Installing macromedia plugins on locked down workstation

Similar Messages

• Would like to know how to Completely Lock-down Windows 7 OS

  I don't have a general question..
  It's more like specifics about how to lock down windows 7 computers..
  Here's a little background information...
  I have two computers, both with win 7(Pro, and home prem).
  A family member can somehow bypass all bios and all windows security services... Everytime I go to work or school, he will power on my desktop and somehow 'hack' into the OS and install keyloggers or viruses so he can obtain my banking or other personal information.
  He also unlocks and deletes all the passwords so he can have access whenever he wants..
  Can someone please tell me how to do a complete lockdown? This is getting extremely annoying.. I've done everything that I can do; Also considering on switching my major to some sort of computer security. I'm starting to lose my mind over these months.. All
  help is appreciated.
  I've password protected BIOS
  I've disabled administrator accounts, i've put password on the admin and the guest user; locked the option to change passwords..
  All help is appreciated. Thank you all in advance.

  Hi,
  If you are using Windows 7 Professional, Ultimate, or Enterprise, you can use the Local Group Policy Editor to change policies that affect the security of your computer. Please check if the following policies meet you requirements.
  [User Configuration\Administrative Templates\Windows Components\Windows Explorer]
  Enable these two polices:
  Prevent access to drives from My Computer
  Hide these specified drives in My Computer
  For your reference:
  Lock Down PCs with Windows 7:
  http://technet.microsoft.com/en-us/windows/gg983426.aspx
  Also, restrict Which Programs a User Can Run. You can set rules in AppLocker in the Group Policy Editor that prevents all programs from being run.
  In addition, temporarily Lock Your Computer if Someone Tries to Guess Your Password
  If you share your computer with other family members or allow your friends to use it, you should have a password on your Windows account so no one else can log into it. However, someone may try to guess your password and log into your account. If this happens,
  you can temporarily lock your computer.
  You should also periodically change your password.
  If you suspect, you family member using a tool to bypass your password. You may use Malicious Software Removal Tool (http://www.microsoft.com/security/pc-security/malware-removal.aspx)
  to remove it.
  Hope it helps.
  Regards,
  Blair Deng
  Blair Deng
  TechNet Community Support

• Hello My ipads Power button is not working properly when I press it once it shows option to turn off instead of locking and some other display problems like it suddenly lockes down or display disappears ...Please help. Thank You

  Hello My ipads Power button is not working properly when I press it once it shows option to turn off instead of locking and some other display problems like it suddenly lockes down or display disappears ...Please help. Thank You

  Thanks for that information!
  I'm sure I will be calling AppleCare, but the problem is, they charge for the phone calls don't they? Because I don't have money to be spending to be on the phone with a support service.
  In other things, it seemed like the only time my MacBook was working was when I had Snow Leopard without the 10.6.8 update download that was supposed to be done to prepare for OS X Lion.
  When I look at the information of my HD it says that I have 10.6.8 but that was the install that it claimed to have failed and caused me to restart resulting in all of the repeated problems.
  Also, because my computer is currently down, and I've lost all files how would that effect the use of my iPhone? Because if it doesn't get fixed by the time OS 5 is released, how would I be able to upgrade?!

• Locking down multiple PDF's at a time

  We want to lock down multiple PDFs at once, meaning we do not want people to be able to save the files or copy text in the PDFs.  When we turn it on one at a time we go to File- Properties- Security tab and change the security method to Password security and so on. We would love to find a way to change that on multiple PDFs at a time. I have done searches for how to do this and they say to click on advanced- Document processing- Batch processing. I am using acrobat 9 Standard and I am not able to see batch processing. Do I need to upgrade to Pro? Or is there a different way to accomplish this task that I am missing?
  Thanks

  I have upgraded to PRO and I still only see this. When I did the install I told it to do a complete install. Is there a plug-in that I need to have for this to work? Any other ideas would be helpful.
  I

• Forward facing locked down machines... kiosk?

