diff --git a/ex401/ex401.1.2/Dockerfile b/ex401/ex401.1.2/Dockerfile
deleted file mode 100644
index 078f91e..0000000
--- a/ex401/ex401.1.2/Dockerfile
+++ /dev/null
@@ -1,29 +0,0 @@
-ARG VERSION_TAG
-FROM tier/gte:401.1.1-$VERSION_TAG
-
-LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
-      Vendor="TIER" \
-      ImageType="Grouper Training" \
-      ImageName=$imagename \
-      ImageOS=centos7
-
-ENV USERTOKEN=gte-401.1.2
-
-COPY container_files/seed-data/ /seed-data/
-
-#  && setupFiles
-RUN . /usr/local/bin/library.sh \
-    && prep_conf && prep_finish; \
-    (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
-    && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
-    (mysqld_safe & ) \
-    && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \
-    cd /opt/grouper/grouperWebapp/WEB-INF \
-    && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \
-    && mysql grouper < /seed-data/sisData.sql \
-    && if [ ! -f /usr/local/bin/java ]; then ln -s /usr/lib/jvm/java-1.8.0-amazon-corretto/bin/java /usr/local/bin/java; fi \
-    && sudo --preserve-env=PATH -u tomcat bin/gsh.sh /seed-data/bootstrap.gsh \
-    && pkill -HUP slapd \
-    && while curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \
-    pkill -u mysql mysqld \
-    && while curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done
diff --git a/ex401/ex401.1.2/container_files/seed-data/bootstrap.gsh b/ex401/ex401.1.2/container_files/seed-data/bootstrap.gsh
deleted file mode 100644
index 7c8a137..0000000
--- a/ex401/ex401.1.2/container_files/seed-data/bootstrap.gsh
+++ /dev/null
@@ -1,39 +0,0 @@
-gs = GrouperSession.startRootSession();
-
-addStem("test", "vpn", "vpn");
-
-//Create a loader job to pull in the VPN users assigned in the directory.
-group = new GroupSave(gs).assignName("test:vpn:vpn_legacy").assignCreateParentStemsIfNotExist(true).save();
-group.getAttributeDelegate().assignAttribute(LoaderLdapUtils.grouperLoaderLdapAttributeDefName()).getAttributeAssign();
-attributeAssign = group.getAttributeDelegate().retrieveAssignment(null, LoaderLdapUtils.grouperLoaderLdapAttributeDefName(), false, true);
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapQuartzCronName(), "0 * * * * ?");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapTypeName(), "LDAP_SIMPLE");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapServerIdName(), "demo");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapFilterName(), "(cn=vpn_users)");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSearchDnName(), "ou=groups,dc=internet2,dc=edu");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectAttributeName(), "member");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectIdTypeName(), "subjectId");
-attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectExpressionName(), "\${loaderLdapElUtils.convertDnToSpecificValue(subjectId)}");
-
-//Create placeholder groups for the load job so we can use them below
-//addGroup("ref", "faculty", "faculty");
-//addGroup("ref", "staff", "staff");
-//addGroup("ref", "student", "student");
-
-//Create the groups that do the grouper math to analyze the tables.
