Am I backscattering?  and non mail user accounts having mail received.

Similar Messages

• Why can I Only send mail from my iCloud Account and none of my others yet can receive from all ?

  why can I Only send mail from my iCloud Account and none of my others yet can receive from all ?

  Morning Allan ,sorry hit the wrong button. Thank you for responding . Meant to reply not notify you that my issue was solved . It's not . I imported all my settings via iTunes and all of the accounts receive mail as I said but can't send . Can you tell me exactly what to change with regard to my outgoing smtp. and PE the authentication ?

• There is a non-root user account

  I got the warning "there is a non-root user account with the UID 0 in your system" on installing some software and on running in the terminal... dscl . -list /Users UniqueID , there are indeed 2 users with UID 0, root and me who is admin too. Also cannot log in to keychain - related?

  does this help?
  Problem description:
  there is a non-root user account with the UID 0 in your system
  EtreCheck version: 2.1.8 (121)
  Report generated 16 March 2015 5:27:55 pm AEST
  Download EtreCheck from http://etresoft.com/etrecheck
  Click the [Click for support] links for help with non-Apple products.
  Click the [Click for details] links for more information about that line.
  Hardware Information: ℹ️
      iMac (20-inch, Mid 2007) (Verified)
      iMac - model: iMac7,1
      1 2.4 GHz Intel Core 2 Duo CPU: 2-core
      4 GB RAM Upgradeable
          BANK 0/DIMM0
              2 GB DDR2 SDRAM 667 MHz ok
          BANK 1/DIMM1
              2 GB DDR2 SDRAM 667 MHz ok
      Bluetooth: Old - Handoff/Airdrop2 not supported
      Wireless:  en1: 802.11 a/b/g/n
  Video Information: ℹ️
      ATI,RadeonHD2600 - VRAM: 256 MB
          iMac 1680 x 1050
  System Software: ℹ️
      OS X 10.10.2 (14C1510) - Time since boot: 2:2:38
  Disk Information: ℹ️
      WDC WD3200AAJS-40RYA0 disk0 : (320.07 GB)
          EFI (disk0s1) <not mounted> : 210 MB
          Macintosh HD (disk0s2) / : 284.97 GB (77.06 GB free)
          Recovery HD (disk0s3) <not mounted>  [Recovery]: 650 MB
          BOOTCAMP (disk0s4) /Volumes/BOOTCAMP : 34.25 GB (8.40 GB free)
  USB Information: ℹ️
      Apple Inc. Built-in iSight
      Lexar USB Flash Drive 16.02 GB
          Lexar (disk2s1) /Volumes/Lexar : 16.01 GB (5.72 GB free)
      Logitech Optical USB Mouse
      Iomega USB to ATA/ATAPI bridge 1 TB
          EFI (disk1s1) <not mounted> : 210 MB
          iMac Backup (disk1s2) /Volumes/iMac Backup : 536.87 GB (11.27 GB free)
          PowerBook Backup (disk1s3) /Volumes/PowerBook Backup : 107.37 GB (81.42 GB free)
          FREE SPACE (disk1s4) /Volumes/FREE SPACE : 355.48 GB (345.34 GB free)
      Microsoft Microsoft Wireless Optical Desktop® 1.00
      Apple Computer, Inc. IR Receiver
      Apple Inc. Bluetooth USB Host Controller
  Configuration files: ℹ️
      /etc/sysctl.conf - Exists
      /etc/launchd.conf - Exists
      /etc/hosts - Count: 30
  Gatekeeper: ℹ️
      Mac App Store and identified developers
  Kernel Extensions: ℹ️
          /Applications/Parallels Desktop.app
      [not loaded]    com.parallels.kext.hidhook (9.0 24172.951362) [Click for support]
      [not loaded]    com.parallels.kext.hypervisor (9.0 24172.951362) [Click for support]
      [not loaded]    com.parallels.kext.netbridge (9.0 24172.951362) [Click for support]
      [not loaded]    com.parallels.kext.usbconnect (9.0 24172.951362) [Click for support]
      [not loaded]    com.parallels.kext.vnic (9.0 24172.951362) [Click for support]
          /Applications/Popcorn.app
      [not loaded]    com.roxio.TDIXController (1.3) [Click for support]
          /Library/Extensions
      [loaded]    com.sophos.kext.sav (9.2.50 - SDK 10.8) [Click for support]
      [loaded]    com.sophos.nke.swi (9.2.50 - SDK 10.8) [Click for support]
          /System/Library/Extensions
      [loaded]    com.Cycling74.driver.Soundflower (1.5.2) [Click for support]
      [not loaded]    com.cisco.nke.ipsec (2.0.1) [Click for support]
      [not loaded]    com.wire.USBEthernetController (1.0.5) [Click for support]
  Startup Items: ℹ️
      CiscoVPN: Path: /System/Library/StartupItems/CiscoVPN
      ChmodBPF: Path: /Library/StartupItems/ChmodBPF
      Startup items are obsolete in OS X Yosemite
  Problem System Launch Agents: ℹ️
      [killed]    com.apple.CallHistoryPluginHelper.plist
      [killed]    com.apple.CallHistorySyncHelper.plist
      [killed]    com.apple.coreservices.appleid.authentication.plist
      [killed]    com.apple.icloud.fmfd.plist
      [killed]    com.apple.Maps.pushdaemon.plist
      [killed]    com.apple.recentsd.plist
      [killed]    com.apple.security.cloudkeychainproxy.plist
      [killed]    com.apple.telephonyutilities.callservicesd.plist
      8 processes killed due to memory pressure
  Problem System Launch Daemons: ℹ️
      [killed]    com.apple.awdd.plist
      [killed]    com.apple.ctkd.plist
      [killed]    com.apple.icloud.findmydeviced.plist
      [killed]    com.apple.softwareupdated.plist
      [killed]    com.apple.wdhelper.plist
      [failed]    org.postfix.master.plist [Click for details]
      5 processes killed due to memory pressure
  Launch Agents: ℹ️
      [loaded]    com.google.keystone.agent.plist [Click for support]
      [loaded]    com.oracle.java.Java-Updater.plist [Click for support]
      [not loaded]    com.protemac.LoginTrapAgentLoginSession.plist [Click for support]