  Hey everyone,
  So I have done a lot of research on this topic, but have yet to find an end-all solution to my conundrum. I have many machines in my network that are forward facing and public use reference terminals that connect to a database of books and things. These
  machines are not and should not be used to casual internet browsing so we have manually locked them down. These machines currently run IE10 Win7x32. The windows side locking down is no problem. But we are having a BIG issue with the current way we allow specific
  sites and lock out all others. 
  In our system, we have an abundance of allowed sites for quick research purposes that these machines are allowed to access. Still technically reference information. For the sake of argument, we have about 25 sites including the main database site that should
  be allowed through a proxy or other filtering system. Currently, we have this proxy based with exceptions built into IE... however, there is around a 255 char limit on that input box (for whatever reason).
  So that brings me to my current solution that is not quite working correctly. I have configured a .PAC script and stored it on a server that these machines can access and an msi for IE10 branding using the IEAK for IE10. This .PAC script does not seem to
  be working the way it should. I got the idea from a site I didn't save, but the basic idea is below:
  function FindProxyForURL(url, host)
  // variable strings to return
  var proxy_yes = "PROXY 255.255.255.255:8080";
  var proxy_no = "DIRECT";
  if (shExpMatch(url, "*.google.com")) { return proxy_no; }
  // Proxy anything else with yes
  return proxy_yes;
  So, my understanding is this would run when sites are accessed, if it matches the if statements it passes and if it doesn't, it defaults to proxy_yes which doesn't exist and thus doesn't load. The ADMX configures the proxy itself and everything should be
  great. 
  My main question: is there a better way to allow sites through to a machine WITHOUT loading the pages first. A simple whitelist/blacklist doesn't necessarily work because it, as far as I understand, still loads the pages but does not display them. Currently,
  it looks like IEAK is the only way to correctly manipulate these settings in internet explorer 10+, unless I'm getting that wrong. It doesn't seem like the list from our previous installation from GP is being overridden using this method, and it doesn't
  apply to new machines connected to the policy. Of course, I know it is applying because other functions, like the content rating system that I accidentally left on, have caused some problems in the past. 
  We will be upgrading these machines to newer optiplex models and installing Windows 8, so if there is a more effective solution that only works in windows 8, I am willing to try it. 
  Thanks in advance for the help, you guys are always awesome! 

  Hi,
  >>Currently, it looks like IEAK is the only way to correctly manipulate these settings in internet explorer 10+, unless I'm getting that wrong.
  In addition to IEAK 10, to configure proxy for IE 10 on Windows 7, if our most up-to-date domain controller is Windows Server 2012 or R2, we can use Group Policy Preferences
  Internet Settings extension to configure the proxy setting. Besides, we can also choose to install Remote Server Administrative Tools on a Windows 8 or 8.1 client and manage group policy settings from this client.
  Moreover, another way is that we can try using Group Policy Preferences Registry extension to configure the proxy settings for IE10 on Windows 7.
  Regarding this point, the following thread can be referred to as reference.
  Proxy settings not applying to IE above 8
  http://social.technet.microsoft.com/Forums/en-US/3b0f54d7-7293-49dc-9e3f-e8799c20265b/proxy-settings-not-applying-to-ie-above-8?forum=winserverGP
  Best regards,
  Frank Shen

• How do I tell FF to ignore flash, and not bug be to install the plugin?

  I don't care for MM Flash, so I don't install it. Firefox keeps bugging me to install the plugin every time it hits a page with a flash component. How do I tell it to stop doing that?
  I've tried setting a filter in AdBlock for *.swf, but no go.

  To disable automatic error handling for the current VI, select File»VI Properties and select Execution from the Category pull-down menu. To disable automatic error handling for any new, blank VIs you create, select Tools»Options and select Block Diagram from the Category list. To disable automatic error handling for a subVI or function within a VI, wire its error out parameter to the error in parameter of another subVI or function or to anerror out indicator.
  I'm not sure of it works for warnings as well.
  Below are the references:
  1. http://zone.ni.com/reference/en-XX/help/371361J-01/lvconcepts/error_checking_and_error_handling/
  2.http://www.ni.com/gettingstarted/labviewbasics/handlingerrors.htm
  I am not allergic to Kudos, in fact I love Kudos.
   Make your LabVIEW experience more CONVENIENT.