-addGroup("test:vpn", "vpn_faculty", "vpn_faculty");
-addComposite("test:vpn:vpn_faculty", CompositeType.INTERSECTION, "test:vpn:vpn_legacy", "ref:faculty");
-
-addGroup("test:vpn", "vpn_employees", "vpn_employees");
-addComposite("test:vpn:vpn_employees", CompositeType.INTERSECTION, "test:vpn:vpn_legacy", "ref:staff");
-
-addGroup("test:vpn", "vpn_students", "vpn_students");
-addComposite("test:vpn:vpn_students", CompositeType.INTERSECTION, "test:vpn:vpn_legacy", "ref:student");
-
-addGroup("test:vpn", "vpn_facstaffstudent", "vpn_facstaffstudent");
-addMember("test:vpn:vpn_facstaffstudent", "test:vpn:vpn_faculty");
-addMember("test:vpn:vpn_facstaffstudent", "test:vpn:vpn_employees");
-addMember("test:vpn:vpn_facstaffstudent", "test:vpn:vpn_students");
-
-addGroup("test:vpn", "other_cohorts", "other_cohorts");
-addComposite("test:vpn:other_cohorts", CompositeType.COMPLEMENT, "test:vpn:vpn_legacy", "test:vpn:vpn_facstaffstudent");
diff --git a/ex401/ex401.1.2/container_files/seed-data/sisData.sql b/ex401/ex401.1.2/container_files/seed-data/sisData.sql
deleted file mode 100644
index e69de29..0000000
diff --git a/ex401/ex401.1.2/container_files/seed-data/users.ldif b/ex401/ex401.1.2/container_files/seed-data/users.ldif
deleted file mode 100644
index e69de29..0000000
diff --git a/ex401/ex401.1.3/Dockerfile b/ex401/ex401.1.3/Dockerfile
deleted file mode 100644
index 756a81e..0000000
--- a/ex401/ex401.1.3/Dockerfile
+++ /dev/null
@@ -1,29 +0,0 @@
-ARG VERSION_TAG
-FROM tier/gte:401.1.2-$VERSION_TAG
-
-LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
-      Vendor="TIER" \
-      ImageType="Grouper Training" \
-      ImageName=$imagenamew \
-      ImageOS=centos7
-
-ENV USERTOKEN=gte-401.1.3
-
-COPY container_files/seed-data/ /seed-data/
-
-#  && setupFiles
-RUN . /usr/local/bin/library.sh \
-    && prep_conf && prep_finish; \
-    (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
-    && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
-    (mysqld_safe & ) \
-    && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \
-    cd /opt/grouper/grouperWebapp/WEB-INF \
-    && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \
-    && mysql grouper < /seed-data/sisData.sql \
-    && if [ ! -f /usr/local/bin/java ]; then ln -s /usr/lib/jvm/java-1.8.0-amazon-corretto/bin/java /usr/local/bin/java; fi \
-    && sudo --preserve-env=PATH -u tomcat bin/gsh.sh /seed-data/bootstrap.gsh \
-    && pkill -HUP slapd \
-    && while curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \
-    pkill -u mysql mysqld \
-    && while curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done
diff --git a/ex401/ex401.1.3/container_files/seed-data/bootstrap.gsh b/ex401/ex401.1.3/container_files/seed-data/bootstrap.gsh
deleted file mode 100644
index 2510b91..0000000
--- a/ex401/ex401.1.3/container_files/seed-data/bootstrap.gsh
+++ /dev/null
@@ -1,19 +0,0 @@
-gs = GrouperSession.startRootSession();
-
-addStem("app", "vpn", "vpn");
-addStem("app:vpn", "service", "service");
-addStem("app:vpn", "security", "security");
-
-addStem("app:vpn:service", "ref", "ref")
-addStem("app:vpn:service", "policy", "policy")
-
-addGroup("app:vpn:service:ref", "vpn_adhoc", "vpn_adhoc");
-addGroup("app:vpn:service:policy", "vpn_authorized", "vpn_authorized");
-addGroup("app:vpn:service:policy", "vpn_authorized_allow", "vpn_authorized_allow");
-addGroup("app:vpn:service:policy", "vpn_authorized_deny", "vpn_authorized_deny");
-
-addMember("app:vpn:service:policy:vpn_authorized_allow", "ref:faculty");
-addMember("app:vpn:service:policy:vpn_authorized_allow", "ref:staff");
