Granting users Site admin to All site collections and/or Adding an o365 group by email to site admin group on all Site collections

Similar Messages

• User is not present any sharepoint group,But user has permissions to all subsites(almost user has admin permissions)

  I am having sharepoint site.one of the user is not present in any sharepoint group and also not present in site collection administrators but user has all the permissions in the site.Some members who are in the owner group(full control) also
  does not have permissions to add new users to some groups but the user who is not present in any group has permission to add new users also.How this user is able to access?.But user is present in people and groups

  HI
  First find out from where user getting permission.
  Hi 
  You can use get-spuser for the same.
  Listing All the SharePoint Groups to Which a User Belongs
  To list all the SharePoint groups to which a user belongs, you first need to find that user's SPUser object:
  $user = Get-SPUser -Web http://server/sites/yoursite |
    Where {$_.LoginName -LIKE "*|DOMAIN\SAMC"}
  Once you have this object, you can scan all the site collections in the farm and find all the groups to which the user belongs:
  Get-SPSite -Limit All |
    Select -ExpandProperty RootWeb |
    Select -ExpandProperty SiteUsers |
    Where { $user.UserLogin -EQ $_.LoginName } |
    Select -ExpandProperty Groups |
    Select Name, {$_.ParentWeb.Url}
  below link refer the same.
  http://sharepointpromag.com/sharepoint-2013/exploring-sharepoint-users-groups-and-security-using-powershell
  Hope this help you to find out user group
  Regards, Rajendra Singh If a post answers your question, please click Mark As Answer on that ost and Vote as Helpful http://sharepointundefind.wordpress.com/

• Opitons +indexes for /Users/*/Sites

  I want to enable directory listings (i.e., Options +Indexes) for folders served from users's home folders.
  The following is a list of things I've tried, all result in a Error 403 to the browser, and an entry in /var/long/apache2/error_log similar to: "[Tue Feb 01 22:30:16 2011] [error] [client $ip] Directory index forbidden by Options directive: /Network/Servers/$server/Users/$user/$dir/
  - Selecting 'Folder Listing' in Server Admin under Web > Sites for the server.
  - Selecting 'Allow All Overrides' on the same page and adding "Options +Indexes" to a .htaccess file in the directory where a listing is desired.
  - Adding a directory section to /etc/apache2/httpd.conf and/or /etc/apache2/sites/0000any_80$server.conf similar to:
  <Directory "/Users/*/Sites">
  Options +Indexes
  AllowOverride All
  </Directory>
  autoindex_module and userdir_module are enabled and working as far as I can tell. Files from /Users/*/Sites are being served as desired. I have restarted apache after making changes both with `sudo apachectl graceful`, and via Server Admin.

  can you please explain how you fixed this... i would like directory listing available for my account.
  $ cat /etc/apache2/users/scarf.conf
  <Directory "/Users/scarf/Sites/">
      Options Indexes MultiViews
      AllowOverride None
      Order allow,deny
      Allow from all
  </Directory>
  $

• .htaccess file in ~user/Sites directory

  Hello all,
  I'm having trouble getting a .htaccess file to work in my user directory (~/rwilson4/Sites/private, to be specific). They've always worked just fine in any subfolder of /Library/Webserver/Documents/, but they're not being recognized in my personal Sites folder. Here is my rwilson4.conf file:
  ]<Directory "/Users/rwilson4/Sites/">
  ] Options Indexes MultiViews
  ] AllowOverride All
  ] Order allow,deny
  ] Allow from all
  ]</Directory>
  ]# AccessFileName .htaccess
  I put that last line in because I wasn't sure if it was needed. I've tried it with and without the comment (and of course stopping and restarting the server with httpd graceful)
  I copied the .htaccess directly from one that currently works, but if anyone thinks that might be the problem, I could post that too.
  If anyone has any ideas, I'd be grateful for the feedback.
  Sincerely,
  Robert

  The user sites in Apache are configured much differently than the main site by default. One of the differences is authorization. The user sites section of httpd.conf will need changing to make it more like the main server section.
  Roger

• After update finished-browser will not load on user site

  i upgraded to firefox 4 from 3.6. when the upgrade finished- the browser will not load on one of my user sites. the upgrade froze half way through and the computer restarted on that site. no matter how many times i try to finish the upgrade, it gives me the same results- the browser will not load even though the upgrade window tells me it is finished-every time i try to open the browser window it never comes up

  I googled my problem and found myself at some place with a link
  This was not an Adobe Forum.
  I clicked the link (legitimate) and the update was perfect.
  When I first went to adobe to update , it failed. Gave me some error thing.[ I never update from a popup.]
  Only from the real website. I tried to get help from chat and they referred me to the forum where I guess you found my question.
  I hope this helps someone. All is good now.

