Local Security policies

The new Flash Player security policies are driving me nuts
when trying to work with local files. I'm working on development
tools that will run in the local machine, I get security issues in
many cases (from AIR interacting with loaded swf, with local
xmlsocket). It's clear and easy to implement the security
restrictions when you work with remote files (you just put the
crossdomain.xml on the server), but with local files is such a pain
(see for instance the "use-network=false" compiling option).
Is there a documentation that helps you to work with local
files and sort the eventual issues, I couldn't find one.
Now I would like to communicate with a local java xml socket,
how could I do to avoid:
*** Security Sandbox Violation ***
Connection to localhost:1023 halted - not permitted from
file:///.../bin/App.swf
Thanks a lot for any support

This socket server made my day:
http://www.blog.lessrain.com/?p=512
chr

Similar Messages

Local Security Policies not getting applied

Hi,
We have a Windows 2012 Server which is added to Domain. We have requirement for applying some security settings on the servers. We do not want to use Group Policies for the same as we have different server in different OU's.
We have applied the policies using gpedit.msc by going to Computer Configuration/Windows Settings/Security Settings/Local Policies
But once we run rsop.msc the settings are showing as not defined.
I tried running gpupdate /force and rebooting but no use.
Also there are some settings which are configured in Security Options but we want to change those to not defined. There is no option for the same, its only enable or disable.

Hi,
I have done some tests, and getting the exact same results as yours.
It looks like settings configured within the Winning GPOs are dispalyed. For those settings which are not configured from any higher level scope, local group policy settings can be applied then.
Best Regards,
Amy

2008 r2 RDP SSL NLA problem "Local Security Authority cannot be contacted"

Hi!
I have run into an issue with RDP settings for 2008 R2 servers (all of them) whenever I enable NLA. That happens on user accounts that do NOT enforce password expiration (and so passwords are not expired) and MSTSC supporting NLA (client computers are win7
or win8).
In fact those same clients can use NLA just fine for connections to other win7/win8 workstations (domain members) using NLA, no probs!
SSL certificates are automatically issued by enterprise CA. All computers/servers have current and valid Computer certificates.
For some strange reason, I cannot enable NLA on RDP settings for any of 2008 R2 servers (various roles, ranging from physical DC running multiple roles, through dedicated virtual DC or dedicated virtual Print Servers up to dedicated Remote Desktop Services
host), because all of them at once stop accepting RDP connections, always with same error message:
An authentication error has occurred.
The Local Security Authority cannot be contacted
Remote computer: server.domain.local
This could be due to an expired password.
Please update your password if it has expired.
For assistance, contact your administrator or technical support.
That same message also appears on DC (2008 R2) running the enterprise CA role ... irony ...
Please keep in mind that domain member computers running windows 7 x64 or windows 8.1 x64 can accept NLA enabled and SSL encrypted RDP traffic at same time without issues while using the same user accounts to connect.
To make it even funnier, I can set RDP on 2008 R2 acting as Remote Desktop Services server to accept only SSL RDP traffic and keep NLA disabled and all works just fine. So, it is strictly the NLA causing trouble here, but why? WS 2008 R2 unable to use Kerberos
authentication for RDP?
WS 2012 R2 can accept NLA/SSL RDP connections without trouble, just as win7/win8 workstations can, so issue is narrowed down to only 2008 R2 servers (physical or virtual).
Is there a hotfix for this problem on 2008 R2? sounds to me like it is a bug in 2008 r2 regarding Kerberos authentication for RDP... is MS ever planning to fix it or we have to upgrade all servers to 2012R2 to "fix it" ...

In case this is of use to anyone, I traced this issue down to some group policy settings restricting the use of NTLM. If you're connecting to a server from a Windows client within the same domain, this won't be an issue, as Kerberos is used for authentication.
However, when connecting from a machine outside the domain, or from a non Windows client (e.g. Wyse ThinOS terminal as we were), it seems NTLM is used for authentication.
Since we have quite a secure environment setup, the following group policy had been set throughout the domain:
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Network security: Restrict NTLM: Incoming NTLM traffic - Deny all domain accounts
Network security: Restrict NTLM: NTLM authentication in this domain
- Deny for domain accounts to domain servers
What was needed was to apply a new policy to the RDS servers being connected to from outside the domain with the following settings and so that the new GPO took precedence over the standard GPO applying the above:
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Network security: Restrict NTLM: Incoming NTLM traffic - Allow all
Network security: Restrict NTLM: NTLM authentication in this domain - Disable
In addition, the domain controller policy had to be updated with these settings:
Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Network security: Restrict NTLM: Add remote server exceptions for NTLM authentication -
Enabled with either all RDS servers listed, or use a wildcard name which will capture all RDS servers
Network security: Restrict NTLM: Add server exceptions in this domain - Enabled with either all RDS servers listed, or use a wildcard name which will capture all RDS servers
Took me a while to figure this one, so hopefully it will help someone somewhere :)

