Allow local user to install software but deny logon

Similar Messages

• Allowing other users to install software

  I've just made the leap of faith to Mac. A very nice OS and I'm very impressed. I've used and loved Linux for years and curse the Evil Empire everyday because my work laptop is IBM. (provided by the company)
  I have created an admin account for myself and user accounts for my 2 kids. I did not grant them admin permissions. What I would like to do is allow them to install software/applications into their home directory rather than the Applications directory. From what I've seen so far, each time they attempt to install an application they get prompted for the admin password. This seems correct if they were to install into the Applications directory, but what if they want to install into their home directory or another that they own?
  Linux would allow me to do this so I'm wondering if OS X does as well. Any suggestions?
  Thanks....
  iMac 17" duo core   Mac OS X (10.4.7)  

  Applicatons that are self contained and come inside disk images can be drag and dropped into your home directory.
  They can in most cases be launched even if your a none admin user.
  Application installers that are .pkg may be installing other components into the main system library as well as the home directory so therefore need an admin password. Also when creating an installer package the developer who created it may have ticked the box 'require root' even if it is not necessary.

• Allow non-admins to install software?

  I find it rather tedious to have to type my password every time others want to install something on the computer (which is a shared computer, by the way). Is there any way to allow a non-admin user to install software, but not have other admin priveleges?

  On the screen where you're prompted for the password, find and note down the requested right. Use a program such as TextWrangler to edit the /private/etc/authorization file so that all accounts have that right.
  (59954)

• HT204387 I have brought a iPhone 5s and installed software but my bluetooth is not working. Please help me

  I have brought a iPhone 5s and installed software but my bluetooth is not working. Please help me

  What are you trying to connect the iPhone to and what is happening when you try?

• Allow standard user to install updates in Vista problem

  Hi,
  How come UAC is still asking for Administrator credentials even if the option "Allow all users to install updates on this computer" is set when a standard user tries to install the updates?
  Cheers.

  After setup the option, you might have to restart your PC.

• Administrative user only for install software but prevent intercative session

  Hello,
  as an university, we are not allowing domain users di write anything on the C:\ drive on our Win7/64 PCs; therefore users are unable to install any software and that is what we - usually - want.
  But there are some users (researchers, Teachers or labs) who sometimes need to install software in order to test it. So we created on their PCs a local user "install" as member of the local administrator Group. They should use it when
  UAC prompts them to give administrative rights to install software or with the "Run as administrator" right click. This works fine but unfortunately we noticed that many users are using the "install" account to do their daily work, so they
  are working the whole day long with the highest privileges and we do not want this for obvious security reasons.
  We want to leave the administrative user "install" for the software installation purpose but we want prevent users using it interactively; we couldn't find a way to do this. Is it possible ?
  In order to discourage users, we also made some tests giving the "install" local user, deny permission on the start menu, desktop and some other folders, so that they couldn't find programs and be very limited in using the installa account
  interactively, but this does not give the expected results (for example the user is able to create a folder on the desktop after a couple of popus warnings, or the start menu is not completely empty).
  Any ideas ?
  Thank you in advance.
  Best regards,
  Eric

  Hi,
  In my opinion, you can try to use AppLocker to accomplish this task. You can create a new pricple the allow specific user or group install application. Also the type of about to be installed app could be customized.
  You can allocate User group app install permission to make sure they could install APP unrestricted but doesn't have administrator rights.
  Please refer to the link below for more details about APP Locker:
  http://technet.microsoft.com/en-us/library/dd723678(v=ws.10).aspx
  Roger Lu
  TechNet Community Support

• ACE 4710: Possible to allow a user to clear counters but nothing else?

  Hello all,
  Using an ACE 4710 we have a user setup with the Network-Monitor role which allows the user to view config, interface status, etc.  We would also like to allow this user to clear the interface error counters as well, but nothing else.  Is this possible?
  Thanks!

