Jini security policy setting

Similar Messages

• User gets locked in lesser attempts than security policy setting

  Hi
  I have written my customized login code to login a user to the
  portal and I user the following code:
  IUser myUser = UMFactory.getUserFactory().getUserByLogonAlias(username, null);
  IUserAccountFactory accountFactory = UMFactory.getUserAccountFactory();
  IUserAccount account = accountFactory.getUserAccountByLogonId(myUser.getUniqueName());
  ILogonAuthentication ILA = UMFactory.getLogonAuthenticator();
  req.setAttribute(JUSER,myUser.getUniqueName());
  req.setAttribute(JPASSWORD,password);
  ILA.logon(req,res,AUTHSCHDEFAULT);     
  I notice that whenever I try to logon using my code with a
  wrong password, the user gets locked in 3 attemps even though the security policy
  (at ABAP and in Portal UME Configuration) setting for number of failed attempts is set to 5.
  (Although, please note that my code works fine logging the
  user into the portal when he enters the correct password)
  I try to check if the same thing happens with the standard logon module - com.sap.portals.runtime.logon,
  and notice that it locks correctly after 5 attempts.
  Would I have to add anything else in my code to make it work
  correctly?
  Thanks
  oj

  Hi All
  I tried to check in the CUA table the incorrect logon attempts value, and noticed that for every time I login (using my above code) with the wrong password, it increments the count by 2!! And that's the reason it gets locked out by the third time.
  What am I doing wrong?
  Thanks
  OJ

• "Security policy error" while setting up "Microsoft Exchange Hosted Services" Exchange Account (corporate user)

  I'm a corporate user with a very large company that is using Microsoft Hosted Exchange services actually hosted by Microsoft employees at their facilities.  I called Palm support and they were clueless and zero help.  The lady pointed me to some Palm KB article that I had already read and only remotely had anything to do with my problem.  I see nothing on this error message in the forums and google searches. Sprint has even replaced my palm pre due to other reasons and the same error occurs after I configure the exchange account. I'm also seeing the error when I configure my account on my wifes brand new pixi. Both our pre and pixi already have exchange accounts successfully configured on our phones that are hosted by sherweb. The sherweb exchange accounts work without issue. I have tried configuring this microsoft hosted exchange account 5-6 times with the same result. It accepts my configuration information and adds it to the list of available email accounts in the pre. However, it keeps popping up this message stating "Security policy error: "Exchange... Tap for details" (with a yellow exclamation mark). Then it says "Security Policy Error" The account Exchange (first part of my email address) is disabled because security policies cannot be set." "Leave it disabled" or "Remove Account". I know something is working because it enforced a Password or Pin policy on to my phone which is not required unless this account has been added. I can also see it in the "Mobile Devices" section of web outlook when I login. This is the place in web outlook where you can see the last time the device synced, where you can remote wipe the phone etc. If anyone has any idea how to resolve my issue please post. Any ideas? I'm fresh out of ideas on this problem and very frustrated with Palm Developers. Just another example of poor development and testing practices by Palm. I hope they correct this issue on subsequent releases but I am only marginally optimistic that they will ever get this exchange mail support to the level necessary to support large corporations. What I do know is that my Microsoft Hosted Exchange account works fine on a Windows Mobile phone and a iPhone 3GS (confirmed by other coworks who have configured their phones using our exchange services). As a result, I have no choice but to blame Palm for this problem instead of Microsoft. Palm please fully support microsoft exchange mail users!!!!
  Post relates to: Pre p100eww (Sprint)
  This question was solved.
  View Solution.

