Unauthorized user removing policy from document

Similar Messages

• Exception while removing policy from protected .docx file.

  I am getting exception as below for java client code snippet while inspecting document which is secured using MS Word 2007.
  Properties connectionProps = new Properties();
  connectionProps.setProperty(ServiceClientFactoryProperties.DSC_DEFAULT _EJB_ENDPOINT, "jnp://vvcon-qa-1.ptcnet.ptc.com:1099");
  connectionProps.setProperty(ServiceClientFactoryProperties.DSC_TRANSPO RT_PROTOCOL,ServiceClientFactoryProperties.DSC_EJB_PROTOCOL);        
  connectionProps.setProperty(ServiceClientFactoryProperties.DSC_SERVER_ TYPE, "JBoss");
  connectionProps.setProperty(ServiceClientFactoryProperties.DSC_CREDENT IAL_USERNAME, "administrator");
  connectionProps.setProperty(ServiceClientFactoryProperties.DSC_CREDENT IAL_PASSWORD, "administrator");
  ServiceClientFactory factory = ServiceClientFactory.createInstance(connectionProps);
  RightsManagementClient rightsClient = new RightsManagementClient(factory);
  //Reference a policy-protected Word document from which to remove a policy
  FileInputStream is = new FileInputStream(args[0]);
  Document inPDF = new Document(is);
  //Create a Document Manager object
  DocumentManager  documentManager = rightsClient.getDocumentManager();
  RMInspectResult lic = documentManager.inspectDocument(inPDF);
  Exception I am getting
  com.adobe.edc.sdk.SDKException: Error while looking up RM Header in the document -- Invalid argument(error code bin: 1281, hex: 0x501)
      at com.adobe.livecycle.rightsmanagement.RightsManagementService.throwSDK Exception(RightsManagementService.java:958)
      at com.adobe.livecycle.rightsmanagement.RightsManagementService.getLicen seID(RightsManagementService.java:794)
      at com.adobe.livecycle.rightsmanagement.RightsManagementService.inspectD ocument(RightsManagementService.java:2260)
  Event if I try with user who can access document after connecting to LiveCycle ES2 from Microsoft Word 2007 I am getting same exception.
  I can acess document from MS Word after I have secured it using all users who have right permission for document but from java client I am not able to do that. Looks like RMS information is not embedded properly in my document.
  jars included in my classpath are
  adobe-rightsmanagement-client.jar,namespace.jar,jaxb-api.jar,jaxb-impl .jar,jaxb-libs.jar,jaxb-xjc.jar,relaxngDatatype.jar,adobe-livecycle-cl ient.jar,adobe-usermanager-client.jar,jbossall-client.jar
  My client is running on Windows XP 32 bit with Office 2007.
  Server is installed on Windows server 2008 R2 64 bit and deplyoed using JBoss.
  One more intresting fact here is my java client can protect document and unprotect same document.
  However document which is protected by Microsoft Rights Management extension plugin cannot
  be unprotected by my java client.
  Regards,
  Sharang

  It seems to work properly, in that, the appropriate words are removed from the story. However, I'd like to keep the story in order, as it was before any manipulation took place (just with the words removed). Currently, I am presented with a column of words with the order of words seemingly random.
  Thanks.

