Importing Security Settings

Similar Messages

• Internet Explorer 10 IEAK capturing Security Settings

  I am trying to package a custom installation for Internet Explorer 10 using IEAK.  I am having some trouble with the Import Security Settings portion of the tool.
  It is failing to import the security settings.  It says it has imported them, but upon installation the security settings have not been included in the IE 10 installation. 
  Looking at the "INS" folder that is built and the custsec.inf file create there, I can see that only two security settings have been captured -- "1401" and "2500" and none of the other 50 or so security settings are collected
  for any zone.
  In addition, I have trusted sites set to not require HTTPS, but that selection is not captured into the custom IEAK generated browser installer.
  Does anyone have any tips on how to successfully deploy a customized version of IE 10?  I am even more reliant now on IEAK since IEM mode was removed from Group Policy, so I reall need to figure out why it doesn't function correctly.

  More...
  When ActiveSetup is run on a 64bit OS, first all the 32bit ActiveSetup keys are run first, and the 64bit ActiveSetup keys are run second.
  The problem is that IEAK is adding the CUSTOM ActiveSetup to the 32bit key, and the ie4uinit.exe is added to the 64bit key.  While the IEAK has an ">" listed in the GUID (to signal for it to run last) it runs "last" in the 32bit
  ActiveSetup commands.  The 64bit ones (which the ie4uinit.exe is part of) all run after the 32bit stuff....
  So it appears that IEAK is not designed to build an IE 10 installation that will run correctly on 64bit OSes.  The IEAK CUSTOM settings will always apply prior to the ie4uinit running.  I suppose this can be changed by further manipulating the
  registry after IEAK customized IE 10 is installed and making sure the >{GUID} entry is moved to the 64bit registry.
  I suppose another way to look at it is ie4uinit is not correctly noticing that that the user settings are already present in the user's registry and is wallpapering over them with the incorrect settings.  Either way, the end result is that the incorrect
  settings are being configured for the user on first logon.
  I find it difficult to believe that Microsoft IE team has messed this up and that no one has discovered it before.  (I'm not being sarcastic) That makes me question what I am doing that is incorrect because I can't  believe that a problem like
  that would exist in a product as major as IE - and that no one has run into it and blogged about it.  I must have
  something incorrect, but I really can't figure out what it is.  Why is IEAK's IE 10 writing that CUSTOM ActiveSetup into the 32bit registry on a 64bit machine?  Maybe it will work to just move the CUSTOM key from 32bit to 64bit at the end
  of the installation.
  Looking closer, the IE installer writes to both the 64bit and 32bit ActiveSetup areas in the registry.  The problem is that the 64bit one never runs because the 32bit one has run already and ActiveSetup runs only once.  So the IEAK CUSTOM
  runs once out of activesetup in the 32bit registry.  Then the IE4Uinit runs once from the ActiveSetup 64bit registry area, then the IEAK CUSTOM ActiveSetup is evaluated (it has the same GUID as the 32bit one) ActiveSetup decides that GUID has already
  run and doesn;t run a second time. 
  I have been able to solve my problem simply by deleting the IEAK CUSTOM entry in ActiveSetup under the 32bit registry area  I just look at each subkey of HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components
  Looking at the string values of StubPath in all the subkeys I find one with the value "RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM" and I delete the parent key from ActiveSetup.  (don't delete the one in HKLM\Software\Microsoft\ActiveSetup)
  This makes it so that IEDKCS32 always runs after the ie4uinit thing, and that makes everything work as planned.  I have no idea why I have to do this.  Hopefully someone else will find this saga useful in their own situation.

• Checking for Security Settings...