  From my understanding of EAS and PDA devices, if the server as a policy to enforce and the device cannot provide that policy then the server will not allow the device to connect. The KB I gave you has a listing of what policies the devices supports, if your server supports more than that then it could deny the connection. As for what the iPhone does and does not do we cannot answer that due to we are not iPhone.
  I did find an article that may explain a little better for PDA and exchange: http://www.infoworld.com/d/mobilize/how-avoid-smartphone-exchange-policy-lie-004

• Setting security policy

  I am using RMI and have to set the security policy by specifying a policy file on the command line.
  My policy file is very simple and is below:
  grant {
  permission java.net.SocketPermission "*:1024-65535",
  "connect,accept";
  permission java.net.SocketPermission "*:80", "connect";
  I tried looking up how I could set the policy from within my code so I don't have to use a policy file but couldnt' find anything clear on this. I am using Java 1.4 so any help would be appreciated.

  Ok, that's not so simple but we'll try.
  First define your permissions like to folowing:
  SocketPermission sp1 = new SocketPermission("*:1024-65535", "connect, accept");
  SocketPermission sp2 = new SocketPermission("*:80", "connect");
  Then add them to a PermissionCollection object throu the add method. And this ProtectionCollection object is passed to a ProtectionDomain object together with your CodeSoure class.
  It should look like this, but I'm not sure how to define the sourcecode agument in the ProtectionDomain constructor...
  SocketPermission sp1 = new SocketPermission("*:1024-65535", "connect, accept");
  SocketPermission sp2 = new SocketPermission("*:80", "connect");
  PermissionCollection pm = new PermissionCollection();
  pm.add(sp1);
  pm.add(sp2);
  ProtectionDomain pd = new ProtectionDomain(codesource, pm);
  Anyway, hope it helped,
  Eric Diethelm

• How to set security policy programatically

  I have a RMI application with front end as JSP. When I try to run the application, it can't connect to RMI server because I am not setting the security policy to the file that I want to set it to. So I tried programmatically using System.setproperty but it was unsuccessful.
  Please let me know how can I do it.
  Regards
  Nikhil

  Just a thought here. If you could set the security policy for a JVM programmatically, then you would be defeating the main purpose of "separating the application from the security system".

• Allow anonymous SID/Name translation - Setting via registry instead of the Local Security Policy (or GPO)

  I have a Windows 2008 R2 server and I am building a script to set a bunch of security settings via the registry.
  I am stuck on one.
  I am trying to set: Network Access - Allow anonymous SID/Name translation to 'Disabled' via the registry, I know this can be done through the local security policy or via a GPO but that is not what I am interested in. I want to do it making
  changes to the registry.
  I found some people saying this can be done at:
  HKLM\System\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock
  However, when I browse to the registry this TurnOffAnonymousBlock registry key does not exist. Even if I set the policy to enabled or disabled manually in the local security policy. The key doesn't exist. This leads me to believe this is not the correct
  registry key that controls this setting.
  Can anyone shed light what the appropriate key is in the registry?

  Hi,
  As others mentioned, we can change the value of registry key “HKLM\System\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock”
  to set Network Access - Allow anonymous SID/Name translation to ‘Disabled’.
  In your case, this registry key does not exist.
  Please try to add this registry key to your Windows 2008 R2 server, then find out if this registry key could solve your issue.
  Here are some links below could be helpful to you:
  Configure a Registry Item
  http://technet.microsoft.com/en-us/library/cc753092.aspx
  You may not be able to connect to an instance of SQL Server by using an anonymous login
  http://support.microsoft.com/kb/839569
  I hope this helps!
  Best Regards,
  Amy Wang

• Windows 7 desktop locks after 10 minutes idle - Policy setting?

  Is there a policy setting to lock the desktop after a certain amount of idle time?  I can't seem to find one, and searches on the web only seem to uncover lock up issues with software, rather than security policy settings.
  Right now our Win 7 desktops lock after 10 minutes of inactivity (set by old IT staffer who is no longer here).  This is way too short and we need to change it.  However, I can't find where the setting is.  The screensaver is disabled and the power settings are set to maximum.  The only policy setting that looks like it could be what I'm looking for is "Microsoft network server: Amount of idle time required before suspending session", but that wasn't set to 10.  I went and set it to 0 anyway and the desktop still locks after 10 mins.
  Can someone point me in the right direction for this setting?
  Thanks!

  When you leave your computer, it’s best to start a screensaver that can only be turned off with a password.
  On the Start menu, click Control
  Panel.
  Click Personalization, and then click Screen
  Saver.
  In the Wait box, choose 15 minutes
  (or less)
  Click On resume, display logon screen, and then click OK.
   just try reverse , it may work !!!!!!!!!!!!! :)

• Access denied security policy file

  All i a simple client which is trying to talk to a remote EJB. When i try and startup the client i get the following error.
  java.security.AccessControlException: access denied (java.util.PropertyPermission java.security.policy write)
       at java.security.AccessControlContext.checkPermission(AccessControlContext.java:264)
       at java.security.AccessController.checkPermission(AccessController.java:427)
       at java.lang.SecurityManager.checkPermission(SecurityManager.java:532)
       at java.lang.System.setProperty(System.java:699)
       at com.db.abmonitor.client.Client.example(Client.java:51)And i am calling it like
  System.setProperty("java.security.policy", "client.policy");
         if (System.getSecurityManager() == null)
         System.setSecurityManager(new RMISecurityManager());  And i have defined a client.policy file in the src directory of the project under eclipse, with the following entries
  grant {
       permission java.security.AllPermission;
  };Anyone got any ideas ?

  Ah RMI headaches...
  here is what i blogged for my own self when i was starting with the RMI security stuff:
  Since i havent figured out how to do SecurityManager stuff properly, i can override 2 checkPermission methods in SecurityManager with empty method bodies, thats a quick and dirty fix.
  - Alternativly, you can set your policy file located in /lib/security/java.policy to: http://java.sun.com/docs/books/tutorial/rmi/example-1dot2/java.policy
  - or pass the property to the policy location: -Djava.security.policy=./policy.all
  maybe that will help...
  i think that maybe your policy file isnt being found where it should be

• Java.policy setting

  Hi,
  I am writing an web based application using applets nadn eed to contact a MYSql database.
  I am getting Access Denied exception.
  In my java.policy file I added the following two lines :
  grant codeBase "http://mywebpage/"{
  permission java.security.AllPermission;
  I am still getting the following exception : Any help will be greatly appreciated since I have a demo tomorrow. (Is there anyway to confugure the java.policy or java.security file to allow the jar that contains my applet(dvt.jar) to access the underlying database.)
  Is there some place I need to specify explicitly where to find this java.policy file.
  Platform is UNIX.
  Thx
  Karthik
  Thx
  Karthik
  Unable to connect to any hosts due to exception: java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:3306 connect,resolve)** BEGIN NESTED EXCEPTION ** java.security.AccessControlExceptionMESSAGE: access denied (java.net.SocketPermission 127.0.0.1:3306 connect,resolve)STACKTRACE:java.security.AccessControlException: access denied (java.net.SocketPermission 127.0.0.1:3306 connect,resolve)at java.security.AccessControlContext.checkPermission(Unknown Source)at java.security.AccessController.checkPermission(Unknown Source)at java.lang.SecurityManager.checkPermission(Unknown Source)at java.lang.SecurityManager.checkConnect(Unknown Source)at java.net.Socket.connect(Unknown Source)at java.net.Socket.connect(Unknown Source)at java.net.Socket.<init>(Unknown Source)at java.net.Socket.<init>(Unknown Source)at com.mysql.jdbc.StandardSocketFactory.connect(StandardSocketFactory.java:124)at com.mysql.jdbc.MysqlIO.<init>(MysqlIO.java:225)at com.mysql.jdbc.Connection.createNewIO(Connection.java:1783)at com.mysql.jdbc.Connection.<init>(Connection.java:450)at com.mysql.jdbc.NonRegisteringDriver.connect(NonRegisteringDriver.java:411)at java.sql.DriverManager.getConnection(Unknown Source)at java.sql.DriverManager.getConnection(Unknown Source)at vdt.VdtModuleApplet.getConnection(VdtModuleApplet.java:444)at vdt.VdtModuleApplet.init(VdtModuleApplet.java:105)at sun.applet.AppletPanel.run(Unknown Source)at java.lang.Thread.run(Unknown Source)** END NESTED EXCEPTION ** System = Inited, gotParameters, init propertiesGetting Connection Posts: 30 | Registered: Feb 2005 | IP: Logged

