Delegating Administrative Rights

Similar Messages

• Delegated Administrator 6.4 LDAP Failover?

  Does Delegated Administrator 6.4 support LDAP failover?
  I have looked at the current documentation and nothing is mentioned about this and I have searched docs.sun.com and this is mentioned for the older iPlanet branded versions of the software.
  What I am looking for is a situation where DA is on a separate host from Directory Server and the Directory Server goes down.
  I poked around in the config files and I found two instances where my current LDAP server was listed by name:
  1. /opt/SUNWcomm/config/cli-userprefs.properties where IdentityServerHost is equal to the FQDN of my Access Manager server (I'm guessing based on it looking at port 80)
  2. /var/opt/SUNWcomm/da/WEB-INF/classes/com/sun/comm/da/resources
  in daconfig.properties, specifically the commadminserver.host
  Since this is a test environment the DA server is also the DS server right now so I might be off on these files/properties.
  Is such a setup possible?

  I don't think DA support failover itself.

• Delegated Admin 7 - Delegating Administration (i.e. Help Desk Accounts)

  I need the ability to grant Help Desk folks the rights to use Delegated Administrator and give them rights to change user's passwords and possibly some other attributes. I can't seem to figure out how to accomplish this. The Help Desk users already exist in my Directory Server. I was hoping it was as easy as assigning a role to the Help Desk users.
  How do I accomplish this?

  sheger77 wrote:
  I need the ability to grant Help Desk folks the rights to use Delegated Administrator and give them rights to change user's passwords and possibly some other attributes.Delegated Administrator isn't designed for this type of scenario.
  The three roles available in DA are TLA (Top Level Admin), SPA (Service Provider Admin) and OA (Organization Admin). These are all "super-user" style roles for the creation and maintenance of Organizations, Users/Resources etc.
  DA doesn't provide the granularity to provide a very restricted set of rights to a given user base. If you want this kind of functionality then you should be looking at something like IDM (http://www.sun.com/software/products/identity_mgr/index.xml).
  Regards,
  Shane.

• Can't Open Server Manager - don't have System Administrator Rights

  Hi,
  I am new to BPC
  After i updated the support patch to BPC 7.5 MS  SP3 ,  pack level 2
  and Restart the server
  Then Server Manager can't open again.
  Error Message :
  This ID (xxxxxx)  don't have System Administrator Rights; you must log on with a user ID that has system administrator  privileges
  But I have logon the user which is used to install BPC 
  I have try to restart the service, but it is not working .
  Any method reset it ?  or solve it?
  thx
  John

  Dear Kong Chong Shun,
  From your information, I'm sorry I could not get several information. Did you upgrade your BPC Clients too, lets say BPC Administrators ?.
  Kind Regards,
  Wandi Sutandi

• Is there a way to prevent an account with no administrative rights to install firefox to their local profile on Windows XP?

  Our users are normally not allowed to install any programs since their user accounts do not have administrative rights to their pc's. Has this been a feature in FireFox before?
  We noticed that one user was able to simply download firefox, run the installation setup, and the setup would default to install firefox under their local desktop profile instead of the usual c:\Program Files folder.
  ie. c:\Documents and Settings\userid\Local Settings\Application Data\Mozilla Firefox\
  Is there a way to prevent this from happening? We do not want to allow our users to be able to install any programs without our knowledge.

  The Skype add-in was the culprit in my case. Disabling it fixed the problem. As soon as I enable it, the problem comes back.

• Installation of SAP Business One client and required administration rights

  Dear community,
  I would like to kindly ask you for your feedback on the installation of SAP Business One client and its patches on end-user computers.
  The pain points I have heard so far are the following:
  - The installation of SAP Business One client and its patches has to be started by a user with administrator rights.  As far as I know (and please correct me if I am wrong), this is also required in case of installation of any other software.
  - End users usually do not have administrator rights and therefore the SAP Business One clients have to be manually upgraded by administrator.  This is time consuming (and therefore costly) activity.
  We are considering to design a new solution which would overcome the above limitations.
  I would like to confirm with you if my understanding is correct:
  Question 1:
  Is it a common situation that the end-users of SAP Business One client do not have administrator rights and therefore cannot install the patches of SAP Business One client by themselves?
  If yes, how do you resolve this currently?
  Question 2:
  Do you use Microsoft System Center Configuration Manager or Active Directory (or any other 3rd party solution) to automatically distribute software packages and updates to client PCs at your customers?
  Question 3:
  If the SAP Business One client installation (and its patches) is delivered as MSI package with silent installation capability, would you be able to automate the deployment of B1 client updates to client PC using the abovementioned technologies? Or can you still see some obstacles?
  Thank you
  Best regards
  Jan Ruzarovsky
  SAP Business One Product Management

