Downloads http://www.nvidia.com/Download/index.aspx?lang=en-us -
Disconnect/remove PSTs from users profile with logging
Hi all,
I would like a script that removes (but does not delete) all PST files (except Sharepoint lists) attached to Outlook on a machine (for all users) with logging. I found the script on another site but I would like it to create a log file which records what
it has actually done (machine|user|location of PST that was removed|time it was removed). Can anyone help with the logging bit please? I am thinking include the script as part of logon script and have the log file save in a network location.
Current script is this:
On Error Resume Next
Dim objOutlook 'As Outlook.Application
Dim Stores 'As Outlook.Stores
Dim objFolder 'As Outlook.Folder
Dim i 'As Integer
Set objOutlook = CreateObject("Outlook.Application")
Set Stores = objOutlook.Session.Stores
For i = Stores.Count to 0 step -1
If Stores(i).ExchangeStoreType = 3 Then
If Stores(i).DisplayName <> "SharePoint Lists" then
Set objFolder = Stores(i).GetRootFolder
objOutlook.Session.RemoveStore objFolder
End if
Else
End If
Next
Thank you in advance for your time.Hello,
You can use VBA Logger for adding log statements to the existing code.
The
RemoveStore method of the Namespace class removes a Personal Folders file (.pst) from the current MAPI profile or session. I.e. the method removes a store only from the Microsoft Outlook user interface. You cannot remove
a store from the main mailbox on the server or from a user's hard disk using the Outlook object model. -
Cannot hide 'Choose your settings' field from User Profile Edit Page
When ever I change the 'Choose your settings' property to not be displayed on users' edit profile page, all of the users' My Site edit profile pages display an error, 'Sorry, something went wrong'. The log file shows the following entries.
ProfileUI: Unhandled exception inside DisableReadOnlyRegionalControls: System.NullReferenceException: Object reference not set to an instance of an object. at Microsoft.SharePoint.Portal.WebControls.ProfileUI.DisableReadOnlyRegionalControls()
ProfileUI: Unhandled exception inside LoadProfileTable: System.NullReferenceException: Object reference not set to an instance of an object. at Microsoft.SharePoint.Portal.WebControls.ProfileUI.DisableReadOnlyRegionalControls()
at Microsoft.SharePoint.Portal.WebControls.ProfileUI.LoadProfileTable()
ProfileUI: Unhandled exception inside LoadControl: System.NullReferenceException: Object reference not set to an instance of an object. at Microsoft.SharePoint.Portal.WebControls.ProfileUI.DisableReadOnlyRegionalControls()
at Microsoft.SharePoint.Portal.WebControls.ProfileUI.LoadProfileTable() at Microsoft.SharePoint.Portal.WebControls.ProfileUI.LoadControl(Object sender, EventArgs e)
Application error when access /_layouts/15/EditProfile.aspx, Error=Object reference not set to an instance of an object. at Microsoft.SharePoint.Portal.WebControls.ProfileUI.DisableReadOnlyRegionalControls() at Microsoft.SharePoint.Portal.WebControls.ProfileUI.LoadProfileTable()
at Microsoft.SharePoint.Portal.WebControls.ProfileUI.LoadControl(Object sender, EventArgs e) at System.EventHandler.Invoke(Object sender, EventArgs e) at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Control.LoadRecursive() at System.Web.UI.Page.ProcessRequest...
I've encountered this on 3 different SharePoint 2013 farms, and it also works correctly on another. I can't figure out why or what the differences are.
We want to be able to hide the vast majority or fields from the user edit profile page and only show a handful of them, e.g. Name, Department, Job Title, Office and Mobile.
Anyone else seen this or have a solution?
MattI was successfully able to hide it on an SP1 farm. Have you tried SP1 yet?
Trevor Seward
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.
Maybe you are looking for
-
In Subcontracting PO for a Material with Serial Number sent to Vendor, (1) Do we have to maintain MRP2 View in Material Master as 30 under special Procurement Key. If we donot maintain, what would be the consequences. Scenario : We issue the Material
-
Hi Clever people restore after hard drive crash
Please some advice. Hard disk has crashed. Luckily under warranty so replaced and Apple re-installed my original OS X. Should I restore all my data and application though system restore on start up Installer or use migration assistant? I dont think t
-
Flash Player not working on Flickr MySpace ..
well, not sure if it's cos of this apple-adobe twist, nevertheless. since the last update to the latest version of flash player, i am no lonver able to watch videos on myspace or listen to music on the bands profiles. flash is workin fine on youtube.
-
I rented a movie yesterday and charged it to my account,(I couldnt download it on my phone) now it is asking me to pay for it again?
-
To get the sum of column of SAPScript based upon condition
Hi, I was first asked to get two new columns in ZF140_ACC_STAT_01 script with ZRFKORD10 print program. I did so by the writing the below code. Now, based on Document-Type (RV,DR,DZ,SA), all the amount with same Document Type are needed to be summed a