  Hello Brandon-
  Network-Monitor only lets you browse outputs, it is a not a role that allows a user to make any changes including clearing stats.  You can create custom roles and domains to get closer to what you want, but you cannot zero in on a single command like that.
  i.e.
  ACE# conif t
  ACE(config)# role MyRole
  ACE(config-role)# rule 1 permit modify feature ?
    AAA             AAA related commands
    access-list     ACL related commands
    connection      TCP/UDP related commands
    fault-tolerant  Fault tolerance related commands
    inspect         Appln inspection related commands
    interface       Interface related commands
    loadbalance     Loadbalancing policy and class commands
    pki             PKI related commands
    probe           Health probe related commands
    rserver         Real server related commands
    serverfarm      Serverfarm related commands
    ssl             SSL related commands
    sticky          Sticky related commands
    vip             Virtual server related commands
  You can create a permit or deny rule, within that, create/debug/modify/monitor each feature seperately.
  Domains allow you to create containers for objects.  You can place specific rservers, serverfarms, etc. into it - then apply it to a role so that the user assigned to it can only touch those objects.
  Regards,
  Chris Higgins

• New nano - installed software but after that, the assistant never popped up

  brand new nano; installed software and it says the "assistant" is supposed to pop up and tell you to connect nano. assistant never popped up, but software installation said it was successful. so i connected ipod. now it's been sitting there connected and charging FOREVER and says "do not disconnect." shouldn't it be doing something by now?

  Does it show up in iTunes?

• How to allow non-admin users to install software updates of Java, FLASH and Adobe Reader?

  Hi all,
  I have a company (+150 users) and I would like  to allow users to update Java, FLASH and Adobe Reader only.
  These software are already installed in the hosts, but there are updates of the program every week and it needs to be updated.
  How can I give permissions to every user in the domain to do that? Just "Java, FLASH and Adobe Reader"
  Remember that I dont want distribute software because they were installed.
  I tried to enable "Enable user to patch evelated products" directive but it didn't work at my domain.
  is it possible?

  I have a method that works for FLASH player, but am trying to come up with a method for the other 2 myself.  To automate flash player, I created a Policy and added the following:
  Under Computer Config, Prefrences, Windows Setting, Files I created a new File Item.
  I set Action = Replace, Created a Source File named mms.cfg* (more below) and have the destination file as systemroot%\System32\Macromed\Flash\mms.cfg (or %systemroot%\SysWOW64\Macromed\Flash\mms.cfg for x64)
  I used notepad to edit the mms.cfg, and used the following in the body:
  AutoUpdateDisable=0
  SilentAutoUpdateEnable=1
  AutoUpdateInterval=0
  My non-admin users now update flash in the background silently and automatically.

• Allow Domain Users to install without password prompt

  When accounts that are members of Domain Users want to install or remove a program from the computer, UAC prompts for administrator password. Is there a way through GPO default domain policy to allow people to install and remove programs if they like? Also, maybe restrict certain software to NOT be removed?

  Hi Wizzler, if you at school or big organization that is there one or two image that you deploy to your clients I may have a solution for you, let me explain what Im doing in my organization which is at school, Im using deploy studio where I have 5 different
  windows image and deploying them through Deploy studio but go back to the point before I captured image on the windows 7 of course computer is not joined to the domain you have to open computer mangment/ users and groups/ groups/ administrators and then there
  just add Everyone that you ready for taking this image ( capturing ) and then deploying to the client computers and all of them have access to install all software and updated what they need with out prompting them for a password, but this need to be done
  before computer is joined to the domain, for me is working fine, tested, students and teacher even if then know what is a server name there is no way for them to access it.
  If you go with solution below then everybody can access your servers. I hope I was helpful :)

• Would you allow a user to install Oracle?

  I have a user who has a "Course Technology Kit for Oracle 9i Software" that she would like installed on her PC (she's taking a class in this).
  This kit is supposed to be for training, but it appears to me to be a full-blown version (although "Personal Edition") of Oracle that is configured to be used with the exercises she's being given. What do you think?
  We currently run Oracle 8.1.7.4. Will this installation cause some conflict with Oracle that is already installed on her pc.

  Is there currently a full-blown Oracle database on her machine? Or is it just the Oracle client that is installed?
  Assuming that she installs the software into a new Oracle Home, there shouldn't be a conflict (assuming the existing install is reasonably recent). If she is going to end up with multiple Oracle databases running, though, that may tax system resouces like RAM. You may also want to create a TNS_ADMIN environment variable to reuse the tnsnames.ora file between multiple Oracle Homes.
  If I had the option, I would consider having a DBA do the actual install. Just a little more bulletproof that way.
  Justin
  Distributed Database Consulting, Inc.
  http://www.ddbcinc.com/askDDBC

• Firefox won't allow GoToMeeting to download/install software

  I tried to access a simple gotomeeting webinar on my new Macbook Pro, but when I reach the gotomeeting page that says "please wait while the software download begins automatically", nothing happens. Supposedly a popup should come up where I need to click "allow", but nothing happens. I have DISABLED (unchecked) the "block pop-ups" box in Firefox preferences. Running the most current verison of firefox. GotoMeeting works fine in Safari, so it's a Firefox problem.

