Acrobat 7 requires admin password at every launch for non admin users?

Similar Messages

• Since upgrading to Mavericks my Adobe Acrobat 9 Pro requires administrative password on every launch--whats with that?

  Since upgrading to Mavericks my Adobe Acrobat 9 Pro requires administrative password on every launch which seems like an unnecessary step.  Does anyone know why this is happening and what can be done to eliminate this?

  Download and run the combo updater to refresh your files.
  OS X Mavericks 10.9.3 (Update (Combo)
  http://support.apple.com/kb/DL1746
  Open Disk Utility and run Repair Permissions
  You might need to remove and reinstall Acrobat. Be sure you are in an admin account when installing.

• How do I require a password between every app purchase on my iPad?

  How do I require a password between every app purchase?  I'm trying to avoid having my son make purchases without my consent.

  See if you have something in your settings that shows Profile. Settings>General>Profiles.
  Important: Restrictions can also be enabled or enforced using a profile (typically installed when using the device for business or education purposes). You can check for installed profiles in Settings > General > Profiles. For additional information, contact the administrator or the person who installed the profile.

• Allowing Shockwave Player to run for non-admins

  Hi all, I see the following problem on and off for years now, with Adobe Flash and in particular Adobe Shockwave Player.
  I have a school that has a Windows 7 lab. Shockwave Player 11.6 is installed as part of the base image. It shows up in "Programs and Features"
  After it was initially installed, I tested the plug-in by going to http://www.adobe.com/shockwave/welcome and it worked fine.
  The problem I'm having is with non-admin users. Our students aren't local admins. Say they go to a website that has Shockwave content, for example, http://www.pbs.org/wgbh/aso/tryit/dna/index.html
  When I (with a non-admin student account) click on the link to play the Shockwave content, a pop-up window appears. Then IE 9 displays a message "This webpage wants to run the following add-on: "Adobe Shockwave Player 11.6" from Adobe Systems Incorporated. Allow/Allow for all websites?" I don't want to see this again, so I click Allow for All websites. Then I get another window: "Adobe Shockwave Player is now installing....Installing compatibility components." So far, so good. The problem is, once the installation progress bar gets to the end, Windows User Access control pops up prompting for an admin user account and password to complete the install. Since they don't have an admin account, the install can't complete.
  How do I get Shockwave Player to "just work" for non admin users? I see for Flash there is this document at http://forums.adobe.com/thread/987370 about registry permissions, etc. Is there a similar solution for Shockwave Player?
  Please help, thanks,
  Sir_Timbit

  If SW is trying to install compatibility components, be sure to run the full installer before creating your base image

• User Interface Access Customisation for non admin users

  Hi,
  It is understood that for non-admin users, some features of the Planning Interface is not enabled and this can be controlled by proper access permissions. But, is it possible to extend the customization to provide some additional features in the menu bar for an user?
  For example, if View User wants to manage task lists. Is it possible by some sort of customization? Please advise.
  Thanks.

  Hi,
  You can create right click menus, and you can also create links on the tools page. Would any of these help you?
  Here is the doc on those subjects:
  Creating and Updating MenusAdministrators can create right-click menus and associate them with data forms, enabling users to click rows or columns in data forms and select menu items to:
  Launch another application, URL, or business rule, with or without runtime prompts
  Move to another data form
  Move to Manage Approvals with a predefined scenario and version
  The context of the right-click is relayed to the next action: the POV and the Page, the member the user clicked on, the members to the left (for rows), or above (for columns).
  When designing data forms, use Other Options to select menus available for Data Form menu item types. As you update applications, update the appropriate menus. For example, if you delete a business rule referenced by a menu, remove it from the menu.
  To create, edit, or delete menus:
  Select Administration, then Manage, then Menus.
  Perform one action:
  To create a menu, click Create, enter the menu's name, and click OK.
  To change a menu, select it and click Edit.
  To delete menus, select them, click Delete, and click OK.>
  Specifying Custom ToolsAdministrators can specify custom tools, or links, for users on the Tools page. Users having access to links can click links from the Tools menu to open pages in secondary browser windows.
  To specify custom tools:
  Select Administration, then Application, then Settings.
  For Show, select Advanced Settings.
  Click Go.
  Select Custom Tools.
  For each link:
  For Name, enter the displayed link name.
  For URL, enter a fully qualified URL, including the http:// prefix
  For User Type, select which users can access the link.
  Click Save.