• How to remove empty lines from xml files after removing nodes from document

  <pre>
  Hi
  <b>i have xml document, which is shown below
  after removing some nodes from the document ,i am getting empty lines in place of removed nodes,how to resolve this and get the proper xml document without any errors</b>
  <?xml version="1.0" encoding="UTF-8" standalone="no"?>
  <!DOCTYPE Message SYSTEM "TRD01.dtd">
  <Message>
  <Header>
  <CounterPartyType>CLIENT</CounterPartyType>
  <CreationTime>20134455</CreationTime>
  <ErrorCode>363 </ErrorCode>
  <ErrorEnterPriseId>N</ErrorEnterPriseId>
  <ErrorStatus>1</ErrorStatus>
  <ErrorSystemId>STL</ErrorSystemId>
  <ErrorTimes>31</ErrorTimes>
  <MessageType>T</MessageType>
  <RecipientEnterpriseId>N</RecipientEnterpriseId>
  <RecipentSystemId>EXM</RecipentSystemId>
  <Remarks>REMARSK</Remarks>
  <SenderEnterpriseId>N</SenderEnterpriseId>
  <SenderSystemId>TR</SenderSystemId>
  </Header>
  </Message>
  <ErrorCode>363 </ErrorCode>
  <ErrorEnterPriseId>NIHK</ErrorEnterPriseId>
  <ErrorStatus>1</ErrorStatus>
  <ErrorSystemId>STL</ErrorSystemId>
  <ErrorTimes>31</ErrorTimes>
  XPathExpression expression5 = xpath.compile(xmlpath5);
  Object result5 = expression5.evaluate(doc, XPathConstants.NODE);
  Node node5 = (Node) result5;
  node5.getParentNode().removeChild(node5);
  XPathExpression expression6 = xpath.compile(xmlpath6);
  Object result6 = expression6.evaluate(doc, XPathConstants.NODE);
  Node node6=(Node) result6;
  node6.getParentNode().removeChild(node6);
  XPathExpression expression7 = xpath.compile(xmlpath7);
  Object result7 = expression7.evaluate(doc, XPathConstants.NODE);
  Node node7=(Node) result7;
  node7.getParentNode().removeChild(node7);
  doc.normalize();
  doc.normalizeDocument();
  TransformerFactory tf = TransformerFactory.newInstance();
  Transformer t = tf.newTransformer();
  t.setOutputProperty(OutputKeys.INDENT, "yes");
  t.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
  t.setOutputProperty(OutputKeys.METHOD,"xml");
  t.setOutputProperty(OutputKeys.ENCODING, "UTF-8");
  the xml output i am getting is
  <?xml version="1.0" encoding="UTF-8" standalone="no"?>
  <Message>
  <Header>
  <CounterPartyType>CLIENT</CounterPartyType>
  <CreationTime>20134455</CreationTime>
  <MessageType>TRD01</MessageType>
  <RecipientEnterpriseId>N</RecipientEnterpriseId>
  <RecipentSystemId>STL</RecipentSystemId>
  <Remarks>REMARSK</Remarks>
  <SenderEnterpriseId>N</SenderEnterpriseId>
  <SenderSystemId>T</SenderSystemId>
  </Header>
  </Message>
  <b>could you please let me know how to avoid empty lines in the xml doucment output</b>
  this is the method i am using to get the result
  public void ValidateRecord(String xml){
  try{
  DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
  DocumentBuilder db = factory.newDocumentBuilder();
  //parse file into DOM
  /*DOMParser parser = new DOMParser();
  parser.setErrorStream(System.err);
  parser.setValidationMode(DTD_validation);
  parser.showWarnings(true);*/
  System.out.println ("HI THIS xml is validation "+xml);
  Resolver res = new Resolver();
  db.setEntityResolver(res);
  Document doc = db.parse(new InputSource(new StringReader(xml)));
  XPathFactory xpf = XPathFactory.newInstance();
  XPath xpath = xpf.newXPath();
  // XPathExpression expression = xpath.compile("//A/B[C/E/text()=13]");
