Already a member of group Administrators

Similar Messages

• Not a member of the Administrators group

  My wife wants to use my iMac to do office work for her employer at home. 
  To do this, she has to install some employer software on my iMac.  But when she tries to install her employers Mac software, she get the message "Hardware installation cannot start with this user account.  Make sure that the user is a member of the Administrators group on the computer."
  To make her a User/Admistrator, do I do the following:
  1)  Go into System Preferences and clicked on Users & Groups. 
  2)  With the Current User as Admin checked, clicked on the padlock to unlock it and type in my password.
  3)  With the padlock unlocked, under Login Options, do I click on the + to establish a new user account for her?
  4)  Then, highlight the new account and click on the box "Allow user to administer this computer" and relock the padlock?
  5)  When the computer reboots, will it reboot with her as Administrator so she can load her employers software?
  Once I have done this, in the future when she wants to use her new account, does she go into System Preferences - Users & Groups, unlock the padlock, click on her account to highlight it, relock the padlock and reboot the computer.
  Thanks,
  jzach52

  Yes to 1 thru 5
  To access the account it is faster just to logout and login rather than rebooting.

• Shopping cart only available for people having group Administrators

  Hello,
  I'm facing a problem concerning SRM Shopping cart. People can acces the Employee Self-Service role and see their shopping cart list but when they try to acces one of their shopping cart by selecting it nothing happens. If i add them to the group Administrators then they are able to access it.
  The problem i guess comes from the permission side. But i configured the permission as follows:
  for: Portal content / Content provided by SAP / specialist / SRM 7.0
  (pcd:portal_content/com.sap.pct/specialist/com.sap.pct.srm.srm70)
  Name: Everyone
  Administrator: none
  Enduser: checked
  same for my system with alias SAP_SRM
  Name: Everyone
  Administrator: none
  Enduser: checked
  Did i do somethin wrong?
  Thanks for you help, as this is really blocking me for the moment,
  Regards,
  Thomas

  Hi Virender,
  First of all thanks for your answer.
  About the pop-up settings, I haven't any pop-up that shows up. I really don't have anything that's being open when i click without being member of Administrators. It's really like nothing happens.
  When i run an autorization trace on the user (by the way do you mean transaction ST01). I don't have anything wrong shown.
  So that's what made me think of a permission problem at portal level.
  Concerning your first point in IMG, i see this entries but I don't know what i have to look at and which value has to be put.
  Thanks for your help,
  Thomas

• I keep getting license this software, when I open illustrator or photoshop. i am already a member of creative cloud.

  I keep getting license this software, when I open illustrator or photoshop. i am already a member of creative cloud.
  ITs then taking me to accounts page where all my information is correct.

  Well thank u Psibertech, but unfortunately the link is not helping... i'm not getting any Unkown server error - ( having already tried it, i would avoid using the chat since it can be really slow and can become a time consuming headache...)
  My "problem" is it just connects to different servers each time i launch a program and it's a bit annoying, sometime requesting to type in my adobeid.
  Sometimes also it gives me that licence contract or the trial window (i couldn't replicate the full problem this time, probably cuz i was logged in, but i don't see why i should always be logged in when i use adobe programs not to be bugged by licence problems...)
  also i will add that desktop creative cloud application is not really functioning well, for some reason it doesn't keep up with the updates...

• ATV wants me to start a new Netflix account although I'm already a member.

  Recently I reseted my Atv and now I can't log into Netflix anymore. When I hit the button the page with the 1 month trial comes up as if I have never been on Netflix. I paid through my itunes account and when I hit 'already a member' they want me to put in my email address which isn't recognized... Any suggestions? I already restarted, reseted and tried chaniging my itunes account.

  So I just had this same problem (kept failing with "try again later"), and after trying a number of workarounds including removing my apple ID payment method (and wasting 2 hours of my life), I finally got it to work by creating a new account. You'll need a second email address. I'd have to rate the purchasing experience a 0 out of 10...

• 713060: Tunnel Rejected: User (user) not member of group (group_name), group-lock check failed.