  Try: [[https://www4.gotomeeting.com/codec?Portal=www.gotomeeting.com]]
  You can download and install the codec directly for your OS. Maybe that will help?!

• Windows Vista and HP Laserjet 6P--installed software but can't print. Item stuck in queue

  I have found plenty of answers to my problem relating to Windows 7 but not for Vista.
  I picked up a used HP Laserjet 6P which is supposed to be in working order.
  I attached the printer with a parallel port-USB adapter and installed the software using the HP Wizard. All looked good but when I go to print, the page stays in queue and the printer windows say Error.
  I tried using the HP diagnostic tool but it can't detect the Laserjet 6P.
  I tried setting up via a different USB port (USB001 Virtual Port) and creating a new one (Standard TCP/IP Port) but neither worked.
  Any idea how I can make this work or is is just too outdated?
  Thank you

  Hi @harleywish 
  I wonder if the issue might be related to the print spooler rather than a port. Please try bypassing the spooler to see if you can print directly to the printer.
  1. Click on start and go to devices and printers.
  2. Right click on  the printer and click on printer properties.
  3. Choose the option "Print directly to the printer".
  4. Click apply and then ok.
  If this works follow the next steps and try to print again.
  Hold down the Windows Logo key () on the keyboard and the 'R' to open the run box
  Type services.msc and press Enter
  Locate Print Spooler and double click on it to open the Spooler properties 
  Make sure startup type is set to Automatic, if it is not please click on the drop down and choose Automatic
  Under Service status, please Stop the server, and then wait a moment and click Start
  If bypassing the spooler does not result in a successful print, let me know.
  Please click the Thumbs up icon below to thank me for responding.
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  Please click “Accept as Solution” if you feel my post solved your issue, it will help others find the solution.
  Sunshyn2005 - I work on behalf of HP

• I install Software but after reboot-not showing up

  The standalone Sound Blaster XFi driver is the actual program called "Sound Blaster XFi" right?
  Okay heres the situation. I was having Video Card issues, I just replaced my Video card but I had to take out my Sound Card to hook it up.
  Later on I noticed my sound was a bit off so when I used the speaker test; they werent coming out of the right speakers, so I mess around with the hook ups but it still wasnt working.
  I take out the Sound Card and re seat it, but then Windows Vista wasnt even detecting my sound card; grrrr at that point I noticed my "Volume Panel" icon isnt located near my clock anymore; so I decided to go to Add/Remove programs and remove Sound Blaster XFi and re install it so I can get that icon back.
  Well after I install the XFi drivers, windows reboots, and my sound is good; they are coming from the right speakers but my icon near taskbar isnt.
  And when I go to Add/Remove Sound Blaster XFi isnt listed.
  I re installed it, rebooted and it still isnt showing up.
  As I'm writing this. I'm removing everything, everything related to Creative, everything related to Sound Blaster and this time I will just insert my CD that came with the card, install everything that way, then install the correct drivers and software.
  I'm curious though, isnt the XFi driver the application that installs that Volume Panel Icon near the clock? Isnt the XFi driver application the one that installs a program called "Sound Blaster XFi"? cause after 2 installs it isnt showing up at all
  Thanks

  Long and tedious but phew; its finally done.
  Everything is installed that I want. Sound is working properly
  As I said; I removed everything Creative and everything Sound Blaster (even edited Registry), inserted CD that came with Card; installed everything, then re installed the current drivers/applications

• Allowing other users to access software

  I installed Microsoft Office on my iMac. My wife and have two separate user accounts. I am able to access the office suite when I am logged on. But when she logs on, she can not use those products. How do I fix this?
  iMac   Mac OS X (10.4)  

  Yes, it looks like I can access the applications through the applications menu on the Macintosh HD folder when she logs on. Is there a way to add the application icons to the dock/menu bar at the bottom of the screen? Thanks.
  iMac   Mac OS X (10.4)  
  iMac   Mac OS X (10.4)