-addMember("app:vpn:service:policy:vpn_authorized_allow", "app:vpn:service:ref:vpn_adhoc");
-
-addComposite("app:vpn:service:policy:vpn_authorized", CompositeType.COMPLEMENT, "app:vpn:service:policy:vpn_authorized_allow", "app:vpn:service:policy:vpn_authorized_deny");
diff --git a/ex401/ex401.1.3/container_files/seed-data/sisData.sql b/ex401/ex401.1.3/container_files/seed-data/sisData.sql
deleted file mode 100644
index e69de29..0000000
diff --git a/ex401/ex401.1.3/container_files/seed-data/users.ldif b/ex401/ex401.1.3/container_files/seed-data/users.ldif
deleted file mode 100644
index e69de29..0000000
diff --git a/ex401/ex401.1.4/Dockerfile b/ex401/ex401.1.4/Dockerfile
deleted file mode 100644
index f145d2a..0000000
--- a/ex401/ex401.1.4/Dockerfile
+++ /dev/null
@@ -1,29 +0,0 @@
-ARG VERSION_TAG
-FROM tier/gte:401.1.3-$VERSION_TAG
-
-LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
-      Vendor="TIER" \
-      ImageType="Grouper Training" \
-      ImageName=$imagename \
-      ImageOS=centos7
-
-ENV USERTOKEN=gte-401.1.4
-
-COPY container_files/seed-data/ /seed-data/
-
-#  && setupFiles
-RUN . /usr/local/bin/library.sh \
-    && prep_conf && prep_finish; \
-    (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
-    && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
-    (mysqld_safe & ) \
-    && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \
-    cd /opt/grouper/grouperWebapp/WEB-INF \
-    && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \
-    && mysql grouper < /seed-data/sisData.sql \
-    && if [ ! -f /usr/local/bin/java ]; then ln -s /usr/lib/jvm/java-1.8.0-amazon-corretto/bin/java /usr/local/bin/java; fi \
-    && sudo --preserve-env=PATH -u tomcat bin/gsh.sh /seed-data/bootstrap.gsh \
-    && pkill -HUP slapd \
-    && while curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \
-    pkill -u mysql mysqld \
-    && while curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done
diff --git a/ex401/ex401.1.4/container_files/seed-data/bootstrap.gsh b/ex401/ex401.1.4/container_files/seed-data/bootstrap.gsh
deleted file mode 100644
index 2733435..0000000
--- a/ex401/ex401.1.4/container_files/seed-data/bootstrap.gsh
+++ /dev/null
@@ -1,14 +0,0 @@
-gs = GrouperSession.startRootSession();
-
-//Assign the PSPNG attribute for the standard groups (needs to match 401.1.5's reset)
-group = GroupFinder.findByName(gs, "app:vpn:vpn_authorized");
-
-# Auto create the PSPNG attributes
-edu.internet2.middleware.grouper.pspng.FullSyncProvisionerFactory.getFullSyncer("pspng_groupOfNames");
-
-pspngAttribute = AttributeDefNameFinder.findByName("etc:pspng:provision_to", true);
-AttributeAssignSave attributeAssignSave = new AttributeAssignSave(gs).assignPrintChangesToSystemOut(true);
-attributeAssignSave.assignAttributeDefName(pspngAttribute);
-attributeAssignSave.assignOwnerGroup(group);
-attributeAssignSave.addValue("pspng_groupOfNames");
-attributeAssignSave.save();
\ No newline at end of file
diff --git a/ex401/ex401.1.4/container_files/seed-data/sisData.sql b/ex401/ex401.1.4/container_files/seed-data/sisData.sql
deleted file mode 100644
index e69de29..0000000
diff --git a/ex401/ex401.1.4/container_files/seed-data/users.ldif b/ex401/ex401.1.4/container_files/seed-data/users.ldif
deleted file mode 100644
index e69de29..0000000
diff --git a/ex401/ex401.1.5/Dockerfile b/ex401/ex401.1.5/Dockerfile
deleted file mode 100644
index 13142fb..0000000
--- a/ex401/ex401.1.5/Dockerfile
+++ /dev/null
@@ -1,29 +0,0 @@
-ARG VERSION_TAG
-FROM tier/gte:401.1.4-$VERSION_TAG
-
-LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
-      Vendor="TIER" \
-      ImageType="Grouper Training" \
-      ImageName=$imagename \
-      ImageOS=centos7
-
-ENV USERTOKEN=gte-401.1.5
-
-COPY container_files/seed-data/ /seed-data/
-
-#  && setupFiles
-RUN . /usr/local/bin/library.sh \
-    && prep_conf && prep_finish; \
-    (/usr/sbin/slapd -h "ldap:/// ldaps:/// ldapi:///" -u ldap &) \
-    && while ! curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to start; sleep 1; done; \
-    (mysqld_safe & ) \
-    && while ! curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to start; sleep 3; done; \
-    cd /opt/grouper/grouperWebapp/WEB-INF \
-    && ldapadd -x -D cn=root,dc=internet2,dc=edu -w password -f /seed-data/users.ldif \
-    && mysql grouper < /seed-data/sisData.sql \
-    && if [ ! -f /usr/local/bin/java ]; then ln -s /usr/lib/jvm/java-1.8.0-amazon-corretto/bin/java /usr/local/bin/java; fi \
-    && sudo --preserve-env=PATH -u tomcat bin/gsh.sh /seed-data/bootstrap.gsh \
-    && pkill -HUP slapd \
-    && while curl -s ldap://localhost:389 > /dev/null; do echo waiting for ldap to stop; sleep 1; done; \
-    pkill -u mysql mysqld \
-    && while curl -s localhost:3306 > /dev/null; do echo waiting for mysqld to stop; sleep 1; done
diff --git a/ex401/ex401.1.5/container_files/seed-data/bootstrap.gsh b/ex401/ex401.1.5/container_files/seed-data/bootstrap.gsh
deleted file mode 100644
index 641c44e..0000000
--- a/ex401/ex401.1.5/container_files/seed-data/bootstrap.gsh
+++ /dev/null
@@ -1,74 +0,0 @@
-gs = GrouperSession.startRootSession();
-
-addStem("ref", "iam", "iam");
-addGroup("ref:iam", "global_deny", "global_deny");
-
-addMember("app:vpn:vpn_deny", "ref:iam:global_deny");
-
-group=addGroup("app:vpn:ref", "vpn_ajohnson409", "vpn_ajohnson409");
-group.setDescription("special project managed by ajohnson409");
-group.store();
-
-addStem("app:vpn", "etc", "etc");
-addGroup("app:vpn:etc", "vpn_ajohnson409_mgr", "vpn_ajohnson409_mgr");
-addMember("app:vpn:etc:vpn_ajohnson409_mgr", "ajohnson409")
-grantPriv("app:vpn:ref:vpn_ajohnson409", "app:vpn:etc:vpn_ajohnson409_mgr", AccessPrivilege.ADMIN);
-
-group=addGroup("app:vpn:ref", "vpn_consultants", "vpn_consultants");
-group.setDescription("Consultants, must be approved by VP and have expiration date set");
-group.store();
-
-# Auto create the PSPNG attributes
-# edu.internet2.middleware.grouper.pspng.FullSyncProvisionerFactory.getFullSyncer("pspng_groupOfNames");
-
-pspngAttribute = AttributeDefNameFinder.findByName("etc:pspng:provision_to", true);
-AttributeAssignSave attributeAssignSave = new AttributeAssignSave(gs).assignPrintChangesToSystemOut(true);
-attributeAssignSave.assignAttributeDefName(pspngAttribute);
-attributeAssignSave.assignOwnerGroup(group);
-attributeAssignSave.addValue("pspng_groupOfNames");
-attributeAssignSave.save();
-
-
-addMember("app:vpn:ref:vpn_adhoc", "app:vpn:ref:vpn_ajohnson409");
-addMember("app:vpn:ref:vpn_adhoc", "app:vpn:ref:vpn_consultants");
-
-
-//Assign the PSPNG attribute for the standard groups
-group = GroupFinder.findByName(gs, "app:vpn:ref:vpn_ajohnson409");
-
-attribute = AttributeDefNameFinder.findByName("etc:attribute:attestation:attestation", true);
-attributeAssignSave = new AttributeAssignSave(gs).assignPrintChangesToSystemOut(true);
-attributeAssignSave.assignAttributeDefName(attribute);
-attributeAssignSave.assignOwnerGroup(group);
-
-attributeAssignOnAssignSave = new AttributeAssignSave(gs);
-attributeAssignOnAssignSave.assignAttributeAssignType(AttributeAssignType.group_asgn);