      [failed]    com.protemac.LoginTrapAgentUserSession.plist [Click for support] [Click for details]
      [running]    com.sophos.uiserver.plist [Click for support]
      [loaded]    org.macosforge.xquartz.startx.plist [Click for support]
  Launch Daemons: ℹ️
      [loaded]    com.adobe.fpsaud.plist [Click for support]
      [loaded]    com.barebones.authd.plist [Click for support]
      [failed]    com.google.GoogleML.plist [Click for support]
      [loaded]    com.google.keystone.daemon.plist [Click for support]
      [loaded]    com.oracle.java.Helper-Tool.plist [Click for support]
      [loaded]    com.oracle.java.JavaUpdateHelper.plist [Click for support]
      [running]    com.sophos.common.servicemanager.plist [Click for support]
      [loaded]    org.macosforge.xquartz.privileged_startx.plist [Click for support]
  User Launch Agents: ℹ️
      [failed]    fm.last.lastfmhelper.plist [Click for support] [Click for details]
      [loaded]    uk.co.markallan.clamxav.freshclam.plist [Click for support]
  User Login Items: ℹ️
      Garmin Express Service    UNKNOWN  (missing value)
      Mail    Application  (/Applications/Mail.app)
      ClamXav Sentry    UNKNOWN  (missing value)
      ClamXav Sentry    UNKNOWN  (missing value)
      Dropbox    Application  (/Applications/Dropbox.app)
      ClamXav Sentry    Application  (/Applications/ClamXav (506).app/Contents/Resources/ClamXav Sentry.app)
      ClamXav Sentry    Application  (/Applications/ClamXav (506).app/Contents/Resources/ClamXav Sentry.app)
      Activity Monitor    Application  (/Applications/Utilities/Activity Monitor.app)
      ClamXav Sentry    Application  (/Applications/ClamXav (506).app/Contents/Resources/ClamXav Sentry.app)
  Internet Plug-ins: ℹ️
      Google Earth Web Plug-in: Version: 7.1 [Click for support]
      Default Browser: Version: 600 - SDK 10.10
      Flip4Mac WMV Plugin: Version: 2.4.4.2 [Click for support]
      Silverlight: Version: 5.1.30514.0 - SDK 10.6 [Click for support]
      FlashPlayer-10.6: Version: 17.0.0.134 - SDK 10.6 [Click for support]
      DivXBrowserPlugin: Version: 1.3 [Click for support]
      Flash Player: Version: 17.0.0.134 - SDK 10.6 [Click for support]
      iPhotoPhotocast: Version: 7.0
      QuickTime Plugin: Version: 7.7.3
      NP_2020Player_IKEA: Version: 5.0.94.0 - SDK 10.6 [Click for support]
      GarminGpsControl: Version: 4.2.0.0 - SDK 10.8 [Click for support]
      JoostPlugin: Version: 0.13.3 [Click for support]
      ContentUploaderPlugin: Version: 1.2 [Click for support]
      JavaAppletPlugin: Version: Java 8 Update 31 Check version
  User internet Plug-ins: ℹ️
      RealPlayer Plugin: Version: Unknown [Click for support]
  Safari Extensions: ℹ️
      AdBlock
      Dictionary
      ClickToFlash
      Open in Internet Explorer
      Auto Refresh
      Exposer
  3rd Party Preference Panes: ℹ️
      RCDefaultApp
      DivX  [Click for support]
      Flash Player  [Click for support]
      Flip4Mac WMV  [Click for support]
      Growl  [Click for support]
      Java  [Click for support]
      MacFUSE  [Click for support]
      Perian  [Click for support]
  Time Machine: ℹ️
      Skip System Files: NO
      Mobile backups: OFF
      Auto backup: YES
      Volumes being backed up:
          PowerBook Backup: Disk size: 107.37 GB Disk used: 25.95 GB
          FREE SPACE: Disk size: 355.48 GB Disk used: 10.13 GB
          Macintosh HD: Disk size: 284.97 GB Disk used: 207.90 GB
      Destinations:
          iMac Backup [Local]
          Total size: 536.87 GB
          Total number of backups: 194
          Oldest backup: 2011-03-06 01:10:38 +0000
          Last backup: 2015-03-16 06:51:32 +0000
          Size of backup disk: Too small
              Backup size 536.87 GB < (Disk used 243.99 GB X 3)
  Top Processes by CPU: ℹ️
           9%    mds
           7%    mds_stores
           3%    WindowServer
           2%    InterCheck
           0%    launchd
  Top Processes by Memory: ℹ️
      425 MB    firefox
      258 MB    Image Capture Extension
      176 MB    SophosScanD
      172 MB    InterCheck
      159 MB    Finder
  Virtual Memory Information: ℹ️
      70 MB    Free RAM
      1.59 GB    Active RAM
      1.55 GB    Inactive RAM
      513 MB    Wired RAM
      32.57 GB    Page-ins
      225 MB    Page-outs
  Diagnostics Information: ℹ️
      Mar 16, 2015, 04:16:48 PM    /Library/Logs/DiagnosticReports/InterCheck_2015-03-16-161648_[redacted].cpu_res ource.diag [Click for details]
      Mar 16, 2015, 03:20:40 PM    Self test - passed
      Mar 16, 2015, 01:08:31 PM    /Library/Logs/DiagnosticReports/InterCheck_2015-03-16-130831_[redacted].cpu_res ource.diag [Click for details]
      Mar 15, 2015, 11:05:11 AM    /Users/[redacted]/Library/Logs/DiagnosticReports/garcon_2015-03-15-110511_[reda cted].crash
      Mar 15, 2015, 10:42:18 AM    /Users/[redacted]/Library/Logs/DiagnosticReports/Finder_2015-03-15-104218_[reda cted].crash
      Mar 14, 2015, 05:39:47 PM    /Library/Logs/DiagnosticReports/InterCheck_2015-03-14-173947_[redacted].cpu_res ource.diag [Click for details]
      Mar 9, 2015, 06:29:04 PM    /Library/Logs/DiagnosticReports/Kernel_2015-03-09-182904_[redacted].panic [Click for details]
      Mar 14, 2015, 01:37:46 PM    /Library/Logs/DiagnosticReports/InterCheck_2015-03-14-133746_[redacted].cpu_res ource.diag [Click for details]
      Feb 27, 2015, 06:25:50 PM    /Library/Logs/DiagnosticReports/Kernel_2015-02-27-182550_[redacted].panic [Click for details]

• Setting previleges to a non-root user account to access ports

  Hello ,
  I am tring to do an icmp-ping to a machine in the network from an application by connecting to icmp port through a raw socket.
  My question is i am able to connect to icmp port using raw socket only in root user account. But my application should run under a non root user account and do the ping for me.
  1)How do i set previleges to a particular user to access icmp port?
  I am running the application on solaris 9
  2)I read a paper on net saying ports from 0 to 1024 can only be accessed by a root user account?
  Why is this and what can be done for a non-root user account to access these ports.
  3) Is this possible in solaris 9.
  Thanks in Advance,
  cheers,
  pal

  There is only one solution: create a new Standard user account and set it as your auto login account, if you use that feature.
  Using what you describe is mostly a false sense of security. Were someone to hack into the computer they could hack into the standard account, so you would not wish to keep any sensitive data in that account. Other things to consider:
  Turn on your Firewall in Security & Privacy preference panel.
  Use software to mask your online presence such as ProxyCap 2.03, MacProxy, Proxifier, or Hotspot Shield.

• Help-I want to move my stuff out of admin user account to a non-admin user account for security.  How can this be done?

  So... I have amassed loads of documents, videos, music, photos, etc. onto my MacBook Pro all under the admin user account I set up for myself.  I am the only one who uses the MacBook.  I now work virtually and am online at different free wifi spots, and I want to access all of my stuff under a non-admin user account for security reasons.
  I attempted to uncheck the "allow this user to administer this computer" box under my admin user account, but it is greyed out and I cannot.
  Is there an easier way to fix this than backing up all of my stuff and then moving it to a non-admin account?

  There is only one solution: create a new Standard user account and set it as your auto login account, if you use that feature.
  Using what you describe is mostly a false sense of security. Were someone to hack into the computer they could hack into the standard account, so you would not wish to keep any sensitive data in that account. Other things to consider:
  Turn on your Firewall in Security & Privacy preference panel.
  Use software to mask your online presence such as ProxyCap 2.03, MacProxy, Proxifier, or Hotspot Shield.

• Delete the previous administrator and make a user account for myself on my iMac G4

  delete the previous administrator and make a user account for myself on my iMac G4

  Open the Accounts pane of System Preferences, create the new account, log in with it, and delete the existing one. If the computer's one you've recently purchased, you may want to erase the drive and install a new OS; do this only if you have the computer's original disks or a retail package compatible with it.
  (64808)

• Copy and paste between user accounts

  is there a way to copy and paste between user accounts?

  You can drag files to the Drop Box folder in another user's Public folder.

