Editing ACLs to add system-level users

Similar Messages

• Setting system level deployment.user.cachedir in deployment.config

  G'day,
  I've been experimenting with JRE 1.5.0_04 on Windows XP.
  By default deployment.user.cachedir is set to <user home>\Application Data\Sun\Java\Deployment\cache. However, I want it to be <user home>\Local Settings\Application Data\Sun\Java\Deployment\cache.
  I have managed this as follows.
  C:\Windows\Sun\Java\Deployment\deployment.config contains:
  deployment.system.config=file\:C\:/WINDOWS/Sun/Java/Deployment/deployment.propertiesand C:\Windows\Sun\Java\Deployment\deployment.properties contains:
  deployment.user.cachedir=$USER_HOME\\..\\..\\..\\..\\Local Settings\\Application Data\\Sun\\Java\\Deployment\\cacheThis works but is ugly. The problem is that $USER_HOME=<user home>\Application Data\Sun\Java\Deployment. It seems that $USER_HOME and $JRE_HOME are the only two variables for use in deployment properties. Are there any others, in particular, one that mirrors the user's actual home directory?
  Thanks,
  Chris.

  G'day,
  Open the Java Console and execute "dump system and
  deployment properties" which shows property values,
  and see if what you want is there.Thanks, but I don't think I can use these at the system level, can I?
  I did try using ${user.home} but that doesn't work.
  So, are there any variables other than $USER_HOME and $JRE_HOME that can be used when setting system level properties?
  More info, http://java.sun.com/j2se/1.5.0/docs/guide/deployment/deployment-guide/properties.html
  Thanks,
  Chris.

• MBP 2011 15 late edition:  missing HD space - hd shows usage to be 237 gb, but if adding up amount used by adding up apps, library, systems and users only 65 gb of use shows up?

  MBP 2011 15 late edition:  Missing HD space - HD shows usage to be 237 GB.  Adding up usage by apps, libriary, system and users shows usage to be 67GB. Help

  "Hacked" is not my terminology, and I don't believe it's intended to be derogatory. What you describe is a perfectly legitimate reason to alter Hosts.
  If your Mac still isn't working as expected after uninstalling Intego and Trend Micro, read on. The necessity to have a reliable backup cannot be overstated, since what you describe may be an indication of impending disk failure.
  Back up your Mac if you have not already done so. To learn how to to that read Mac Basics: Time Machine backs up your Mac - Apple Support
  If your Mac is momentarily unresponsive, consider the following.
  Launch the Console app - it is in your Utilities folder. You can find it by selecting Utilities from the Finder's Go menu.
  If the log list column on the left is not already displayed, show the log list by selecting Show Log List from Console's View menu. Select Show Toolbar if it is not already shown.
  Locate system.log in the list and select it. Many date and time-stamped entries will appear, hundreds of them, and you must find the entries relevant to your Mac's problem.
  To do that click the Clear Display button in the Toolbar. All previously displayed log entries will be disappear.
  Next: Perform whatever actions cause the Mac to exhibit the slow behavior. If the problem is caused by errors logged by the system, the Console window will show them being recorded in system.log.
  One or more of them, along with their time stamps, may reveal the reason for the problem you describe.
  Copy and paste those log entries in a reply. If hundreds of the same repetitive messages appear, please edit them before posting. There should be no need for more than a few log entries.
  Most of the entries will be cryptic but will contain information you might consider personal such as your Mac's name. If you do not want that information to appear, delete or obscure it when posting your reply. Leave enough information so that the entries can be deciphered.

• ACL rights assignment in new user script

  I've been tasked with converting an old new-user script that runs at least once a day written in VB to PowerShell. This script takes as input a CSV file we get from HR that has all necessary info and creates a user, adds them to specific groups based on
  the info in the CSV, enables their Exchange mailbox, and creates their home directory. I'm having a bit of trouble planning out the rights assignment part on the user home directory; I need to be able to add the specific user (set by variable at the beginning
  of the script) and three static groups. What is the best way to do that? I can easily grab outside modules if needed (a section of my script checks for and if necessary installs modules and adds snap-ins), but I'd rather keep this 100% PowerShell - no icacls
  or outside commands.
  Any suggestions?
  Thank you in advance.
  [email protected]

