amazon cloudfront – Ready to use “Cache policy” and “Origin request policy” for WordPress?

Is there a ready-to-use Cloudfront cache policy and origin request policy for WordPress? There are no such policies in Cloudfront managed policies. I search on Google with +cloudfront +wordpress +”cache policy” but returns 0 results.

Most of the articles online, such as, does NOT use new cache policy and origin request policy.

While very few articles, such as, does use cache policy and origin request policy, but still with the old ideas, which will lower the cache hit rate if he includes all cookies and all queries and many headers in the cache key.

So, just wonder if there is a ready-to-use “Cache policy” and “Origin request policy” that are optimized for WordPress?

group policy – GPO to set DFS Path to Active in Referral List for mapped drive

I have a DFS Namespace of domain.lclDFS that replicates a folder ReplFolder across 3 geographically dispersed servers:


I can manually map a drive to \domain.lclDFSReplFolder and it works great.

However, I want to be able to set up a GPO to set the active path so that the users in Vancouver, their active path is set to \VANCOUVERFolderA, and same for the users in the other 2 locations. Is there a GPO or Registry setting that would be able to set this?

This can already be manually done by right clicking the drive letter on the client, selecting the DFS tab, and setting the preferred Path to “Active”. But for 500+ users, I’d like to automate this somehow.

Unfortunately we do not have AD Sites & Services enabled in our environment, otherwise I would go that route.

Thanks very much in advance.

ios – Does Apple have a public policy on what it will allow governments to scan their citizen’s iPhones for?

The CSAM scanning is not being done by a government agency. Apple is working with The National Center for Missing & Exploited Children, a private non-profit group.

In their recently released Expanded Protections for Children, Frequently Asked Questions paper, Apple stated:

Q: Could governments force Apple to add non-CSAM images to the hash list?

A: No. Apple would refuse such demands and our system has been designed to prevent that from happening. We have faced demands to build and deploy government-mandated changes that degrade the privacy of users before, and have steadfastly refused those demands. We will continue to refuse them in the future. Let us be clear, this technology is limited to detecting CSAM stored in iCloud and we will not accede to any government’s request to expand it.

With regard to scanning as indicated in your meme example, Apple only refers to their privacy policy regarding when they’ll work with local governments on accessing a user’s data.

As laws vary in each country, a person would need to reference their country’s privacy policy to determine what rights they have in relation to their government. It’s not possible to point to a single comprehensive policy that covers everyone.

sharepoint online – Retention Policy base on selection

I need to create a SharePoint online retention policy on the document library to keep documents forever. To do this, I am using the Office365 compliance center. The condition is based on a choice column. For instance, if the users select Policy, then that records need to keep forever. Is this something that we can achieve using the Office365 compliance center?

Kind Regards

Restrict Email Delete Access in Outlook Using Group Policy

Is there a way to restrict users from deleting email from Outlook using Group Policy or some other setup?

Or else is there any email client or provider having functionality such that admin can restrict users from deleting the emails?

powershell – WDAC policy not accepting MS signed DLLs

I’m working on WDAC / windows defender application control policy. Around 80% of what I have left is from system32 DLL files, hundreds of them. Windows 10 client systems, mostly 20h2.

The base policy is about as stock as you can get. Allow MS using allowmicrosoft.xml sample policy, the recommended best practice block drivers & apps, and SCCM. The DLLs are failing are MS signed but are coming back with event 3091 failures that will be blocked when going to enforcement mode.

All the DLLs failing share these certificate attributes.

  CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

  CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

I added the certs on the chain to a blank policy using Add-SignerRule -CertificatePath .signature1.cer -user -kernel -update, and merged them. These certificates should definitely exist now, even if they weren’t part of allowmicrosoft.xml for some reason.

The check still fails, even after a policy refresh. What am I missing?

AWS IAM: Policy to allow users/role to create any resource, but only with specific tags

I am trying to create an IAM policy that will allow the user/role to create any resource (EC2, Redshift, RDS, etc.) – only if they provide certain pre-defined tags while creating them.

Steps followed so far:

  1. Create an IAM Role: Let’s call it role-XYZ
  2. Attach AWS-Managed ‘ReadOnlyPolicy’ to this role – this will make sure the role has read-only access to all services
  3. Create a new managed policy as follows. This will allow rest (including creation) of the actions based on a condition.
        "Version": "2012-10-17",
        "Statement": (
                "Sid": "VitalizeTagPermission",
                "Effect": "Allow",
                "Action": (
                "Resource": (
                "Condition": {
                    "ForAllValues:StringLike": {
                        "aws:TagKeys": "ProjectCode"

This does not work. The user is able to create the resource even without the ProjectCode tag. Any leads will be appreciated.

Bluetooth audio devices “Setup blocked by group policy”

All of a sudden, I’m having issues with Bluetooth audio devices. All my previously connected audio devices now have a note “Setup blocked by group policy.”

I’ve tried deleting registry keys as described in the article link in this answer:

The following provided no solution either: Device installation forbidden by system policy This is my personal system and has never been attached to a domain.

Nothing is listed under HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindowsDeviceInstallRestrictions

Windows Info

  • Edition: Windows 10 Pro
  • Version: 20H2
  • Installed on: 3/‎13/‎2021
  • OS build: 19042.1165
  • Experience: Windows Feature Experience Pack 120.2212.3530.0

Setup blocked by group policy screen shot

group policy – Windows GPO printer deployment not appearing for new profiles

Old printers that have always deployed via Print Management > Deploy via GPO are now not deploying for new profiles.

the only Changes have been to my Settings GPO with regard to PrintNightmare and disallowing point and print…
Under Computer>Policies>AdminTemps>Printers>Point and Print Restrictions>

Users can only point and print to these servers> disabled
Users can only point and print to machines in their forest > disabled
When installing drivers for a new connection > show warning and prompt
When updating drivers for an existing connection > show warning and prompt

But New printers do not appear. If I try to deploy the printer via User preferences (instead of the Print management > deploy via GPO) it complains about the driver not being available on the client PC.

Wizz Air insurance policy – Travel Stack Exchange

I booked a flight and together with the flight, I bought a travel insurance.

However, I never got an insurance policy with my name and personal information on it: I just received the general terms and conditions.

Does Wizz Air not issue such policy at all, or is it just very well hidden?