• Tracking and logging of user accounts

  how to do tracking and logging of user accounts... monitoring of user accounts... please help

  <a href="http://help.sap.com/saphelp_nw04s/helpdata/en/2d/b8be3befaefc75e10000000a114084/content.htm">ST03N</a>

• HT3910 Once I register my MBP and create a user account, I get a gray screen and it does nothing.

  Once I register my MBP and create a user account, I get a gray screen and it does nothing.

  Reinstall OS X without erasing the drive
  Do the following:
  1. Repair the Hard Drive and Permissions
  Boot from your Snow Leopard Installer disc. After the installer loads select your language and click on the Continue button. When the menu bar appears select Disk Utility from the Utilities menu. After DU loads select your hard drive entry (mfgr.'s ID and drive size) from the the left side list.  In the DU status area you will see an entry for the S.M.A.R.T. status of the hard drive.  If it does not say "Verified" then the hard drive is failing or failed. (SMART status is not reported on external Firewire or USB drives.) If the drive is "Verified" then select your OS X volume from the list on the left (sub-entry below the drive entry,) click on the First Aid tab, then click on the Repair Disk button. If DU reports any errors that have been fixed, then re-run Repair Disk until no errors are reported. If no errors are reported click on the Repair Permissions button. Wait until the operation completes, then quit DU and return to the installer.
  If DU reports errors it cannot fix, then you will need Disk Warrior and/or Tech Tool Pro to repair the drive. If you don't have either of them or if neither of them can fix the drive, then you will need to reformat the drive and reinstall OS X.
  2. Reinstall Snow Leopard
  If the drive is OK then quit DU and return to the installer.  Proceed with reinstalling OS X.  Note that the Snow Leopard installer will not erase your drive or disturb your files.  After installing a fresh copy of OS X the installer will move your Home folder, third-party applications, support items, and network preferences into the newly installed system.
  Download and install the Combo Updater for the version you prefer from support.apple.com/downloads/.

• Last Time Machine back-up is 45 days old and only of User Account files (not entire HD) and I must now reinstall Lion without being able to perform a new back-up. Will any new User Account files, since my last back-up, be lost when Lion reinstalls (via i

  My last Time Machine back-up is 45 days old and only of User Account files (not entire HD) and I must now reinstall Lion (via internet) without  performing a new back-up. Will any new User Account files, since my last back-up, be lost when Lion reinstalls ?

  Reinstalling OS X doesn't affect user data, provided nothing goes wrong. But it would be very unwise to assume that nothing will go wrong, especially if you're having (unspecified) system issues. You should try to back up all data before you reinstall or do anything else. There are ways to do that, even if you're unable to boot.
  If your backups include only user files, you won't be able to access them in Setup Assistant.

• How can I unlock the copy protection of songs that I've acquired some years ago with an old - and non existing anymore - account? Can I link the songs to my new account or do I have to purchase them again?

  How can I unlock the copy protection of songs that I've acquired some years ago with an old - and non existing anymore - account? Can I link the songs to my new account or do I have to purchase them again?

  If you're in the US, you will be able to use iTunes Match for $25 a year to remove copy protection in a few months: http://www.apple.com/icloud/features/
  If you're not, you can't.  You can authorise iTunes with the old account in addition to your current account, so all your songs will play, but I'm not sure what will happen if you try to sync them to an iPod.

• Delegated Admin and non-flat user/group structures

  Hello, I am trying to build a directory structure with several containers under an organization used to store different portions of userdata and group data (i.e. not only ou=people and ou=group, but also a few ou's like them). Server software is from OUCS 7u2 release. Users in "other" containers are populated into LDAP (ODSEE 11) by replication, filling in all the same attributes as a freshly DA-created account has.
  The Delegated Admin interface and other parts of the software accept this and work okay with this setup, displaying user information, allowing logins and so on - except for attempts to edit user accounts in the alternate containers in the DA (i.e. add/remove service packages, change quotas, etc.). First I've verified that this is not an LDAP problem - I can use both command-line ldapmodify and an LDAPBrowser GUI to edit the entries with no hiccups.
  I tracked that when trying to save account information for accounts in non-standard containers, the DA still tries to use a hard-coded path (i.e. uid=USERNAME,ou=people,o=DOMAINNAME,dc=DOMAIN,dc=NAME) despite the fact that the user account is (and DA displayed it from) uid=USERNAME,ou=morePeople,o=DOMAINNAME,dc=DOMAIN,dc=NAME.
  Possibly, this "hardcoding" stems from DA configuration in WEB-INF/classes/sun/comm/cli/server/servlet/serverconfig.properties which does list components of the LDAP structure:
  # Ldap configuration.
  # List of ldap hosts. Form is <ldaphost>:<portnumber>. (Default port = 389)
  # add additional hosts with ldaphost-<consecutive number>
  # Schema type is either "1" or "2".
  # Reconnect interval is in seconds
  # Group and people container is dn from organization dn (e.g ou=people)
  ldaphost-1=oucsldap01:389
  ldaphost-2=oucsldap02:389
  ldaphost-suffix=dc=DOMAIN,dc=NAME
  ldaphost-dcsuffix=dc=DOMAIN,dc=NAME
  ldaphost-maxcount=50
  ldaphost-schematype=2
  ldaphost-reconnectinterval=60
  ldaphost-peoplecontainer=ou=People
  ldaphost-groupcontainer=ou=Groups
  ldaphost-orgadminrole=cn=Organization Admin Role
  While the organization root dn is not explicit here (and shouldn't be), the default people container is... I might guess a coding error logic like this: indeed, the "ou=People" container should be used by default when creating a user via DA; as a likely error, it might also be used when editing existing users - instead of their existing full DN/parent DN.
  Questions:
  1) Does anyone have a working configuration with several user/group containers within an organization like this? Would you care to share details and workarounds, if were needed?
  2) I think that possibly the "shared domain/organization hosting" mode might help here - at least it is expected to have several LDAP trees with their delegated administrators performing as a single e-mail domain. Before I go and reconfigure everything, I'd love to hear if there are any success stories with this route? Is it a proper solution (or THE solution) for such config?
  Thanks,
  //Jim Klimov