• Disabling Windows Explorer For Non Admins and Leaving it Enabled For Admins.

  Good evening,
  I am running a Citrix XenApp environment and I need to disable explorer.exe from running for non admin users. My team and I have discovered that exporer.exe can be accessed by any app that is being used by the end user and therefore can grant that user access
  to the XenApp server interface--this is a BIG NO NO!
  The users do not have admin rights when in explorer.exe but they can shutdown the server. I can disable a few areas such as the taskmgr, regedit, cmd, windows+x, and I can prevent the user from shutting down the system by only allowing them to log off,
  and prevent them from making changes to desktop icons, but it would be much preferred to stick it to the users and not allow them to access the XenApp server interface at all,
  I have tested changing the shell for explorer.exe from explorer.exe to iexplorer.exe and this worked fine (it only displayed the desktop wallpaper for the logged on user), but the change was not reversible. Luckily, I took a snapshot of my virtual test system
  before hand. 
  Is there a way to prevent Windows Explorer from running for all non admins and also so that the local administrator account is not affected by the change as well? I have also tried preventing explorer.exe from running via GPO but that didn't work.
  Thanks in advance,

  Hi,
  A more robust and managable way of securing your systems by controlling which applications that can be launched is Software Restriction Policies.
  Check this article for an introduction to Software Restriction Policies:
  http://technet.microsoft.com/en-us/magazine/2008.06.srp.aspx
  Regards.
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• How to allow access to winrs for non-admin user?

  I have Windows Server 2012 (and Server 2008, but it is next priority) to monitor it using txwinrm. txwinrm library internally is using WinRS protocol. I have to monitor it using least privileged user, but don't know how to configure access for him.
  All I managed to do - is to configure remote Powershell session for my user, but it's look like that winrs and powershell sessions have different security descriptors:
  Invoke-Command -ComputerName 192.168.173.206 -Credential (credential Administrator $pwd) -ScriptBlock { 2 + 2}
  # gives 4
  Invoke-Command -ComputerName 192.168.173.206 -Credential (credential lpu1 $pwd) -ScriptBlock { 2 + 2}
  # gives 4
  winrs -r:192.168.173.206 -u:Administrator -p:$pwd 'powershell -command "2+2"'
  # gives 4
  winrs -r:192.168.173.206 -u:lpu1 -p:$pwd 'powershell -command "2+2"'
  # Gives Winrs error: Access is denied.
  Configuration for my user is following:
  (Get-Item WSMan:\localhost\Service\RootSDDL).value
  # O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;S-1-5-21-3231263931-1371906242-1889625497-1141)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)
  (Get-PSSessionConfiguration -name Microsoft.Powershell).SecurityDescriptorSddl
  # O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;S-1-5-21-3231263931-1371906242-1889625497-1149)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
  (In each security descriptor my user is given general access to protected object).
  So what security descriptor should I set to make my winrs query work for non-admin user?

  Hi Bunyk,
  I can not recreate the erroe you posted, and please also post the screenshoot in your convenience.
  I tested with a non-domain user but has the local admin permission of the remote computer, and this worked, before running the remote cmdlet in powershell, I also configured the TrustedHosts.
  In addition, the access denied could be also caused to the Protocol Filtering on the remote server, for more detailed information, please refer to this thread:
  winrs error:access is denied
  I hope this helps.

