Access admin share from Users account. UAC into admin.

Similar Messages

• AUDIT action (create, delete, privilege escalation, set and change password from users account and group) users and admins in Solaris 10

  Hello.
  in Solaris 10 i need auditing process create, delete, privilege escalation, set and change password and etc... from users account and group.
  I set settings:
  in file syslog.conf:
  *.info;mail.none;cron.none;audit.notice            @IP-Remote-syslog-server-SIEM
  in file   /etc/security/audit_control:
  dir:/var/audit
  flags:lo,ad,ex,cc,am,no,fc,fd
  minfree:20
  naflags:lo
  plugin:name=audit_syslog.so;p_flags=lo,ad,ex,cc,am,no
  in file   /etc/security/audit_user:
  root:lo,ad:no
  Now I see in the logs only the fact of a connection via SSH and run processes on behalf of users. Creation. delete users, change passwords for some reason do not is logged.
  Many users. For each individual write permissions in the file /etc/security/audit_user not possible, it is likely to forget any new user (or there is a possibility in this file one line to describe the audits for all accounts?)
  Where is the mistake?

  You are most likely hitting Bug 15779000 user/role/groupadd/mod/del don't audit their use.
  And the fix is only available in S11.2.
  -- Renaud

• HT201084 can you limit what kids can share from your account

  With Family Sharing, do my kids still have to ask permission to download an app that I purchase? I would like to limit what each kid can have from my purchased apps. For example, if I buy a game on my mac mini Family Shared iTunes, can I then decide which kids can download it, or do they all automatically get it?

  Hi,
  If you meant "Hide so he Can't... " then the answer is no.
  Any Screen Sharing lets the Viewing End the same access as you have.
  What you can do is set up a Test User Account on your Mac (System Preferences > Accounts)
  This in effect give that User all their own Folders in their Home Folder.
  You could put Files, docs and other things in the Public Folder of that account, that you want to "Share, from your Account, so that when you Log in as the Test User they can have access to them.
  Public Folders are what other Users on a Mac can "See". They can only Look.
  Unless you set up Remote Login in System Preferences > Sharing to behave differently it is also all someone logging in from outside your computer can "see" (like Windows can only see Shared folders).
  Once you login as another User your regular User Account is inaccessible apart from the Shared (Public folder only by default) folders.
  putting things in the Drop Box in the Test account will make copies of them to do so allowing you to keep unaltered originals.
  I hope I have said that clearly enough.
  9:57 PM Sunday; August 2, 2009
  Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"

• Accessing file shares from JSP

  Hi,
  I need to be able to access file shares from a JSP page. Here's the JSP code:
  <%@ page language="java" %>
  <%@ page import="java.io.*" %>
  <%@ page errorPage="errorPage.jsp" %>
  <%
  String fileSystemPath = "\\\\130.26.1.199\\MeetingManager30\\test.txt";
  File f = new File(fileSystemPath);
  f.createNewFile();
  %>The above code resides in a server with IP 130.9.68.6 and is deployed onto the Tomcat on the server.
  When I tried to run the above code, I got this error
  java.io.IOException: Access is denied at java.io.WinNTFileSystem.createFileExclusively(Native Method) at java.io.File.createNewFile(File.java:827) at org.apache.jsp.test_jsp._jspService
  (test_jsp.java:55) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:137) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.jasper.servlet.JspServletWrapper.service
  (JspServletWrapper.java:210) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241) at
  javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247) at
  org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke
  (StandardWrapperValve.java:256) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at
  org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContextValve.invoke
  (StandardContextValve.java:191) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at
  org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2422) at
  org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok
  eNext(StandardPipeline.java:643) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171) at
  org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:163)
  at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641) at
  org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardEngineValve.invoke
  (StandardEngineValve.java:174) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at
  org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:199) at
  org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:833) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processCon
  nection(Http11Protocol.java:711) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:584) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run
  (ThreadPool.java:687) at java.lang.Thread.run(Thread.java:536) Seems like I'm having a system level security setting problem here.
  I know it's a security issue, because I've encountered the equivalent problem in ASP/IIS, and I had to give a domain user rights to both the IIS Virtual Directory, and the file share to be able to access.
  Any ideas how to set up Tomcat to be able to access the file share successfully?
  Thanks in advance!

  Hello Veer,
  From what you have posted it looks like while logging your error another problem occurred. Did you get any output from your System.out calls? If not can you try adding a few in order to home in the problem area.
  Hussein Badakhchani
  www.orbism.com

• Issues accessing domain share from domain controller

  Hi,
  About 2 weeks ago, 2 of my domain controllers at one of our facilities has lost access to a domain share. If I try to access the share from the dc's, it prompts for a username/password. Now if I go to my workstation at corp, the share works fine. I can't
  seem to figure out where the problem is. Any suggestions?
  Thanks in advance!