  String xmlpath="/Message/Header/CounterPartyType/text()";
  String xmlpath1="/Message/Header/RecipentSystemId/text()";
  String xmlpath2="/Message/Header/ErrorSystemId/text()";
  XPathExpression expression = xpath.compile(xmlpath);
  XPathExpression expression1 = xpath.compile(xmlpath2);
  Object result = expression.evaluate(doc, XPathConstants.NODE);
  Object result1 = expression1.evaluate(doc, XPathConstants.NODE);
  Node node = (Node) result;
  Node node1 = (Node) result1;
  System.out.println("the values of the string is " +node.getNodeValue());
  System.out.println("the values of the string is " +node1.getNodeValue());
  // for (int i = 0; i < nodes.getLength(); i++) {
  //System.out.println(nodes.item(i).getNodeValue());
  // CAHNGING THE RECEIPENT NODE
  XPathExpression expression2 = xpath.compile(xmlpath1);
  Object result2 = expression2.evaluate(doc, XPathConstants.NODE);
  Node node2 = (Node) result2;
  System.out.println(node2);
  node2.setNodeValue(node1.getNodeValue());
  System.out.println(node2);
  //removing the nodes from document
  String xmlpath3="/Message/Header/ErrorCode";
  String xmlpath4="/Message/Header/ErrorEnterPriseId";
  String xmlpath5="/Message/Header/ErrorStatus";
  String xmlpath6="/Message/Header/ErrorSystemId";
  String xmlpath7="/Message/Header/ErrorTimes";
  XPathExpression expression3 = xpath.compile(xmlpath3);
  Object result3 = expression3.evaluate(doc, XPathConstants.NODE);
  Node node3 = (Node) result3;
  node3.getParentNode().removeChild(node3);
  XPathExpression expression4 = xpath.compile(xmlpath4);
  Object result4 = expression4.evaluate(doc, XPathConstants.NODE);
  Node node4 = (Node) result4;
  System.out.println("node value");
  System.out.println(node4.getParentNode().getNodeName());
  node4.getParentNode().removeChild(node4);
  XPathExpression expression5 = xpath.compile(xmlpath5);
  Object result5 = expression5.evaluate(doc, XPathConstants.NODE);
  Node node5 = (Node) result5;
  node5.getParentNode().removeChild(node5);
  XPathExpression expression6 = xpath.compile(xmlpath6);
  Object result6 = expression6.evaluate(doc, XPathConstants.NODE);
  Node node6=(Node) result6;
  node6.getParentNode().removeChild(node6);
  XPathExpression expression7 = xpath.compile(xmlpath7);
  Object result7 = expression7.evaluate(doc, XPathConstants.NODE);
  Node node7=(Node) result7;
  node7.getParentNode().removeChild(node7);
  // Node b13Node = (Node) expression.evaluate(doc, XPathConstants.NODE);
  //b13Node.getParentNode().removeChild(b13Node);
  doc.normalize();
  doc.normalizeDocument();
  TransformerFactory tf = TransformerFactory.newInstance();
  Transformer t = tf.newTransformer();
  t.setOutputProperty(OutputKeys.INDENT, "yes");
  t.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
  t.setOutputProperty(OutputKeys.METHOD,"xml");
  t.setOutputProperty(OutputKeys.ENCODING, "UTF-8");
  t.transform(new DOMSource(doc), new StreamResult(System.out));
  catch (Exception e) {
       e.printStackTrace();
  System.out.println(e.getMessage());
  </pre>
  Edited by: user12185243 on Apr 6, 2013 6:38 AM
  Edited by: user12185243 on Apr 6, 2013 6:41 AM
  Edited by: user12185243 on Apr 6, 2013 6:43 AM
  Edited by: user12185243 on Apr 6, 2013 6:45 AM
  Edited by: user12185243 on Apr 6, 2013 9:00 AM