• When I try to install some plugins I get "Can't find Internet Plug-ins folder". Friends with the same machine using the same browser can download just fine.  What gives?

  When I try to install a plugin in any browser on my Mac Mini or my MacBook Pro, I get a "Can't find Internet Plug-Ins folder" message.  Other friends with the same machines can install the plugin just fine.  We can't find any reason why the plugin won't install on mine.  Any ideas out there?
  Thanks,

  Triple-click anywhere in the line below on this page to select it:
  /Library/Internet Plug-Ins
  Right-click or control-click the highlighted line and select
  Services ▹ Show Info
  from the contextual menu.* An Info dialog should open.
  Does the dialog show "You can only read" in the Sharing & Permissions section?
  In the General section, is the box labeled Locked checked?
  What is the Modified date?
  *If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. Open a TextEdit window and paste into it (command-V). Select the line you just pasted and continue as above.

• Access Connections v4.52 - user rights in locked down environment

  I'm currently working on a small project to deploy various Lenovo wireless drivers, Access Connections v4.52, Hotkey and Power Management drivers via SMS but have come across a slight issue with Access Connections that I can't seem to resolve.
  I'm hoping to provide my locked down users with a selection of standard profiles that are copied to their machines on logon but would also like to give them the ability to create and modify new ones too - this is where I'm having problems.
  Through Group Policy I have set:
  Allow Windows users without administrator privileges to create and apply WLAN location profiles using Find Wireless Network function
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Lenovo\AccessConnection\EnableCreateProfilewithFWN 1
  Allow Windows users without administrator privileges to create and apply location profiles
  HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Lenovo\AccessConnection\EnableUserMode 1
  I have also manually set the following:
  HKEY_LOCAL_MACHINE\SOFTWARE\Lenovo\Access Connections\Install\AllowPrfCreationThruFWN 1
  I couldn't find a key for the 'EnableUserMode' option
  Unfortunately, none of these give standard users access to create or modify profiles.
  Have any of you come across this in your environment and if so did you manage to come up with a suitable solution?
  Thanks in advance.

  Hi,
  the steps, that you performed are correct.
  However I would not do the last step:
  HKEY_LOCAL_MACHINE\SOFTWARE\Lenovo\Access Connections\Install\AllowPrfCreationThruFWN 1
  This might cause confusiong.
  I have just tested it in here and it's working fine with the 5.x version of AC
  Cheers

• Cannot install Adobe update: no yellow bar, no "Install missing plugins"

  Following advice in FAQs I went to Adobes test page: no yellow bar appeared, nor a box "Install missing plugins". Trying to install Adobe Flash 10 leads to a message to close down Firefox.

  Old instructions, that "yellow bar" was used on older versions of Firefox.
  1.Download the Flash setup file from here: <br />
  [http://fpdownload.adobe.com/get/flashplayer/current/install_flash_player.exe Adobe Flash - Plugin version]. <br />
  Save it to your Desktop.<br />
  2. Close Firefox using File > Exit <br />
  then check the Task Manager > Processes tab to make sure '''firefox.exe''' is closed, <br />
  {XP: Ctrl+Alt+Del, Vista: Shift+Ctrl+ESC = Processes tab}
  3. Then run the Flash setup file from your Desktop.