  Dear all,
  Thank you very much for your comments, very helpful!
  @Marco - SAP Business One 8.8 client currently does not support the silent installation / upgrade. However we are currently considering this requirement and we would like to deliver it as soon as possible.
  We are currently considering several possible designs. One of them is as follows:
  1. A new SAP Business One Updater Service will be installed on each client workstation.
  It will be a windows service installed and running under a local system account.
  2. The updater service will check regularly if there are any new patches of SAP Business One client or add-ons uploaded to a configured shared directory.
  3. If a new patch is found in the shared directory, the updater service will SILENTLY install the new patch (add-ons, SAP Business One) on the client workstation.
  The service would be able to install patches even if nobody is logged in.
  Questions:
  If we consider the above design, there are a few open topics:
  1. During the upgrade of the SAP Business One server, the client patches (and SAP add-on patches, partner add-ons) would be placed to a SHARED directory instead of into SBO-Common (as it is implemented currently).
  - Does this have any impact on your tools, processes or add-ons?
  2. SAP Business One upgrade wizard will put the latest patch of SAP Business One client into a configured shared directory. The shared directory will have to be read-only for everybody in the network to avoid that the valid installation files are replaced by malware or virus infected files
  - Can you configure such a shared directory? 
  From customer perspective, if a new patch is put into the shared directory, the updater service can behave as follows:
  1. Manually initiated upgrade of the client
  Example: Customer starts the old (not upgraded) SAP Business One client. The client will inform him/her that a new patch has been found and it has to be installed in order to continue working with the client. After customer clicks "Yes", the upgrader service starts the silent installation of the client and informs customer about the progress. Once the upgrade is finished, the upgraded SAP Business One client will be started automatically.
  2. Automatic update:
     - Update the client automatically (e.g. overnight) if customer is not working with SAP Business One
     - If SAP Business One client is running, ask customer if he/she wishes to upgrade the client now or to delay the upgrade by X minutes.
  Question: Which of the above two scenarios would you and your customers prefer?
  If the upgrade is fully silent, automated and handled by the upgrader service, Is it acceptable for customers to trigger the installation manually and wait till the client is upgraded? Or would they prefer to have the client updated for them e.g. overnight so they can immediately start to work?
  Best regards
  Jan
  Edited by: Jan Ruzarovsky on Sep 29, 2010 9:37 AM

• User with Farm Administrator rights, but NOT in Farm Administrators Group

  I have an account that we recently discovered has Farm Administrator rights and was used to access Central Admin and cause some harm.  When I use the "Check Permissions" on the Central Admin site, it says that account has Full Control via
  the Farm Administrators Group.  However, that account is not in the Farm Adminstrators group.
  There is an entry in the Farm Administrators group for "BUILTIN\Administrators" and this account is in the Local Admin group on this server.  However, there are other accounts in the Local Admin group too, and when I "Check Permissions"
  for them, it returns 'None'. 
  I am confused as to how this one account has Farm Administration level access, while others in Local Admin do not, and how can I remove this accounts Farm Administration rights if it is NOT in the Farm Adminstrators Group?
  What are the potential problems/issues if I remove the "BUILTIN\Administrators" entry from the Farm Adminstrators Group?
  Thanks in advance for any feedback/help.

  If you have BUILTIN\Administrators as part of the Farm Admins, any user that is a Local Administrator will have Farm Admin rights. SharePoint doesn't enumerate groups when checking permissions, so the behavior you're seeing is correct. If you do not want
  Local Admins to have Farm Admin rights, remove BUILTIN\Administrators from the Farm Admins group in SharePoint.
  There should not be any issue with removing the group from Farm Admins, only that users will need both rights to fully manage SharePoint.
  Trevor Seward
  Follow or contact me at...
  &nbsp&nbsp
  This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

• Same user with administrative rights on all the servers in single domain versus domainadmin as a part of administrator group in all the servers

  same user with administrative rights on all the servers in single domain user as a part of administrator group in all the servers:
  same user is configured as administrator on all the servers in one domain at windows 2003 server. Should this user be made part of domain admin and then this can be set up in the group of administrator for all the servers.
  How this is technically different?
  If same user is set up as an administrator on all the servers in domain, will it have the same access on all the files as a domain admin user?
  dhomya

  If the account is not admin on the domaincontrollers and the account is not member of domain admins or any other privileged AD group, the account has only user privileges on AD and thus cannot perform actions like creating and managing  accounts,
  groups, OUs,policies, sites, ...in other words cannot potentially ruin Active Directory.
  I think that is a pretty big difference.
  In fact, it is bad practice to perform you daily server management with an AD privileged account.
  In regards of file access. The domain administrator will be just an admin, and thus has the privilies assigned to the local admin group, just as any other admin. But if it are different accounts they might be member of different groups assigning different
  privileges. Always be carefull when assuming resulting privileges will be the same.
  MCP/MCSA/MCTS/MCITP

• HT1923 I had to reinstall Itunes due to "runtime error" and the instructions said to run as administrator.  I did that but I'm getting a message about administrator rights to my mobile device and it won't load.  What do I do now?