Where are the EAS security policies stored? "Reset Security Policies"?

When you connect Mail app to an account using EAS, security policies from the Exchange server are applied to Windows 8.1. I know that these can be reset by going to Control Panel -> User Accounts and then clicking on the "Reset Security Policies"
option.
However, I would like to see which policies are being applied by the Exchange server, but I can't find where Windows 8.1 is storing the policy settings. Are they in the registry? Can I see them in the GPEDIT local policies?
For example, our Exchange server sets the "Max inactivity time lock" to 15 minutes. I would like to be able to see exactly which Windows setting is storing this value and enforcing it.
I've verified that it's overriding settings already in place that are stored in:
Computer Config - > Windows Settings -> Local Policies -> Security Options.
or
Computer Config - > Admin Templates -> Control Panel -> Personalization
or
User Config -> Admin Templates -> Control Panel -> Personalization
Does anyone have idea where I might be able to view these policies in Windows 8.1?

Hi,
Aboved suggestions is description of the EAS policy.
If you need further assistance, feel free to let me know. I will be more than happy to be of assistance.
If the reply is helpful, please remember to mark it as answer which can benefit our Community members. Otherwise, please unpropose it and post back with your further concern.
Kate Li
TechNet Community Support

Local security settings

Hi,
on 10g R2 on a win 2003 server, when try to stop database from DB control I receive this error :
RemoteOperationException: ERROR: Wrong password for userWhat is wrong ? We are sure of user/pwd given.
It is administrator/pwd of Windows.
Must we do something in Local security settings of windwos server ?
Thank you.
I found here http://weblogs.asp.net/wallym/archive/2005/01/03/345818.aspx
this :
Have you gotten the error; "RemoteOperationException: ERROR: wrong password for user" with Oracle 10g? If so, it is probably because the OS user that you are trying to login to the Oracle Enterprise Manager with has not been setup to allow the user to logon as a "Batch Job." To resolve this issue:
Go to "Control Panel" -> "Admin Tools" -> "Local Security Policy."
Within "Local Policies", go to user "Right Assignment."
Add the user to "Logon as a Batch Job."
The logon problem should now be resolved. This is for trying to run Oracle 10g on Windows 2003 Server.
Edited by: user522961 on Nov 20, 2008 8:05 AM

Hi,
SCM includes a LocalGPO tool which allows you to manage the local group policy objects (LGPO) on non-domain joined computers.
Please refer to this blog, check whether it can help you
Microsoft’s Free Security Tools – Microsoft Security Compliance Manager Tool (SCM)
http://blogs.technet.com/b/security/archive/2013/01/15/microsoft-s-free-security-tools-microsoft-security-compliance-manager-tool-scm.aspx
Yolanda Zhu
TechNet Community Support

Your message wasn't delivered because of security policies message after adding new company to our network

After adding a new acquistion company to our network the company is now receiving a undeliverable error message when trying to email Parent Company. The acquistion company is still hosting there own email. Emails do come
through sometime though. Odd thing is the part where it says "The following organization rejected your msessage because of relay. The server that is asking for relay has nothing to do with Exchange and is a webserver.
Your message wasn't delivered because of security
policies. Microsoft Exchange will not try to redeliver this message for you.
Please provide the following diagnostic text to your system administrator.
The following organization rejected your message: XXXXX08WEB02.
Sent by Microsoft Exchange Server 2007
Diagnostic information for administrators:
Generating server: exch-srv.xxx.local
xxxx08WEB02 #550 5.7.1 Unable to relay for
Original message headers:
Received: from exch-srv.bb.local ([10.36.x.x]) by exch-srv.xx.local
([10.36.10.9]) with mapi; Fri, 21 Mar 2014 06:24:26 -0600
Date: Fri, 21 Mar 2014 06:24:24 -0600
Subject: Fwd: BLASER
Thread-Topic: BLASER
Thread-Index: Ac9FAH8o48EjJULkQCyOFAKdwwLLcQ==
Message-ID: <[email protected]<mailto:[email protected]>>
References: <[email protected]<mailto:[email protected]>>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: multipart/alternative;
boundary="_000_2E7BF3C7D4A34BBE8DA45714401F4470xxxxxxcom_"
MIME-Version: 1.0