-attestationSendEmailAttributeDefName = AttributeDefNameFinder.findByName("etc:attribute:attestation:attestationSendEmail", false);
-attributeAssignOnAssignSave.assignAttributeDefName(attestationSendEmailAttributeDefName);
-attributeAssignOnAssignSave.addValue("true");
-attributeAssignSave.addAttributeAssignOnThisAssignment(attributeAssignOnAssignSave);
-
-attributeAssignOnAssignSave = new AttributeAssignSave(gs);
-attributeAssignOnAssignSave.assignAttributeAssignType(AttributeAssignType.group_asgn);
-attributeDefName = AttributeDefNameFinder.findByName("etc:attribute:attestation:attestationDirectAssignment", false);
-attributeAssignOnAssignSave.assignAttributeDefName(attributeDefName);
-attributeAssignOnAssignSave.addValue("true");
-attributeAssignSave.addAttributeAssignOnThisAssignment(attributeAssignOnAssignSave);
-
-attributeAssign = attributeAssignSave.save();
-
-
-// Groovy Script - Auto set expiration date on membership:
-numDays = 32;
-actAs = SubjectFinder.findRootSubject();
-vpn_adhoc = getGroups("app:vpn:ref:vpn_adhoc")[0];
-attribAssign = vpn_adhoc.getAttributeDelegate().addAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign();
-attribValueDelegate = attribAssign.getAttributeValueDelegate();
-attribValueDelegate.assignValue(RuleUtils.ruleActAsSubjectSourceIdName(), actAs.getSourceId());
-attribValueDelegate.assignValue(RuleUtils.ruleRunDaemonName(), "F");
-attribValueDelegate.assignValue(RuleUtils.ruleActAsSubjectIdName(), actAs.getId());
-attribValueDelegate.assignValue(RuleUtils.ruleCheckTypeName(), RuleCheckType.membershipAdd.name());
-attribValueDelegate.assignValue(RuleUtils.ruleIfConditionEnumName(), RuleIfConditionEnum.thisGroupHasImmediateEnabledNoEndDateMembership.name());
-attribValueDelegate.assignValue(RuleUtils.ruleThenEnumName(), RuleThenEnum.assignMembershipDisabledDaysForOwnerGroupId.name());
-attribValueDelegate.assignValue(RuleUtils.ruleThenEnumArg0Name(), numDays.toString());
-attribValueDelegate.assignValue(RuleUtils.ruleThenEnumArg1Name(), "T");
diff --git a/ex401/ex401.1.5/container_files/seed-data/sisData.sql b/ex401/ex401.1.5/container_files/seed-data/sisData.sql
deleted file mode 100644
index e69de29..0000000
diff --git a/ex401/ex401.1.5/container_files/seed-data/users.ldif b/ex401/ex401.1.5/container_files/seed-data/users.ldif
deleted file mode 100644
index e69de29..0000000
diff --git a/ex401/ex401.1.6/Dockerfile b/ex401/ex401.1.6/Dockerfile
deleted file mode 100644
index 14a52d0..0000000
--- a/ex401/ex401.1.6/Dockerfile
+++ /dev/null
@@ -1,10 +0,0 @@
-ARG VERSION_TAG
-FROM tier/gte:401.1.5-$VERSION_TAG
-
-LABEL author="tier-packaging@internet2.edu <tier-packaging@internet2.edu>" \
-      Vendor="TIER" \
-      ImageType="Grouper Training" \
-      ImageName=$imagename \
-      ImageOS=centos7
-
-ENV USERTOKEN=gte-401.1.6
diff --git a/ex401/ex401.1.end/container_files/seed-data/bootstrap.gsh b/ex401/ex401.1.end/container_files/seed-data/bootstrap.gsh
index f9e3b49..c1daa24 100644
--- a/ex401/ex401.1.end/container_files/seed-data/bootstrap.gsh
+++ b/ex401/ex401.1.end/container_files/seed-data/bootstrap.gsh
@@ -19,11 +19,6 @@ attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperL
 attributeAssign.getAttributeValueDelegate().assignValue(LoaderLdapUtils.grouperLoaderLdapSubjectExpressionName(), "\${loaderLdapElUtils.convertDnToSpecificValue(subjectId)}");
 loaderRunOneJob(group);
 
-// stub out loader jobs
-//addGroup("ref", "faculty", "faculty");
-//addGroup("ref", "staff", "staff");
-//addGroup("ref", "student", "student");
-
 // Create the groups that do the grouper math to analyze the tables.