• Locking Down & Creating Exceptions

  We have seven school district buildings which includes an administration
  building. Each school has it's own server set on NW6.5SP5 and BM3.8SP4 as
  well as Zen 7. The admin bld has two servers, one for the building and one
  is our web/e-mail server using GW 7.0.2HP and Apache2. It also has GWava
  running with Kaspersky A/V (e-mail) and both servers are our DNS servers.
  If I set the default filters (to lock down the system) with BM, all
  connectivity is lost, which it should be. However, I've not been able to
  figure out the correct filters to set to allow traffic into and out of the
  web server and e-mail, i.e., if I lock down the building server no one can
  get to their e-mail or access the web server but can access the Internet via
  the BM proxy.
  I have Craig's books but guess I need a little more detail and pictures. Is
  there a book out there for those of us with A.D.D. that will walk me through
  creating a filter one-step-at-time including saying what each step is
  for/doing or what will be accomplished?
  I need to lock down each of the servers, but can't because, although users
  can get out to the Internet via the BM Proxy, they still don't have access
  to GroupWise from the client and / or Novell's iFolder, and Instant
  Messaging, of course. If I go to iManager 2.6 and attempt to creating
  exceptions for GW, iFolder and IM, the filter exceptions are created but
  don't make a difference.
  Sorry to drag on so long, but we've had an incident happen in the last month
  and we need to make the network more secure but still allow users to such
  things as the Internet, GW, iFolder, etc.
  Any suggestions and/or ideas would be appreciated,
  Tim

  >> In article <[email protected]>, Tim Ferguson wrote:
  >> When I say "Yes" to create a secure system when running BRDCFG, all outside
  >> access is blocked or isn't it supposed to be?.
  >> When you do that, it blocks all traffic to and from the public interface, and
  >> then adds some default exceptions intended to allow the VPN and certain
  >> proxies to work. (It will not overwrite any exceptions you might already
  >> having in place that would allow too much traffic through).
  >> The only way to the Internet
  >> is through the proxy, and VPN traffic is ok. Traffic on the VPN and the
  >> private IP network is fine, or should be, correct?
  >> Should be, correct.
  >> For Example:
  >> I have a user at 192.168.30.150 that needs to access his GW e-mail using the
  >> GW client to the server at 209.xxx.xxx.163, port 1677, but can't once the
  >> "secure system" is set. Realistically, we should set his client to check
  >> the private IP of the e-mail server at 192.168.20.1, port 1677, correct?
  >> Well...
  >> I'm not clear if you are trying to have the client access the GW process from
  >> inside or outside the LAN. Normally if you have a client on the inside of the
  >> LAN, that client should always be pointed to the internal IP address of a
  >> process, not the public IP address.
  I was talking about each teacher's workstation GW client, all of which are inside the VPN-created LAN
  >> If the GW process (POA, here) is running on the BMgr server itself, it is most
  >> likely listening on all IP addresses, and you need to make sure the internal
  >> address (unfiltered) is being used when inside the LAN.
  We have seven buildings, six schools and the administration building. Each building has it's own BorderManager server. Each building has it's own T-1 circuit. The buildings are connected by a BorderManager VPN (IKE). The web/mail server at the administration building is the VPN master.
  Currently each workstation's GW client (in each building) is set to the GW server's (MTA, POA, GWIA, WEBACC) public IP. Setting the filters to create a secure system would kill this capability, correct?
  >> If the process is being static NAT'd to that public address, you should not be
  >> able to access it from the inside (using the public address) with filters up
  >> or not.
  We are using "dynamic" NAT in each building. I only use "static" NAT when I create a secondary IP to my office computer so I can access it from home. NAT is then set to "dynamic and static" and not "static" only.
  >> If the process is being proxied to the public address, you could access it on
  >> the public address, as long as filter exceptions were added to allow the
  >> traffic from private to public, but it would be better to just point to the
  >> internal address.
  The process is not being proxied to the public address, was never able to get that configured and working.
  >> Often this means you just set up an internal DNS server.
  Explain further, please. Each of the two servers at the administration building is a public DNS server. To create an internal DNS server, it would be set just to the private IP's of most of the same objects on the public DNS servers?
  >> Should I then: (1) Create an exception on his building's server (the
  >> gateway) using the public interface to let his client out on port 1677? And
  >> (2) Create an exception on the mail server using the public interface to
  >> allow port 1677 in, and use a stateful filter exception on both so traffic
  >> goes both ways? or (3) ???
  >> If the client is on the inside of the LAN, you definitely should be pointing
  >> the client to an internal IP address.
  >> If the client is on the outside of the LAN (laptop taken home, for instance,
  >> or a home PC using GW client), then you have options:
  >> 1. GW running on a BMgr server
  YES
  >> 2. GW running internally, proxied to a public address
  NO
  >> 3. GW running internally, static NAT'd to a public address.
  NO
  From home or otherwise outside the private LAN, we use the GW server's public IP from the GW client.
  >> With 1 and 2, the filter exceptions are the same. With 3, they are different.
  >> I have examples for each in the filtering book.
  >> With 2, you not only have to have filter exceptions (public to public), you
  >> also have to have proxy configured and running AND access rules.
  >> With 3, you just need to have static NAT configured, filter exceptions, and a
  >> default route on the GW server. This option is the most common one I see.