  either this way we can do this
  1)
  DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
  <b> factory.setIgnoringElementContentWhitespace(true); </b>
  DocumentBuilder db = factory.newDocumentBuilder();
  or
  2)
  java.io.StringWriter sw = new java.io.StringWriter();
  StreamResult sr = new StreamResult(sw);
  t.transform(new DOMSource(doc), sr);
  String xml1 = sw.toString().trim();
  <b> xml1=xml1.replaceAll("\\s",""); </b>
  System.out.println(xml1.trim());

• How to remove "Microsoft User Data" folder from Documents?

  I have read articles about passing it to username,library,preferences .. but it doesn't work for me! it reappears whe i start messenger, I've also tried to change the location from messenger's preferences but it's useless !! PLEASE HELP ME!

  It's required by all the Office for Mac and other MS applications. It will always reappear if you are using any such applications, so you don't want to delete it.

• Is it possible to see list history (e.g: which user removed column from list)

  Hello there,
  I know it is possible to see version history of items and pages, but what about the lists itself?
  For example:
  Is it possible to see which user added/removed a column from a list?
  Is it possible to see which user changed a certain view from a list?
  Thanks in advance!

  There's an auditing event fired when a user modifies content types or columns in a list. To make use of this you'll need to enable auditing if it's not already enabled.
  I'm not sure about the view and I'm having trouble trying to find information about it because most of the documentation talks about VIEWing the audit reports. :)
  Jason Warren
  @jaspnwarren
  jasonwarren.ca
  habaneroconsulting.com/Insights

• Removing information from document properties

  hi - in adobe reader, how does one remove identifying information from the document properties tab on the file tab?

  hi - in adobe reader, how does one remove identifying information from
  the document properties tab on the file tab?
  You can't.

• Can't Remove Ligatures from Document Compiled from Scrivener

  I'm a fiction writer and I use Scrivener as my mainstay writing tool. But I just purchased Pages recently when my copy or Neo Office no longer was compatable with OSX. I just tried opening a story I need to submit and the ligatures for fi and fl were all over the place. I tried going through Format > Font > Ligatures and through the Document Inspector to turn them off. While they Menu and Inspector said they were turned off, they weer still in the document. I tied selecting the word, the paragraph and the whole document and turning them on and off. I've tried compiling as a .doc, .docx, .rtf. Nothing helps. Has anyone come across this? It seems silly to have a remove ligatures option that doesn't remove ligatures.

  Text was all written in Scrivener, compiled into a .doc file. There were no ligatures in the text. When I opened the document in Pages to double check the formatting, I had words like "flailed" now look like "‡ailed." When I tried to remove or turn off the ligatures through the Format menu or the Document Inspector, it wouldn't remove them even though I've told Pages to through those options.

• Removing pictures from documents

  I have a document with several pictures in it and I would like to renmove only the pictures and save them so I can insert them into a different document.  I can bring the document into Photoshop Elements and using the magnetic lasso tool, select the image(s) but I can't figure out how to save only the images so I can use them again in another document.           Thanks

  Make a selection of the an image which you wish to retain using the magnetic lasso tool, or one of the other selection tools.
  Go to Select menu>Inverse
  Hit delete of the keyboard
  Press CTRL+D to get rid of the marching ants.
  Save
  Repeat for the other images

• Removed user from group, user no longer has access to documents even though user is owner of documents

  I'm running a server 2012 std domain and I'm in the process of rebuilding our fileserver after we had some pretty serious permission issues. Bad permissions (Everyone had full access to user documents share) were migrated when we move to the new server and
  then by some strange Monday morning freak out all users lost access to their documents. I restored from backups, redirected everyone's folders back to local computer and started to reconfigure the share permissions. I moved our administration group back to
  the server after securing proper permissions for folder redirection (permissions copied from https://technet.microsoft.com/en-us/library/jj649078.aspx?f=255&MSPPError=-2147217396 table 1, only difference is instead of creating a new security group
  for redirection users, I used the everyone group) to test and everything went perfectly. The GPO created the users folders under the root and redirection was good to go. Along with that, other users cannot access other users documents anymore which was the
  intended outcome. 
  Last night I was looking at security groups and see that our administration group (back office group: accounting, HR, etc..) was a member of the domain admins. I removed them from the domain admins group and added them to the administrators group (they do
  need regular admin access) then went on like normal. This morning, all users in that group can no longer access their documents on the server. I immediately think that permissions were broken again and started to get angry, but then realize that all the files
  are still accessible on the server (no lost permissions like before) and the user is still shown as the owner with full permissions, but the files are inaccessible to those users. I re-added them to the domain admins group, logged out, logged back in and documents
  are back and accessible by the user. Remove them from the domain admins group, log out, log back in and the documents are inaccessible again. Re-add to the domain admins group and back to normal. 
  Which leads me to now. If the users are part of the domain admins group, they have access to their files. If they are removed from the domain admins group, they lose access. When they lose access, they are still the owners of the files/folders with full
  permissions, yet they can't access their documents. Also, just to add, the domain admins group has no specified permissions on the files or folders. See screenshots below..
  Here is the root share. 
  And the user's desktop folder. The folder is owned by the user with full permissions. This is the folder the redirection GPO created.
  Any ideas why removing the group from domain admins would drop access to their files? They are still the owners of the files and should have full access but they don't. Is there something I'm not seeing here?