  You can use dcdiag and repadmin to check your DCs and your replication health status. That should let you see if something is wrong.
  This posting is provided AS IS with no warranties or guarantees , and confers no rights.
  Ahmed MALEK
  My Website Link
  My Linkedin Profile
  My MVP Profile

• Cant Access external shares from my admin account

  Hi,
  the title says it all.
  No matter if I try to connect via smb or afp. If I try to log in from the admin account to external afp or smb shares the login is refused cause of permissions.
  IF I do switch to a user other than the system admin account, the access to external shares works like a charm.
  In my case its an external NAS from Buffalo (Linkstation Duo).
  Also from other Lion machines ... no problem when trying to access that share.
  Im aware of the DHCAST128 changes but as you can read above it seems that this is not the issue.
  Any hints or suggentions?
  Thanks!
  Andrew

  Hi-
  You can use the account that you use daily, as SuperDuper will clone the entire drive, which includes all accounts, applications and data. SD will require an administrator password to run the cloning, but this can be done from any account.

• I want to take old emails from one user account to another. Can't access 'net with old user account.

  My computer was infected some time back, and the only way I could use most programs was to set up a new user account. Now I want to retrieve some old emails and move them to my new account, but can't seem to make it happen. F/fox opens under old a/c, but can't access 'net so I can't forward them. I tried putting them into a folder, putting it on a USB drive and dragging that into 'fox in my new a/c, but it won't open. I am using Win XP.

  two ipods wrote:
  I have my husband Iphone and an Ipad on one account.  I have my own phone on another account. I want to move the Ipad from my husbands account to my account so I can purchase him an Ipad2 and I can use the old one with all the settings and apps as they are now and then update with my contact information.
  How do I do this?
  He will run into a problem when he wants to use his own account.  Some apps will have been purchased on one Apple ID and other apps will have been purchased on a different Apple ID.  That's a nuisance situation when the apps need updating and, unfortunately, there is no resolution at the present time (IDs can not be combined).

• Guest user account logged into while away from house/computer!!!

  Warning: I am not a tech-pro!
  Okay, I have a 2011 Mac Book Pro running OS X LION 10.75 (11G63) unsure what those last numbers mean but they were there so I thought perhaps it might be helpful to add them.
  Recently I moved into a granny flat and pay $10 a week to use their unlimited internet wifi. I log into my wifi through this device called a WiFi Repeater? It's plugged into the wall in my unit, as I warned I am not incredibly tech savvy so I am only guessing when I say I suppose this extends the main wifi signal from the actual home owners upstairs big modem? Any who.... A few times I have seen in the Finder Memu ot says 'Shared' and under that 'Wendys PC' (Wendy is the homeowner) then if you click on it it tries to connect but won't or there is a 'Connect As' option which brings up a little screen saying - connect as wendy, which requires a password or connect as guest which doesn't look like it requires a password- I'm not certain because I've never tried to connect any further, I only pressed that initial connect button when I had mentioned to Wendy I could see her PC & she asked me to press connect & prove I could not in fact connect (I'm starting to despise the word 'connect' since having to type this post about connection). So... We just kind of let it go. It did really worry me that Wendy (who worked in the tech field for years in particular with an Internet provider, could possibly connect to my computer and nosey through all my files- and to be honest, that would not actually suprise me. She is incredibly 'inquisitive'... And that's putting it mildly. I do have a password on my Mac Book Pro but I don't think that would be that hard to break through/hack if you have the knowledge/software. And yes, I do have confidential files on there! Banking/business/private photos (I'm trying to lose weight so take one nude photo per day to do a time lapse of myself in a year or two- obviously for myself not for others eyes lol and I would literally die in the *** if someone ever saw these). So basically I have good reason to protect my privacy. As does everyone! Anyway my first question is - Could she log in and how could I tell if she had? Now, the second part of this ridiculously long question (my apologies) is I was logged into my personal account all last night & this morning. As I stated- it IS password protected. The user account is not. Before I went out (and I can't actually recall if I closed the lid or not when I rushed out today... Usually I do but maybe I didnt... Whatevs) So, I get home and activate the screen by moving my finger on the touch pad and lo & behold I'm straight away looking at a totally different screen? It took me a few seconds to realise why my desktop looked completely different with none of my files etc... It was - as you've probably guessed- because I was in fact in the guest user account. Now, I didn't even have to click ON 'Guest User' as I normally have to. When you turn my Mac on it always comes up with - 'My Full Name' (one account login) and then 'Guest User' (the second account login option).... So you HAVE to choose which one you want! But my screen was straight away logged into the Guest Users desktop! I did NOT do this guys! So, of course now I'm extremely concerned that either she, her husband or their son whom is visiting for the weekend - have either a) logged in remotely on one of their computers or b) have come into my home and tried logging in & then forgot to log out of the guest account. I want to know if there is any way to find out what they did, what they opened if they did, how to stop it from both happening at all or if my suspicions are in fact happeninh AGAIN   And I guess on a more personal, less tech involved note - how would you all deal with such a situation? Let it go? Or be upfront about the fears/concerns I am experiencing since moving in just over a month ago. AND most importantly - IS there any other reason -other than someone physically logging into my guest user account & failing/forgetting to log back out so that when I got home & activated my screen I was actually looking at the guest user desktop's account instead of the Mail application screen in the 'My Full Name' password protected user account where I had actually left it before rushing out.... Like, is there ANY other possibly explanation for my user account being logged into when I'd left it on my own account t before I left that doesn't include someone in the house hacking/breaking into/snooping through my Mac? Also- you should understand that when I leave my Mac for just a few minutes I have it set up so that the computer screen 'sleeps' (I'm assuming that's the correct term) so that if for instance -exactly like this morning- I have to rush out and don't want to/don't have time to save work/quit applications/shut down etc... I can walk away leaving the laptop as is knowing within a few minutes the screen saver comes up (and if that's ledr for long enough it goes into sleep mode) and no one can actually enter my private account without my password. I feel safe knowing that.
  Sorry.... I FELT safe.
  I'm truly sorry for how long-winded this question has become, I simply wanted to give anyone possibly willing to help me sort out this issue, as much information as possible. I think I have actually only posted here once before (I find these sort of forums quite intimidating) and I often see people getting bashed for not providing enough information. So, I'm pretty sure I'll get picked on for too many words if anything!!?! Lol
  Thank you, in advance for your help!
  Olivia;-).