  I wanted to follow up that reconfiguring the directory structure according to shared domain hosting, with branches for ISW-synchronized accounts as one of the sub-organizations which share the domain, and manually created OUCS-only accounts being in another sub-organization. This works for both messaging components and the DA, as long as UIDs are in ou=People in their organization. Somewhat unfortunately, ISW config seems to allow only one DSEE target branch and puts groups (CN) there as well. Well, for our needs to edit user attributes and service packages via DA, this suffices. Sometimes there are hiccups (Can not save changes), but they are intermittent and harder to trace debug; usually go away with restart of the DA web container. The DSEE LDAP instances are configured with plugins to enforce uid uniqueness across the organization and uniqueness of values of messaging email address attributes (mail, mailAlternateAddress, mailEqiuvalentAddress) to avoid mixups between user accounts in different branches.
  Also, we had a problem with Calendar server after migrating the LDAP entries: since our deployment used the nsUniqueID for calendar user identification, relocation of entries (the way we did it) generated new values for new entries and users got new empty caledar databases. On this POC this was not a major problem, and newer OUCS releases with a davUniqueID attribute should specifically be immune to this problem. However, for others trodding this path I can suggest that they export the LDAP database into LDIF including the unique IDs, recreate the suffixes as needed (the ISW target organization in DSEE should be a separate LDAP database suffix), change the LDIF entry pathnames, and import the LDIF anew. This would wipe old LDAP data and should add old nsUniqueIDs to relocated entries (unlike recreation via ldapadd or relocation via ldapmodrdn).
  We have also hit a problem with DA refusing to render the list of accounts (returning 0 or 25 empty entries in a table). The LDAP logs showed that on the LDAP side all is ok, and expected amount of replies was located. Pattern searches often produced the proper table with a subset of users in DA. Ultimately, we linked the problem to ISW binary base64-encoded attributes (dspswuserlink et al; some of those values also garbaged output of commadmin queries in a terminal) and created an LDAP ACI which forbade our DA-admin user to read,search,compare these attributes. This solved the problem for us. I wonder if a more generic solution is possible, so as to apply this ACI not to an explicitly named admin user but to any users with DA admin privileges (by group or role? which string, to cover them all in advance)? Or, perhaps, nobody except the ISW user account should see these ISW attributes?
  Hope this report helps others who would try to pioneer this path of messaging integration
  //Jim Klimov

• Non-Admin User Account Desktop is all messed up..graphically...HELP!

  This issue is difficult to explain, but here it goes...
  I have 2 users (desktops) setup on Lion.  My primarydesktop is the Admin account and my wife has her own (for her iTunes,mail, etc.).  Until just recently, I could switch between users easilyand stuff worked properly.  However, lately I switch to my wife's useraccount and everything is jacked up.  The icons and dock are both big& blocky and whenever I click on an icon it disfigures thewallpaper.  Also, the wallpaper image is also messed up.
  Itjust started doing this so not sure what happened or what I can do tofix it.  Is it possible to nuke her desktop/user acct and start freshwithout messing up mine?  Or do I have to do the entire machine andrestore from Time Machine?
  Totally perplexed by this one.
  Thanks!
  Bryan

  There is only one solution: create a new Standard user account and set it as your auto login account, if you use that feature.
  Using what you describe is mostly a false sense of security. Were someone to hack into the computer they could hack into the standard account, so you would not wish to keep any sensitive data in that account. Other things to consider:
  Turn on your Firewall in Security & Privacy preference panel.
  Use software to mask your online presence such as ProxyCap 2.03, MacProxy, Proxifier, or Hotspot Shield.

• "Unable to check revocation" error while checking CDP from non-domain user account

  Hi!
  I use 3-tier PKI infrastructure:
  Stand-alone offline Root CA: RootCA;
  Stand-alone offline Intermediate subordinate CA: SubCA;
  Enterprise CA: EntSubCA.
  In certificate we have three CDP point for CRL check:
  ldap:///, http:// and file://
  I have Windows 2008 R2 server joined to domain.
  I use command certutil –verify –urlfetch <filename.cer> >check.txt for revocation checking of certificate.
  When I use domain user account for revocation checking, all OK.
  I have access to any CDP and all fine.
  But when i use local server user account, I haven't access to ldap:/// and process failed although all other links is OK.
  My question is "why check fail with non-domain user accout while other CDP point succesfully verifed"?
  Here is the logfile from local user:
  Issuer:
  CN=EntSubCA
  DC=DED
  DC=ROOT
  Subject:
  CN=servername.domain_name
  Cert Serial Number: 5a896145000300006ee2
  dwFlags = CA_VERIFY_FLAGS_ALLOW_UNTRUSTED_ROOT (0x1)
  dwFlags = CA_VERIFY_FLAGS_IGNORE_OFFLINE (0x2)
  dwFlags = CA_VERIFY_FLAGS_FULL_CHAIN_REVOCATION (0x8)
  dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
  dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
  ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN (0x20000000)
  HCCE_LOCAL_MACHINE
  CERT_CHAIN_POLICY_BASE
  -------- CERT_CHAIN_CONTEXT --------
  ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  ChainContext.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
  ChainContext.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
  ChainContext.dwRevocationFreshnessTime: 5 Days, 23 Hours, 15 Minutes, 48 Seconds
  SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  SimpleChain.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
  SimpleChain.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
  SimpleChain.dwRevocationFreshnessTime: 5 Days, 23 Hours, 15 Minutes, 48 Seconds
  CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=1000040
  Issuer: CN=EntSubCA, DC=DED, DC=ROOT
  NotBefore: 05.02.2015 20:03
  NotAfter: 05.02.2016 20:03
  Subject: CN=servername.domain_name
  Serial: 5a896145000300006ee2
  SubjectAltName: DNS Name=servername.domain_name
  Template: Machine
  70 e4 6b 16 05 a1 62 e3 6d 24 96 ff 44 74 ee a2 3e ce df 18
  Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  Element.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
  Element.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
  ---------------- Certificate AIA ----------------
  Failed "AIA" Time: 0
  Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
  ldap:///CN=EntSubCA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?cACertificate?base?objectClass=certificationAuthority
  Verified "Certificate (0)" Time: 0
  [1.0] file://\\ca\crl\EntSubCA.crt
  Verified "Certificate (0)" Time: 4
  [2.0] http://webserver/crl/EntSubCA.crt
  ---------------- Certificate CDP ----------------
  Failed "CDP" Time: 0
  Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
  ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?certificateRevocationList?base?objectClass=cRLDistributionPoint
  Verified "Base CRL (018d)" Time: 0
  [1.0] file://\\ca\crl\EntSubCA.crl
  Failed "CDP" Time: 0
  Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
  [1.0.0] ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
  Old Base CRL "Delta CRL (018d)" Time: 0
  [1.0.1] file://\\ca\crl\EntSubCA.crl
  Old Base CRL "Delta CRL (018d)" Time: 4
  [1.0.2] http://webserver/crl/EntSubCA.crl
  Verified "Base CRL (018d)" Time: 4
  [2.0] http://webserver/crl/EntSubCA.crl
  Failed "CDP" Time: 0
  Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
  [2.0.0] ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
  Old Base CRL "Delta CRL (018d)" Time: 0
  [2.0.1] file://\\ca\crl\EntSubCA.crl
  Old Base CRL "Delta CRL (018d)" Time: 4
  [2.0.2] http://webserver/crl/EntSubCA.crl
  ---------------- Base CRL CDP ----------------
  Failed "CDP" Time: 0
  Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
  ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
  OK "Base CRL (018d)" Time: 0
  [1.0] file://\\ca\crl\EntSubCA.crl
  Failed "CDP" Time: 0
  Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
  [1.0.0] ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
  Old Base CRL "Delta CRL (018d)" Time: 0
  [1.0.1] file://\\ca\crl\EntSubCA.crl
  Old Base CRL "Delta CRL (018d)" Time: 4
  [1.0.2] http://webserver/crl/EntSubCA.crl
  OK "Base CRL (018d)" Time: 4
  [2.0] http://webserver/crl/EntSubCA.crl
  Failed "CDP" Time: 0
  Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
  [2.0.0] ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
  Old Base CRL "Delta CRL (018d)" Time: 0
  [2.0.1] file://\\ca\crl\EntSubCA.crl
  Old Base CRL "Delta CRL (018d)" Time: 4
  [2.0.2] http://webserver/crl/EntSubCA.crl
  ---------------- Certificate OCSP ----------------
  No URLs "None" Time: 0
  CRL 018d:
  Issuer: CN=EntSubCA, DC=DED, DC=ROOT
  33 af 4d be 0e 35 45 94 bc 8b 3f d9 c1 60 e7 0c c4 83 17 b6
  Application[0] = 1.3.6.1.5.5.7.3.2 Client Authentication
  Application[1] = 1.3.6.1.5.5.7.3.1 Server Authentication
  CertContext[0][1]: dwInfoStatus=102 dwErrorStatus=0
  Issuer: CN=SubCA
  NotBefore: 13.11.2014 19:12
  NotAfter: 13.11.2017 19:22
  Subject: CN=EntSubCA, DC=DED, DC=ROOT
  Serial: 6109015b000100000008
  Template: SubCA
  9b 04 17 9f c5 fe 52 ca a5 58 49 6c c6 18 fa db 13 b3 92 9e
  Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  ---------------- Certificate AIA ----------------
  Failed "AIA" Time: 0
  Error retrieving URL: The network path was not found. 0x80070035 (WIN32: 53)
  file://\\sub_ca\CertEnroll\sub_ca_SubCA(1).crt
  Verified "Certificate (0)" Time: 0
  [1.0] file://\\ca\crl\SubCA.crt
  Verified "Certificate (0)" Time: 4
  [2.0] http://webserver/crl/SubCA.crt
  ---------------- Certificate CDP ----------------
  Verified "Base CRL (32)" Time: 0
  [0.0] file://\\ca\crl\SubCA.crl
  Verified "Base CRL (32)" Time: 4
  [1.0] http://webserver/crl/SubCA.crl
  ---------------- Base CRL CDP ----------------
  No URLs "None" Time: 0
  ---------------- Certificate OCSP ----------------
  No URLs "None" Time: 0
  CRL 32:
  Issuer: CN=SubCA
  8d a9 9d 51 65 a3 8e 77 02 22 40 57 62 70 e8 f6 c5 2e 60 1e
  CertContext[0][2]: dwInfoStatus=102 dwErrorStatus=0
  Issuer: CN=RootCA
  NotBefore: 28.05.2008 12:09
  NotAfter: 28.05.2058 12:19
  Subject: CN=SubCA
  Serial: 616bd19f000100000004
  Template: SubCA
  06 d2 47 e7 dc 8f a7 97 a2 b8 c3 92 03 19 24 0c 47 45 22 14
  Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  ---------------- Certificate AIA ----------------
  Verified "Certificate (0)" Time: 0
  [0.0] file://\\ca\crl\RootCA.crt
  Verified "Certificate (0)" Time: 4
  [1.0] http://webserver/crl/RootCA.crt
  ---------------- Certificate CDP ----------------
  Verified "Base CRL (1c)" Time: 4
  [0.0] http://webserver/crl/RootCA.crl
  Verified "Base CRL (1c)" Time: 0
  [1.0] file://\\ca\crl\RootCA.crl
  ---------------- Base CRL CDP ----------------
  No URLs "None" Time: 0
  ---------------- Certificate OCSP ----------------
  No URLs "None" Time: 0
  CRL 1c:
  Issuer: CN=RootCA
  dc 98 2f 8d 16 9c 64 6e b2 74 89 95 9a 6c 1b 77 fd 58 63 fb
  CertContext[0][3]: dwInfoStatus=10c dwErrorStatus=0
  Issuer: CN=RootCA
  NotBefore: 27.05.2008 16:10
  NotAfter: 27.05.2110 16:20
  Subject: CN=RootCA
  Serial: 258de6fbd3bbab92460530e9e9f10536
  5d e4 56 38 13 0a 52 aa 66 51 25 61 19 33 c9 d7 a2 c7 dd 38
  Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
  Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
  Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
  ---------------- Certificate AIA ----------------
  Verified "Certificate (0)" Time: 0
  [0.0] file://\\ca\crl\RootCA.crt
  Verified "Certificate (0)" Time: 4
  [1.0] http://webserver/crl/RootCA.crt
  ---------------- Certificate CDP ----------------
  Verified "Base CRL (1c)" Time: 0
  [0.0] file://\\ca\crl\RootCA.crl
  Verified "Base CRL (1c)" Time: 4
  [1.0] http://webserver/crl/RootCA.crl
  ---------------- Base CRL CDP ----------------
  No URLs "None" Time: 0
  ---------------- Certificate OCSP ----------------
  No URLs "None" Time: 0
  CRL 1c:
  Issuer: CN=RootCA
  dc 98 2f 8d 16 9c 64 6e b2 74 89 95 9a 6c 1b 77 fd 58 63 fb
  Issuance[0] = 1.2.700.113556.1.4.7000.233.28688.7.167403.1102261.1593578.2302197.1
  Exclude leaf cert:
  5b 8d 96 39 f8 a3 6f af f3 89 bc 8d 78 e2 da 53 21 b8 ff aa
  Full chain:
  ca 99 30 47 9b ad ab ce 97 cc 70 80 a5 4e 11 b3 1a 83 98 78
  Verified Issuance Policies: None
  Verified Application Policies:
  1.3.6.1.5.5.7.3.2 Client Authentication
  1.3.6.1.5.5.7.3.1 Server Authentication
  ERROR: Verifying leaf certificate revocation status returned The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2146885613)
  CertUtil: The revocation function was unable to check revocation because the revocation server was offline.
  CertUtil: -verify command completed successfully.

