Directory service : find user with admin rights

Similar Messages

• Additional User with admin rights

  Hi all,
  i checked the documentation but i could not found a possibility to create an additional user with admin rights to access the Vibe Management Console.
  Does anybody know if this is possible and how to do this?
  Thanks in advance
  Alex

  Hi Willem,
  thank you for the great post. It did the job very well.
  Alex
  >>> <[email protected]> schrieb am 1.8.2013 um 07:46 AM:
  > arlorenz;2275156 Wrote:
  >> Hi all,
  >>
  >> i checked the documentation but i could not found a possibility to
  >> create an additional user with admin rights to access the Vibe
  >> Management Console.
  >> Does anybody know if this is possible and how to do this?
  >>
  >> Thanks in advance
  >>
  >> Alex
  >
  > Hey Alex,
  >
  > Yes, that's possible. It's somewhat a twofold/threefold process, as
  > you have to give an accounts right to administer the zone, and then also
  > have to give that account rights to the personal workspace root (to be
  > able create/delete user accounts) and any workspaces that need to be
  > administered.
  >
  > I always create an vibe-admins group (local group) that gets the rights
  > to the zone and workspace roots. Then add the needed users to that
  > group.
  >
  > Access for the zone can be set within the administration console:
  > https://www.novell.com/documentation...ata/bk4saug.ht
  > ml
  >
  > Then add the needed rights on the workspace roots, Global, personal &
  > team workspaces.
  >
  >
  > !Do note that admin is the only user that is not allowed to get
  > blocked. Other admin users can be filtered out via ACL's.
  >
  >
  > Cheers,
  > Willem

• User with admin rights can't access files through the command prompt

  I have a strange situation where I have 2 users both setup exactly the same with admin rights on a 2003 (32 bit) server through an AD group membership, but one can do everything as expected but the other can't.
  The one that can't is trying to execute a program is a command prompt and keeps getting access denied or invalid directory when trying to cd into the folder.   I double and tripled check the permissions and they are correct, this person should have
  full admin.  In fact I did a effective permissions through explorer and it states full rights.  Along those lines this person can also access the folder in question through explorer just not a command prompt. 
  Has anyone seen this before ? and if so what can be done about it.
  Thanks

  Hi,
  Can the user execute the program through explorer? In Windows Server 2003, the Users group does not have Read and Execute permissions to the command processor (Cmd.exe). 
  You could refer to the article below to resolve the issue:
  "Access is denied" error message when you run a batch job on a Windows Server 2003-based computer
  http://support.microsoft.com/kb/867466
  Best Regards,
  Mandy 
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Users with Admin Rights

  I've been looking through the Admin Ref Manual and Admin Guide (9.0.42) to see if there is a way to list the users that have been given Administrative rights on any given node within the node network on our server. I thought I remember seeing this documented somewhere but now I can't find it.
  Does anyone know if it's possible and if so where is it documented?
  Thanks in advance for you words of wisdom! :)
  -Gail

  In the BASIC web browser login popup there is a read-only field called
  "Realm". This is what is specified in the tab. It is merely there for
  informational purposes for the user logging in.
  Neil Smithline
  WLS Security Architect
  BEA Systems
  "veena" <[email protected]> wrote in message
  news:3ae5ab86$[email protected]..
  does weblogic support different security domains for different web
  applications ? if not, what is the purpose of the Auth Realm Field in the
  Other Tab when installing a web application ?
  Veena.
  "Neil Smithline" <[email protected]> wrote in message
  news:3ae563d4$[email protected]..
  This is not possible in current WLS releases. Each "administrativedomain"
  (referred to simply as a "domain" in WLS doc) corresponds to one andexactly
  one "security domain". Users have the same permissions throughout the
  domain.
  We are currently considering various options for how to support this inthe
  future.
  Neil Smithline
  WLS Security Architect
  BEA Systems
  "Nick Roberts" <[email protected]> wrote in message
  news:[email protected]..
  Can anyone provide information about how to have different users
  have admin rights to different servers in a domain ?
  Is there any documentation on the different resources defined in
  the ACLs list of the default server ?
  Nick

• File sharing only works for users with Admin rights

  Hi.
  I am trying to set up file sharing in Lion Server but am having problems getting all my users access to shared folders. So far, only users that are "allowed to administer this server" are seeing shared files, even though they seem to have "read/write" permissions.
  Can anybody tell me what I might be missing?
  Is being allowed to "administer" the server different than truly being an Admin?
  I want to allow users to read and write files, but not change any server settings.
  Any suggestions would be appreciated.
  Thanks!

  What permissions are you setting on the share?  My guess is you are only using user, group, and other (POSIX).  You need to add an ACL to the list and then set read/write or full control.