  Ouch.
  Not easily. You could try data recovery software... maybe SubRosaSoft's File Salvage or the like.

• I am not able to access Firefox under one user account on my computer so I created another account. How can I transfer the bookmarks from the old account?

  I use windows Vista and I cannot open Firefox under one user account (I keep receiving the "firefox profile cannot be loaded . . ." error message) on my computer so I created another account. How can I transfer the bookmarks from the old account?

  NOTE: you can skip this 1st step.
  Step 1
  I'm on Win7 so the paths might be slightly different... C:\Users\(YOUR PC ACCOUNT)\AppData\Roaming\Mozilla\Firefox\Profiles\bnelgkol.default\bookmarkbackups ... Find the "bookmarks-[DATE].json" you want and copy it to the profile you want. You may want to change the date to a name you will recognize.
  Step 2
  Then on your browser "Bookmarks>Show All Bookmarks or Ctrl+Shift+B ". This will bring up the Bookmark Organizer, I think they call it Library now. From there click "Import & Back up>Restore" this will bring up a drop down with your back ups. If you followed step 1, find the json you added and select it. If you skipped step 1, from "Import & Back up>Restore" select "Choose File..." Then browser for the json you want to import. Which should be in a similar location as mentioned in step 1.
  NOTE: "AppData" is a hidden folder, will have to set show hidden folders to be able to see it.

• Email from one account logs into another user

  My daughter has her own iCloud account.  However, when she sends an e-mail from her computer it logs into my account and shows as being sent from my account

  Find the message in Sent folder. Verify account used to send. It's not uncommon that you have selected the Inbox for another account when composing a message. The message is sent from that account.
  If you want to default to a specific account, in Mail > Preferences > Composing select Send new messages from <select account from popup>

• Cannot access SMB shares from Windows boxes in AD domain

  Hey folks
  I've needed to tackel this for sometime, but Santa is bringing me a dual core G5 and the urgency just increased.
  I have an Active Directory domain and all of my macs are successfully joined and get Kerberos tickets upon login. I can access any shares I need from OS X -> windows but NOT the other way around.
  I did finally noticed that only local user accounts seem to appear in the accounts list in the sharing pref pane. So I have figured out that I can access any users folder with that one account- OUCH! What I need is access control based on the user.
  For instance if I want to share ~jdoe and jdoe is a mobile account and an AD user then if I am logged into windows as [email protected] then I should be able to access the share on the mac. Conversly I should not be able to access ~jdoe with the mac's local admin account and pass.
  Do I need to change my smb.conf to reflect AD and if so, where/what?
  Also, do I need to map UIDs to anything? And, is that a security risk?
  Thanks!
  -N

  Hi SpaceBass, have you looked into sharepoints or into Netinfo manager. I have been playing around with sharepoints and it does let me enter non local users into the sharing prefs- albeit manually. Only thing is , depending on the number of macs you have, it could be a long and tedious job entering it all by hand. Netinfo may have an easier way, I'll do some more digging and post back.
  Cheers.