Hi,
Let’s try the following resolution:
Exchange 2007 server>EMC>server configuration>Hub Transport>Receive connector>properties>Network> add your new company server IP address in the tab “receive mail from remote servers that have these IP addresses”.
For more information, you can refer to the following article:
http://blogs.technet.com/b/exchange/archive/2006/12/28/3397620.aspx
If you have any question, please feel free to let me know.
Thanks,
Angela Shi
TechNet Community Support

Missing user rights assignment entries for many security policies in list exported via secedit

Hello,
First of all, I posted this same question on The Official Scripting Guys Forum! but didn't get the answer to this exact question (even though I received a lot of useful relevant info). That is why I am posting here. This is a more appropriate
forum for the question. (Also posted on Windows Server 2012 General two days ago and didn't get a response at all).
OK, question time:
I want to modify the user rights assignment for a local security policy. In the GUI, find User Rights Assignment as follows: Win+R -> Enter "secpol.msc" -> Go to Local Policies -> Go to User Rights Assignment.
So, to modify a particular use rights assignment via a script, I need to export the INF file using secedit, modify it and then configure using the modified file using secedit. To export the INF file, I am using:
secedit /export /db C:\Windows\security\database\secedit.sdb /mergedpolicy /cfg SecPolicy
Now, the problem is that the INF file exported doesn't have all the user rights assignments that I see in the GUI. For example, the policy "Restore files and directories" has users/groups in its settings but it doesn't show up in the INF file.
In fact, most don't. Only five do and all these five have a different symbol next to them in the GUI. How are these policies different? What do I need to do to export all the policies?
EDIT: Adding screenshot of what I see:
Thanks!
-Rohan.

On Fri, 11 Apr 2014 18:26:50 +0000, Rohan PN wrote:
Now, the problem is that the INF file exported doesn't have all the user rights assignments that I see in the GUI. For example, the policy "Restore files and directories" has users/groups in its settings but it doesn't show up in the INF
file. In fact, most don't. Only five do and all these five have a different symbol next to them in the GUI. How are these policies different? What do I need to do to export all the policies?
Can you post a screen shot? My guess is that what you're seeing is that
secpol is only exporting the local settings and not ones that are set by a
GPO in AD and that will also be the difference between the icons.
Paul Adare - FIM CM MVP
Although the Buddhists will tell you that desire is the root of suffering,
my personal experience leads me to point the finger at system
administration.
-- Philip Greenspun

Web-app scoped security policies not working in WL 8

Hi,
I can't get web-app scoped security policies working in WL 8.1
I have a simple web application. It defines a role(ROLE) and security
constraint (on *.jsp).
If I examine the web app in the administration console, I see that it
has created a role (scoped to /*) called "ROLE" just as you would
expect. It has also created a scoped policy (to *.jsp) with constraints
that the user be in the role ROLE. This is as expected, and it works.
However, if I proceed to create my own scoped policy (on *.html) with
constraints (on ALL methods) that the user be in role ROLE, then I get
no security at all. ie. I can go to server:port/foo.html and it will
work - it is not secured.
Any ideas?
On a completely unrelated issue, when I deploy an EAR (exploded) with a
WAR (exploded) and using the admin console expand the application
correpsonding to th EAR, right click on the WAR node, and try and define
a scoped role, then I get an error "There are no appropriate RoleEditor
providers configured". This sounds like a bug. Trying to define a
scoped policy works as expected.
TIA,
Jon

I can't get web-app scoped security policies working in WL 8.1Well, I can answer this one myself.
WebLogic 8 has a new optimisation (this wasn't present in 7 AFAIK),
available on the Security / Realm / myreal / General tab, which
determines whether or not weblogic considers authorisation of resources
protected by descriptors or not. (ie. it can force only
descriptor-protected authorisation, ignoring admin console policies).
It defaults to ignoring admin console policies, hence my problem.
Jon

How to Export local security setting all filed name & value against filed.