  Effective Access shows the user has full control of the Desktop folder
  This is a problem with the Effective Access tab when using CREATOR OWNER.  As you have noticed, the user doesn't really have the access that the tab says it does.  This is because of how CREATOR OWNER works.
  CREATOR OWNER is only evaluated when a file/folder is created. 
  IF a user can create a file/folder, then the permissions assigned to CREATOR OWNER are copied to a new permissions entry for that user.
  To see this:
  Logon as an administrator and create a file in the Desktop folder in your screenshot.
  Examine the permissions of the new file.
  You'll see that there is a new entry for the account you logged on with.
  CREATOR OWNER is gone.  CREATOR OWNER would still be there if you created a folder (because of "subfolders and files").
  In the Desktop folder (in your screenshot), only SYSTEM and Administrator can create/access files.
  To fix this, you need to grant the users the ability to list the directory contents and create new files/folders.  This corresponds with the suggestion of Table 1 in the document you found.
  I see what you're saying about Administrators domain group. I'll just add them as local admins via GPO and that should solve that issue. 
  No, scary!  This will grant those users administrative permission on your server.  They will be able to see any file anywhere on that server.
  If your goal is to provide a place that is private for each user, then the simplest approach is to grant each user permission to their own folder.  Like this for Test User:
  Notes for above:
  I set the user's permission to Modify because there is no good reason why the user should change these permissions
  The owner of this folder is unimportant.  I leave it set to Administrators
  You can, and I do, remove CREATOR OWNER.  It adds no value in this situation and just causes confusion.
  As for the second screen shot, the *-Admins folder is the root to which Everyone has special permissions on and can create folders. The folder for M* was created by the GPO, which makes M* the owner to which they have Full control of subfolders and files.
  The GPO also created the Desktop folder, giving owner full permissions of subfolders and files. Inside the Desktop folder, permissions remain Full control for owner for subfolders and files. Even if it was the case that they only had permissions on subfolders
  and files, wouldn't each subfolder under that one be considered a subfolder and file of the top folder?
  If this works as you say, then Yes, it should work.  But, I don't see the entries for use M*.  Remember, there should be entries for the M* user that is a duplicate of CREATOR OWNER.
  I suspect that Group Policy is creating the directories (elevated) and then changing the owner to M* afterward.  This does not duplicate the CREATOR OWNER entries as needed.  If this is the case, I consider it a flaw because your permissions do
  not allow user M* to create files/folders, and group policy shouldn't bypass security.
  I'm not saying your wrong, I'm just curious why the technet article would advise Creator/Owner giving full control of subfolders and files only if that were not correct. I can add the permissions for the users easily, I just don't see why I need to give
  explicit permissions to access something when the GPO created those folders for me, which Microsoft recommends you allow. If the GPO can create folders and the folders are owned by the user, then the user can obviously add/create/modify/view those files and
  folders. 
  When I restored the data, no permission were reset. Permissions were restored to the wonky version where the Everyone group has full access to everything. Ownership of the files/folders remained the same.
  A couple things:
  The article instructed the use of Folder Redirection Users group that had permissions to create files.  Your examples didn't have that.  Because of this, your user could create new files.
  The article assumes that the directories you are creating will be empty.  Existing files will be unreadable to everyone except Admins.
  If you follow the directions in the article, then anyone in the Folder Redirection Users group can write files to anyone else's directory.
  One benefit of the document's approach is that all the users could be redirected to the same folder using the article, and it would work.  A benefit, I guess.
  But, I like my user's separate and unable to see each other's files -- at all.  This is why I recommend replacing CREATOR OWNER with the specific user.
  I believe this document is a "how to get it done" document, not necessarily a best practices document.  I see it as a starting point, and that's why I didn't follow it exactly.
  Lastly, CREATOR OWNER permissions are useful but confusing.  I avoid them unless I have the rare circumstance where they are perfect.
  When I restored the data, no permission were reset. Permissions were restored to the wonky version where the Everyone group has full access to everything. Ownership of the files/folders remained the same.
  To summarize:
  In the user's directory, you need to provide permission to list and create new files/folders, and you need grant the user permission to the existing files.
  -Tony