 addGroup("test:vpn", "vpn_faculty", "vpn_faculty");
 addComposite("test:vpn:vpn_faculty", CompositeType.INTERSECTION, "test:vpn:vpn_legacy", "ref:faculty");
@@ -31,12 +26,7 @@ addGroup("test:vpn", "vpn_staff", "vpn_staff");
 addComposite("test:vpn:vpn_staff", CompositeType.INTERSECTION, "test:vpn:vpn_legacy", "ref:staff");
 addGroup("test:vpn", "vpn_students", "vpn_students");
 addComposite("test:vpn:vpn_students", CompositeType.INTERSECTION, "test:vpn:vpn_legacy", "ref:student");
-addGroup("test:vpn", "vpn_facstaffstudent", "vpn_facstaffstudent");
-addMember("test:vpn:vpn_facstaffstudent", "test:vpn:vpn_faculty");
-addMember("test:vpn:vpn_facstaffstudent", "test:vpn:vpn_staff");
-addMember("test:vpn:vpn_facstaffstudent", "test:vpn:vpn_students");
-addGroup("test:vpn", "other_cohorts", "other_cohorts");
-addComposite("test:vpn:other_cohorts", CompositeType.COMPLEMENT, "test:vpn:vpn_legacy", "test:vpn:vpn_facstaffstudent");
+
 
 // 401.1.2
 addStem("app", "vpn", "vpn");
@@ -53,20 +43,20 @@ addGroup("app:vpn:service:policy", "vpn_authorized_deny", "vpn_authorized_deny")
 addMember("app:vpn:service:policy:vpn_authorized_allow", "ref:faculty");
 addMember("app:vpn:service:policy:vpn_authorized_allow", "ref:staff");
 addMember("app:vpn:service:policy:vpn_authorized_allow", "app:vpn:service:ref:vpn_adhoc");
+addMember("app:vpn:service:policy:vpn_authorized_deny", "ref:iam:global_deny");
 
 addComposite("app:vpn:service:policy:vpn_authorized", CompositeType.COMPLEMENT, "app:vpn:service:policy:vpn_authorized_allow", "app:vpn:service:policy:vpn_authorized_deny");
 
-// 401.1.3 - not sure what this isn't working... comment out for now.