HI all,
I am trying to export local security setting from local policy using bellow scrip. but it is showing only these are configured. I need expert help which allowed me to export all filed with value where it is configure or not. Please give me.
$output=@()
$temp = "c:\"
$file = "$temp\privs.txt"
[string] $readableNames
$process = [diagnostics.process]::Start("secedit.exe", "/export /cfg $file /areas USER_RIGHTS")
$process.WaitForExit()
$in = get-content $file
foreach ($line in $in) {
if ($line.StartsWith("Se")) {
$privilege = $line.substring(0,$line.IndexOf("=") - 1)
switch ($privilege){
"SeCreateTokenPrivilege " {$privilege = "Create a token object"}
"SeAssignPrimaryTokenPrivilege" {$privilege = "Replace a process-level token"}
"SeLockMemoryPrivilege" {$privilege = "Lock pages in memory"}
"SeIncreaseQuotaPrivilege" {$privilege = "Adjust memory quotas for a process"}
"SeUnsolicitedInputPrivilege" {$privilege = "Load and unload device drivers"}
"SeMachineAccountPrivilege" {$privilege = "Add workstations to domain"}
"SeTcbPrivilege" {$privilege = "Act as part of the operating system"}
"SeSecurityPrivilege" {$privilege = "Manage auditing and the security log"}
"SeTakeOwnershipPrivilege" {$privilege = "Take ownership of files or other objects"}
"SeLoadDriverPrivilege" {$privilege = "Load and unload device drivers"}
"SeSystemProfilePrivilege" {$privilege = "Profile system performance"}
"SeSystemtimePrivilege" {$privilege = "Change the system time"}
"SeProfileSingleProcessPrivilege" {$privilege = "Profile single process"}
"SeCreatePagefilePrivilege" {$privilege = "Create a pagefile"}
"SeCreatePermanentPrivilege" {$privilege = "Create permanent shared objects"}
"SeBackupPrivilege" {$privilege = "Back up files and directories"}
"SeRestorePrivilege" {$privilege = "Restore files and directories"}
"SeShutdownPrivilege" {$privilege = "Shut down the system"}
"SeDebugPrivilege" {$privilege = "Debug programs"}
"SeAuditPrivilege" {$privilege = "Generate security audit"}
"SeSystemEnvironmentPrivilege" {$privilege = "Modify firmware environment values"}
"SeChangeNotifyPrivilege" {$privilege = "Bypass traverse checking"}
"SeRemoteShutdownPrivilege" {$privilege = "Force shutdown from a remote system"}
"SeUndockPrivilege" {$privilege = "Remove computer from docking station"}
"SeSyncAgentPrivilege" {$privilege = "Synchronize directory service data"}
"SeEnableDelegationPrivilege" {$privilege = "Enable computer and user accounts to be trusted for delegation"}
"SeManageVolumePrivilege" {$privilege = "Manage the files on a volume"}
"SeImpersonatePrivilege" {$privilege = "Impersonate a client after authentication"}
"SeCreateGlobalPrivilege" {$privilege = "Create global objects"}
"SeTrustedCredManAccessPrivilege" {$privilege = "Access Credential Manager as a trusted caller"}
"SeRelabelPrivilege" {$privilege = "Modify an object label"}
"SeIncreaseWorkingSetPrivilege" {$privilege = "Increase a process working set"}
"SeTimeZonePrivilege" {$privilege = "Change the time zone"}
"SeCreateSymbolicLinkPrivilege" {$privilege = "Create symbolic links"}
"SeDenyInteractiveLogonRight" {$privilege = "Deny local logon"}
"SeRemoteInteractiveLogonRight" {$privilege = "Allow logon through Terminal Services"}
"SeServiceLogonRight" {$privilege = "Logon as a service"}
"SeIncreaseBasePriorityPrivilege" {$privilege = "Increase scheduling priority"}
"SeBatchLogonRight" {$privilege = "Log on as a batch job"}
"SeInteractiveLogonRight" {$privilege = "Log on locally"}
"SeDenyNetworkLogonRight" {$privilege = "Deny Access to this computer from the network"}
"SeNetworkLogonRight" {$privilege = "Access this Computer from the Network"}
$sids = $line.substring($line.IndexOf("=") + 1,$line.Length - ($line.IndexOf("=") + 1))
$sids = $sids.Trim() -split ","
$readableNames = ""
foreach ($str in $sids){
$str = $str.substring(1)
$sid = new-object System.Security.Principal.SecurityIdentifier($str)
$readableName = $sid.Translate([System.Security.Principal.NTAccount])
$readableNames = $readableNames + $readableName.Value + ", "
$output += New-Object PSObject -Property @{
privilege = $privilege
readableNames = $readableNames.substring(0,($readableNames.Length - 1))
#else = $line."property"
$output