• Remove Throttle policy from users

  Hello guys, 
  We have deployed Blackberry and i want to remove BESPolicy Throttling policy from all users. We have Exchange 2010 Sp1. 
  But that Script available on the Technet is not working on exchange 2010 Sp1. 
  Is there any alternative Cmdlet to find bespolicy users and remove the Bespolicy from users ?
  regards 

  BESPolicy should only be applied to the besadmin accont and all other users should have the default/customized policy.
  If you have BES policy applied for all users, just get all mailbox in bulk and set a new/default policy
  Rajith Enchiparambil |
  http://www.howexchangeworks.com |

• Microsoft word documents and removing policy.

  Can DocumentManger class can be used to remove security policy from secured Microsfot word docuemnts.
  Or protable protection library is the only way to deal with Microsoft word documents?
  I want my application to remove the strip off all security information from the document and re insert the same again at a later point.
  is portable protection library is the only way to go here.

  Thanks Steve for pointing out to API.
  I am getting exception as below for java client code snippet while inspecting document which is secured using MS Word 2007.
  Properties connectionProps = new Properties();
  connectionProps.setProperty(ServiceClientFactoryProperties.DSC_DEFAULT_EJB_ENDPOINT, "jnp://vvcon-qa-1.ptcnet.ptc.com:1099");
  connectionProps.setProperty(ServiceClientFactoryProperties.DSC_TRANSPORT_PROTOCOL,ServiceC lientFactoryProperties.DSC_EJB_PROTOCOL);         
  connectionProps.setProperty(ServiceClientFactoryProperties.DSC_SERVER_TYPE, "JBoss");
  connectionProps.setProperty(ServiceClientFactoryProperties.DSC_CREDENTIAL_USERNAME, "administrator");
  connectionProps.setProperty(ServiceClientFactoryProperties.DSC_CREDENTIAL_PASSWORD, "administrator");
  ServiceClientFactory factory = ServiceClientFactory.createInstance(connectionProps);
  RightsManagementClient rightsClient = new RightsManagementClient(factory);
  //Reference a policy-protected Word document from which to remove a policy
  FileInputStream is = new FileInputStream(args[0]);
  Document inPDF = new Document(is);
  //Create a Document Manager object
  DocumentManager  documentManager = rightsClient.getDocumentManager();
  RMInspectResult lic = documentManager.inspectDocument(inPDF);
  Exception I am getting
  com.adobe.edc.sdk.SDKException: Error while looking up RM Header in the document -- Invalid argument(error code bin: 1281, hex: 0x501)
      at com.adobe.livecycle.rightsmanagement.RightsManagementService.throwSDKException(RightsMana gementService.java:958)
      at com.adobe.livecycle.rightsmanagement.RightsManagementService.getLicenseID(RightsManagemen tService.java:794)
      at com.adobe.livecycle.rightsmanagement.RightsManagementService.inspectDocument(RightsManage mentService.java:2260)
  Event if I try with user who can access document after connecting to LiveCycle ES2 from Microsoft Word 2007 I am getting same exception.
  I can acess document from MS Word after I have secured it using all users who have right permission for document but from java client I am not able to do that. Looks like RMS information is not embedded properly in my document.
  jars included in my classpath are
  adobe-rightsmanagement-client.jar,namespace.jar,jaxb-api.jar,jaxb-impl.jar,jaxb-libs.jar,j axb-xjc.jar,relaxngDatatype.jar,adobe-livecycle-client.jar,adobe-usermanager-client.jar,jb ossall-client.jar
  My client is running on Windows XP 32 bit with Office 2007.
  Server is installed on Windows server 2008 R2 64 bit and deplyoed using JBoss.
  Regards,
  Sharang

• Security policy from old GPO still applying after removal

  We have a Server 2k3 domain with a mix of 2k8R2 (PDC) and 2k3 DCs. We are currently in the process of
  replacing older 2k3 DC policies with newer policies. Policy A (AKA "Old policy") has always been a problem as it contains settings which cause errors in the event logs of the DCs it is applied to (ID 1020 "Windows cannot create
  registry key CurrentControlSet\Control\Session Manager. (The parameter is incorrect)" and 1096 "Windows cannot access the registry policy file, \\domain.com\sysvol\domain.com\Policies\{GUID}\Machine\registry.pol. (The parameter is incorrect)").
  Policy B (AKA "New policy") has been wonderful in a completely different AD Forest/Domain that we created it in but is not happy after we copied it to this Domain.
  The new policy was exported as a Backup and imported by creating a new GPO on this domain and choosing "Import settings". We've previously encountered both the "hidden file" and "read only" issues with copying GPOs so we avoided
  those by ensuring hidden files were copied and removing "read only" from the policy folder. The new policy was then applied to the Domain Controller OU with a higher precedence than the old policy. Neither policy is set to enforced
  and the links for both were enabled, both policies are set with GPO Status "Enabled" so the new policy should have overridden the older policy settings. After several gpupdate /force and reboots, the 2k3
  domain controllers are showing in RSOP a Red x on "Computer policy" with "Group policy Infrastructure" as failed with details "Group Policy Infrastructure processed successfully but failed to log resultant set of policy information".
  Under general with "Display all GPOs and filtering status" Old policy is lower than new policy.
  When drilling down to "User Rights Assignment" you can see that "Old Policy" is still the winning policy for all settings. When under "Administrative Templates" "New policy" is the winning policy there. So it
  seems that the new policy is applying for admin template settings but not for security policies.
  I then disabled the old policy which reflected under the general tab filtering status "Disabled" but the user rights assignment still showed Old policy as winning. I tried modifying the Old policy and saw that the serial number for the policy updated
  in the RSOP general tab. Then I completely removed the link for the policy from the DC OU and the policy disappeared from the general tab but still showed under User Rights Assignment.
  I've tried clearing the Cached group policy from the machine with:
  secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose
  and deleting [HKEY_LOCAL_MACHINE\Software\Policies\Microsoft] from registry and c:\windows\system32\GroupPolicy from HD.
  Usually I'll get an error from RSOP about RSOP already running until I gpupdate /force and then I'm back at square one.
  I've confirmed that the issue is not replication, the machine shows no errors in FRS and I've performed non-authoritative SYSVOL restore on this server. repadmin
  shows no errors.
  I have not yet tried to demote/repromote the server as I'm unconvinced that will have any effect. I've seen this kind of issue on 2k3 servers where even after removing the server from the domain entirely the policies from the domain still remain in effect
  to where you cannot even modify a setting from local gpedit.msc.
  It seems that something is causing security policies to stick from the old policy but is allowing admin template policies to apply from the new policy. Where would these old settings be cached from, and how can I get them to go away?

  I've now also tried putting the machine in an OU with inheritance blocking an no policies applied.
  I've tried deleting [HKLM\Software\Microsoft\Windows\CurrentVersion\GroupPolicy\History] and reboot.
  I've turned on all the logging (http://technet.microsoft.com/en-us/library/cc775423%28v=ws.10%29.aspx) and I can even see the .inf files created in c:\windows\security\templates\policy
  for each GPO and the policy shows the correct settings.
  NTRights (http://ss64.com/nt/ntrights.html,
  http://support.microsoft.com/kb/315276) allows me to set the setting manually and AccessChk shows me the current settings
  http://technet.microsoft.com/en-us/sysinternals/bb664922.aspx but I still cannot get RSOP to come back clean. I can also see in c:\windows\security\logs that some of the security settings
  I'm working show up; "remove SeDebugPrivilege." for example shows up as having been removed from the local administrator which was one of the changes I made.
  I've opened up a ticket with Microsoft Support but they haven't had any fresh ideas either. My best guess at this point is that policy is actually applying but RSOP is busted. I have no idea how to reset the RSOP data however.
  At this point I'm trying to run WMIDiag to see if there's an issue with WMI as several of the misc errors in the gpedit.log file come up with WMI related issues in google ("InitializeRSOP failed with 0x80070102", "GetObject for event source
  of RSOP_ExtensionEventSource.id="{GUID}" failed with 0x80041002").
  I should clarify that AccessChk seems to indicate that the User Rights Assignment settings ARE applying but are not showing correctly in RSOP.