+// 401.2
 // Auto create the PSPNG attributes
-// edu.internet2.middleware.grouper.pspng.FullSyncProvisionerFactory.getFullSyncer("pspng_groupOfNames");
-// pspngAttribute = AttributeDefNameFinder.findByName("etc:pspng:provision_to", true);
-// AttributeAssignSave attributeAssignSave = new AttributeAssignSave(gs).assignPrintChangesToSystemOut(true);
-// attributeAssignSave.assignAttributeDefName(pspngAttribute);
-// attributeAssignSave.assignOwnerGroup(vpn_authorized);
-// attributeAssignSave.addValue("pspng_groupOfNames");
-// attributeAssignSave.save();
-
-// 401.1.4
+edu.internet2.middleware.grouper.pspng.FullSyncProvisionerFactory.getFullSyncer("pspng_groupOfNames");
+pspngAttribute = AttributeDefNameFinder.findByName("etc:pspng:provision_to", true);
+AttributeAssignSave attributeAssignSave = new AttributeAssignSave(gs).assignPrintChangesToSystemOut(true);
+attributeAssignSave.assignAttributeDefName(pspngAttribute);
+attributeAssignSave.assignOwnerGroup(vpn_authorized);
+attributeAssignSave.addValue("pspng_groupOfNames");
+attributeAssignSave.save();
+
 group=addGroup("app:vpn:service:ref", "vpn_consultants", "vpn_consultants");
 group.setDescription("Consultants, must be approved by VP and have expiration date set");
 group.store();
@@ -86,7 +76,6 @@ GrouperSession.start(findSubject("ajohnson409"))
 addMember("app:vpn:service:ref:vpn_ajohnson409", "bsmith458")
 
 
-// 401.1.5
 // Attestation requirement
 gs = GrouperSession.startRootSession();
 group = GroupFinder.findByName(gs, "app:vpn:service:ref:vpn_ajohnson409");
@@ -118,32 +107,23 @@ vpn_consultants = GroupFinder.findByName(gs, "app:vpn:service:ref:vpn_consultant
 attribAssign = vpn_consultants.getAttributeDelegate().addAttribute(RuleUtils.ruleAttributeDefName()).getAttributeAssign();
 attribValueDelegate = attribAssign.getAttributeValueDelegate();
 attribValueDelegate.assignValue(RuleUtils.ruleActAsSubjectSourceIdName(), actAs.getSourceId());
+//attribValueDelegate.assignValue(RuleUtils.ruleRunDaemonName(), "F");
 attribValueDelegate.assignValue(RuleUtils.ruleActAsSubjectIdName(), actAs.getId());
 attribValueDelegate.assignValue(RuleUtils.ruleCheckTypeName(), RuleCheckType.membershipAdd.name());
+//attribValueDelegate.assignValue(RuleUtils.ruleIfConditionEnumName(), RuleIfConditionEnum.thisGroupHasImmediateEnabledNoEndDateMembership.name());
 attribValueDelegate.assignValue(RuleUtils.ruleThenEnumName(), RuleThenEnum.assignMembershipDisabledDaysForOwnerGroupId.name());
 attribValueDelegate.assignValue(RuleUtils.ruleThenEnumArg0Name(), numberOfDays.toString());
 attribValueDelegate.assignValue(RuleUtils.ruleThenEnumArg1Name(), "T");
 
 addMember("app:vpn:service:ref:vpn_consultants", "jsmith")
 
-// 401.1.4 VPN access audit for list of NetIDs
+// VPN access audit for list of NetIDs
 addGroup("test:vpn", "vpn_audit_list", "vpn_audit_list");
+addMember("test:vpn:vpn_audit_list","aroberts95");
 addMember("test:vpn:vpn_audit_list","ahenderson36");
+addMember("test:vpn:vpn_audit_list","bsmith458");
 addMember("test:vpn:vpn_audit_list","cpeterson37");
 addMember("test:vpn:vpn_audit_list","jclark39");
-addMember("test:vpn:vpn_audit_list","kbrown62");
-addMember("test:vpn:vpn_audit_list","tpeterson63");
-addMember("test:vpn:vpn_audit_list","pjohnson64");
-addMember("test:vpn:vpn_audit_list","aroberts95");
-addMember("test:vpn:vpn_audit_list","sdavis107");
-addMember("test:vpn:vpn_audit_list","mhenderson109");
-addMember("test:vpn:vpn_audit_list","jvales117");
-addMember("test:vpn:vpn_audit_list","sgrady139");
-addMember("test:vpn:vpn_audit_list","mprice142");
-addMember("test:vpn:vpn_audit_list","mwilliams144");
-addMember("test:vpn:vpn_audit_list","lpeterson153");
-addMember("test:vpn:vpn_audit_list","mvales154");
-addMember("test:vpn:vpn_audit_list","bsmith458");
 
 addGroup("test:vpn", "vpn_audit", "vpn_audit");
 addComposite("test:vpn:vpn_audit", CompositeType.INTERSECTION, "app:vpn:service:policy:vpn_authorized", "test:vpn:vpn_audit_list");