As an alternate approach wee can preset the hash and just update it. This version also deal with trapping the errors.
function Get-UserRights{
Param(
[string]$tempfile="$env:TEMP\secedit.ini"
$p=Start-Process 'secedit.exe' -ArgumentList "/export /cfg $tempfile /areas USER_RIGHTS" -NoNewWindow -Wait -PassThru
if($p.ExitCode -ne 0){
Write-Error "SECEDIT exited with error:$($p.ExitCode)"
return
$selines=get-content $tempfile|?{$_ -match '^Se'}
Remove-Item $tempfile -EA 0
$dct=$selines | ConvertFrom-StringData
$hash=@{
SeCreateTokenPrivilege =$null
SeAssignPrimaryTokenPrivilege=$null
SeLockMemoryPrivilege=$null
SeIncreaseQuotaPrivilege=$null
SeUnsolicitedInputPrivilege=$null
SeMachineAccountPrivilege=$null
SeTcbPrivilege=$null
SeSecurityPrivilege=$null
SeTakeOwnershipPrivilege=$null
SeLoadDriverPrivilege=$null
SeSystemProfilePrivilege=$null
SeSystemtimePrivilege=$null
SeProfileSingleProcessPrivilege=$null
SeCreatePagefilePrivilege=$null
SeCreatePermanentPrivilege=$null
SeBackupPrivilege=$null
SeRestorePrivilege=$null
SeShutdownPrivilege=$null
SeDebugPrivilege=$null
SeAuditPrivilege=$null
SeSystemEnvironmentPrivilege=$null
SeChangeNotifyPrivilege=$null
SeRemoteShutdownPrivilege=$null
SeUndockPrivilege=$null
SeSyncAgentPrivilege=$null
SeEnableDelegationPrivilege=$null
SeManageVolumePrivilege=$null
SeImpersonatePrivilege=$null
SeCreateGlobalPrivilege=$null
SeTrustedCredManAccessPrivilege=$null
SeRelabelPrivilege=$null
SeIncreaseWorkingSetPrivilege=$null
SeTimeZonePrivilege=$null
SeCreateSymbolicLinkPrivilege=$null
SeDenyInteractiveLogonRight=$null
SeRemoteInteractiveLogonRight=$null
SeServiceLogonRight=$null
SeIncreaseBasePriorityPrivilege=$null
SeBatchLogonRight=$null
SeInteractiveLogonRight=$null
SeDenyNetworkLogonRight=$null
SeNetworkLogonRight=$null
for($i=0;$i -lt $dct.Count;$i++){
$hash[$dct.keys[$i]]=$dct.Values[$i].Split(',')
$privileges=New-Object PsObject -Property $hash
$privileges
Get-UserRights
A full version would be pipelined and remoted or, perhaps use a workflow to access remote machines in parallel.
¯\_(ツ)_/¯

How to use ADF Security policies in OID Ldap

Hello
My application uses ADF security policies created by Jdeveloper ADF Security Wizard and page definition Edit Authorization menu. The application runs as expected using file based system-jazn-data.xml. I used the JAZNMigrationTool in order to migrate XML based policies to LDAP based policies. LDIF file was generated by the tool and then using the LDAPModify command the file was uploaded to the OID. No errors were generated during this process.
I used Oracle Directory Manager in order to examine the migration result, and compare the output to that described by
Introduction to ADF Security in JDeveloper 10.1.3.2
An Oracle JDeveloper Article
Written by Frank Nimphius, Oracle Corporation
February, 2007
I was expecting to find Read, Update privileges in the orcljaznpermissionaction and the attribute name in the orcljaznpermissiontarget as shown in Fig 15 ADF security entry in OID.
to narrow down the source of the issue, we examine the LDIF file, and there was no reference to these entries. Below is one example entry from the LDIF file
dn: orclguid=EF37EAA603C611DDBFAE635A1BB60EE0,cn=Permissions,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
changetype: add
objectclass: orcljaznpermission
objectclass: groupofuniquenames
objectclass: top
cn: EF37EAA603C611DDBFAE635A1BB60EE0
orclGuid: EF37EAA603C611DDBFAE635A1BB60EE0
orcljaznjavaclass: java.security.UnresolvedPermission
orcljaznpermissiontarget: oracle.adf.share.security.authorization.AttributePermission
orcljaznpermissionactions:
uniquemember: orclguid=EF37EAA203C611DDBFAE635A1BB60EE0,cn=Grantees,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
Note that the orcljazpermissionactions is empty and orcljaznpermissiontarget does not really specify the actual attribute name.
The system-jazn-data.xml includes all entries correctly.
rgds