• Change postalsoft user to admin rights

  How do we enable a current Postalsoft user with admin rights?  Currently, she doesn't have upgrade rights, some print options are greyed out...  The originally installed Postalsoft is under a ex employee logon.
  Is there a simple way to change over the rights?
  Appreciate any help with this.  Thanks.  jb

  JB,
  It still sounds like there is a permission issue.  Some settings are stored in the registry, and some of the printing options are stored in the Windows Printers folder.  So when you say that they have Read/Write Administrative rights are you sure that all the folders were changed?  As for the Presort options being gray it could be that the database is set to Read Only.  To check that you can open a job and go to File > Properties > Document.  Click on the Database Permissions tab.  Make sure that Other's Rights are set to None and Your Rights are set to Read/Write.  If this does not fix it please log a message for us in Support.
  Below are the steps to log a message for support -
  1.  Go to http://service.sap.com/bosap-support.
  2.  Click on "Create a message / Contact technical support".
  3.  Under System Search, click the drop down arrow next to your installation and choose your system, and click Search and then click on the BOB link.
  4. When creating a SAP message it is required to search for Notes. (Knowledge Base articles) to see if you can find an answer to your question without having to log the message for support. In the Search Terms area, type your question and click Continue.
  5. If you do not see any Notes pertaining to your question click on Create Message.
  6. Choose the correct Component for the product you are creating the message for. The component is the support Q that your call will go into so the correct team can assist you. To do this click on the icon next to the icon next to the Component window to see a drop down list.
  7. Click the arrow by BOJ-EIM to see a more detailed list. By each component the names of the u201Cproductsu201D you are using are listed. Choosing the correct component will get your Message logged for the correct support team.
  For example:
  a. BOJ-EIM-COR is used for ACE, DataRight IQ, Match/Consolidate, IACE, and FirstPrep products.
  b. BOJ-EIM-COM is used for DeskTop Mailer, Business Edition, Presort, PrintForm, Label Studio
  c. BOJ-EIM-DEP is used for DQXI, Data Insight, eDQ Infa, SAP Siebel, PSFT, Oracle, Rapid Library
  8. After choosing the component, fill in any remaining required/optional items. **Required fields under Problem Details are flagged with a red asterisk.
  u2022 In the Short Text box, enter a brief description of the question or issue.
  u2022 In the Long Text box, you can go into further detail about what you are seeing or questioning.
  u2022 click Send Message.
  Thanks,
  Melissa

• Firefox Silent updater will not work unless I launch Firefox.exe one time with Admin rights

  I am building a Firefox 17.0.4 ESR package to use for my Enterprise. Everything is working great except for the updater piece. I am using the configuration.ini file during the install with the command MaintenanceService=true turned on, and a mozilla.cfg file with updates enabled, pref("app.update.enabled", true). I am running the install both manually, and through SCCM with Admin rights, including the maintenance service. After the install runs, I open Firefox as a limited user and go to Help->About, and it says Updates are available at www.firefox.com, and that the browser is set to the ESR release channel.
  In all my troubleshooting, the only 2 sure ways I have found that make the auto updates work for a user were to run firefox.exe as an admin 1 time, or to install the base esr package as an admin after my install package. That will fix it for the logged in user only, but another user would run into the same issue. It appears that something is not installing correctly, but I cannot determine the cause.
  My install command is:
  Firefox Setup 17.0.3esr.exe /INI=%INST%\Configuration.ini

  In my organization, we have removed Admin rights from all users, but use a product that can elevate any .exe with create a policy for to run with Admin rights. We have a policy set for updater.exe and it does work for future updates, just not this first update after install until Firefox itself is run as Admin for the first time. My thought is that when Firefox and the Maintenance service are installed with Admin rights through SCCM, the maintenance service should have inherited rights from that install. Forgive me if I am wrong in my conclusion.

• Restrict Standard User from not removing the COM-Addins registered under HKLM with Admin rights.

  Hello,
  I have developed a COM-Addin for word 2013 by VS 2013 and installed it under the HKLM with Admin rights. Now from an non-admin account, ie Standard User I'm able to uncheck that addin from the COM-Addins dialog and remove it also. Previously I have done the
  same thing for word 2007 addins and if a non-admin user tries to uncheck it the warning "The
  connected state of Office Add-ins registered in HKEY_LOCAL_MACHINE cannot be changed" pops
  up. But this is not happening for office 2013 apps(basically word, excel and powerpoint). 
  This is happening for all Add-Ins installed under HKLM.
  How can a Standard User be restricted from unchecking and removing the Office Addins registered under HKEY_LOCAL_MACHINE with same warning "The
  connected state of Office Add-ins registered in HKEY_LOCAL_MACHINE cannot be changed" in
  a pop-up box?
  Regards, Sayan