• T400 Docking station not a secure lock down.

  There is a rash of theft currently where I work. It seems that the docking station will release a laptop even though it is locked down. I am wondering if the cable lock should attach to the laptop instead of the docking station. That will be a pain to do with as many meetings that we go to.
  Has anyone else seen this problem or know of a better solution? Is there a known problem with a mechanical issue with the dock station? Other then the obvious of installing cameras.

  If security is a concern, I would lock the laptop instead of the docking station. From what I understand, when you lock a docking station, it prevents the mechanical arms on the pad from allowing the laptop to be removed; however, these mechanical arms (plus the docking station locking mechanism) provide nowhere near the security that a Kensington-style lock does. For maximum protection, I would recommend locking BOTH the docking station and the laptop with a flat key or combination computer lock (dual/twin-headed locks are available). A final note - a thief will probably be much more reluctant to rip out the lock from the computer than the docking station.

• How do I lock down the wifi network?

  I just had fios installed today would like to upgrade the security to wpa or wpa2. Can someone please tell me the procedure on how to do this.
  Thanks, Geoff

  gpg wrote:
  I just had fios installed today would like to upgrade the security to wpa or wpa2. Can someone please tell me the procedure on how to do this.
  Thanks, Geoff
  There are 3 things you should do to "lock down" your network.
  1. Change the default administration password. The default is password or password1.
  2. Change the SSID and set to not broadcast.
  3. Set the security to WPA-psk or WPA2-psk and pick a password key.
  To do this, log in to the router by opening your internet program and type 192.168.1.1 in to the address bar. Type admin and the password into the login page. Once logged in, click on "wireless settings". Click on "basic settings". From there you can change the SSID and turn off WEP. Once that is done, click apply. Now click on "advanced settings".  From this page you can select your security type, set the password key (recommend a sentence that is easy to remember) and turn SSID broadcast off. You can also set mac filtering for extra security. When done click apply. You should be all set.
  "If your problem has been solved, please mark it as such. Don't forget to hand out your Kudos!"

• What is Locked Down mode?

  What is Locked Down? What is installation in Locked Down Mode? I only know it is something related to security.
  Thanks!

  Yi wrote:
  Thanks for your great attention.
  There is only some comments by other guy which give me the idea how to check. "During tests, make sure that installation in a locked down mode is possible."
  "Lock Down mode is the most secure mode, with only essential services/functionality enabled OOTB. When installed in this mode, all non-essential functionality/account/data should be explicitly added and configured by the customer."
  That's all the context above. That's all the context? some vague comment by some "other guy"? The statement "should be explicitly added and configured by the customer" sounds like this is from installation instructions for some third party product.
  I'm sorry, I still can't answer your question of "What is Locked Down Mode". Maybe you should ask your "other guy" that used the term that gave you the idea to check.
  So is my understanding correct? "In my opinion locked down mode should enable users to select essential or must modules to install, and what is unnecessary to customer can be deselected. So to check if a software can be installed in locked down mode means to try if the software enable the above installation options." Since I don't know what "other guy" nor you mean by "locked down mode" there is no way I can comment on whether or not your understanding is correct.
  >
  BTW, our product is a PLM software.That's nice. I drive a Honda.