Eurika
finally solved,
runing the JAZNMigrationTool requires setting the correct classpath,
Setting the classpath to the following
C:\>Set CLASSPATH=d:\jdevstudio10132\j2ee\home\jazn.jar
allows you to run the Jaznmigrationtool successfully, however you will find that the generated LDIF file does not include the premission actions (Read, Update ...)
if however, you add the adfshare.jar to the classpath
C:\>Set CLASSPATH=d:\jdevstudio10132\j2ee\home\jazn.jar;d:\jdevstudio10132\BC4J\lib\adfshare.jar
now the tool will migrate the permission policies , the following shows an extract from the LDIF file
dn: orclguid=A5E662E204D411DDBF8807BC4864C5C2,cn=Permissions,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
changetype: add
objectclass: orcljaznpermission
objectclass: groupofuniquenames
objectclass: top
cn: A5E662E204D411DDBF8807BC4864C5C2
orclGuid: A5E662E204D411DDBF8807BC4864C5C2
orcljaznjavaclass: oracle.adf.share.security.authorization.AttributePermission
orcljaznpermissiontarget: AppModuleDataControl.VRoleAuthorrizationsView1.RanDateTo
orcljaznpermissionactions: read,update
uniquemember: orclguid=A5E662E104D411DDBF8807BC4864C5C2,cn=Grantees,cn=Policy,cn=JAZNContext,cn=Products,cn=OracleContext,dc=realsoft,dc=com
Ammar Sajdi
www.e-ammar.com/Oracle.html

Document Restrictions of Security Policies

Hello,
I've been hunting around but can't find it. Is there a concise reference for how to use Adobe Acrobat8 Security features with the Adobe Document Center? Is it so new that there's no book (Quick Start, etc.) on it?
I send PDFs to people. But I only want them to be able to print the PDF, not copy any of its content. I also want the PDF to deny access after a 3 month period. I was going to use Pinion Software's AutoShred product, but then I stumbled upon Adobe8 and the Document Center, which seemed like a perfect fit. So I immediately upgraded to Adobe8 and signed up for the trial at the Document Center.
I have created security policies and everything seems to work as its supposed to. However, when I look at any security policy, there is nothing allowing me to make the kind of detailed modifications permitted in Acrobat8 - Secure / Show Security Properties / SecurityTab / and the list for Document Restrictions Summary.
For some reason, when I set up a security policy - most restrictive to only permit printing and eliminate file access after 3 months - the "page extraction: allowed" phrase shows up when I examine Show Security Properties / Security Tab / Document Restrictions Summary, even though for everything else it is "Not allowed" which is what I want.
I thought maybe its a bug, because when I close the file and then reopen it, the page extraction is grayed out. But I don't know if people I send the file to will be able to extract the pages, thus getting around my objective of not allowing them to copy/paste any of my proprietary content onto some other file format.
Anybody else have this same problem. Is there a way for me to prevent page extraction and have it show up in the Document Restrictions Summary as "Page Extraction: Not Allowed"?
Thanks,
Robert