• Enabling user Sites folder

  I would like to enable the "old style" http://my.server.org/~username configuration so users can share the contents of their Sites folder in OS X Mavericks server.
  So far I have succeeded in getting it to work for Open Directory users by editing /Library/Server/Web/Config/apache2/httpd_server_app.conf and uncommenting these two lines:
  Include /private/etc/apache2/extra/httpd-userdir.conf
  and
  LoadModule apple_userdir_module ${SERVER_INSTALL_PATH_PREFIX}/usr/libexec/apache2/mod_userdir_apple.so
  Once I did that Local Network Users' (Open Directory Users) sites are accessible at http://my.server.org/~username but sites of Active Directory users are not.
  Does anyone have any suggestions?

  Using your text editor, create a new document. Type following text
  <Directory "/Users/username/Sites/">
  Options Indexes MultiViews
  AllowOverride None
  Order allow,deny
  Allow from all
  </Directory>
  where you replace username by your username. Save it as a text document on your Desktop with name username.conf
  Go to Finder, select Go menu, Go to folder item. Type /etc/apache2/users. A Finder window will open. Drag your username.conf file from the Desktop to this folder.
  Authenticate when ask.
  That's all.
  You probably (not sure) will have to stop and start Web sharing (in Preferences) to access your personal site
  http://servername_oraddress/~username/
  Hope this helps.

• I want to enforce MCX computer policies, but all my users are admins...

  Hi Jim
  I have an interesting situation that maybe you have dealt with in the past. Maybe I can pick your brain. I am very familiar with Mac OS X, but new to MCX and OD.
  I am deploying ~200-400 Macs in Q1 08. All of them will be Intel iMacs running 10.5.x (Leopard). I am going to be running both AD (for authentication/authorization) and OD (for MCX). My OD servers will be running Leopard Server (Xserves)
  I want to manage all of the Mac computers via MCX. One gotcha: My CIO has insisted that all the Mac users will be administrators. Rather than trying to manually set each user up as a local admin, I have created a AD group called "Mac Power Users" and each user that gets a Macintosh system will be in this group. My master Netinstall Mac image is set to acknowledge the AD "Mac Power Users" group as a valid admin group via the Directory Utility, and thus any Mac bound to AD will see the Mac AD effectively users as administrators. Dont ask why I have to do this - its a political issue and even our current 400 Windows XP desktops are setup like this too. Grrr.
  Anyway - I want to manage basic settings via OD/MCX like automounts, Web proxies, loginwindow settings & maybe printers too. Mostly computer based policies, not much user or group level policies will be needed (I hope)
  Question: If all my users are considered local admins based on the AD "Mac Power Users" group, will they override my OD/MCX policies? If so, is there any way to allow them to be admins but still enforce computer policies via MCX?
  Its the chicken and the egg!
  TIA

  Hi
  If I understand you correctly then you should be able to do this using computer lists. Don’t be tempted to use or delete the default ones already there, create a new one instead and add all of your clients to that list. You can use the diaresis (3 dots) button to discover all of your clients (they have to be turned on and have unique names eg: iMac01, iMac02 etc). Its actually better if you manually add the clients to the list by collating all the MAC addresses. Although if you use the Server’s DHCP Service then you can generally get away without doing this. You should also disable automatic logins.
  Apply managed preferences from there.
  Managed preferences applied to computer lits are applied to the hardware and as such it will not matter whether network or local users are admins or not. You’ll also notice that there are a few extra settings that can be managed at computer level that are not available in either Users or Groups. Login Window and Energy Saver settings for example. The order in which MCX are applied are Users, Computer Lists and Groups. Managed preferences are also accumulative.
  Tony

• HT2542 Hi, I created a new user on mac, Admin but i can't use adobe CS6 while the original user is admin too and all programs are running normal. How can i solve this problem?

  Hi, I created a new user on mac, Admin but I can't use adobe CS6 while the original user is admin too and all programs are running normal. How can I solve this problem?

  Hi Amanda,
  Software applications are usually installed in the Applications folder on the Macintosh HD and are accessible to all users.
  I would advise you to check the Applications folder and see if your software is in there.
  Next step would be to Control Click or Right Click on the application and choose "Get Info" and make sure the permissions are set to "Read & Write" for all users. The article below provides more details:
  Troubleshooting permissions issues in Mac OS X
  http://support.apple.com/kb/ht2963
  You may need to contact Adobe Support if this does not resolve your issue:
  http://helpx.adobe.com/photoshop.html
  Hope this information helps!
  - Judy

• Grant user admin rights, install itune, ungrant rights?

  On Windows XP, installing iTunes requires admin rights. However, it is not good to use an admin account for regular work. For the Palm Desktop, the workaround was to grant admin rights to the user account, install the application using the user-turn-admin account, then ungrant admin rights. Will this last step cause problems for iTunes, or does iTunes require admin rights for its regular operation (outside of being installed)?