  Hi,
  I just configure VPN for end users in PIX515e with IOS 8 and get stuck with "Tunnel Rejected: User (msveden) not member of group (VPN-shared), group-lock check failed.". Can someone please help me and tell me how I add user to my VPN group?
  Regards
  Mikael

  May be you are looking for this-
  ASA1(config)# username msveden attributes
  ASA1(config-username)# group-lock value mygroup
  Thanks
  Ajay

• Recipient is member of group

  In creating rules for a new smart mailbox, I see: 'Sender is member of Group', but do not see 'Recipient is member of Group'.

  If you create a smart mailbox and select meets conditions: ANY at the top you can: Add two rules:
  1. Recipient - contains - <company.com>
  2. From - contains - <company.com>
  That's a work around that doesn't involve groups in the address book. I've found that mixing smart mailboxes rules and address book groups does not work well. Hope this helps.
  Gordon

• "is already a member of your SAN."  .... But it isn't.

  We re-imaged a machine that was a member of our XSAN... but forgot to remove it before the re-image. Now when we try to add it to the XSAN, it says it cannot be added as "it is already a member of your SAN." It also says "You cannot add the same computer more than once."
  I have read some threads and tried various things they suggested:
  http://discussions.apple.com/thread.jspa?threadID=844911
  http://support.apple.com/kb/TS2630
  http://discussions.apple.com/thread.jspa?messageID=10118640&#10118640
  And many others (http://delicious.com/ActualReverend/Xsan)
  But nothing seems to work. Any ideas?
  Thanks,
  --bryan

  Update:
  We found out that after the 2.2 upgrade, the serial numbers were either used by multiple machines or they were getting corrupted. Wierd things happend, some machines were on the san and not recognized, some were not on the san, but XSAN admin thought they were... so here is what we are doing to fix it (has worked for 5 clients so far, trying the other two later)
  1) Remove the client from Xsan Admin
  2) Uninstall Xsan software from client using Xsan uninstall Application
  3) Delete the system folders that are described in my previous post if empty.
  4) Delete the start up folder as described above if empty.
  5) Restart the machine
  6) Empty the recycle bin, reboot again
  7) Install Xsan 2.2 from the install image.
  8) Add computer to XSAN using local XSAN admin app
  9) Mount SAN client using Xsan Admin from the server (or another machine)
  If this works for the last two, I will update this thread.
  Hope this helps someone else.

• Want to create new protection group for 2 members which are already under another protection group.

  Want to create new protection group for 2 members which are already under another protection group. I have 12 servers under xyz protection group, want to move 2 members server to new protection group. How it is possible without loosing current backups.

  Hi,
  It all depends if the data source was originally co-located on the same replica shared with other data sources. If not then DPM will simple re-use the same replica and pick up where it left off.  If it was co-located, then the old replica and RP
  volume is shared and the RP's will expire as new ones are made on the new replica and RP volume created when it's re-protected.
  Moving Between Co-Located and Non-Co-Located Protection Groupshttp://technet.microsoft.com/en-us/library/ff399045.aspx
  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT]
  This posting is provided "AS IS" with no warranties, and confers no rights.

• User is not a member of the Administrators group but they Can Access anything the Administrators group is assigned to!!

  Ouch!
  Did a Server migration from Server 2003 to Server 2012 R2. Virtualized the Domain controller and a File Server.
  Used Robocopy, icacls and takeown to get the permisions and access to work correctly.
  One user we will call here Mary is a member of three groups: HR, HRA and Boardroom but when I give a test file Administrators only access she can breeze right in!
  I do not know if this was how it worked before the migration but how do I stop it.
  Effective permissions appear correct but she just tra-la-la's right on in!
  Any ideas?
  Liam