  Hi Folks, I am also facing the same kind of
  problem...when I am trying to open notepad by
  clicking on New option of my Frame's menu.. I am
  getting the message Access Denied...some permission
  problem is there...Please help me in directing about
  setting the policies...https://www.support.storagetek.com/LibraryAdminHelp/lsa/setting_up_java_policy_permissions.htm
  http://www.exciton.cs.rice.edu/JavaResources/security/policy.htm

• How to specify the security policy "Allow access to everyone" for security role in Deployment descriptor

  Hi,
  I am migrating a web application from Websphere to Weblogic. The web application has a security role defined in web.xml (Use LDAP for authentication).
  security-role>
          <description>Authenticated</description>
          <role-name>Authenticated</role-name>
      </security-role>
  This role is mapped to a special subject "All authenticated user in appliation realm" in WAS.
  In weblogic, I have the following setting in weblogic.xml
  <wls:security-role-assignment>
          <wls:role-name>Authenticated</wls:role-name>
          <wls:externally-defined />
      </wls:security-role-assignment>
  And after deploy the application, have to manually add a security role and add the security policy "Allow access to everyone" to this role.
  I am wondering if this setting can be specified in  for example weblogic.xml so just deploy web applicaiton using deployment descriptor, and I don't need write script to do that .
  Thanks

  Hi,
  You need to have Back End support to achieve this. In Back End you need to create two groups . You need to know what joins has to be made for which group (which is more important) and also make session variable for the userrole (with SQL supporting it). In the BMM layer, we need to put the security join conditions in the 'where clause'.
  And make a common report. User loggin in with the respective userid will have userrole and joins assigned in the Back end. And they will be viewing the report according to their access.
  Hope this will solve your problem.
  Regards
  MuRam

• JVM (from C++) won't recognize security policy

  I can't get the JVM to recognize a security policy file when the JVM is invoked from C++.
  Using the Invocation API of JNI from C++ (in W2K) I am creating a Java object which then sets
  an RMISecurityManager. I am passing the location of my security policy file in the JavaVMOption
  array :
       options[opidx++].optionString = "-Djava.security.policy=\"d:\\jini1_1\\policy\\policy.all\"";
  The JVM starts fine, and the object gets instantiated, but once the RMISecurityManager is set,
  the code no longer has permission to open files or sockets, etc etc. This would indicate that the security policy is not allowing permissions - but the policy file actually has the following:
  permission java.security.AllPermission "", "";
  (This "promiscuous" policy is just for testing.)
  My problem seems to be that in spite of the explicit security policy being passed to the JVM, it is being ignored. This only happens if the code is run from the C++ program. Using the same code and same command line argument for the policy file, everything works fine if it is run as a Java program separately.
  What is the special incantation required to get the JVM to recognize a security policy file when it is invoked using the JNI Invocation API?
  Thanks

  Fixed!
  The problem was the additional, inner set of quotes, which were cut and pasted from the batch file used to call the Java program from the command line.

• Did Cisco ISE have limitation for policy setting?