  Actually, I can't find the thread! But the solution is that installing it as Admin still lets it be used by other user accounts, and each user account.

• User sites unreachable after weekly script run

  Server 10.3.9 on both my webserver and on my Xserve with RAID where my user sites are hosted.
  I have sites hosted directly on my webserver and my user sites are served through the webserver but site on the Xserve, shared through Open Directory.
  Everything works awesome except every Saturday morning, after the weekly script runs on both machines at 4:30 a.m., my users sites are no longer available through the webserver. If I reboot the webserver they come back just fine.
  I've looked through the weekly script and nothing was obvious to me that would break this connection.
  Has anyone else seen this?
  Thanks
  Eric

  Thanks for these tips. I've tried them and a few other things...
  It sounds, and I may be wrong, like you're proxying
  through your webserver to your file server for the
  user sites. The first thing will be to find out
  which machine is getting goofed up.
  Tomorrow, see if your regular websites are accessible
  after the script runs.
  The user sites are not available this morning through my webserver, as has been the case since installing the server in January. The regular (local) sites on the webserver are just fine.
  Try the user's sites directly
  from the file server, eliminating the webserver
  proxying.
  I don't usually run the webserver on my file server but I did fire it up this morning and was able to reach the user sites through it.
  If both of those are okay, then setup a
  terminal window on each machine, and on both machines
  do:
  tail -f /var/log/httpd/error_log
  and try hitting the user's sites through the
  webserver and see what messages come up on each
  machine, and post them.
  I don't get any error messages when accessing the user sites through the fileserver. I do get errors on the webserver when accessing user sites, saying "File does not exist:" then the path to the Network directory where the users site is. ( /Network/Servers/fileserver.address/Volumes/Home/username/Sites )
  This prompted me to try accessing user sites from one of my desktop machines (running OS X client 10.4.5) that is also connected to the fileserver with OD, and is running a webserver. That worked fine!
  I then tried to traverse the filesystem at the command line on my webserver to reach the users home sites and couldn't do it. I could do it on my desktop machine.
  So it appears that something on Server is breaking the AFP communication between the webserver and the fileserver when the periodic weekly scripts are run. I did try restarting AFP on the webserver just in case but that made no difference. I can't really restart AFP on the fileserver as I have users actively connected, but my guess is that is working just fine since I can access those shared volumes from my desktop machines.
  Instead of restarting whichever machine you've been
  restarting, try stopping and starting just the
  webserver to see if that takes care of the problem.
  I did try this and everything was the same as above.
  Strange that Server has this problem losing connection to AFP shares, but my clients don't. There isn't anything obvious to me in the weekly scripts that could cause this but I'll look again in case I missed this.
  Seems like others would have run across this??
  Note: a reboot of the webserver again this morning (after this testing) returned the users sites to my webserver. Doing an automatic reboot each week would be a kludge solution, but one that I really want to avoid if possible.
  Thanks for the troubleshooting tips. I hope you or someone else has some further advice...
  Eric
  iBook G4, iMac G5, Dual 2.5 GHz G5   Mac OS X (10.4.4)  
  Dual G4 and single Xserve with RAID   Mac OS X (10.3.9)  

• Pacman/wget through ftp proxy with user@site auth(tis fwtk?)

  hi
  i'm trying to upgrade arch at work.
  in debian i had to configure apt like this:
  ftp
  Proxy "ftp://<user>:<pass>@proxy_ip";
  /* Required script to perform proxy login. This example should work
  for tisfwtk */
  ProxyLogin
  "user $(PROXY_USER)";
  "pass $(PROXY_PASS)";
  "user $(SITE_USER)@$(SITE)";
  "pass $(SITE_PASS)";
  Timeout "120";
  /* Passive mode control, proxy, non-proxy and per-host. Pasv mode
  is prefered if possible */
  Passive "false";
  i exported http_proxy and ftp_proxy env. vars.
  and told pacman to use wget (the default XferCommand in pacman.conf)
  of course pacman/wget can't get anything through the proxy because of the missing user@site auth.
  any chance i can get something similar to work with pacman/wget?
  TIA

  sry, i forgot to mention. normal http proxy-ing is working. but there is some kind of pop-up virus scanner implemented, i only get the pop-up HTML code when i try to use it with wget.
  the ftp proxy is more like a a gateway i guess.

• How can I grant users the ability to pause/resume printing without a "print operators group" password.