• Outlook Connector shared calendar lookup doesn't work for non-admins

  First the version info:
  JMS 6.2-8.04, Directory Server 5.2, Connector 7.2.402.1
  Non-admin users are not able to retrieve a list of users from the GAL with Outlook Connector. I, as an admin, do get the list. Here is the the access log for a non-admin user. Note that in the RESULT, nentries is always zero.
  mwilson=535258100062018 (non-admin)
  -bash-3.00$ grep -i "conn=425940" access.20080923-112603
  [23/Sep/2008:11:37:25 -0700] conn=425940 op=-1 msgId=-1 - fd=93 slot=93 LDAP connection from 209.152.33.8 to 10.10.3.3
  [23/Sep/2008:11:37:25 -0700] conn=425940 op=0 msgId=1 - BIND dn="uid=535258100062018,ou=people,o=pcc.edu,o=cp" method=128 version=3
  [23/Sep/2008:11:37:25 -0700] conn=425940 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=535258100062018,ou=people,o=pcc.edu,o=cp"
  [23/Sep/2008:11:37:25 -0700] conn=425940 op=1 msgId=2 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="cn mail uid objectClass"
  [23/Sep/2008:11:37:25 -0700] conn=425940 op=1 msgId=2 - SORT cn
  [23/Sep/2008:11:37:25 -0700] conn=425940 op=1 msgId=2 - VLV 1:1:1:0 2:19201 (0)
  [23/Sep/2008:11:37:25 -0700] conn=425940 op=1 msgId=2 - RESULT err=0 tag=101 nentries=0 etime=0
  [23/Sep/2008:11:37:25 -0700] conn=425940 op=2 msgId=3 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid mail cn title company telephoneNumber physicalDeliveryOfficeName objectClass"
  [23/Sep/2008:11:37:25 -0700] conn=425940 op=2 msgId=3 - SORT cn
  [23/Sep/2008:11:37:25 -0700] conn=425940 op=2 msgId=3 - VLV 0:8:0:0 1:19201 (0)
  [23/Sep/2008:11:37:25 -0700] conn=425940 op=2 msgId=3 - RESULT err=0 tag=101 nentries=0 etime=0
  [23/Sep/2008:11:39:26 -0700] conn=425940 op=3 msgId=4 - UNBIND
  [23/Sep/2008:11:39:26 -0700] conn=425940 op=3 msgId=-1 - closing - U1
  [23/Sep/2008:11:39:26 -0700] conn=425940 op=-1 msgId=-1 - closed.
  Next, I followed the steps outlined in http://docs.sun.com/app/docs/doc/819-5200/gbnse?l=en&a=view&q=shared+calendar+ldap+lookup.
  I set service.wcap.userprefs.ldapproxyauth = "yes"
  I have the ACI entries as specified in that document.
  (targetattr = "mail || uid || icsCalendar || givenName || sn || cn")
  (targetfilter = (|(objectClass=icscalendaruser)(objectClass=icscalendarresource)))
  (version 3.0;acl "Allow Calendar administrators to proxy - product=ics,class=admin,num=2,version=1";
  allow (proxy)(groupdn = "ldap:///cn=Calendar Administrators, ou=Groups, o=cp");)
  (targetattr = "mail || uid || icsCalendar || givenName || sn || cn")
  (targetfilter = (|(objectClass=icscalendaruser)(objectClass=icscalendarresource)))
  (version 3.0;
  acl "Allow Calendar users to read and search other users - product=ics,class=admin,num=3,version=1";
  allow (read,search)
  (userdn = "ldap:///uid=*,ou=People,o=pcc.edu,o=cp")
  The only oddity I see is that the ACI entries are not passed down to the next directory levels.
  Any thoughts?
  David.