  Here's what I came up with for the File System Stuff:
  foreach ($user in $userlist)
  $samaccountname = $user.empid
  $FQN = "domain\" + $samaccountname
  $homedirpath = "\\fileserver\users\$samaccountname"
  new-item -ItemType directory -path $homedirpath -force
  #Set ACLs for user and required groups
  $homedir_acl = get-acl $homedirpath
  $acl_access1 = 'domain\HomeDirectory Admins'
  $acl_access2 = "domain\$samaccountname"
  $fullrights = "Fullcontrol"
  $modifyrights = "Modify"
  $inheritrights = "ContainerInherit,ObjectInherit"
  $rule1 = new-object system.security.accesscontrol.filesystemaccessrule ($acl_access1, $fullrights, $inheritrights, "none", "Allow")
  $rule2 = new-object system.security.accesscontrol.filesystemaccessrule ($acl_access2, $modifyrights, $inheritrights, "none", "Allow")
  $homedir_acl.addAccessRule($rule1)
  set-acl $homedirpath $homedir_acl
  $homedir_acl.addAccessRule($rule2)
  set-acl $homedirpath $homedir_acl
  #Set owner on home directory
  $owner = New-Object System.Security.Principal.NTAccount($FQN)
  $homedir_acl.setowner($owner)
  set-acl $homedirpath $homedir_acl
  [email protected]

• JRE System-level settings does not work - JRE1.6.30

  Good day,
  I need to set deployment.security.mixcode parameter to "DISABLE" within of deployment.properties configuration file.
  Also I wish to place the deployment.properties configuration file is not user-specific path. The default location is
  <User Application Data Folder>\Sun\Java\Deployment\deployment.properties.
  TO change the default location I read about possibility to use the deployment.config for specifying the System-Level
  deployment.properties in the infrastructure.
  Unfortunatelly seems does not work. Someone have got experience about system level settings of deployment.properties?
  This is the configuration I have used.
  deployment.config:
  deployment.system.config.mandatory=FALSE
  deployment.system.config=file/:C:\Program Files\Java\jre6\lib\deployment.properties
  deployment.properties:
  #deployment.properties
  #Fri Feb 17 15:54:57 CET 2012
  deployment.version=6.0
  deployment.capture.mime.types=true
  deployment.browser.path=C\:\\Program Files\\Internet Explorer\\iexplore.exe
  #Java Deployment jre's
  #Fri Feb 17 15:54:57 CET 2012
  deployment.javaws.jre.0.product=1.6.0_31
  deployment.javaws.jre.0.registered=true
  deployment.javaws.jre.0.osname=Windows
  deployment.javaws.jre.0.platform=1.6
  deployment.javaws.jre.0.path=C\:\\Program Files\\Java\\jre6\\bin\\javaw.exe
  deployment.javaws.jre.0.location=http\://java.sun.com/products/autodl/j2se
  deployment.javaws.jre.0.enabled=true
  deployment.javaws.jre.0.osarch=x86
  deployment.security.mixcode=DISABLE <<====
  Thank you in advance
  Adriano C.
  Edited by: user12025469 on Feb 20, 2012 6:23 AM
  Edited by: user12025469 on Feb 20, 2012 7:48 AM

  user12025469 wrote:
  This is the configuration I have used.
  deployment.config:
  deployment.system.config.mandatory=FALSE
  deployment.system.config=file/:C:\Program Files\Java\jre6\lib\deployment.propertiesHm, try using a file URL like this:
  file\:C:/Program Files/Java/jre6/lib/deployment.propertiesI believe that the file is interpreted as a properties file, which means the colon and slashes need to be escaped. This would be it if you want to use a proper Windows path:
  file\:C:\\Program Files\\Java\\jre6\\lib\\deployment.properties

• Creating "help" systems for users (not other LV programmers) - where to start?