  Deat All,
  Did anyone know about Cisco ISE limitation about policy setting?
  Right now my setting for windows posture policy around 200 windows patch checking, did ISE have limitation such as maximum windows patching policy line?
  Thanks you
  Best Regards

  Here is the nswer for your first question.
  Cisco ISE profiler collects a significant amount of endpoint data from the network in a short period of time. It causes Java Virtual Machine (JVM) memory utilization to go up due to accumulated backlog when some of the slower Cisco ISE components process the data generated by the profiler, which results in performance degradation and stability issues.
  To ensure that the profiler does not increase the JVM memory utilization and prevent JVM to go out of memory and restart, limits are applied to the following internal components of the profiler:
  Endpoint Cache—Internal cache is limited in size that has to be purged periodically (based on least recently used strategy) when the size exceeds the limit.
  Forwarder—The main ingress queue of endpoint information collected by the profiler.
  Event Handler—An internal queue that disconnects a fast component, which feeds data to a slower processing component (typically related to a database query).
  For more information go through :
  http://www.cisco.com/c/en/us/td/docs/security/ise/1-2/user_guide/ise_user_guide/ise_prof_pol.html#12624

• Cisco NAC web agent Network Security Policy

  I have a computer with an installed McAfee Antivirus that us up to date. However, each time try to access one of my client's server via VPN, I successfully connect to VPN using Cisco Anyconnnect but whenever I try to download the web agent and the device security check is being run, I get the feedback "Host is not compliant with network security policy". It also tells me a Remediation description of "please update your antivirus". (see attached screenshot)
  Please note that I already have my McAfee antivirus updated and I have done everything to keep my computer in good shape in terms of security.
  What is the possible cause for this?

  That means the CAM hasn't received an SNMP trap for that MAC address.  Double-check that the WLC is set up to send traps to the CAM: http://www.cisco.com/en/US/docs/security/nac/appliance/configuration_guide/47/cam/m_woob.html#wp1290626
  You can see if the CAM's received a trap for a specific MAC by looking under OOB Management > Devices > Discovered Clients.