• When I click on the icon to start firefox, the screen dims and I get this question in a dialogue box from User Account Control....."Do you want to allow the following program to make changes to this computer"

  Every time I start firefox

  '''If you have Windows-7: Home Basic and Home Premium this works.'''
  1. Create a new text file
  2. Copy the text below into it.
  <code>
  Windows Registry Editor Version 5.00
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
  "ConsentPromptBehaviorAdmin"=dword:00000000
  </code>
  3. Save as, e.g. DisableUACadmin.reg The reg extension is recognized by the registry editor.
  4. Double-click your file and accept everything.Then do PART II below.
  '''If you have Windows-7: Professional (Business), Enterprise and Ultimate Editions this works.'''
  1. From the START MENU open the Control Panel and click on the Administrative Tools icon.
  2. Double click on Local Security Policy to open it.
  3. Browse down to Local Policies and then down to Security Options
  4. In the list find: “User Account Control: Behavior of the elevation prompt for administrators in Admin Approval
  Mode” and double-click on it.
  5. Using the dropdown window change the setting to “Elevate without prompting”.
  6. Close out all your windows and do PART II below
  '''PART II'''
  For all versions of Windows-7, now you can right-click the FireFox icon and select properties. Click on the Compatibility tab and select "Run this program as an Administrator".
  No more UAC for Firefox.

• Share between user accounts

  I've seen all kinds of info on home sharing for sharing tunes between computers, but how do I share some of my tunes that are saved in my user account with my daughter in her user account, so that she does not have to access my entire library in order to sync her iPod?

  Thank you! I should have thought of that. So, what I actually did was go into finder, "get info" on the Minecraft folder, and check the "share folder" box in the info window.  I was then able to open his saved worlds on his account, and doing it this way will mean any changes to them can be accessed from my account as well.
  Thanks again!

• How to access ZFS share from Windows 7?

  I am new to UNIX and am having a hard time to get a ZFS share to access from windows 7 on my home network.
  I was able to access both WHS 2011 and QNAP 459 share on SE 11 by using the file manager - Server - windows & then just using the IP address, username, password. That was easy or at least similar to what I was used with windows 7.
  However, I have yet to be able to access a ZFS pool containing a share that I can access from another windows 7 machine at home.
  Apparently, I can mount the share from windows but the login name/password do not get accepted when I add a network connection in windows. Windows does seem to find the path \\solaris\tank_share1 and even mounts it, but the login for SE 11 does not work for some reason.
  I changes the workgroup name to WORKGROUP in windows but that did not change anything. I tried to edit the pam.conf file by changing the ownership from root to myself so I could use gedit since it has been 15 years since I last used vi. However, that corrupted the setup as I got "system error" message on reboot that never got out of that infinite loop.
  I am basically using the instruction through the following link:
  http://blogs.oracle.com/observatory/entry/accessing_opensolaris_shares_from_windows
  Any help to get this problem resolved is much appreciated
  Thanks,
  Kurt

  The documented procedure of having to edit the pam_conf file seems to work followed by resetting one's password seems to work after all. I believe, by taking away ownership from root to "admin user" screwed things up. I had to relearn how to use vi but that didn't take very long.
  Got about 50 MB/s speed coping from Windows SSD to SE11 SSD via very small (5 GB) RAIDZ array in VMWare (running on top of WIN 7-64). I have to try native SE11 SSD next as the VMWare setup is just for practice.
  Q: Is there a way to launch gedit from the terminal window in root mode so I wouldn't have to use vi?
  Kurt

• Access Mail centrally from several accounts?

  Is it possible to set up Mail so that people using separate OS X accounts can all see the same copy of Mail? So, if one person downloads messages, they will be also appear in Mail in other accounts. I want to keep an eye on my children's emails, and at the moment I've set up the computer with a separate account for email, and all family members check for emails there. This is OK, but causes problems if you want to attach photos or documents, because you have to open your own account and transfer the items to Shared, and then go back into the email account. I thought maybe you could put the mailboxes themselves in the Shared folder, and make Mail access them there, but I don't know if this is possible.
  Mac Mini   Mac OS X (10.4.7)  

  Set up Mail in your children's accounts as follows:
  1. Set Preferences > Accounts > Advanced > Remove copy from server after retrieving a message to either After one week or After one month, to give you time to download the same messages in your own user account.
  2. If you also want to see the messages they send, enable Preferences > Composing > Automatically [BCC] myself. Your children may wonder why they receive a copy of every message they send if you do this, though.
  In your user account, set up your children's mail accounts as follows:
  1. Disable Preferences > Accounts > Advanced > Remove copy from server after retrieving a message, to avoid removing messages from the server that your children haven't downloaded yet.
  2. There is nothing else to do here.
  Note that your children can easily change those settings if they know how to do it (or even if they don't know, but they are curious and decide to start playing with them).
  Alternatively (or in addition to) the above measures, you can also use the Parental Controls features of Tiger -- read the relevant articles in Mac Help or Mail Help for more information on this.