  How should one approach giving users a built-in "Help" system?  Users, that is, of a distributed application written in LabVIEW.
  These users ideally would have no way of knowing the application was written in LabVIEW.  To them, this application is just another program.  The way the LabVIEW Help system works would be fine, but all the content would be inappropriate.
  From the docs I see we can write "Descriptions" that show up in context-sensitive help when the user puts the mouse over a control, and a "Tip" that shows up when the context-sensitive help isn't even enabled.  Are these typically the only help features built into a distributed application?
  In the LabVIEW Help there is an article called "Development Process Tips" discussing creating web pages that document the VIs that you create, and another article called "Linking VIs to HTML Files or Compiled Help Files.  Another discusses Creating Compiled Help Files, but refers to third-party software for doing this.  Is this a typical approach for doing a nice job of providing help?
  Or is there some other way to create a Help system that works like the existing LabVIEW help but has content we create?

  Hello,
  Let me take your questions in order:
  Q. How should one approach giving users a built-in "Help" system?
  A. Here's one approach I have used: 
  a). Give all front panel controls and indicators a description so that the context help will show information for those front panel objects, and also for relevant front panel objects a tip - this will pop-up when the user hovers over the object, and can be annoying if it's used excessively, but nice if used where appropriate.
  b). Create html files, one for each "Page" of your user interface, and place a Help button on your user interface which will launch the corresponding document for that "Page."  I'm not sure what your UI is like, but basically if there are multiple front panels the user will see, a page describing each object on that panel, and the panel's purpose is nice.  If you're using a tab control in any of those panels, then a page for each tab is nice as well.
  A variation of b). is to use a so-called compiled help file - a .chm file.  These are only relevant for Windows machines, so if you plan to deploy across multiple OSs, then this is out.  The reason documentation suggests you need a third party tool is because those .chm files basically collect a set of html files together into a nice document, with the usual search, index, browse etc. capabilites and we don't have a product which does this.  The LabVIEW Help on Windows is a nice example of a .chm file.  You can do something SIMILAR with just HTML and javascript, creating at least a contents page which has organized links to the rest of the pages (which themselves can contain links back to the contents page), and even include the ability to search keywords etc.  You'll find various free examples of such html and javascript on the web.
  Once you have your html or compile help file, you can use the LabVIEW Help VIs to launch them.  For chm files you can open the file and direct to a particular page of the chm file, and for html files all you really need to do is launch the relevant html file in the browser of your choice.
  Q. In reference to descriptions and tips for controls/indicators: "Are these typically the only help features built into a distributed application?"
  A. No, the html or chm idea is a nice touch, and can add a professional feel to the application.
  Q. In reference to html or chm files: "Is this a typical approach for doing a nice job of providing help?"
  A. Yes, it is used internally as a standard - chm for windows and html for linux and MAC.
  Q. "Or is there some other way to create a Help system that works like the existing LabVIEW help but has content we create?"
  A. One ideas is that you could implement your help entirely in LabVIEW if you'd like.  Basically you would be launching your own VI or VIs which would show whatever documentation you wanted/created.  You could use a tree structure or something to provide some convenient navigation by topic, and even a search - you would be coding this, and although I haven't done it, it seems like it would be pretty easy to do.
  I hope this helps, and happy LabVIEW programming!
  Best Regards,
  JLS
  Message Edited by JLS on 08-30-2006 01:57 PM
  Best,
  JLS
  Sixclear

• Add an Admin user to external boot drive?

  I installed Mavericks to an external drive; all went well except when I booted from it and tried to add printer drivers it appears I only have a "Standard"-level user account and nothing else (Guest not enabled). I've never seen anything like this before. So, can I somehow add an Admin-level account to this system or should I rip out the carpeting and reinstall? If the latter, what should I do to avoid the same result? I installed using an App Store-downloaded standalone installer from the internal boot drive on my 2009 Mac Mini. Any suggestions most appreciated!

  Update: I tried installing Mavericks on the same drive using a USB install drive (using createinstallmedia via Terminal). Same result--no admin user created. Then it occured to me I was trying all this running 10.8 on my MacMini. I'll assume that's the problem, but anyone with further insights, fire away!

• How can I add an admin user in Oracle Unified Directory (OUD) 11g r2?

  I'm using OUD 11G R2. I just installed OUD with the default setting and setup an instance.  I tried to add an admin user with the command:
      ./ldapmodify -h localhost -p 1389 -D "cn=Directory Manager" -w password --defaultAdd --filename admin.ldif
  Here is the content of admin.ldif
      dn: cn=oimuser,cn=Root DNs,cn=config
      objectClass: inetOrgPerson
      objectClass: person
      objectClass: top
      objectClass: ds-cfg-root-dn-user
      objectClass: organizationalPerson
      userPassword: Oracle123
      cn: oimuser
      sn: oimuser
      ds-cfg-alternate-bind-dn: cn=oimuser
      givenName: OIM User
      ds-privilege-name: -config-read
      ds-privilege-name: -config-write
      ds-privilege-name: -backend-backup
      ds-privilege-name: -backend-restore
      ds-privilege-name: -data-sync
      ds-privilege-name: -disconnect-client
      ds-privilege-name: -jmx-notify
      ds-privilege-name: -jmx-read
      ds-privilege-name: -jmx-write
      ds-privilege-name: -ldif-export
      ds-privilege-name: -ldif-import
      ds-privilege-name: -modify-acl
      ds-privilege-name: -privilege-change
      ds-privilege-name: -proxied-auth
      ds-privilege-name: -server-restart
      ds-privilege-name: -server-shutdown
      ds-privilege-name: -update-schema
      ds-privilege-name: -cancel-request
  I got the error as below:
  The provided entry cn=oimuser,cn=Root DNs,cn=config cannot be added because its suffix is not registered with the network group network-group
  Would you please advise how I can fix that? Thanks

  I got the reason. cn=config is an administrative suffix.
  In general, direct LDAP access to the administrative suffixes (using
  the ldap* utilities) is discouraged. In most cases, it is preferable
  to use the dedicated administrative command-line utilities to access
  these suffixes.
  If you must use the ldap* commands to access the administrative
  suffixes, you must use the administration connector port (with the
  --useSSL or -Z option).
  It works when I use the command:
      ./ldapmodify -h localhost -p 4444 -D "cn=Directory Manager" -w Oracle123 --defaultAdd -Z --filename admin.ldif
  You can verify it by:
      ./ldapsearch -h localhost -p 4444 -D "cn=Directory Manager" -w password --useSSL -b "cn=root DNs,cn=config" "cn=oimuser"

• How can i add a new user and change user'password with javamail?

  how can i add a new user and change user'password from a mailserver with javamail?
  email:[email protected]

  Well user creation and updation is a system property..U need to go through that part...as it depends on the system you are hosting pout your application...
  if it is linux...u have to use some shell programming\
  bye for now let me know if this guides you or if you need some more stuff.
  bye

• System and user status to BW

  Hi all,
  I need to bring system and user statusses to BW (for wbs-elements and cs/pm orders). I'm fairly new to BW and I cannot find any business content regarding statusses. I have varying reporting needs where these statusses are important. Are there any pitfalls in bringing jest and jcds tables to BW. What would be the most logical place to put this information in: ODS-object or infocube? I want to do an initial full load of all these objects with their current status and status history. After that, I want to weekly load   the delta's.
  Any help would be greatly appreciated.
  Ciao,
  Peter

  Hi Peter and welcome to the SDN!
  well depending on your needs, you can extract all status information coming from jest and/or jcds, tj02 and/or tj30 using generic extraction and posting it into a ODS firstly. Additionally please check note 300300 from SAP. It describes how to add the status information to infoobjects.
  regards
  Siggi

• Add userid to user group in Windows Vista OS

  The operating system is WINDOWS VISTA on my machine. I successfully installed Oracle 10 R2 10.2.0.3 and upgraded it to 10.2.0.4.
  I have the following issue after upgrading to 10.2.0.4:
  From the DOS command prompt, I ran as "Run as Administrator" and then did I did sqlplus /nolog.
  I have the following issue when I CONNECT / AS SYSDBA:
  When I do sqlplus /nolog and CONNECT / AS SYSDBA, I get the following error:
  SQL&gt; connect / as sysdba
  ORA-01031 insufficient privileges
  {color:#0000ff}I should be able to CONNECT / AS SYSDBA without using the SYS password to do exports and imports.
  Oracle suggests that I could ADD my userid on my machine to the ORA_DBA group (Windows Group) and this could fix the issue.
  Please let me know where I can find the ORA_DBA group (Windows Group) in WINDOWS VISTA.
  How do I add my userid to the ORA_DBA group in Windows Vista?
  {color}
  Thanks!