  I reviewed the document and I believe the VLV browsing indexes are setup and functional. I've also checked the ACI entries and they look correct. (The document doesn't mention the ACI entries for proxy authentication.) As I said, an admin user can retrieve names from the GAL, a non-admin user cannot. The only difference in the access log is the returned nentries value.
  ./ldapsearch -h vmpt1 -p 389 -D "uid={uid},ou=People,o=pcc.edu,o=cp" -w {passwd} \
  -b "ou=People,o=pcc.edu,o=cp" -x -s "sub" -S "cn" \
  -G "1:1:dpelinka" "pdsRole=Employee" uid
  results for admin user
  -bash-3.00$ grep "conn=838261" access
  [25/Sep/2008:14:30:30 -0700] conn=838261 op=-1 msgId=-1 - fd=165 slot=165 LDAP connection from 10.10.3.5 to 10.10.3.3
  [25/Sep/2008:14:30:30 -0700] conn=838261 op=0 msgId=1 - BIND dn="uid=311914191753070,ou=People,o=pcc.edu,o=cp" method=128 version=3
  [25/Sep/2008:14:30:30 -0700] conn=838261 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=311914191753070,ou=people,o=pcc.edu,o=cp"
  [25/Sep/2008:14:30:30 -0700] conn=838261 op=1 msgId=2 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid"
  [25/Sep/2008:14:30:30 -0700] conn=838261 op=1 msgId=2 - SORT cn
  [25/Sep/2008:14:30:30 -0700] conn=838261 op=1 msgId=2 - VLV 1:1:dpelinka 4799:19235 (0)
  [25/Sep/2008:14:30:30 -0700] conn=838261 op=1 msgId=2 - RESULT err=0 tag=101 nentries=3 etime=0
  [25/Sep/2008:14:30:30 -0700] conn=838261 op=2 msgId=3 - UNBIND
  [25/Sep/2008:14:30:30 -0700] conn=838261 op=2 msgId=-1 - closing - U1
  [25/Sep/2008:14:30:30 -0700] conn=838261 op=-1 msgId=-1 - closed.
  results for non-admin user:
  -bash-3.00$ grep "conn=839346" access
  [25/Sep/2008:14:32:47 -0700] conn=839346 op=-1 msgId=-1 - fd=226 slot=226 LDAP connection from 10.10.3.5 to 10.10.3.3
  [25/Sep/2008:14:32:47 -0700] conn=839346 op=0 msgId=1 - BIND dn="uid=299899598658566,ou=People,o=pcc.edu,o=cp" method=128 version=3
  [25/Sep/2008:14:32:47 -0700] conn=839346 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=299899598658566,ou=people,o=pcc.edu,o=cp"
  [25/Sep/2008:14:32:47 -0700] conn=839346 op=1 msgId=2 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid"
  [25/Sep/2008:14:32:47 -0700] conn=839346 op=1 msgId=2 - SORT cn
  [25/Sep/2008:14:32:47 -0700] conn=839346 op=1 msgId=2 - VLV 1:1:dpelinka 4799:19235 (0)
  [25/Sep/2008:14:32:47 -0700] conn=839346 op=1 msgId=2 - RESULT err=0 tag=101 nentries=0 etime=0
  [25/Sep/2008:14:32:47 -0700] conn=839346 op=2 msgId=3 - UNBIND
  [25/Sep/2008:14:32:47 -0700] conn=839346 op=2 msgId=-1 - closing - U1
  [25/Sep/2008:14:32:47 -0700] conn=839346 op=-1 msgId=-1 - closed.

• New IR's not appearing in Views for non-admins

  We are in pre-production testing for SM 2012 SP1.  We only have a few user roles beside the built in roles.  We have a 'standard' group
  which has access to just about everything except for sensitive items relating to user termination, legal, etc.  We have a group which can see those sensitive items, and then we the built in administrators.  <o:p></o:p>
  When non-admins create an IR or SR, it sometimes takes up to 5 minutes for the item to show up a custom “all open incidents”
  view, or in a custom “my incidents” view.  In a few isolated cases, the work item did not appear for over an hour.  However, admins can see all of these work items immediately in any view that should, by criteria, be displaying it.<o:p></o:p>
  What would cause a work item to display immediately in all appropriate views for admins, but not for non-admins?<o:p></o:p>

  Sorry for the delay in updating.  Our management team got very frustrated with the performance and nearly killed the whole project.  I got them to give SM another chance with R2, hoping that some of issues would be resolved.  This issue was
  not resolved.
  So, I have continued testing.  I cleaned up our Queues, so we only have 4 now in the Queues list.  When I open the properties of the our custom user role, the Queue section displays our 4 queues, plus one called Work Item Group from the System
  Work Item Library.  I started with selecting just 1 Incident queue, for this user role.  I created a new IR as this user, and it took nearly 15 minutes for the IR to appear in the view.  
  I then modified the user role and selected the "All work items can be accessed" radio button.  I created another IR and it appeared in the view immediately.  Now, this is where it gets interesting.   I went back to the user role and set it
  back to display a single queue, and the IR disappeared from the view.  It didn't appear again for another 10 minutes.
  The queue that is this IR should be assigned to is quite simple.  Right now, I want it to display all incidents.  It is not looking at an advanced class, just incident.  Initially, I did not upt any criteria on it at all.  I then tried
  setting it to just Active Incidents, and still the IR's takes 10-15 minutes to appear.
  I still don't understand what an aggressive queue is.  Does my queue sound 'aggressive?'  The view is looking at Incident (typical), not advanced.  I don't see any obvious problems in the Workflow Status section of the Admin pane.  What
  should I be looking for next?  I need to have the ability to filter queues by user roles, but it will cripple productivity if new IRs do not appear for 10-15 minutes.

• Majority of reports missing for non admin users

  I have followed the instructions here (SCCM 2012–Reporting in console for non-admins (Reporting User Role) v2) to allow non admin users the ability to view
  reports in the console. So far, so good. However, when viewing the reports with the non admin user, only about 100 of the 400+ reports appear.
  Am I missing something here?

  The custom reporting one in the link I provided, and also modified versions of the following:
  OS Deployment manager (removed rights to All driver related items (drivers and driver packages), Boot image packages (except read access), Operating system installation packages).
  Application Administrator (removed Application>Approve; Distribition Point>Set Security Scope; Distribution Point Group>Set Security Scope; Global Condition>Set Security Scope)
  The reports missing we care about primarily are Software ones (companies and products and files).

• Identify elevated process for non-admin

  Although it is unusual, unpriviledged users can run elevated under their normal credentials (not with admin creds).  This most commonly occurs with logon scripts run from GPO. 
  Running elevated messes some things up (particularly drive mapping).  Thus, I'm looking for a way for a script to identify if it is running elevated.  I know how to find elevated status for administrators:
  $identity = [System.Security.Principal.WindowsIdentity]::GetCurrent()
  $principal = New-Object System.Security.Principal.WindowsPrincipal( $identity )
  $admin = [System.Security.Principal.WindowsBuiltInRole]::Administrator
  if ($principal.IsInRole( $admin )) {
  # script is running as an admin
  But this doesn't work (obviously) for non-admins.
  This article
  is helpful for testing for elevated processes, but it doesn't work if run elevated itself.
  Anyone have any suggestions? 
  Thanks.

  Hi Cascomp,
  In addition, Please also check the script below to determine running elevated or not.
  [bool]((whoami /groups) -match "S-1-16-12288")
  The SID "S-1-16-12288" imply the group the current user belong to has a High Mandatory Level Label, and the elevated user has the high level, which can be found HERE.
  For more detailed information about Windows Integrity Mechanism, please also refer to this article:
  http://msdn.microsoft.com/en-us/library/bb625963.aspx
  Q: How can I quickly tell if my PowerShell window is running elevated?
  http://windowsitpro.com/powershell/q-how-can-i-quickly-tell-if-my-powershell-window-running-elevated
  If you have any feedback on
  our support, please click here.
  Best Regards,
  Anna
  TechNet Community Support

• QuickTime fails to initialize for non-admin users (Error 63441)

  I have installed iTunes 6.0.4 (including QuickTime 7.0.4) on my XP PC. iTunes and QuickTime work fine for the Admin users, but not for non-Admin accounts.
  iTunes crashes with the generic Microsoft 'send error report' message; QuickTime gives "QuickTime failed to initialize. Error # 63441".
  Any help / suggestions appreciated.

  Eventually fixed it!
  As mentioned in numerous other posts this came down to an issue with registry keys.
  Updated the permissions for HKEYLOCALMACHINE\SOFTWARE\Apple Computer, Inc.\QuickTime to give 'Full Control' to 'Everyone'.
  Initially had a lot of difficulty accessing the Apple Computer, Inc. branch - kept getting 'access denied'. This turned out to be because there was no owner set for the key. Once I had made myself owner I was able to make the other changes.

• Trust ALL root Certifications in Windows not working for non-Admins on Terminal Server

  I have been trying to setup a verification process that will allow us to us Active Directory Certifications to verify signatures. I have finally found the setting to use the Windows Store after not getting Adobe to query our Certificate Authority. It works great on our local desktop where users have Admin access, but when users do it on our Terminal Server it does not allow it. I thought the issue was access to a configuration file in the Adobe directory, but I found the setting in the Registry set correctly. But does not work correctly. One additional note is I had noticed that after I enabled it on a Non-Admin, is Adobe would say it crashed after I shut it down.
  My question is what type of privilege do you need, or maybe Adobe need to access the Windows Cert Store from a Terminal Server with a non-Admin because it is not validating after confirming the Setting is enabled.
  Thanks,
  Donavan  

  hello, since version 26 firefox is able to auto-update on windows even for non-admin users (when the mozilla maintenance service is getting installed in the original configuration): http://www.mozilla.org/en-US/firefox/26.0/releasenotes/#whatsnew
  those would be the auto-updates provided by mozilla directly - so i'm not sure if this is something that would fit in your environment. installing the .exe file of a new version (available at [https://www.mozilla.org/firefox/all/]) on top of an older version will also update the program.

• How to hide the page ribbon and quichlaunch for non admin users

  HI
  1 ) how to hide the ribbon in a page in sharepoint 2010 for non administrator users  
  2) how to hide quicklaunch also for non admin users
  in quick lanuch i want to hide links for all site content also.
  i used Document Center Template to create my web application.
  adil

  HI
  i did not get how i use this control 
  <Sharepoint:SPSecurityTrimmedControl
  runat="server"
  PermissionsString="FullMask">
  2
    <div>
  3
      <SharePoint:SPLinkButton
  id="idNavLinkViewAll"
  runat="server"
  NavigateUrl="~site/_layouts/viewlsts.aspx"
  Text="<%$Resources:wss,quiklnch_allcontent%>" AccessKey="<%$Resources:wss,quiklnch_allcontent_AK%>"/>
  4
    </div>
  5
  </SharePoint:SPSecurityTrimmedControl>
  adil

• Will Firefox be configured to update for non-admins on windows 7/8

  We are considering allowing Firefox in our 5000 user hospital and are currently all Internet Exploder. None of our users are admins on the hospital systems so, is it possible to push updates to windows 7/8 systems? I am not looking for help doing the push, just wanting to know if the updates available for download as MSI or EXE?

  hello, since version 26 firefox is able to auto-update on windows even for non-admin users (when the mozilla maintenance service is getting installed in the original configuration): http://www.mozilla.org/en-US/firefox/26.0/releasenotes/#whatsnew
  those would be the auto-updates provided by mozilla directly - so i'm not sure if this is something that would fit in your environment. installing the .exe file of a new version (available at [https://www.mozilla.org/firefox/all/]) on top of an older version will also update the program.