  What you have discovered is the reason to *not* use LDAP URLs for CDP and AIA extensions in your PKI. To access those URLs, the account must access to the URLs. In your output, it is quite clear that the local account does not have necessary permissions
  (you also use FILE URLs for publication, which again is not recommended).
  The best practice is to use a single URL for the CDP extension. It should be an HTTP URL that is hosted on a highly available (internally and externally accessible) Web cluster.
  For the AIA extension, it should contain two URLs: one for the CA certificate - again to an internally and externally accessible, highly available Web cluster and one for the OCSP service - also
  an internally and externally accessible, highly available Web cluster.
  the other issue is that the root CA is *not* trusted when run by a non-domain account. How are you adding the trusted root CA. It is recommended to do this by running
  certutil -dspublish -f RootCA.crt.
  This will ensure that the computer account trusts the root CA. In your output, the root CA certificate is not trusted.
  Brian

• Is there any way to prevent non-admin user accounts to receive software update prompts?

  I am the admin account user on our MacBook Pro, and there is one standard user account on it as well. Generally we are both logged on so we can quickly switch between user accounts and 'spin the desktop'.
  For some reason, all the software update notifications seem to be received when the standard user account is the active one.
  I know that the standard user cannot actually update without my account password and my Apple ID, but a) The notifications confuse the non-admin user, and she gets flustered, and b) Even if she manages to cancel them from the notification area, she then has to remember to tell me verbally that she had had one.
  Is there any way to stop her receiving the update notifications altogether?
  Running OS X 10.8.2 on MacBook Pro.
  Thanks in advance.

  You should be able to do this by unchecking the software update service in the system preferences to prevent the system from running the check as the "_softwareupate" user and passing it to the notification service that broadcasts to all user accounts. Then you can check for the software update in an admin account using the following Terminal line:
  /System/Library/CoreServices/Software Update.app/Contents/Resources/SoftwareUpdateCheck -Check YES
  This line can be scripted via Terminal services to run on a schedule (ie, every few hours), and if there are found updates it will launch the App Store for that account and present them. Granted this approach circumvents the notification service, but should work. To try this, open TextEdit on your computer and in a new document choose "Make Plain Text" from the Format menu.
  Then copy and paste the following text into the new document:
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  <plist version="1.0">
  <dict>
            <key>Label</key>
            <string>local.softwareupdatecheck</string>
            <key>ProgramArguments</key>
            <array>
                      <string>/System/Library/CoreServices/Software Update.app/Contents/Resources/SoftwareUpdateCheck</string>
                      <string>-Check</string>
                      <string>YES</string>
            </array>
            <key>StartInterval</key>
            <integer>21600</integer>
  </dict>
  </plist>
  When done, save the document to your desktop as "softwareupdatecheck.plist" or anything as long as it ends with ".plist." Then get information on the file in the Finder to ensure its name ends with plist and not anything else like "plist.txt" (rename it accordingly in the Info window's "Name & Extension" section.
  With the file name appropriate, hold the Option key and choose the "Library" option in the Finder's "Go" menu. Then locate the folder called "Launch Agents" in the library and drag the text file to this folder. Then log out and log back into your account.
  This text file is a launch agent script that instructs the system to run the program arguments every 21600 seconds (6 hours) whenever the user is logged in. The program arguments here are simply those to check for software updates for the system. You can change this time interval to be any number of seconds you would like, but there are other options to use besides the "StartInterval" key for scheduling the task. This approach simply has it repeat every number of seconds, but you can use other options to have it only run on specific hours or days, or only have it run once when you log in, etc.
  If this works for you, then if you'd like to explore these other options write back here and we can go over them for you.

• NI Update Service and non-administrative user

  On my Windows 7 PC I have 2 different users:
  a local Administrator user who can install application but can't navigate to the web (for security reasons)
  an User who can't install anything but can navigate to the web
  I launch NI Update Service under User account and it shows a list of available updates.
  I select one or more of these updates and I click on "Install" button
  Is asks me for the Administrator password, but then it gives a communication error with NI...
  Does it use Administrator user to download the updates?
  It should use it only to install and not to download
  Vix
  In claris non fit interpretatio
  Using LV 2013 SP1 on Win 7 64bit
  Using LV 8.2.1 on WinXP SP3
  Using CVI 2012 SP1 on Win 7 64bit, WinXP and WinXP Embedded
  Using CVI 6.0 on Win2k, WinXP and WinXP Embedded

  Yes, I tried but if I select "Run as administrator" Windows asks me for credential of an administrator account.
  I enter username and password, but my administrator account can't communicate to the web and so I get the error in the attached image (comm_err.jpg).
  As I wrote, I think that the problem is that NI Update Service uses the administrator user not only to install the programs but also to download them from the NI servers.
  I don't think this is OK because as shown in the attached install.jpg the button with the administrator shield is "Install", but after I click on it and enter the administrator credentials, NI Update Service tries to download the selected programs.
  But with my administrator user this is not allowed.
  It should download them with the user that launched it (with this user it is able to find the list of available updates) and use the administrator user only to install.
  Could someone from NI confirm that this is the behavior of NI Update Service, please?
  Vix
  In claris non fit interpretatio
  Using LV 2013 SP1 on Win 7 64bit
  Using LV 8.2.1 on WinXP SP3
  Using CVI 2012 SP1 on Win 7 64bit, WinXP and WinXP Embedded
  Using CVI 6.0 on Win2k, WinXP and WinXP Embedded
  Attachments:
  comm_err.JPG ‏27 KB
  install.JPG ‏63 KB