• Socket and Security Policy

  I've tried to set experiment with Socket communication in Flex, but I keep hitting problems. Approach 1: in a Flex web app, I load a crossdomain security policy from a server. I then open a socket and write a few bytes to the server. In my server, I do not get the expected output on the stream--in fact, I get nothing at all--until I close the Flex application, at which point I get a seemingly inifinite stream of the bytes '0xEFBFBF'. Here's a hexdump view of a fragment of the data Flash Player sends to the server after I close the Flex app:
  00000130  ef bf bf ef bf bf ef bf  bf ef bf bf ef bf bf ef  |................|
  00000140  bf bf ef bf bf ef bf bf  ef bf bf ef bf bf ef bf  |................|
  00000150  bf ef bf bf ef bf bf ef  bf bf ef bf bf ef bf bf  |................|
  Approach 2: I then tried it in air, but although the connection seems to initiate properly and I can go through the above trivial client-server interaction, after a few seconds, I get a SecurityErrorEvent. From what I've been able to follow of the docs, Air applications are trusted in this respect, and should not need to load security policy, right? I tried to add a call to Security.loadPolicy(), but it seems to be ignored. This is the message flow:
  Received [class Event] connect
  Received [class ProgressEvent] socketData
  Received [class Event] close
  Received [class SecurityErrorEvent] securityError
  Security error: Error #2048: Security sandbox violation: app:/main.swf cannot load data from localhost:5432.
  The Air version of my client code is below:
  <?xml version="1.0" encoding="utf-8"?>
  <mx:WindowedApplication xmlns:mx="http://www.adobe.com/2006/mxml" layout="absolute">
  <mx:Script>
      <![CDATA[
          var str:Socket;
          private function handleClick(e:Event):void {
              Security.loadPolicyFile("xmlsocket://localhost:2525");           
              str = new Socket('localhost', 5555);
              var message:String = 'hello';
              for (var i:int = 0; i < message.length; i++) {
                  str.writeByte(message.charCodeAt(i));               
              str.writeByte(0);
              str.flush();
              str.addEventListener(Event.ACTIVATE, handleEvent);
              str.addEventListener(Event.CLOSE, handleEvent);
              str.addEventListener(Event.CONNECT, handleEvent);
              str.addEventListener(Event.DEACTIVATE, handleEvent);
              str.addEventListener(IOErrorEvent.IO_ERROR, handleEvent);
              str.addEventListener(ProgressEvent.SOCKET_DATA, handleEvent);
              str.addEventListener(SecurityErrorEvent.SECURITY_ERROR, handleEvent);           
          private function handleEvent(e:Event):void {
               trace("Received", Object(e).constructor, e.type);
               if (e is ProgressEvent) {
                   var strBytes:Array = [];
                   while(str.bytesAvailable > 0) {
                       var byte:int = str.readByte();
                       strBytes.push(byte);
                   trace(String.fromCharCode.apply(null, strBytes));
               } else if (e is SecurityErrorEvent) {
                   trace("Security error:", SecurityErrorEvent(e).text);
      ]]>
  </mx:Script>
  <mx:Button label="test" click="handleClick(event)"/>   
  </mx:WindowedApplication>
  The server is in Java and is as follows:
  import java.net.*;
  import java.io.*;
  public class DeadSimpleServer implements Runnable {
      public static void main(String[] args) throws Exception {
          if (args.length != 2) {
              throw new Exception("Usage: DeadSimpleServer policy-port service-port");
          int policyPort = Integer.parseInt(args[0]);
          int servicePort = Integer.parseInt(args[1]);
          new Thread(new DeadSimpleServer(policyPort,
                                          "<?xml version=\"1.0\"?>\n" +
                                          "<cross-domain-policy>\n" +
                                          "<allow-access-from domain=\"*\" to-ports=\"" + servicePort + "\"/>\n" +
                                          "</cross-domain-policy>\n"
                     ).start();
          new Thread(new DeadSimpleServer(servicePort, "world")).start();
          while (true) Thread.sleep(1000);
      private int port;
      private String response;
      public DeadSimpleServer(int port, String response) {
          this.port = port;
          this.response = response;
      public String getName() {
          return DeadSimpleServer.class.getName() + ":" + port;
      public void run() {
          try {
              ServerSocket ss = new ServerSocket(port);
              while (true) {
                  Socket s = ss.accept();
                  System.out.println(getName() + " accepting connection to " + s.toString());
                  OutputStream outStr = s.getOutputStream();
                  InputStream inStr = s.getInputStream();
                  int character;
                  System.out.print(getName() + " received request: ");
                  while ((character = inStr.read()) != 0) {
                      System.out.print((char) character);
                  System.out.println();
                  Writer out = new OutputStreamWriter(outStr);
                  out.write(response);
                  System.out.println(getName() + " sent response: ");
                  System.out.println(response);
                  System.out.println(getName() + " closing connection");
                  out.flush();
                  out.close();
                  s.close();
          } catch (Exception e) {
              System.out.println(e);
  Am I missing something? From what I understand, either of these approaches should work, but I'm stuck with both. I have Flash Player 10,0,15,3 and am working with Flex / Air 3.0.0 under Linux.

  So... apparently, with the Air approach, this is what I was missing: http://www.ultrashock.com/forums/770036-post10.html
  It'd be nice if FlashPlayer gave us a nicer error here.
  I'm still trying to figure out what the heck is going on in the web app (i.e., non-Air Flex) example. If anyone has any suggestions, that would be very helpful.