  Hi,
  The behavior is changed since Office 2010. Office 2010 and Office 2013 allows a standard user to turn a per-machine add-in off by unchecking the add-in in the COM Add-ins dialog.
  To restrict Standard User from not removing the COM Add-ins, we can try to add the add-in to
  the Group Policy option: List of managed add-ins in the Office Group Policy template.
  Word for example, the policy is under:
  User Configuration\Administrative Templates\Microsoft Word 2013\Miscellaneous
  To enable this policy setting, provide the following information for each add-in:
  In "Value name", specify the programmatic identifier (ProgID) for COM add-ins, or specify the file name of Word add-ins.
  To obtain the ProgID for an add-in, use Registry Editor on the client computer where the add-in is installed to locate key names under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins.
  To obtain the file name of an add-in, click the File menu in the application where the add-in is installed. Click Options, click Add-ins, and then use the Location column to determine the file name of the add-in.
  In "Value," specify the value as follows:
  To specify that an add-in is always enabled, type 1.
  Hope this helps.
  Regards,
  Steve Fan
  TechNet Community Support

• Same user with administrative rights on all the servers in single domain versus domainadmin as a part of administrator group in all the servers

  same user with administrative rights on all the servers in single domain user as a part of administrator group in all the servers:
  same user is configured as administrator on all the servers in one domain at windows 2003 server. Should this user be made part of domain admin and then this can be set up in the group of administrator for all the servers.
  How this is technically different?
  If same user is set up as an administrator on all the servers in domain, will it have the same access on all the files as a domain admin user?
  dhomya

  If the account is not admin on the domaincontrollers and the account is not member of domain admins or any other privileged AD group, the account has only user privileges on AD and thus cannot perform actions like creating and managing  accounts,
  groups, OUs,policies, sites, ...in other words cannot potentially ruin Active Directory.
  I think that is a pretty big difference.
  In fact, it is bad practice to perform you daily server management with an AD privileged account.
  In regards of file access. The domain administrator will be just an admin, and thus has the privilies assigned to the local admin group, just as any other admin. But if it are different accounts they might be member of different groups assigning different
  privileges. Always be carefull when assuming resulting privileges will be the same.
  MCP/MCSA/MCTS/MCITP

• Creation of a normal user without admin rights

  Hi,
  I am new to oracle apex. Can you please let me know how to create a normal user without admin rights in oracle apex application.
  Thanks & Regards,
  venkat
  Edited by: 866673 on Jun 17, 2011 9:53 AM

  Welcome to the forum: please read the FAQ and forum sticky threads (if you haven't done so already), and ensure you have updated with your profile with a real handle instead of "866673".
  You'll get a faster, more effective response to your questions by including as much relevant information as possible upfront. This should usually include:
  <li>Full APEX version
  <li>Full DB version and edition
  <li>Web server architecture (EPG, OHS or APEX listener)
  <li>Browser(s)/version(s) used
  <li>Theme
  <li>Templates
  <li>Region type
  (although for your question only the APEX version is necessary).
  Assuming you mean a user who can authenticate to an application that uses Application Express Account Credentials?
  In APEX 4.0:
  1. Go to Home > Application Builder > [Your Application ] > Administration > Create Users and Groups > Create User
  2. Enter the User Identification information.
  3. In the Account Privileges, specify:
  User is a workspace administrator: No
  User is a developer: No
  4. Complete the rest of the form as necessary.

• Install for users with limited rights.

  Is there a way to install Flash player so users with limited rights can perform updates?  I don't want to touch hundreds of machines each time a minor upgrade is released.  Security policies dictate that users cannot have local admin rights.

  Hi, not that I have heard of. If you can't update, then most likely you are under Group Policy and the IT Department would be in charge of that.
  If it is possible, then someone else would need to reply to you.
  Thanks,
  eidnolb

• SP2010: Users with Contribute rights can Add but not edit items in Calendar View

  Hello,
  One of our users was recently trying to update a Calendar item in the Calendar view, but was unable to do so. Here are the facts of the case:
  - The members of the user's group have Contribute rights on the Calendar list, and on each of the specific Calendar items tested
  - I logged in as a member of the same group and am able to Add items in the calendar view, but when I click on an item title the Ribbon options (including Edit) are not available - whether I created the item or not
  - While logged in as a member of that group, I can edit calendar items using the Allitems view, using the dropdown menu and Edit Item (if I click on the item title, I get the item details without the Ribbon)
  - I created a new Calendar view ("Calendar2") but the problem was the same
  When logged in with admin rights, I get the Edit ribbon when I click on an item title from the Calendar view. Is there a way to do the same for non-admin users? Thanks. 