Hi Holly,
Question - is that all you want to do? Or do the documents have value to you such that you want to maintain control over how long they are used, by whom, and for how long?
1. If the former, you can use password protection to protect the documents, and format them so that they cannot be altered.
From within Adobe Acrobat 8 with the document visible.
Select Secure / Password Encrypt / Permissions
Click on Restrict Editing and Printing
Key in a protection password (I use the same for all documents)
Select Printing permissions "High Resolution" from drop down menu
Select Changes Allowed "None" from Drop Down Menu
Make sure "Enable copying of text, images.... box is unchecked
Don't worry about creating Security Envelopes or anything else. Just click cancel if those windows pop up.
Your security changes will not take effect until you save the document. Once saved, you can go to Secure / Show Security Properties / Show Details to confirm that all settings are as you want.
2. If you want to do the latter, you can sign up for Adobe Live Cycle Policy Server protection of the document. Adobe just came out with a new service. Right now its free. Later to be subscription based.
https://dc.adobe.com/adc/login.do?nextURL=https%3A%2F%2Fdc.adobe.com%2Fadc%2Fadc.do
I use this, since I want to maintain control over the documents. I let people print only. No other changes, no copying, no emailing. And the document "self destructs" on the date I set for its expiration.
Regards,
Robert

How to configure security policies like account locking, account expiry in portal application?

Hi All,
Can anybody pls tell me how to configure security policies like account locking,
account expiry in portal application? By default, it has a 30 minutes lock period
after 5 retries. But if I want to set other values or want to unlock account of
a user, then what to do ?
TIA,
Sudarson

I have read the SSO admin guide, and performed the steps for enabling SSL on the SSO, and followed the steps to configure mod_osso with virtual host on port 4443 as mentioned in the admin guide.
The case now is that when I call my form (which is developed by forms developer suite 10g and deployed on the forms server which is SSO enabled) , it calls the SSO module on port 7777 using http (the default behaviour).
on a URL that looks like this :
http://myhostname:7777/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
and gives the error :
( Forbidden
You don't have permisission to access /sso/auth on this server at port 7777)
when I manually change the URL to :
https://myhostname:4443/pls/orasso/orasso.wwsso_app_admin.ls_login?Site2pstoreToken=.......
the SSO works correctly.
The question is :
How can I change this default behaviour and make it call SSO on port 4443 using https instead ?
Any ideas ?
Thanks in advance

How do I migrate my Acrobat X security policies to Acrobat XI? (I'm on a mac)

I currently have both Acrobat X and XI installed on my Mac OS 10.7.5. All of my security policies, Actions, and other preferences are on X, and I don't know how to move them over to XI. I have a lot of security policies I can't afford to discard. Is there a way to migrate the policies, and hopefully also the Actions/Scripts I made in X? If so, how would I do that?

Look in the following location for the file "security-policy.acrodata":
/Users/[USERNAME]/Library/Application Support/Adobe/Acrobat/10.0/Security/
Copy it to the location:
/Users/[USERNAME]/Library/Application Support/Adobe/Acrobat/11.0/Security/

How do I setup security policies without Adobe LiveCycle Rights Management?

Hi Guys,
First of all I want to excuse for my english language skills . We have about 30 Users which are using Adobe Acrobat XI Standard. Our management board defined security policies for PDF files. We exported the security policies (Edit -> Preferences -> Security -> Security Settings -> Export). Then we got a file with the extension 'acrobatsecuritysettings'. Next we moved that file to a folder which everybody has read permissions. We ticked at a test computer "load security settings from a server" and type in the path to the file in this way:
smb://server/share/filename.acrobatsecuritysettings
I guess the syntax is correct but there are no security policies at 'Tools -> Protection -> Encrypt -> Manage Security Policies'. Any ideas?
I am very thankful for each reply.

Interesting. Adobe obviously feel that smb is a URL - sorry, no idea what form their URL would take. You could double check that it is accessible with no username or password (i.e. guest access) since you have put no credentials in the URL.
For the intranet (htp) server - you could put it anywhere within the files making up the site. For instance you could create a folder private inside the web root, and put the file in there. You can type the URL in a browser to make sure it serves the credential file.

Migrating ADF Security Policies to Active Directory

Hi,
Curently I'm searching whether it is possible to migrate ADF security policies created during development to a weblogic production environment with Active directory as the identity store.
Whilst I did find documentation relating to standalone WLS, yet no documentation seem to be available for migrating ADF policies to an Active directory. Does anyone has links to documentation that guide throguh this security policy migration.
Thanks.

Hi,
Curently I'm searching whether it is possible to migrate ADF security policies created during development to a weblogic production environment with Active directory as the identity store.
Whilst I did find documentation relating to standalone WLS, yet no documentation seem to be available for migrating ADF policies to an Active directory. Does anyone has links to documentation that guide throguh this security policy migration.
Thanks.

Local Security policies

Similar Messages

Maybe you are looking for