• How to remove the IT policy from my Torch 9800, or how to reset the device to original setting

  I have a Torch 9800 formerly- used for business emails. According to our company policy there was an IT policy installed to the device hence would force the user to set password protecting the device.
  Now this device has been retired and I like to use it only for regular phone calls thus do not like to have a password protection. My question is:
  How to remove the IT policy from the device?
  or
  How to reset the device to original setting?
  I have been trying to swipe and scrub the device several times but that IT policy still exist. Need help......
  Solved!
  Go to Solution.

  See the RIM Knowledge Base article here for information on how to remove an IT Policy. See the Method Three in the link:
  KB14202 How to remove an IT policy from a BlackBerry smartphone
  Read this RIM Knowledge Base article to reset your device to the factory settings.
  KB18998 How to reset a BlackBerry smartphone to factory defaults
  1. If any post helps you please click the below the post(s) that helped you.
  2. Please resolve your thread by marking the post "Solution?" which solved it for you!
  3. Install free BlackBerry Protect today for backups of contacts and data.
  4. Guide to Unlocking your BlackBerry & Unlock Codes
  Join our BBM Channels (Beta)
  BlackBerry Support Forums Channel
  PIN: C0001B7B4   Display/Scan Bar Code
  Knowledge Base Updates
  PIN: C0005A9AA   Display/Scan Bar Code

• Removing a USER assigned Policy

  I made a policy which i assigned to a USER, in our company its actually more effective to assign policies to a GROUP.
  How can i remove the policy from the USER.
  regards Danny

  Hi dspinatto,
  Dont get me wrong here please, i really appriciate everyones help and opinion on this matter.
  I just remarked the two different solutions to my question and wondered which one was actually true/working.
  So forgive me if i sounded a bit harsh or impolite, this was'nt intentionaly.
  Greets Danny
  Originally Posted by dspinatto
  Hi Danny,
  You do not have to believe to any of us, of course. Any of us could potencially go wrong here since we are human beings. You can go and try it for yourself and see the results to make your own conclusions. You do have a full ZESM test environment, right?
  Again, my understanding is that the last policy you apply is the one that gets enforced. When you assign a policy to a group, and a member of that group had a direct assignment to another policy, the new assignment will overwrite the previous one (and doesn't matter if that was direct or indirect). If you hover the pointer over an user in the MC Publishing tab, you'll see the policy that is in effect for the user, with the date and time that the policy was last published. Keep in mind that only one policy will be applied and enforced at the client at the same time. You can also check the results in the ZSC's about box.
  This is a simple test that can be done in 2 minutes. I'm running latest .154 build on an AD environment.
  Good luck,
  Daniel

• How to remove Userscripts from Greasemonkey without enabling Greasemonkey? (I have deleted files from user/gm_scripts/ didn't help)

  I installed an addon named Chat Resizer, which is for Kongregate, restarted to finish the install and firefox would not open.
  Clicked it and clicked it nothing, Opened Task Manager, Ended the firefoxes and tried to open it again but nothing again.
  Started FF in safe mode, cannot remove chat resizer with greasemonkey disabled, trying to enable it to remove it firefox refuses to start.
  Uninstalled greasemonkey, FF works as normal, install it and it freezes once more.
  Removed files from user/appdata/roaming/mozilla/profile blah blah/gm_scripts which had files for all of my scripts in them,
  Firefox still won't start, uninstall greasemonkey, works again, install, doesnt work even with files for the scripts gone.
  Any more suggestions?

  Hello,
  I found this tutorial, i think must works:
  [http://ooiks.com/blog/mousehunt-autobot/install-uninstall-user-script-on-firefox How to Install and Unistall User Scripts Greasemonkey]