• 11.2.3 security policy not applying

  This was in another post felt it need its on post and subject.
  11.2.3 has help, but now on device that have 11.2.3 the security policy is
  not applying. I have 4 device I'm testing on one was a clean instill of
  11.2.3 the other 3 were upgraded, out of all 4 only one the security policy
  is applying right. Where would the security policy be store when it is
  applied to a device. Is their a better way to apply security policy.
  I found that the gpttmpl.inf file is not being copy to the
  [C:\Windows\System32\GroupPolicy\Machine\Microsoft\ Windows NT\SecEdit]
  folder and did confirm that it is in the zcm meachine cache folder
  [C:\Program Files
  (x86)\Novell\ZENworks\bin\handlers\CacheFiles\Work stationCache\GroupPolicy\M
  achine\Microsoft\Windows NT\SecEdit]. I manual copy it to the SecEdit
  folder
  logged off back on and then did get the Security Options Settings set
  properly.
  So why is it not copying it over, the Registry.pol file is and all other
  group policy are working (so far). And on the one computer that Security
  Options is working right on and running 11.2.3 the gpttmpl.inf is not in
  the
  [C:\Windows\System32\GroupPolicy\Machine\Microsoft\ Windows NT\SecEdit]
  folder ether and I have checked computers that are still on 11.2.0 and the
  Security Settings are applied but the gpttmpl.inf file in not in the
  [C:\Windows\System32\GroupPolicy\Machine\Microsoft\ Windows NT\SecEdit]. Is
  ZEN suppose to copy gpttmpl.inf to the system32 group policy folder and if
  so can this be fix? I really need Security Settings to apply.
  Hope this makes sense.
  And I have this problem on both 32 & 64 bit windows 7
  I don't know if this affects Windows XP because I don't have any Security
  Settings for XP set.
  Thanks
  Scott

  Well I found this in the ZCM troubleshooting guide with the help of google
  [When more than one Windows Group policy is applied to a device, the
  security settings of the last applied policy are effective on the device.].
  I have all ways had device first user last sense 10.3.3 - 11.2.0 and the
  security policy did apply, at lease with WIN7. So on my test machines I
  change it to user fist device last and now the security policy now works
  with 11.2.3, but I still have to have a bundle to run gpupdate /force at
  user login. If I done have the bundle to run the device group policy does
  not apply sometime, I don't mine to have the bundle to run just why with
  win7 is does not apply with out it and XP does with out it.
  Also why does it not copy the gpttmpl.inf to
  [C:\Windows\System32\GroupPolicy\Machine\Microsoft\ Windows NT\SecEdit]
  directory?
  >>> On Friday, March 15, 2013 at 12:34 PM, in message
  <[email protected]>, Scott Malugin<[email protected]> wrote:
  > This was in another post felt it need its on post and subject.
  >
  >
  > 11.2.3 has help, but now on device that have 11.2.3 the security policy
  > is
  > not applying. I have 4 device I'm testing on one was a clean instill of
  > 11.2.3 the other 3 were upgraded, out of all 4 only one the security
  > policy
  > is applying right. Where would the security policy be store when it is
  > applied to a device. Is their a better way to apply security policy.
  >
  >
  > I found that the gpttmpl.inf file is not being copy to the
  > [C:\Windows\System32\GroupPolicy\Machine\Microsoft\ Windows NT\SecEdit]
  > folder and did confirm that it is in the zcm meachine cache folder
  > [C:\Program Files
  > (x86)\Novell\ZENworks\bin\handlers\CacheFiles\Work stationCache\GroupPoli
  > cy\M
  >
  > achine\Microsoft\Windows NT\SecEdit]. I manual copy it to the SecEdit
  > folder
  > logged off back on and then did get the Security Options Settings set
  > properly.
  >
  > So why is it not copying it over, the Registry.pol file is and all other
  > group policy are working (so far). And on the one computer that Security
  > Options is working right on and running 11.2.3 the gpttmpl.inf is not in
  > the
  > [C:\Windows\System32\GroupPolicy\Machine\Microsoft\ Windows NT\SecEdit]
  > folder ether and I have checked computers that are still on 11.2.0 and
  > the
  > Security Settings are applied but the gpttmpl.inf file in not in the
  > [C:\Windows\System32\GroupPolicy\Machine\Microsoft\ Windows NT\SecEdit].
  > Is
  > ZEN suppose to copy gpttmpl.inf to the system32 group policy folder and
  > if
  > so can this be fix? I really need Security Settings to apply.
  >
  > Hope this makes sense.
  >
  > And I have this problem on both 32 & 64 bit windows 7
  > I don't know if this affects Windows XP because I don't have any
  > Security
  > Settings for XP set.
  >
  >
  > Thanks
  > Scott