• Locking down is it possible.

  Hello, We just installed a server 2012 r2 with the AD and Remote Desktop Services roles,  To host quickbooks.  All our client computers are running non professional versions of windows.  Can we use Group Policy to lock down user activities
  when logged into the remote desktop.  Users are logging in fine, but no group policy seems to be working.  I have been attempting to do this with no success and just want to make sure i am not wasting my time. 

  Hi,
  Thanks for posting in Windows Server Forum.
  As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as ‘Answered’ as the previous steps should be helpful for many similar scenarios. If the issue still persists, please feel free to  reply
  this post directly so we will be notified to follow it up. 
  BTW,  we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. 
  Thanks for your Support & understanding.
  Regards.
  Dharmesh Solanki
  TechNet Community Support

• HELP - Macbook Pro Locked Down

  Ok, to make a long story short, I bought a used Macbook Pro and the password I was given is not working. The person I bought the computer from seemed fishy, I should have realized something was wrong before agreeing to buy the computer. The computer seems like it is a demo machine from an Apple Store or some other retail store. It is locked down and I can not gain access to the administrator account. I have tried everything I found on the internet. I called Apple up to inquire about this machine to see if it is marked/reported as being fraudlent/stolen/counterfiet and they confirmed the serial number is fine and it is an official apple computer. They said I have hardware support until end of March 2011, but no longer have software support. Oh by the way, I am new to Macs, this is my first Mac, so I'm not familiar with them. Not a very good first experience. I guess its my fault for buying a used computer without receiving the install/backup disks.
  Below is a summary of what is happening and what I tried:
  When I turn the computer on, it logs in fine. Everything seems to function fine. But if I try to do anything administratively it asks for password and I can not do anything.
  I tried the following things:
  - entering single user mode, removing the AppleSetupDone file. After I reboot from that, it just logs in as normal and doesn't prompt for new account. When I went back into single user mode, the AppleSetupDone file was back.
  - entered single user mode, changing password via command line. Seems like it changes fine with no errors. After I reboot, logs in fine and I try password I changed to and it doesn't accept it.
  - Tried putting OS 10.6.3 into DVD and booting from that by holding c key, but it ends up going to grey screen with Apple logo and does nothing.
  - Tried putting OS 10.6.3 into DVD and pressing "Option" key while booting to choose which device to boot from. I choose DVD and it goes to grey screen with Apple logo and does nothing.
  - I tried formating the hard drive, went to single user mode, did a rm -rf / Seemed like it erased the hard drive, so I figured it has to boot from DVD. Well when I turned on computer, it booted fine and logged in as normal. Went back into single user mode and everything was restored as was.
  - Tried clearing the PRAM and NVRAM thinking maybe there was something in the non-volatile memory, but that did nothing. Logged in as normal and still would not allow me to boot from DVD.
  Someone suggested the firmware was password protected, but I had read if you hold the option key down while booting that a lock would appear if the firmware was password protected and that didn't happen, I got the HD or DVD options to boot.
  Seems like the computer is locked down somehow to restrict anyone from modifying anything and at bootup, it restores everything to original state. Does anyone have any ideas or suggestions? Does anyone know how Apple stores lock down their demo computers to avoid customers from modifying them? Is there something in the hardware? Are there jumpers set somewhere that could be causing the machine to do a unique protected/recovery bootup? Someone mentioned pulling the hard drive and formatting it in another computer. Do you think this would do it for me?
  Thank you for the help,
  Kevin

  Proof? I bought it used from someone. All I have is the computer and charger. When I talked to the Apple representative on the phone about the serial number, he said the machine has not been registered yet. So what would the proof be?