  Hi,
  According to your post, my understanding is that you were able to add items into a Calendar List, but you couldn’t edit some items of the Calendar List in Calendar View as a member of your group with Contribute rights. And if you edit the Calendar List’s
  items in the “All Events” view or log in with admin rights, you can edit these items.
  Therefore, I wonder if you use the “Calendar Overlays” to display some items of other Calendar Lists in the current Calendar List as John suggested.
  And if you don’t have permissions to edit items of other Calendar Lists, you can’t edit those items of other Calendar Lists in the current Calendar List in Calendar View.
  So, I recommend that you should check if using the “Calendar Overlays” to display some items of other Calendar Lists in the current Calendar List at first.
  If yes, you need to check if you have permissions to edit items of other Calendar Lists.
  For test, I suggest that you can create a new Calendar List and test to see how it works.
  Best Regards,
  Thanks
  Victoria Xia
  TechNet Community Support

• How to start a program with Admin rights without UAC dialog?

  I want to run a program with the user's admin rights,but i don't want windows pop up the UAC dialog.How can i do that?tks.

  Hello,
  The Windows Desktop Perfmon and Diagnostic tools forum is to discuss performance monitor (perfmon), resource monitor (resmon), and task manager, focusing on HOW-TO, Errors/Problems, and usage scenarios.
  Since your post is off-topic, I am moving it to the
  off topic forum.
  Karl
  When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer.
  My Blog: Unlock PowerShell
  My Book:
  Windows PowerShell 2.0 Bible
  My E-mail: -join ('6F6C646B61726C406F75746C6F6F6B2E636F6D'-split'(?<=\G.{2})'|%{if($_){[char][int]"0x$_"}})

• Want to configure a GPO "Stop (domain) users [having admin rights] from installing software"

  Want to configure a GPO "Stop (domain) users [having admin rights for some particular users]  from installing/uninstalling software"
  Requirements :-
  1. Domain user should not be allowed to install/uninstall any software's. Rest all the actions can be performed by the user like an administrator can do.
  Please suggest if possible then how can I implement the same.

  Hi Amar Chand,
  You can do so by using certain Group Policy settings to control the behavior of the Windows Installer, prevent certain programs from running or restrict via the Registry Editor. The Windows Installer, msiexec.exe, previously known as Microsoft Installer,
  is an engine for the installation, maintenance, and removal of software on modern Microsoft Windows systems.
  You can try the following method to resolve this issue:
  Method 1: Disable or restrict the use of Windows Installer via Group Policy
  Open “GPMC”, create a GPO linked to the correct scope. You can refer to this article
  Create a new Group Policy object.
  Right-click it, click Edit, and then navigate to
  Computer Configuration/Policies/Windows Components/Windows Installer.
  In RHS pane double-click on Disable windows installer.
  Click Enable and configure the option as required. "Always "option indicates that Windows Installer is disabled.
  This setting affects Windows Installer only. It does not prevent users from using other methods to install and upgrade programs.
  Click Apply to save this configuration.
  Run gpupdate /force on the clients. 
  For your information, please refer to the following article to get more help:
  Managing options for computers through Group Policy
  http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_wininstall_group_policy_computers.mspx?mfr=true
  Method 2: Restrict Programs from being installed via Registry Editor
  Open Registry Editor and navigate to the following key: HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\Explorer\DisallowRun
  Create String value with any name, like 1 and set its value to the program’s EXE file.
  e.g., If you want to restrict msiexec, then create a String value
  1 and set its value to msiexec.exe. If you want to restrict more programs, then simply create more String values with names 2, 3 and so on and set their values to the program’s exe.
  Note: You may have to restart your computer.
  In addition, if you choose this method, you could deploy the registry configuration via GPO. Please refer to the following article:
  Configure a Registry Item
  http://technet.microsoft.com/en-us/library/cc753092.aspx
  Regards,
  Lany Zhnag

• Install SCCM client remotely with admin rights

  Hi,
  I want to deploy SCCM 2012 R2 clients remotely via PowerShell script running on an admin computer with the following commands :
  $Computers = Get-Content C:\Computers.txt
  $Computers | % { Copy-Item -Path C:\Temp\ccmsetup.exe -Destination \\$_\C$\RemoteTemp\ }
  Invoke-Command -ComputerName $Computers -ScriptBlock {\\$_\C$\RemoteTemp\ccmsetup.exe /mp:MP01}
  When I run the PS script, the client is not installed on remote computers. When I run the ccmsetup via command line locally, there is a popup displaying if I want to allow the EXE execution. When I click on YES, the client is well installed. So I want to
  know if there is a solution to do it from my PS script with admin right bypassing UAC on remote computers ?
  Thanks.

  If that's really the road you want to take then this will probably help:
  http://jeffwouters.nl/index.php/2011/11/having-some-fun-with-uac-and-powershell/
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude