Granting an admin write permissions on admin shares through GPO

Hello,
I am currently faced with the challenge of domain admins not being able to write to a folder on the C: drive through admin share. We have an application that requires write permissions on the Windows folder in C: but each time the admin account assigned
for this task tries to write to the Windows folder, an access denied error pops up or the "you do not have permission" error.
Please note that the domain admin is a member of the local admins on all machines in the network too but still fails to write on the specified folder and generally drive C:
How can I grant this domain admin account to have the write permissions please. Anyone?
Thanks

Hi,
If a user account belong to local Administrators account, when only Administrators group has permission on a folder, all admins except Administrator account will not have permission to access it.
This is because all accounts in local Administrators group are working as standard accounts. When an Administrator action need to be performed, a prompt will occurs for permission to promote to admin permission. As only Administartors group has permission on
a folder and the account we are using is working like a standard account, we will be denied from accessing.
A workaround is to create a new group for all admins and give the group enough permission for accessing the target folder.
Or you could run all accounts in Administartors group in Admin mode. See this article:
UAC Group Policy Settings and Registry Key Settings
http://technet.microsoft.com/en-us/library/dd835564(WS.10).aspx
If you have any feedback on our support, please send to [email protected]

Similar Messages

  • Grant change(write) permissions to an already existing bulk shares folder

    Hello,
    We had a server crash (Windows 2003) and I had to bring it up on new VM.  I have used net share to create my shares, however after doing so, the share permissions for "Everyone" are only set to read.  What I need to do is modify the current
    folders so "Everyone" has read/write access. 
    net share    SHARENAME$=''\\servername\d$\folder_path\folder_path\FOLDERtoSHARE''   
    Above is the command I used. How would I grant "Everyone" read/write permissions.  I guess now the question is how do I grant CHANGE (write) permissions to "Everyone" since they can all view their folders, but cannot
    add to or edit them.
    Currently I have to go to the properties of each folder, click Sharing, the Permissions and edit "Everyone" permissions to read/change.  I have a lot of folders and this could take awhile doing it manually.  I know I'm close, just cant
    find the right syntax.
    Please help!
    Thanks
    Cheston

    This is the powershell forum; are you looking specifically for a powershell solution? If so, what powershell commands have you tried so far? If not, try a forum more specific to your problem space.
    Al Dunbar -- remember to 'mark or propose as answer' or 'vote as helpful' as appropriate.

  • Apply to enclosed items Read & Write permissions on admin accnt not holding

    Hi,
    I have been having nightmares with Mac Office saying database was not present and firefox giving me error 228.
    After much to and froing i realised that my main admin user account had read and write permissions but they weren't applied to enclosed items (well not all of them). Once applied and without rebooting, everything worked fine again.
    However, when rebooting same issues arose. When re applying permissions to enclosed items things work again just fine.
    Any idea what is wrong? How can I make these permissions hold permanently or what sort of script or anything would make them not hold?

    never use "apply to enclosed items" on ANY system created folders. that includes your home directory, your desktop folder, Applications folder etc. use it ONLY on folders you make yourself.
    system created folders often have hidden ACLs and using "apply to enclosed items" will propagate those ACLs to everything inside, usually with highly unpleasant results. In particular, you home folder has hidden "everyone deny delete" ACLs. using "apply to enclosed items" on it will force you to authenticate any time you want to modify anything inside your home folder.
    to fix permissions and acls on your home directory use this link
    http://support.apple.com/kb/TS1334?viewlocale=en_US
    However, the ACL resetting utility mentioned in the link is buggy and changes the groups on anything it touches in your home directory to wheel (to which you don't even belong). therefore, after following the instructions in that link run the following terminal command (copy and paste please)
    chgrp -R `id -gn` ~

  • Granting an admin rights to view and execute a task with user actions

    I am trying to grant an admin the rights to view and execute a new task that i have created from the search results and user actions applet.
    I have added an auth type to the authorization types configuration object with the following:
    <AuthType name="terminateUser" extends="TaskDefinition,TaskInstance,TaskTemplate"/>
    I created a new task and assigned it this auth type. I then created the new admin group and assigned the following permissions:
    <Permission type='terminateUser' rights='View'/>
    I then added this capability to the admin role to which the user has been assigned. This admin role also has the view user capability and has been assigned to the top level of this organization as a controlled organization.
    I also added the task to the user actions configuration so that the menu item appears in the context menu and on the find users page.
    The user can see all users but cannot see the new task. The only thing that is visible is the "view" menu item.
    I have other users that have lots more capabilites that can execute this task with no problems. I am wondering if the view user capability is the problem or is there some other capability that anyone knows of that I must add in order to allow this admin role to view and execute this task.
    Thanks,
    Ruth

    BTW, the answer is to restart the app server. Duh!
    Ruth

  • CCM.LOG Showing Errors Connecting to Server (Error 5 - Access Denied) to \\\admin$ Share

    Hi All!
    We are encountering what I think would be a normal error in most cases if a client is unavailable or offline.  During client push, we are receiving errors connecting to a NULL value in the log (\\\admin$) as opposed to an actual client:
    Under normal circumstances, the log should read as follows:
     Attempting to connect to administrative share
    \\<machine_name>\admin$ using <Client Push Account>.
    What we are running into is a repeating error (with some processed CCR records in between) that shows as follows:
    ~ Doing Account Cleanup Operation .... SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:14 AM 8612 (0x21A4)
    ~ Processing domain DOMAIN1 SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:14 AM 8612 (0x21A4)
    ~ Trying each entry in the SMS Client Remote Installation account list SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:14 AM 8612 (0x21A4)
    ~ Attempting to connect to administrative share '\\\admin$' using account 'DOMAIN3\clientpush_service_account' SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account DOMAIN3\clientpush_service_account (000004b3) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ WNetAddConnection2 failed (LOGON32_LOGON_INTERACTIVE) using account DOMAIN3\clientpush_service_account (000004b3) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ Attempting to connect to administrative share '\\\admin$' using account 'DOMAIN2\clientpush_service_account' SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account DOMAIN2\clientpush_service_account (000004b3) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ WNetAddConnection2 failed (LOGON32_LOGON_INTERACTIVE) using account DOMAIN2\clientpush_service_account (000004b3) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ Attempting to connect to administrative share '\\\admin$' using account 'DOMAIN1\clientpush_service_account' SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account DOMAIN1\clientpush_service_account (000004b3) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ LogonUser failed (LOGON32_LOGON_INTERACTIVE) using account DOMAIN1\clientpush_service_account (00000775) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ Attempting to connect to administrative share '\\\admin$' using machine account. SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ Failed to get token for current process (5) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ ERROR: Failed to connect to the \\\admin$ share using account 'Machine Account' SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ Failed to connect to Server. Error 5 SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ Processing domain DOMAIN2 SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ Trying each entry in the SMS Client Remote Installation account list SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ Attempting to connect to administrative share '\\\admin$' using account 'DOMAIN3\clientpush_service_account' SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account DOMAIN3\clientpush_service_account (000004b3) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ WNetAddConnection2 failed (LOGON32_LOGON_INTERACTIVE) using account DOMAIN3\clientpush_service_account (000004b3) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ Attempting to connect to administrative share '\\\admin$' using account 'DOMAIN2\clientpush_service_account' SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account DOMAIN2\clientpush_service_account (000004b3) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ WNetAddConnection2 failed (LOGON32_LOGON_INTERACTIVE) using account DOMAIN2\clientpush_service_account (000004b3) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ Attempting to connect to administrative share '\\\admin$' using account 'DOMAIN1\clientpush_service_account' SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account DOMAIN1\clientpush_service_account (000004b3) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ LogonUser failed (LOGON32_LOGON_INTERACTIVE) using account DOMAIN1\clientpush_service_account (00000775) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ Attempting to connect to administrative share '\\\admin$' using machine account. SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ Failed to get token for current process (5) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ ERROR: Failed to connect to the \\\admin$ share using account 'Machine Account' SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ Failed to connect to Server. Error 5 SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ Processing domain DOMAIN3 SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ Trying each entry in the SMS Client Remote Installation account list SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ Attempting to connect to administrative share '\\\admin$' using account 'DOMAIN3\clientpush_service_account' SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account DOMAIN3\clientpush_service_account (000004b3) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ WNetAddConnection2 failed (LOGON32_LOGON_INTERACTIVE) using account DOMAIN3\clientpush_service_account (000004b3) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ Attempting to connect to administrative share '\\\admin$' using account 'DOMAIN2\clientpush_service_account' SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account DOMAIN2\clientpush_service_account (000004b3) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ WNetAddConnection2 failed (LOGON32_LOGON_INTERACTIVE) using account DOMAIN2\clientpush_service_account (000004b3) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ Attempting to connect to administrative share '\\\admin$' using account 'DOMAIN1\clientpush_service_account' SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account DOMAIN1\clientpush_service_account (000004b3) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ LogonUser failed (LOGON32_LOGON_INTERACTIVE) using account DOMAIN1\clientpush_service_account (00000775) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ Attempting to connect to administrative share '\\\admin$' using machine account. SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ Failed to get token for current process (5) SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ ERROR: Failed to connect to the \\\admin$ share using account 'Machine Account' SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ Failed to connect to Server. Error 5 SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    ~ Account Cleanup Operation Completed successfully. SMS_CLIENT_CONFIG_MANAGER 10/2/2013 10:46:15 AM 8612 (0x21A4)
    We have Three Domains (Domain1, Domain2, and Domain3) with service accounts specified in the Client Push Installation Client properties. 
    I don't know if there is an entry (or entries) in the SCCM database that are NULL or blank that is generating these errors. 
    \\\admin$ indicates, to me, that there is a missing machine name that should follow the two \\ and before the \admin$.  Obviously we aren't going to be able to connect to a machine with no name (hence the Failed to Connect to Server.  Error
    5). 
    Is there a way to clean the database of these empty records and fix this recurring error?  It repeats every 15 minutes.
    Thank you!

    Yes, I know this is an old post, but I’m trying to clean them up.
    I would review the CM07 console to see if there are any device without a netbios name. It will be these device that are cause you problems.
    Garth Jones | My blogs: Enhansoft and
    Old Blog site | Twitter:
    @GarthMJ

  • Reader 9.3.0 admin share updated to 9.3.1 issue

    Hi,
    I have the admin share of Reader 9.3.0 and updated it with the MSP patch 9.3.1. It installs on a clean machine fine.
    If it sees Reader 9.3.0 installed, it errors out and says Another version of this product is already installed.
    My admin share has a custom MST and I wanted to make sure users who updated or downloaded 9.3.0 got my
    customized version of 9.3.1. It appears that I woud have to uninstall 9.3.0 and install 9.3.1 to get my customized version.
    The other choice is to detect 9.3.0 and install the MSP to the machine. This isn't very corporate and would result in some
    machines not getting my customized install.
    I have tried to repair the 9.3.0 with the 9.3.1 install with REINSTALLMODE=OMUS REINSTALL=ALL...etc. This didn't help.
    Anybody have any ideas. I can always uninstall 9.3.0, but it seems more work. Also, the 9.3.1 updated full install will upgrade 9.1.0 version just fine and this has the same MSI GUID as 9.3.0.
    Anyone have any thoughts or ideas why a 9.3.0 install will not update/upgrade to 9.3.1 when the Patched 9.3.0 admin share is updated to 9.3.1?
    It appears just machines with 9.3.0 installed on them are going to be an issue.
    Thanks,
    Jeff Little

    Hi,
    we have exactly the same problem here and I also figured out, that the GUID seems to be the one from Adobe Reader 9.1. Is there any chance to update an administrative installation to 9.3.1 without uninstalling installed 9.3.0? In my opinion, an administrative installation will be made to avoid uninstalling on the client side, so hopefully Adobe will soon publish a patch which can be used  with an administrative share.
    Thanks,
    Stephan

  • Mac Mini Sever - Public Share - how enable read and write permissions for new remote files

    Hi,
    this Sunday a friend ask me to help hum with a problem on is Man Mini Server. He has a small office and uses the mini server to share a public folder to all his employees.
    Everyone that creates a file, saves it to the public folder at the mini mac.
    That problem is that, who creates the file owns it and remains with read-only permissions to everyone else. The owner has to change the file permission in order to the rest of the employees can work on it.
    I do not know mac arquitecture, I only work with windows and linux, but i suspect the principles are the same.
    We try to create another folder , and share it, but it happens the same. Have you any ideas on what is wrong?
    I suspect it has anything to do with de file Sharing at the mini mac, but it has read and write permissions for everyone.
    Thanks for your help.

    signed applet. You aren't going to find any easy way to distribute that policy file to users, and that policy file, if you asked me to put it on my PC, I'd tell you to take a flying leap. That would open any applet to access.

  • Is it can grant an admin right for special application ?(No Runas as Administrator)

    Dear All
    Background: We have an application which run on users group in server 2000 SP4 is normal.
    We want upgrade the OS to Win7 , on the Win7 the application can not launch on normal users group.
    I was try the properties of compatibility to server 2000 and choose "Run this program as an administrator" and edit the regedit key permission , both of all is not work on my case.
    It is ok right-click the application and runas as administrator, but on the other hand I find runas administrator has some other error with the application.
    May I know is it has a method can grant the admin right to special user when running special application ?
    Regards All

    Hi,
    What application can not run in Windows 7? I think there is a application compatibility issue, so please attempt to run Program Compability troubleshooter.
    Also, you said you got some error while you ran as administrator with runas command. And what are the errors?
    RUNAS /user:<Username> Program
    Based on my knowledge, we cannot grant the special user with admin right unless you add this special user to Administrators group. When a special user is running a application requiring administrator permission, it will prompt to input administrator username
    and password.
    Andy Altmann
    TechNet Community Support

  • Grant with Admin Option

    I have create a role TD_ADM and would like grant the object privileges such as select, insert, update etc... to TD_ADM role with admin option.
    here is grant that i am trying to grant to TD_ADM.
    grant select on foo.dept to td_adm with admin option;
    i get the ora-00993 error missing grant keyword.
    i know we can do for system grants with admin option, but can we do to object privileges?
    Thanks....

    With Admin option:
    Only for system privileges, not object privileges.
    You can use With Grant option.
    For review:
    [http://www.dba-oracle.com/t_with_grant_admin_privileges.htm]

  • How does sccm access admin shares on workgroup computers???

    Hey guys, how does sccm access admin shares on workgroup computers??? I know that in software distribution component i can add domain account that is used by client to access dp's and stuff. I have some workgroup computers that have client installed
    manually by someone who has access to sccm server with domain account. But that is only used for install but what about later?

    Hi,
    the SCCM Site server will never access the client directly only when you use Client Push and in client push settings you can define local administrator accounts and passwords to try as well when you push out the client.
    If you install the sccm client manually you don't have to worry about access to any shares on workgroup computers.
    Regards,
    Jörgen
    -- My System Center blog ccmexec.com -- Twitter
    @ccmexec

  • Access admin share from Users account. UAC into admin.

    Server 2012 R2 domain.
    I want USERS to be able to UAC into Admins and access Admins shares.
    To be clear: I want to type \\svr1.horse.local\c$ from a USER account without Admin rights, to be able to access that share.
    I have added LocalAccountTokenFilterPolicy, and set it to 1. No difference, and yes I have restarted. :)

    Hi,
    Another way to access Administrative Shares is to Disable UAC Admin Approval mode for all administrator accounts.
    Checkout the below link for article on Access Denied for Admin Shares, Disabling the UAC restrictions and Disabling UAC Admin Approval mode,
    http://4sysops.com/archives/access-denied-to-administrative-admin-shares-in-windows-8/ 
    Regards,
    Gopi
    JiJi
    Technologies

  • Granting read/write permissions on Oracle Server processes

    Hi
    I'm trying to set up a BFILE datatype in a table. I have created the directory and the current user has permissions to read and write to that folder. (The current user has the create any directory permission granted). The insert statement does not give an error but when I look at the table the BFILE column contains an error of <Value Error>.
    I suspect it may be because the current user does not have server read/write permissions on the directory I'm using. Can anybody help me with a correcting this please?
    Here is what I've used so far:
    CREATE or replace DIRECTORY pic_dir AS 'c:\temp'
    INSERT INTO picture (pic_id, filename)
    VALUES (1, bfilename('pic_dir', 'image1.jpg'))

    Many thanks for the reply.
    I am using the procedure as below (formats better if copied into Notepad). Gives me an error of "ORA-22285: non-existent directory or file for FILEOPEN operation" referring to the line containing the DBMS_LOB.FILEOPEN command.
    I suspect there is something wrong with the SELECT statement because I can get the procedure to run fine on the text file if I provide the BFILE location directly into the bfile_loc variable (as opposed to using the SELECT statement to retrieve it from the db).
    I created a directory: CREATE OR REPLACE DIRECTORY pic_dir AS 'C:\temp'
    I then created a table: CREATE TABLE picture (pic_id NUMBER, filename BFILE)
    Next I added a row: INSERT INTO picture VALUES(1, BFILENAME('pic_dir', 'testfile.txt'))
    CREATE OR REPLACE PROCEDURE read_bfile IS
    sep_char CONSTANT RAW(100) := UTL_RAW.CAST_TO_RAW(CHR(32));      --separating character (space)
    end_file CONSTANT RAW(100) := UTL_RAW.CAST_TO_RAW(CHR(10));      --end of file character (new line)
    bfile_loc BFILE;                               --pointer to BFILE
    cur_pos NUMBER := 1;                          --current position in file
    char_read BINARY_INTEGER := 0;                     --number of characters read
    read_buff VARCHAR2(500);                          --read buffer
    end_word NUMBER;                              --end of current word
    ret_val BOOLEAN := FALSE;                         --return value
    BEGIN
    select filename into bfile_loc from picture where pic_id = 1;
    DBMS_LOB.FILEOPEN(bfile_loc, dbms_lob.file_readonly);
    LOOP
    -- establish end of current word
    end_word := DBMS_LOB.INSTR(bfile_loc, sep_char, cur_pos, 1);
    -- process end-of-file
    IF (end_word = 0) THEN
    end_word := DBMS_LOB.INSTR(bfile_loc, end_file, cur_pos, 1);
    char_read:= end_word - cur_pos - 1;
    DBMS_LOB.READ(bfile_loc, char_read, cur_pos, read_buff);
    dbms_output.put_line(UTL_RAW.CAST_TO_VARCHAR2(read_buff));
    EXIT;
    END IF;
    -- read until end-of-file
    char_read:= end_word - cur_pos;
    DBMS_LOB.READ(bfile_loc, char_read, cur_pos, read_buff);
    dbms_output.put_line(UTL_RAW.CAST_TO_VARCHAR2(read_buff));
    cur_pos := cur_pos + char_read+ 1;
    END LOOP;
    DBMS_LOB.CLOSE(bfile_loc);
    END;

  • How do you create default Read/Write Permissions for more than 1 user?

    My wife and I share an iMac, but use separate User accounts for separate mail accounts, etc.
    However, we have a business where we both need to have access to the same files and both have Read/Write permissions on when one of us creates a new file/folder.
    By default new files and folders grant Read/Write to the creator of the new file/folder, and read-only to the Group "Staff" in our own accounts or "Wheel" in the /Users/Public/ folder, and read-only to Everyone.
    We are both administrators on the machine, and I know we can manually override the settings for a particular file/folder by changing the permissions, but I would like to set things up so that the Read/Write persmissions are assigned for both of us in the folder for that holds our business files.
    It is only the 2 of us on the machine, we trust each other and need to have complete access to these many files that we share. I have archiveing programs running so I can get back old versions if we need that, so I'm not worried about us overwriting the file with bad info. I'm more concerned with us having duplicates that are not up to date in our respective user accounts.
    Here is what I have tried so far:
    1. I tried to just set the persmissions of the containing folder with us both having read/write persmissions, and applied that to all containing elements.
    RESULT -> This did nothing for newly created files or folders, they still had the default permissions of Read/Write for the creating User, Read for the default Group, Read for Everyone
    2. I tried using Sandbox ( http://www.mikey-san.net/sandbox/ ) to set the inheritance of the folder using the methods laid out at http://forums.macosxhints.com/showthread.php?t=93742
    RESULT -> Still this did nothing for newly created files or folders, they still had the default permissions of Read/Write for the creating User, Read for the default Group, Read for Everyone
    3. I have set the umask to 002 ( http://support.apple.com/kb/HT2202 ) so that new files and folders have a default permission that gives the default group Read/Write permissions. This unfortunately changes the default for the entire computer, not just a give folder.
    I then had to add wife's user account to the "Staff" group because for some reason her account was not included in that. I think this is due to the fact that her account was ported into the computer when we upgraded, where as mine was created new. I read something about that somewhere, but don't recall where now. I discovered what groups we were each in by using the Terminal and typing in "groups username" where username was the user I was checking on.
    I added my wife to the "Staff" group, and both of us to the "Wheel" group using the procedures I found at
    http://discussions.apple.com/thread.jspa?messageID=8765421&#8765421
    RESULT -> I could create a new file using TextEdit and save it anywhere in my account and it would have the permissions: My Username - Read/Write, "Staff" or "Wheel" (depending on where I saved it) - Read/Write, Everyone - Read Only, as expected from the default umask.
    I could then switch over to my wife's account, open the file, edited it, and save it, but then the permissions changed to: Her Username - Read/Write, (unknown) - Read/Write, Everyone - Read Only.
    And when I switch back to my account, now I can open the file, but I can't save it with my edits.
    I'm at my wits end with this, and I can believe it is impossible to create a common folder that we can both put files in to have Read/Write permissions on like a True Shared Folder. Anyone who has used windows knows what you can do with the Shared folder in that operating system, ie. Anyone with access can do anything with those files.
    So if anyone can provide me some insight on how to accomplish what I really want to do here and help me get my system back to remove the things it seems like I have screwed up, I greatly appreciate it.
    I tried to give as detailed a description of the problem and what I have done as possible, without being to long winded, but if you need to know anything else to help me, please ask, I certainly won't be offended!
    Thanks In Advance!
    Steve

    Thanks again, V.K., for your assistance and especially for the very prompt responses.
    I was unaware that I could create a volume on the HD non-destructively using disk utility. This may then turn out to be the better solution after all, but I will have to free up space on this HD and try that.
    Also, I was obviously unaware of the special treatment of file creation by TextEdit. I have been using this to test my various settings, and so the inheritance of ACLs has probably been working properly, I just have been testing it incorrectly. URGH!
    I created a file from Word in my wife's account, and it properly inherited the permissions of the company folder: barara - Custom, steve - Custom, barara - Read/Write, admin - Read Only, Everyone - Read Only
    I tried doing the chmod commands on $TMPDIR for both of us from each of our accounts, but I still have the same behavior for TextEdit files though.
    I changed the group on your shared folder to admin from wheel as you instructed with chgrp. I had already changed the umask to 002, and I just changed it back to 022 because it didn't seem to help. But now I know my testing was faulty. I will leave it this way though because I don't think it will be necessary to have it set to 002.
    I do apparently still have a problem though, probably as a result of all the things I have tried to get this work while I was testing incorrectly with TextEdit.
    I have just discovered that the "unknown user" only appears when I create the a file from my wife's account. It happens with any file or folder I create in her account, and it exists for very old files and folders that were migrated from the old computer. i.e. new and old files and foders have permissions: barara - Read/Write, unknown user - Read Only, Everyone - Read Only
    Apparently the unknown user gets the default permissions of a group, as the umask is currently set to 022 and unknown user now gets Read Only permissions on new items, but when I had umask set to 002, the unknown user got Read/Write permissions on new items.
    I realize this is now taking this thread in a different direction, but perhaps you know what might be the cause of this and how to correct or at least know where to point me to get the answer.
    Also, do you happen to know how to remove users from groups? I added myself and my wife to the Wheel group because that kept showing up as the default group for folders in /Users/Shared
    Thanks for your help on this, I just don't know how else one can learn these little "gotchas" without assistance from people like you!
    Steve

  • VMWare - Hyper-V Conversion Failed: Does Not Have Write Permissions

    Hey Guys - 
    Today I've been trying to convert a VM from VMWare Workstation to Hyper-V.  I have it in VMWare Workstation and not ESX because I'm working from home currently.  My Hyper-V server is also local and hosted on a new Windows Server 2012 R2 build.
    When I try to convert it at the end of the process, I get the below error:
    Blocking Issue(s):
    1: UNC Path "\\192.168.0.10\VDisks\Nagios Log Server" is not valid or does not have write permissions
    Warnings(s):
    1: The number of USB devices configured on the VMWare guest machine is 1.  The USB device (window cuts off here)
    2: The video memory configured on the VMware guest machine is greater than 4 MB.  The vid (window cuts off here)
    Below is a screenshot:
    Environment
    - Hyper-V server is on a separate system running Windows Server 2012 R2
    - VMWare Workstation is on the PC I'm running the converter on.  The source VM is shared and I have Workstation configured to share on port 444 (443 is taken)
    - Hyper-V Server is on domain - VMWare Workstation Computer is NOT joined to that domain - however - when choosing VM I connected with the domain credentials and browsed to select target folder - not just typed it in.
    - I'm using Domain Admin credentials and the VDisks share is set to have full access to the account
    - I can connect to target share via Explorer and write files / create folders successfully
    - VMWare Workstation version 11 running on Windows 8.1 Update 1 x64
    Any ideas or suggestions?  Thanks!
    Ben K.

    Hi,
    in my case it worked when the Server(-VM) on which we installed the MVMC AND the target-file server were joined to the domain.
    We also created a domain account, which has write-permissions to the target fileshare. We used this domain account for logon on the MVMC-machine and for running the MVMC Wizard.
    Hope that helps
    Regards
    Robert

  • Image / file upload error         cannot upload image even after setting write permissions

    Hi there everyone
    I am having this problem when I try to upload a file (image file) to my server
    I have a dynamic for working fine , all the other fields insert the information ok then I try to add an image upload behaviour to a file field
    When I try to upload the file I get this error
    Error:
    An error occurred while inserting the records.
    File upload error: File upload error. Error creating folder..
    File upload error. Internal error.
    Developer Details:
    tNG_multipleInsert error.
    An error occurred while inserting the records. (MINS_ERROR)
    File upload error: PHP_UPLOAD_FOLDER_ERROR
    File Upload Error. No write permissions in "../../productimages/" folder.
    (FILE_UPLOAD_ERROR)
    So I login to my server and change the write permissions to 777 and then try again and get the same message
    I have closed DW and tried again and still get the same message......
    I think I have followed all the steps correctly..... I have done the same type of forms many time and tested them locally on WAMP testing server and all work ok......
    So..... Anyone got any ideas
    Any help would be great
    Have a nice day

    On 5/17/07 4:26 PM, in article [email protected],
    "Gü[email protected]" <> wrote:
    >
    > To my experience servers behave differently -- on some I really had to use
    > 777, others are happy with 755.
    >
    > in regards to "any user" :: On most ADDT respectively MX Kollection - based
    > backends I made the image & file upload feature available to user having e.g.
    > the "levels" 1 & 2, but not 3 -- I wouldn´t expose something like this to all
    > users
    >
    > Günter Schenk
    > Adobe Community Expert, Dreamweaver
    My backend is only for admin, so they are the only ones who can access the
    upload pages. My concern is an images folder on the site being 777. Can't
    anyone from the outside plant a file in that folder if they just know where
    to find it using an ftp program? ?

Maybe you are looking for

  • What are the best coding technics which will avoid performance problems

    Hi Experts What are the best coding technics which are avoiding memory problems and performance problems Some times one of few reports are taking too much time to executing while handling large data. 1.What are the best way to declare a internal tabl

  • ComponentW​orks locking up NT

    I have a really strange problem. We use ComponentWorks 2.0 in your VC++ software. When there are lots of CWGraph objects being displayed (> 30) the system will eventually hang. The plots stop updating and go black. A few areas in the plots flicker du

  • How do you gather all addresses...

    How do you gather all email addresses in your IN box in Apple Mail?

  • Has anyone experienced problems moving from ModileMe to iCloud?

    I have MobileMe installed on my iMac 27.  When I try to switch over to iCloud I get an iCloud window that that has a button that says "Move to iCloud".  When I select the button I'm asked to reenter my passward as though I attempting to use the "Find

  • Running Email Subscriptions in Parallel

    We are experiencing and interesting issue with one of our SSRS (2008R2) Instances. This instance is only used to send emails with data driven subscriptions. Currently we have two jobs that, one that runs daily in the morning, and another that runs ev