  Please do this after you verify all permission settings for all the groups the account is associated with. Also, make sure you check the NTFS folder permissions before doing this as well.
  Since the same result happens on multiple computers, it is not the profile.
  I am recommending you delete the AD account (or rename to backup the account).
  It will not effect the users Exchange account, but you will need to link it back to the new AD user account. 
  You can also delete her profile just to remove it, for the "just in case" scenario.
  Don't forget to mark the post that solved your issue as &quot;Answered.&quot; By marking the Answer you are enabling users with similar issues to find what helped you. Lewis Renwick - IT Professional

• Group policy - restricted groups. How to specify a -local- user as member of the administrators group in group policy

  Hi
  With restricted groups I can specify the end user -domain- accounts that are members of the local administrators group on domain PCs. But - I need a particular LOCAL account on all the machines to keep its membership of the local administrators group for testing reasons. At the moment restricted groups is striping this local account of its admin access.
  Is it possible to specify a -local- computer account as admin on all the PCs via group policy or it can only be done with domain accounts?
  thanks

  You are asking for local accounts to be managed via "Restricted Groups".
  Yes, it is possible.
  Rajesh showed you one way with domain groups. In his version "Administrators" group will only contain those accounts
  that are specified in the GPO, no manually added accounts. This is not always desired.
  If you wish to have an account (group or user, local or domain) to be added to "Administrators" group while keeping all the other
  members, proceed like this:
  - create the local account on the client(s)
  - in the GPO select "Add Group" in "Restricted Groups".
  - type in the name of the local account, e.g. "TestID"
  - in the appearing dialogue choose "This group is a member of" => Add
  - type in "Administrators"
  Link the GPO and that's all.
  The original MS description for "Restricted Groups".is here:
  http://support.microsoft.com/kb/279301/en-us
  Another nice one here:
  http://www.frickelsoft.net/blog/?p=13
  Besides that, a great solution to manage local accouts is GP Preference Extension "Local Users and Groups".
  You can simply create a "Local Users and Groups" Item (computer or user based) and specify the needed options.
  http://technet.microsoft.com/en-us/library/cc731972.aspx
  Of course you need some prerequisites (at least one Vista or Winows 2008 for management and the GPP CSE on each target machine).
  If you are new to GPP, these links will help you to get into it:
  http://www.microsoft.com/DOWNLOADS/details.aspx?familyid=42E30E3F-6F01-4610-9D6E-F6E0FB7A0790&displaylang=en
  http://support.microsoft.com/kb/943729/en-us
  http://technet.microsoft.com/en-us/library/cc732027.aspx
  http://technet.microsoft.com/en-us/library/cc731892(WS.10).aspx
  Patrick

• Hi i am trying to download the new update for lr and it seems to want to ask me to buy lr although i am already a member?

  why cant i simply update lr ,it keeps asking me to buy it but i already have

  If you are a CC member you just use the CC desktop app (not LR itself). Is that what you are trying to do?

• Getting current user's  member of group

  Hi expert(s),
  I have developed web application using jsp, now i need to know whether the current user logged in at client PC, is member of certain group available in the database, i can get current user using System.getProperty(), but i have to get the list of groups, he/she belongs to. So that i can check his group to authenticate...
  What is the workaround?
  Waiting for your kind reply.
  Thanks & Regards,
  Sri.

  Experts, i give you .net code for done my need, i need to convert/use it in java platform, please give me some useful tips.
  If G_sSecurityMode = "ADSL" Then
                  GUser = System.Environment.UserName
                  ReDim sGroup(6)
                  'Default NT user groups which will be created at every system during installation
                  sGroup(0) = "CPMSDOMAINADMIN"
                  sGroup(1) = "CPMSCLIENTADMIN"
                  sGroup(2) = "CPMSDATAPREPADMIN"
                  sGroup(3) = "CPMSDATAPREPUSER"
                  sGroup(4) = "CPMSINVENTORYADMIN"
                  sGroup(5) = "CPMSINVENTORYUSER"
                  G_sUserGroup = " "  'Global variable defined in GLbdecleration module
                  'Loop defined to identify  the group(s) associated with the current NT user
                  For i = 0 To 5
                      objGroup = GetObject("WinNT://" & sMachine _
                       & "/" & sGroup(i) & ",group")
                      For Each objUser In objGroup.Members
                          If UCase(GUser) = UCase(objUser.Name) Then
                              G_sUserGroup += "'" + sGroup(i) + "'" + ","
                          End If
                      Next
                  Next
                  G_sUserGroup = G_sUserGroup.TrimEnd(",") 'To truncate the last "," in a g_susergroup string
                  If Len(Trim(G_sUserGroup)) = 0 Then
                      MsgBox("No group(s) defined for the user " + GUser, MsgBoxStyle.Information)
                      Me.Close()
                  End If
              Else
                  MsgBox("Invalid Security Definition", MsgBoxStyle.Information)
                  Me.Close()
              End If

• Is user member of group in C#

  Hello everyone,
  I have to bind our application from ActiveDirectory to eDirectory. Is
  there a simple way to determine if the currently logged in user is a
  member of a group?
  In ActiveDirectory this is really simple but in eDirectory (using the
  LDAP C#-library) it seems that I always have to create LDAP strings
  which always have to contain username and password (which is an
  absolutely no-go in my opinion).
  I found many articles to my problem but no one with an easy solution.
  Perhaps someone got this running without the novell LDAP library through
  Microsoft DirectoryServices-Namespace.
  inno1
  inno1's Profile: http://forums.novell.com/member.php?userid=109362
  View this thread: http://forums.novell.com/showthread.php?t=437637

  -----BEGIN PGP SIGNED MESSAGE-----
  Hash: SHA1
  A few things come to mind. First your authentication problem; binding
  anonymously is definitely allowed in eDirectory, and is even allowed by
  default, but that doesn't mean the environment you are hitting will allow
  it. This is something you'll need to check with whomever setup the
  eDirectory environment. The documentation should cover how to set
  restrictions like anonymous binds.
  Next we have what I'm guessing is how you are searching for the group. I
  do not see how you are going to find either your group or your user in the
  group using that code so I'll suggest something else that I think is
  better taking advantage of the power of eDirectory and LDAP. First a
  little more information about eDirectory. By default group memberships
  are shown on both the group and user sides so you can either query the
  entire directory for groups that have users in their 'members' attribute,
  or you can go to the user and simply get a listing of all of the values in
  the groupMembership attribute. This is the best way, in my opinion, to
  see if a user is a member of a group.
  Now, about finding the user. In LDAP environments objects are found by
  full DNs, not just their relative DNs or usernames. If you do not have a
  full DN (users seldom know the full DN or use them) the first step is to
  find these, which you can do with a search like you are doing, although
  hopefully you wouldn't need to loop through results. Having a query like
  the following should find the user in one shot in a well-designed environment:
  (&(objectClass=inetorgperson)(cn=userNameHere))
  Once you have found the resulting DN of the user you can find the
  groupMembership attribute and either use the full set of values in that
  attribute or you can iterate through the values looking for the group DN.
  For both user and group you must use the full DN to verify membership.
  Good luck.
  On 04/28/2011 02:36 AM, inno1 wrote:
  >
  > ab;2100491 Wrote:
  >> The check for is a user is a member of a group does not require the
  >> password...I ask because the samples from the LDAP-library (ListGroup.cs, for
  > example) all seem to require a password. The samples check the number of
  > command line arguments and if something is missing the program does not
  > work.
  >
  > ab;2100491 Wrote:
  >> what do you mean[..]
  > I need a function like
  > Code:
  > --------------------
  > bool UserIsMemberOf(string groupName) {}
  > --------------------
  > to determine if a user is a member of a group.
  >
  > I get the userName from Environment.UserName and the groupName the user
  > has to be a member of is configured somewhere in my application.
  >
  > In ActiveDirectory I just connect to LDAP://RootDSE and everything
  > works fine.
  >
  > ab;2100491 Wrote:
  >> [..] and what does your code look like?
  > I used the 'Using .NET C# LDAP Library'
  > (http://www.novell.com/coolsolutions/...e/11204.html):
  >
  >
  > Code:
  > --------------------
  > Anonymous Binding
  >
  > // C# Library namespace
  > using Novell.Directory.Ldap;
  >
  > // Creating an LdapConnection instance
  > LdapConnection ldapConn= new LdapConnection();
  >
  > //Connect function will create a socket connection to the server
  > ldapConn.Connect (ldapHost,ldapPort);
  >
  > //Bind function with null user dn and password value will perform anonymous bind
  > //to LDAP server
  > ldapConn.Bind (null, null);
  > --------------------
  >
  > After this ldapConn.Bound is false. Is this correct? It could be
  > correct because I didn't really authenticate when doing anonymous
  > binding but it could be also wrong because even an anonymous bind should
  > be a form of authentication.
  >
  > I also tried Identity Bind:
  >
  >
  > Code:
  > --------------------
  > Binding using an Identity
  >
  > // C# Library namespace
  > using Novell.Directory.Ldap;
  >
  > // Creating an LdapConnection instance
  > LdapConnection ldapConn= new LdapConnection();
  >
  > //Connect function will create a socket connection to the server
  > ldapConn.Connect(ldapHost,ldapPort);
  >
  > //Bind function will Bind the user object Credentials to the Server
  > ldapConn.Bind(userDN,userPasswd);
  > --------------------
  > After this, ldapConn.Bound is true but the user has to give a password.
  > I don't want the user to have to use a password because in this case the
  > user has to configure it somewhere in the configuration of my
  > application.
  >
  > Then - for testing purposes - I wrote a function to get the users of a
  > group:
  >
  >
  > Code:
  > --------------------
  > LdapSearchResults lsc=ldapConn.Search("ou=Users,o=DomainAdmins", LdapConnection.SCOPE_ONE, "objectClass=*", null, false);
  >
  > string result = String.Empty;
  >
  > while (lsc.hasMore()) {
  > LdapEntry nextEntry = null;
  >
  > try {
  > nextEntry = lsc.next(); // <--- EXCEPTION: see [1]
  > } catch(LdapException e) {
  > result = String.Concat(result, "Error: ", e.LdapErrorMessage, Environment.NewLine);
  > // Exception is thrown, go for next entry
  > continue;
  > }
  >
  > result = String.Concat(result, nextEntry.DN, Environment.NewLine);
  >
  > LdapAttributeSet attributeSet = nextEntry.getAttributeSet();
  > System.Collections.IEnumerator ienum = attributeSet.GetEnumerator();
  >
  > while(ienum.MoveNext()) {
  > LdapAttribute attribute=(LdapAttribute)ienum.Current;
  > string attributeName = attribute.Name;
  > string attributeVal = attribute.StringValue;
  > result = String.Concat(result, attributeName, "value:", attributeVal, Environment.NewLine);
  > }
  > }
  > --------------------
  >
  >
  > [1] "00000000: LdapErr: DSID-0C090627, comment: In order to perform
  > this operation a successful bind must be completed on the connection.
  >
  > I think this is the problem:
  >
  >
  > Code:
  > --------------------
  > LdapSearchResults lsc=ldapConn.Search("ou=Users,o=DomainAdmins", LdapConnection.SCOPE_ONE, "objectClass=*", null, false);
  > --------------------
  >
  >
  > So, how does this have to look for a domain named "MyDomain.com" for a
  > group named "DomainAdmins" if I want to get all members of this group?
  >
  > And how does this have to look if I want to know if a user named
  > "myuser" is member of a group "mygroup" in domain "MyDomain.com"?
  >
  > I think this would help me a lot.
  >
  > ab;2100491 Wrote:
  >> There may be a need for authentication that would require a
  >> username/password but that depends on the rights you assign to your
  >> tree
  >> to allow (or deny) anonymous access.So, this is someone the customer has to configure I think. Since I only
  > want to read from a domain it has to work some way without giving a
  > password.
  >
  > ab;2100491 Wrote:
  >> Good luck.Thank you very much!
  >
  >
  -----BEGIN PGP SIGNATURE-----
  Version: GnuPG v2.0.15 (GNU/Linux)
  Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
  iQIcBAEBAgAGBQJNujvFAAoJEF+XTK08PnB5Vn4QAJ8wDKZw5h Q5AWWkeMhKZ57U
  DctNKO9Wl1xU3agTp+PjgFFCQMHTiME7/UFU7/KR+eyY0hgp9R6r0k2lK3iX1TFd
  1Zwg0rkEjV+Pydy7vHk/LvqpoyWYKhrSGHhvkj/RChiIj1yEKR0rgAXGZG8NPemO
  nIXJtPHQ8ZkH8ZrEGfL+25abIc5b0Ch5KXN76nSFRGORgqPRvO 2gpQW36KKj+Tfq
  RZARJgBKyKaG4MOlatnS2ZNuAy1meI/1oTN/ouO8K1MR+Hey2ZvI85VUSlg3nG/z
  fgj6QdIMj80KRnpgJCO4K7SFO6effHQaijRUIszz5xHxSEaPXv FcB/xPhRdedzxb
  NKZu/rti0Jt3PABCG3nibbUcA05vbb6mLbufwDISJGXyUp5PK3533yT xoGFjkt1I
  PL+p7ZpL4Q5s4wHBGME0y579V5EfncqqUsFh2aONzhIAmOSxu0 huaqcLG5QWmQnQ
  HMn8+npkdlyGGJy4hslpyoTQefYNsn7PdXig1KAMEZjQHGlI1S WJf/hsztcP4/jM
  Zf8oKMZz/35+EphCgRgXl0h5gOFk+WpxHRJ8NyAVLZioV4mcUwBzLDD7d9z lW47/
  SZxxlIOKpFB1c0FokkFR2SBteDsd4dzfMPgD7MTDBNj174u7wn y3LkSvWfPTDjBS
  12SwchOZ+PPL3PxfsUNc
  =/n4u
  -----END PGP SIGNATURE-----

• Built-in smb group "administrators" lost

  Hello,
  I don't know why, but the "administrators" group, predefined by the SMB service is missing.
  # smbadm show -mp
  backup operators (Members can bypass file security to back up files)
  SID: S-1-5-32-551
  Privileges:
  SeTakeOwnershipPrivilege: Off
  SeBackupPrivilege: On
  SeRestorePrivilege: On
  power users (Members can share directories)
  SID: S-1-5-32-547
  Privileges:
  SeTakeOwnershipPrivilege: Off
  SeBackupPrivilege: Off
  SeRestorePrivilege: Off
  An error occurred while retrieving group data.
  Check the system log for more information.
  # tail -f /var/adm/messages
  smbadm[1947]: [ID 136767 user.error] smb_lgrp_getsid: failed to get a SID for user id=2147483650 (-9981)
  smbadm[1947]: [ID 817528 user.error] smb_lgrp_iterate: cannot obtain a SID
  # idmap dump -v
  gsid:S-1-5-32-547 == gid:2147483650
  Method: Ephemeral
  Lost entry:
  administrators (Members can fully administer the computer/domain)
  SID: S-1-5-32-544
  Privileges:
  SeTakeOwnershipPrivilege: On
  SeBackupPrivilege: Off
  SeRestorePrivilege: Off
  Any idea to rebuild?
  BR

  Hi Shaon,
  Thank you for your reply.
  The 'third party app' is APP-V sequenced and not in production yet, so only some test users are using the app.
  I did a test today to use Domain Users instead of Builtin Users, but the same problem. After a reboot only the Builtin Administrators and SYSTEM has permission on the Sybase installation folder and Domain Users (& Builtin Users) were automatically
  removed again.
  We have 6 terminal (citrix) servers and all of them has the same problem, so it's not server related.
  Could it be an issue with the way how Sybase is packaged (it's a silence install through our deployment application)?
  Before I do the next test: Will it help to force the rights (replace permissons) from the upper folder to the sub-folder(s)? (force the inheritance)
  Greetings, Sidney