  Having issues reinstalling ITunes.  I ran as administrator but getting message that I do not have administrator rights for mobile device.  Any suggestions.

  See this User Tip by turingtest2
  https://discussions.apple.com/docs/DOC-6562

• I am trying to install itunes for my mobile, and I keep getting the message "You do not have administrator rights, please contact the system administrator to preform an update."  I have it set as adminstrator as the user.

  I am trying to install itunes for my mobile, and I keep getting the message "You do not have administrator rights, please contact the system administrator to preform an update."  I have it set as adminstrator as the user. I am running Windows 7 Ultimate. Help please?

  Thanks, but I've done that several times & it still says I need administraive privileges. I had itunes installed with no problems until I did the latest update. After that it just disappeared, so I tried reinstalling. Now I can't sync my phone. This is so frustrating!

• Administrative Rights Segregation

  I'm working with BPM 11.1.1.5.0.
  Does anyone know of a way to segregate administrative rights in the workspace such that only certain users can manipulate role membership, others can manipulate task configurations, others can manipulate calendaring, etc.? Seems like a reasonable request to me; however, if I start adding users to the BPM roles available in the BPM context and don't add those users to the BPMAdministrators role, they don't see the Administrative link in the Workspace.

  There's difference between Local and Domain user in windows environment.
  Local user with ORA_DBA should be able to do most Oracle administrative tasks.
  However, Oracle DBA account is usually given local administrator privilege on the server.
  Check more information in metalink doc Note:77665.1

• Can't login System Access Manager and Delegated Administrator page

  Hi.
  Suddenly I can't log in System Access Manager & Delegated Administrator page. Yesterday,I could.
  Do you help me?
  thanks.

  k-m-i wrote:
  Suddenly I can't log in System Access Manager & Delegated Administrator page. Yesterday,I could.Given that you have provided nothing in the way of usable information to isolate the problem I can only suggest restarting your directory server (assuming it hasn't crashed) then restarting the web-container hosting Access Manager and see if that fixes the problem.
  If not, you will have to look further into the web-server logs and the directory server logs to see why the problem is occurring.
  Regards,
  Shane.

• Problem with Delegated Administrator

  Dear All
  I am having probelm to get the JES2005/Q4 get working on my server,
  installation goes okay with no error and installation log and events looks okay, after installation and configuration of Delegated administrator i can not login to DA with admin or amadmin username name and I keep getting invalid username msg. the funny thing is I can login to com express with admin username but not to DA. I tried almost everthing but I can not undrestand where is the problem
  Any help is apperciated.
  BR
  Mo

  DA is part of Sun Messaging Server deliveries and questions should be posted to the Sun Messaging Server forum.
  Regards,
  Ludovic.

• How can i Create Dynamic mailing lists with Iplanet Delegated Administrator

  Hello people,
  Could anyone help me in this matter please?
  I am running IMS5.2 with Netscape Directory4.16. I need help about how to create a Dynamic Mailing list using de Iplanet Delegated Administrator, not using the traditional Netscape Console.
  If someone can help me, i will apreciate.
  bye.
  Azim Lakha

  In 24.4.0 there is no File|New|Address Book. There is File|New|Address Book Contact. How do I create a new address book ?

• Outlook Connector 6.0 and Administrator rights

  Hi all!
  We want to use the Sun Java System Connector for Microsoft Outlook 6.0 with Windows 2000 with Outlook XP.
  To install the generated exe file as an user, he needs admin right. Afterwards we take the administrator rights from the user away. Run the user outlook, it wants to send a problem problem report to Microsoft.
  If the user has administrator right, everything functions.
  Thanks for your help in advance.

  Hi Jens!
  To install the generated exe file as an user, he
  needs admin right. Afterwards we take the
  administrator rights from the user away. Run the user
  outlook, it wants to send a problem problem report to
  Microsoft.The solution is, to install connector.exe as local admin
  an the machine. You can abort installation without providing
  user information.
  After that you can install connector.exe as
  user without administrative rights.
  So you need two install turns.
  Regards,
  Erik