  Duplicate Thread.
  Add userid to user group in

• How can I add system font to Acrobat Pro X?

  I tried to use "Edit Document Text" Function. There is an error pop-up as " All or part of the selection has no available system font. You cannot add or delete text using the currently selected font.". How can I add system font to Acrobat Pro X?

  It is referring to the fonts installed on your computer - to edit text within a PDF you must have the same font installed (i.e. one with the same PostScript name). Acrobat doesn't have a separate way to load fonts, you install them in the normal way through your operating system control panel after downloading/purchasing the font files from a vendor.

• Windows SBS 2011 - I can't add a new user through the SBS Console

  I have recently installed SBS 2011 and this is my first install of SBS since 2003.
  After the installation I went to the SBS Console to add a new user and when I select 'Add a new user account' and base it on the Standard User account i get a message saying 'Add a New User Account failed', when i view the details for this it says "The User
  Account cannot be added. Ensure that the Active Directory Domain Services service is running....
  I searched the web for this and found the following which was not applicable http://support.microsoft.com/kb/958890 
  I then resorted to adding the users via AD Users and Computers and the modifying the value in the ADSI for msSBSCreationState to 'Created' and then it appeared in the console, i then used the console to change the user role for this account to Standard User.
  But when i now click on the "Edit User Account Properties" action i get a pop up message from SBS Server saying "There is no such object on the server".
  Any ideas on ow to fix this broken console would be appreciated.
  Thanks,
  Simon

  Hi, using default names i AD will help. For everyone who lost original. grr... 
  http://i.techrepublic.com.com/blogs/february-2011-wstips-tip1-figa.jpg?tag=content;siu-container

• System.getProperty("user.name") not working without /etc/passwd, CentOS 4.3

  Dear all,
  I'm having trouble getting the system property user.name (which we need in our ant scripts) on our CentOS box. :(
  When running the program below thru
  java dumpproperties2
  it prints "user.name='?'" on our CentOS 4.3. On win32 it works. It turns out that if you add the account corresponding to the EUID to /etc/passwd it works correctly. However, we don't use passwd authentication but an enterprise wide LDAP-system. Our /etc/nsswitch.conf says:
  passwd: files ldap
  One work around is to replace the java executable with a script that does
  /path/to/jdk/bin/java -Duser.name=$USER -Duser.home=$HOME $@
  Used jdk is j2se 1.5.0_13 Linux 32-bit.
  Some questions for the experts:
  1) Is there any other way?
  2) Is it a known issue that Linux versions of the jdk just looks in /etc/passwd to map uid to user name (and home dir) instead of doing what the rest of the system, like whoami, does? I haven't found anything in either the readme or installation instructions, nor in the bug db.
  Br, Jesper Tr�g�rdh
  public class dumpproperties2 {
      public static void main(String[] args) {
       String s = System.getProperty("user.name");
       System.out.println("user.name='" + s + "'");
  }

  Does this work?
  //public final class System
  public static String getenv(String name)Then you can access the USER environment from inside Java.

• Setting javaplugin.maxHeapSize -Xmx at system level

  G'day,
  A similar unanswered question has been asked elsewhere
  http://forum.java.sun.com/thread.jspa?forumID=30&threadID=5115738
  I would really like to know whether it is possible to set the default value of javaplugin.maxHeapSize at the System Level (I know how to do it on a per user basis).
  In particular, I am interested in doing this on Windows Vista, where I've read the limit can be as low as 64M (!)
  http://forum.java.sun.com/thread.jspa?forumID=30&threadID=5168556
  I understand that it might not be possible - the heap-size limit is set by the application, e.g. IE7, into which the Plug-In is being embedded. Even so, it can be overridden at the user-level, so why not at the system level?
  Thanks,
  Chris.

  G'day,
  Did you ever find a solution to this problem?
  I'm in a similar boat...
  http://forum.java.sun.com/thread.jspa?threadID=5185445
  Thanks,
  Chris.