  Hey all (:
  I'm having difficulties creating PDFs.
  Here's a screenshot of where it's stuck.
  What must I do to have it skip that step, or have it working fine...?
  Thanks (:

  No luck... s:
  Here's the  Accessibility menu... I don't think I see anything that should block me..
  I tried a reduced amount of files, it still just stuck checking the Security Settings of the first file.
  I checked all the settings and I don't see any mention of OCR, so I guess it can't be that.
  I typed 'security settings' in the help menu and got this:
  I checked all the menu's, also nothing weird going on...
  I did also get this when typing 'security settings' in the help menu:
  'Import Security Settings' might be interesting. Clicking on it opens up a Finder window where I would be able to select some file to import with new security settings...
  Maybe if I can get a file with security settings from a computer that does work, it might work, right?
  I also checked the 'Advanced Preferences' menu in the 'Security' tab in the settings. They look like this:
  and
  Again, nothing suspicious going on... s:

• Security settings on this doc prevent signing

  I created a form with interactive fields. 1) in security settings it says "no security" 2) under Advanced, I "enabled usage rights in Adobe Reader" 3) opening the pdf in Reader X I clicked on the "Sign" button at the top 4) I get the "The security settings on this document prevent adding text ...." pop up in the Sign Pane. 5) I checked the security properties in Reader and it shows everything is allowed. ?????

  First, what is a digital signature? It's a cryptographically sound operation that provides two important pieces of information. It takes a snap-shot of the document at signing time to provide a test of document integrity (if someone were to try and modify the snap-shot it would invalidate the digital signature), and it provides assurance that whomever signed the document is who they say they are.
  The question you have to ask yourself is, do I need that kind of security? That is, do I need to ensure the signed portion of the document has not been modified, and is the person that signed the appropriate person for approving the document?
  If you decide that yes, you need the security and assurances that a digital signature provides and you can't control what application the signer may be using (i.e. either Acrobat or Reader) then you need to enable the file to be signed in Reader (it can always be signed in Acrobat). In order to enable signing in Reader using Acrobat Pro 10.1.4 do the following:
  Open the file you want to enable for signing
  Select the File > Save As > Reader Extended PDF > Enable Additional Features menu item
  Click the Save Now button on the Enable Usage Rights in Adobe Reader dialog
  Supply a name and location and then click the Save button on the Save As dialog (note: you can save over the existing file)
  Another question you have to ask yourself is do I care where the signature is placed on the PDF file? If you want to control the location of the signature appearance then you need to place the signature field as you noted above. On the other hand, if you don't care where the signature is placed then don't create a signature field and let the signer inscribe a signature field somewhere on the document at signing time. By the way, the document layout (placement of signature fields) should be finalized before you Reader Enable the file.
  Steve

• Flash 8 Player security settings Help

  Hi All. Im having some annoying problems with Flash player 8
  (the standalone player not web one).
  I am making a flash portfolio, and am using an XML file to
  import data (such as images and text) into the portfolio at
  runtime.
  Everything works when run in the flash IDE when i run the swf
  (see IDE.gif), but when i run it in local flash standalone player
  (see Player.gif), the images are blocked out (un-masked) - this
  doesnt happen when i view the swf on the web or when i make a
  projector, which makes me think its something to do with flash 8
  player security settings.
  ive already changed the settings, adding the local path of
  the file and the image directories, but still it wont work.
  what other settings do i need to change??
  IDE.gif :
  www.mitchellpage.com.au/temp/IDE.gif
  Player.gif:
  www.mitchellpage.com.au/temp/Player.gif

  AndiMorris wrote:
  > I'm having some trouble with the global security
  settings in Flash Player 8. I
  > have deployed the player successfully using GPO, but now
  have a piece of
  > software (Nelson Thornes) that requires content from
  c:\program files\nelson
  > thornes to be allowed in order to run. Manually enabling
  this using the
  > settings manager works a treat, however it only changes
  it for the current user
  > and I can't find any way of setting it per station so
  that I can package it up
  > and deploy it. I can't expect all of my users to do this
  themselves.
  There is an MMS.cfg file that you can deploy that will allow
  you to
  control this site wide without individual user interaction
  (overriding
  settings manager).
  Start learning here:
  " IT Administration: Configuring Flash Player auto-update
  notification"
  http://www.adobe.com/go/16701594
  Bentley Wolfe
  Senior Support Engineer, Flash/Flash Player
  Adobe

• How to export security settings from Acrobat Pro

  I'm transferring my Acrobat Pro to a new computer.  Is there a way to export the security settings (passwords) that I have stored and then import them into Acrobat Pro on my new computer?
  Thanks,
  Steve

  Hi Steve,
  The paths you are looking for are:
  Win XP
  C:\Documents and Settings\<user name¹>\Application Data\Adobe\Acrobat\<ver²>\Security
  Vista \ Win7
  C:\Users\<user name¹>\AppData\Roaming\Adobe\Acrobat\<ver²>\Security
  ¹The user name is the same as the login name
  ²ver is the major version (e.g. 8.0, 9.0)
  Note, if you don't see the folders in the Windows Explorer try the following:
  Start Windows Explorer
  Select the Tools > Folder Options menu item
  Select the View tab
  Select the Show hidden files and folders radio button
  Click the OK button on the Folder Option dialog
  Good hunting,
  Steve

• Security settings for all users

  I recently developed a document that requires digital signatures and have been testing it. The only downside is that when a user opens the document, Adobe prompts for the installation of new security settings, and it installs it for that user only. I need to add a registry key to the new security settings, but it is only available to be added to the current user hive. Does anyone know how to install the new settings for all users?
  Here is the registry key I need to add.
  [HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\9.0\Security\cPubSec]
  "bSelfSignCertGen"=dword:00000000
  Im using Adobe Reader 9.3 and Win XP.
  Any help would be terrific!
  Thanks.

  Hi,
  There are really two separate issues. First, is Adobe pushing updates to the Acrobat Address Book (i.e. adding certificates as trust anchors) and the second issue is how you can push your own update to disable the creation of self-signed digital IDs. Although the two issues share an underlying mechanism, they are separate and you cannot leverage one for the other.
  First issue first. Adobe has entered into partnership with certain Certificate Authorities and has created a mechanism to add their certificates to the Acrobat Address Book (aka Manage Trusted Identities) using http to send a copy of the Security Settings file that contains only digital IDs. There are two ways to trigger the download process. One is to go into the Preferences, select Trust Manager, and click the Update Now button in the Automatic Updates group box. The other method is to load the DigSig plug-in (beginning with Acrobat 9, plug-ins no longer load a launch in order to speed up the launch process). As I'm sure you have deduced, opening a file with a signature field cause the DigSig plug-in to load which in turn triggers the automatic download. The reason we have limited the automatic download to DigSig being loaded is because the vast majority of people viewing PDFs are not using the digital signature functionality (much to my personal chagrin because the more people use digital signatures, the better my job security ) and we didn't want to bother them with an update they would never need. People already complain that there are too many updates, and we are trying to limit the irritability factor. To close the loop on this function, once the download process has been triggered the Acrobat check two more things before it does the update, 1) has it been a month since I checked and, 2) if it has been a month is there a new file to download. This way we are not pestering people with unneeded updates, or if they do need the update, at least not too often. And finally, Address Book management has to be on a per user basis. A certificate that you may elect to trust could be a certificate that the next person want to specifically keep untrusted. The Windows Certificate Store, Mac Keychain and Firefox Certificate Manager all work on a per user basis.
  That brings us to what you would like to do. The good news is you can use the Export Security Settings featrue to create a distributable file that will set the preference. The real question is how will you distribute the file, but before we get to that, here is how to create the file.
  With Acrobat closed, set the registry setting you noted in the message above
  Launch Acrobat
  Select the Advanced > Security > Export Security Settings menu item
  Click the Deselect All button on the Export Security Settings dialog
  Select the Signing Preferences Settings checkbox
  Click the OK button on the Export Security Settings dialog
  Select Signature Creation Settings and note "Allow creation of self-signed Digital IDs" is set to No
  Click the Export button on the toolbar
  Follow the on screen dialogs. You don't have to encrypt the file, but you must sign it with a certifying signature
  At this point you have the file available for distribution. You could e-mail it to your intended recipients with import instructions, or you could post if for download, or you could set the Preference the to automatically push the file from a server. To check this feature out select the Edit > Preferences menu item and then select Security from the Categories list box. You would need to select the Load security settings from a server checkbox and then set up the URL. As an aside, you can also export these settings by selecting the Automatic Update Settings checkbox on the Export Security Settings dialog noted in the bullet points above. You have a chicken and egg problem in that you have to get the users to first manually import the file in order to set up the automatic import. That I can't help you with, you're just going to have to decide what works best for you.
  Good luck,
  Steve

• How to preserve OSB security settings while deploying a existing project

  Hi ,
  We are deploying OSB projects using ant scripts, But security settings are getting disabled every time we deploy new version project.
  Through console deployment we can preserve those settings , but we need to capture/preserve security settings through ant scripts

  We had used the WLST based import scritps provided by Oracle. These have the options for setting the settings while importing the sbconfig jars.
  There are below methods that you can invoke to set/unset the settings while import.
  > void      setPassphrase(java.lang.String passphrase) Sets the passphrase
  > void      setPreserveExistingAccessControlPolicies(boolean preserveExistingAccessControlPolicies) Sets the value of preserveExistingAccessControlPolicies flag across all import operations.
  > void      setPreserveExistingCredentials(boolean preserveExistingCredentials) Sets the value of preserveExistingCredentials flag across all import operations.
  > void      setPreserveExistingEnvValues(boolean preserveExistingEnvValues) Sets the value of preserveExistingEnvValues flag across all import operations.
  > void      setPreserveExistingOperationalValues(boolean preserveExistingOperationalValues) Sets the value of preserveExistingOperationValues flag across all import operations.
  > void      setPreserveExistingSecurityAndPolicyConfig (boolean preserveExistingSecurityAndPolicyConfig) Sets the value of preserveExistingSecurityAndPolicyConfig flag across all import operations.
  Please refer to http://docs.oracle.com/cd/E13159_01/osb/docs10gr3/javadoc/com/bea/wli/sb/management/importexport/ALSBImportPlan.html for more details.
  There should be similar options for the ANT bases scripts as well.
  Thanks,
  Patrick

• XLR - 'Security settings in Microsoft Excel prohibit XL Reporter to run'

  Dear All,
  Our customer is on SAP2007 and EXCEL 2007. When I import a XLR and run it, I got the error message in the short text. SAP notes 853821 and 924561 are for EXCEL 2003. Can anybody let me know what setting I should check for EXCEL 2007? Thanks a lot.
  Regards,
  Yuka

  You may check these threads first:
  Security settings Excel 2007
  XL Reporter and Excel 2007
  Thanks,
  Gordon

• What to do when you encounter "does not have the proper security settings

  What to do when you encounter: /Library/StartupItems/Qmaster" has not been started because it does not have the proper security settings. AND......../Startup Parameters.Plist ?
  I have a PowerMac G5 using Operating system 10.6.8
  I took this mac to  the Apple store, they reset my os software and I have been having problems eversince. Since this Mac weights about 50 lbs, I don't want to take it in a gain. But - I am 67 years old and don't really understand some lingo - so straight english would really help.
  I so appreciate any help I can get.

  >>I have no idea what all that means...
  rwxrwxrwx    root  admin
  It shows that the files are owned by 'root' & in the group 'admin', while being readable (r) , writeable (w) & executable (x) by user:root, group:admin and everyone else.
  Startup items must be owned by root, the group must be wheel, and they must only be writeable by root.
  You can't readily make the required changes via Finder, so you'll either need to reinstall the software that added them, remove (trash) them altogether (they start qmaster, used by fcp &/or compressor) or use Terminal & the 'sudo' command to alter the ownership & permissions.
  If you choose the latter - run these two commands in Terminal while using an admin account, you'll be asked to enter the admin password, which won't be echoed onscreen. Restart afterwards. It's important that you copy/paste these exactly.
  sudo chown -R root:wheel /Library/Startupitems
  sudo chmod -R ugo+rwX,go-w /Library/Startupitems
  However - your startup problems with the prohibited sign are unlikely to be resolved by this, although it should avoid the warning messages you describe.
  When did the startup problems begin  - after adding any new software or making other changes ?.

• Security settings won't let JavaScript even open a document?

  Yes, I know this question has been covered a hundred times or more in this forum.  I'm also very sorry for adding to the list of people who don't understand it, but…  Well, I don't understand it.
  I'm very familiar with JavaScript and ExtendScript.  I've got it enabled in my copy of Acrobat X Pro and can seem to execute simple commands in the JavaScript Debugger Console, like "3 + 4".  However, when I try to do something that seems trivial, like opening a document thusly:
  var document = app.openDoc("/Volumes/g/ ArtDept/Product Templates/ ProofCover/proof_cover.pdf");
  The debugger console gives me the error that has plagued so many thousands of Acrobat scripters:
  NotAllowedError: Security settings prevent access to this property or method.
  App.openDoc:1:Console undefined:Exec
  So, can anyone please explain to me, in plain English, what this error means and, more importantly, how I can bypass it.  I do not want to run a folder-level script, since, from what I've read, those are executed upon launching Acrobat.  Great for adding menu items to Acrobt, but not for what I need.  Instead, I want this code to be called from an InDesign script to automate a simple task in Acrobat.
  Can anyone please walk me through what I need to do to get this simple 'openDoc' task performed?  Or, at least, point me to a resource that can walk me through it?

  @Gilad D, you are a genius.
  I'm still relatively new to Macs and their file structure, so this one made me facepalm a bit.  It turns out that the filename I had going on ("/Volumes/g/ ArtDept/Product Templates/ ProofCover/proof_cover.pdf") was too much.  I had to remove the first level, making the result: ("/g/ ArtDept/Product Templates/ ProofCover/proof_cover.pdf").  When done this way, the script works perfectly.  I shall definitely remember that "this.path" property for future reference!
  In fact, it even works in the Javascript console.  In further fact, it even does so without the need for a folder-level script.  But that's not a concern at the moment.  The bottom line is that I have at least been able to get Acrobat to open a file, replace a page, then do a Save As command, then close the file.  Thanks for all of the help; I'm now off to write a new post to ask about my current problem, which is much more complicated.

• Cannot change date and time settings, popup "These files can't be opened: Your internet security settings prevented..."

  When I try to change my date and time settings I get a Windows Security popup that reads: "These files can't be opened.  Your Internet security settings prevented one or more files from being opened. C:\Windows\system32\rundll32.exe"
  I have Windows 7 64 bit.  I also have McAfee SecurityCenter installed.  I have tried turning off my firewall temporarily, but the problem persists.  I am not sure if it is some type of virus.  If anyone could give me some information
  as to what could be causing this I would appreciate it.  Thanks in advance.

  Hi,
  Perhaps, this issue is caused by a sign of corruption.
  Please try to use sfc/scannow to check the System Files.
  Also, You may refer to the following link.
  http://www.sevenforums.com/general-discussion/71526-cant-change-date-time-2.html 
  Important Note: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”

• Java is blocked by Security Settings

  I have the latest OS X 10.8.2 and the latest Java 7 version 10 but it does not work. 
  I get a screen saying "Application Blocked by Security Settings".  I've gone through and double-checked all settings and they look fine.
  I've deleted the Applet from the Internet Plug-Ins folder and did a reinstall - still with the same results.  Oh by the way, Safari is 6.0.2.
  Any suggestions?
  Message was edited by: knarfrh60

  Please read this whole message before doing anything.
  This procedure is a diagnostic test. It won’t solve your problem. Don’t be disappointed when you find that nothing has changed after you complete it.
  Third-party system modifications are a common cause of usability problems. By a “system modification,” I mean software that affects the operation of other software — potentially for the worse. The following procedure will help identify which such modifications you've installed. Don’t be alarmed by the complexity of these instructions — they’re easy to carry out and won’t change anything on your Mac. 
  These steps are to be taken while booted in “normal” mode, not in safe mode. If you’re now running in safe mode, reboot as usual before continuing. 
  Below are instructions to enter some UNIX shell commands. The commands are harmless, but they must be entered exactly as given in order to work. If you have doubts about the safety of the procedure suggested here, search this site for other discussions in which it’s been followed without any report of ill effects. 
  Some of the commands will line-wrap or scroll in your browser, but each one is really just a single line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, and you can then either copy or drag it. The headings “Step 1” and so on are not part of the commands. 
  Note: If you have more than one user account, Step 2 must be taken as an administrator. Ordinarily that would be the user created automatically when you booted the system for the first time. The other steps should be taken as the user who has the problem, if different. Most personal Macs have only one user, and in that case this paragraph doesn’t apply. 
  Launch the Terminal application in any of the following ways: 
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.) 
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens. 
  ☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid. 
  When you launch Terminal, a text window will open with a line already in it, ending either in a dollar sign (“$”) or a percent sign (“%”). If you get the percent sign, enter “sh” and press return. You should then get a new line ending in a dollar sign. 
  Step 1 
  Copy or drag — do not type — the line below into the Terminal window, then press return:
  kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}' 
  Post the lines of output (if any) that appear below what you just entered (the text, please, not a screenshot.) You can omit the final line ending in “$”. 
  Step 2 
  Repeat with this line:
  sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfix|x)/{print $3}' 
  This time, you'll be prompted for your login password, which won't be displayed when you type it. You may get a one-time warning not to screw up. You don't need to post the warning. 
  Note: If you don’t have a login password, you’ll need to set one before taking this step. If that’s not possible, skip to the next step. 
  Step 3
  launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}' 
  Step 4
  ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta}* L*/Fonts 2> /dev/null  
  Important: If you formerly synchronized with a MobileMe account, your me.com email address may appear in the output of the above command. If so, anonymize it before posting. 
  Step 5
  osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null 
  Remember, steps 1-5 are all drag-and-drop or copy-and-paste, whichever you prefer — no typing, except your password. Also remember to post the output. 
  You can then quit Terminal.

• Please explain something strange that happened when I elected to receive an important security update to firefox. Thank You!

  I got a notice (pop up) saying I needed an important security update to firefox, so I did it, but it ran for a really long time, and then I saw on the lower action bar that it was transferring information from or to l.collective-media.net; Why?! I "x'd" off the screen quickly; Please explain this too me, thank you.

  Sorry I gave this a 'this helped me' but after a long struggle I found some ticked box somewhere from some unauthorised chrome extension blaaa....... the link you gave was great, not only did it confirm all the bad things google is supposed to be up to it provided a better browser. Cheers man.
  Anyone who find this; I disabled all extension in chrome. I then searched the word proxy in the settings section. A button came up, "change proxy settings" I clicked on it. Earlier it was greyed out as an extension was interefering.. It brought up a box with my own settings from my computer. Then I clicked LAN settings, then unchecked the 'Use a proxy server' button.
  P.S. If you're using chrome, bail, and dowload Komodo Dragon. It's virtually identical, but you're not tracked, and you can use chrome extensions, and you can quickily transfer your chrome preferences into it.

• When previewing my website in Dreamweaver flash crashed - I need to change the security settings but don't know how to do this

  I use Dreamweaver and Adobe Bridge to create slide shows on my website. When 'previewing' the slideshow - in Dreamweaver it opens Firefox - it crashed and the dialogue box opens telling me to change my 'settings' - it doesn't do this if I preview in IE - which I don't understand. I need help in knowing where to go to change the security settings so that this doesn't happen. Incidentally, when I am on the web through Firefox, my website slideshows work perfectly>

  You can set the pref dom.ipc.plugins.timeoutSecs to to -1 on the about:config page to disable the timeout.
  See also http://kb.mozillazine.org/Plugin-container_and_out-of-process_plugins
  To open the <i>about:config</i> page, type <b>about:config</b> in the location (address) bar and press the "<i>Enter</i>" key, just like you type the url of a website to open a website.<br />
  If you see a warning then you can confirm that you want to access that page.<br />