  Greetings,
  We are running 10.8.5 on 30 machines in an active directory environment (graphics lab). The clients are experiencing a persistant error when pausing or resuming print jobs. Each time something is paused, it requires an administrator password to resume the job. Administrators are not always present so designers are locked out of all of the printers until we come in (or remote in) to authenticate.
  I spoke with Apple today and they said they would not support active directory accounts and that the account must be edited by the department that created the account because the restrictions come from the Active Directory account preferences.
  On the other hand, I ALSO read that I can edit this in the CUPS interface or modify it with the terminal command below, locally.
  dseditgroup -o edit -u admin_name -p -a user_name -t user _lpadmin
  "dseditgroup" adds the user_name to a group (in this case, _lpadmin).
  And admin_name is the name of your administrator's account.
  a) Must this be modified on the Active directory account or CAN I modify this on the local machine via CUPS or terminal?
  b) If so, how would I grant users the ability to resume printing without an admin password?
  c) If not, exactly what must be modified in the active Directory account to allow pause/resume without an admin password.
  I have seen a terminal command that adds users to the print operatiors group (Ipadmin) and I have seen some info on editing the CUPS interface, If i must edit the CUPS interface to allow this, can anyone point to detailed instructions on how to make this change.
  I also saw info on editing the CUPS interface but the suggestion lacked details as to how and how to return to default if it does not work.
  I also saw a post with these suggestions below but without detail as to how one would carry this out.
  /etc/cups/cupsd.conf
  # All administration operations require an administrator to authenticate...
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
  AuthType Default
  *#Require user @SYSTEM*
  *Require valid-user*
  Order deny,allow
  </Limit>
  # All printer operations require a printer operator to authenticate...
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
  AuthType Default
  *#Require user @AUTHKEY(system.print.operator) @admin @lpadmin*
  *Require valid-user*
  Order deny,allow
  </Limit>
  /etc/authorization
  +The system.print.operator key is new to Snow Leopard and seems to control resuming and pausing a printer queue among other things.+
  <key>system.print.admin</key>
  <dict>
  <key>allow-root</key>
  <true/>
  <key>class</key>
  <string>user</string>
  <key>group</key>
  <string>staff</string>
  <key>shared</key>
  <true/>
  </dict>
  <key>system.print.operator</key>
  <dict>
  <key>allow-root</key>
  <true/>
  <key>class</key>
  <string>user</string>
  <key>group</key>
  <string>staff</string>
  <key>shared</key>
  <true/>
  </dict>
  I have read all posts on this subject and I still am not clear on how to proceed, please assist.
  Thanks in advance,
  V

  Hello again.  For AD environments you can run the following command on each workstation:
  sudo dseditgroup -o edit -n /Local/Default -u localadmin -p -a "Domain Users" -t group _lpadmin
  This command assumes you are typing this interactively on the machine.  Obviously change localadmin to the Mac's local admin's name.  When running you will be prompted for password twice.  Once to elevate permissions (sudo) and once to validate you are localadmin.
  If you are using Apple Remote Desktop (or JAMF or other management suite), you can push this command out while embedding the localadmin's password. 
  sudo dseditgroup -o edit -n /Local/Default -u localadmin -P yourpass -a "Domain Users" -t group _lpadmin
  Please note, if your password uses special characters (/-\) this may fail over ARD.
  In Mavericks, AD groups are cached once they are referenced.  If you are dealing with a lot mobile users (laptops) you might want to replace Domain Users with everyone
  R-
  Apple Consultants Network
  Apple Professional Services
  Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store

• Granting users

  Good morning/ afternoon.
  I have a very simple problem that i can not solve. i don't know what I'm doing wrong.
  Ok i have a table space with table in it and have been inserting data into the tables using a user and password. I would like to create a user that can just read the data. on that table space.. can any one tell me how.
  When i create a user for the same table space and grant them session and read on any table i can not see any of the table I have created with the 1st user
  can anyone help

  You would have to individually grant access to each table in the FinancialData schema to whatever other user you want to create (note here that a tablespace, schema, and database are all very different things. A database includes multiple schemas. A schema is a collection of objects owned by a particular user. A tablespace is a collection of data files that holds objects from one or more schemas).
  You could use dynamic SQL here, i.e.
  FOR x IN (SELECT * FROM user_tables)
  LOOP
    EXECUTE IMMEDIATE 'GRANT SELECT ON ' || x.table_name || ' TO some_other_user';
  END LOOP;Realistically, you probably want to grant these privileges to a role and grant the role to whatever users will need to access the tables.
  Justin

• Adding network user as admin

  Hi,
  We are binding our Macintoshes to AD and I have a script that does the binding and sets the user as admin of their machine. However, they are only admin of their own machine if they are logged in to their account on the network. I have the laptops creating a local home directory and when they take it off the network and login at home, they are no longer admin.
  I thought this line might add the user:
  /usr/bin/dseditgroup -o edit -a $loginname -t group -n /Local/Default admin
  of course there is a parameter that does equal their login name, but it doesn't seem to work.
  Can someone help me with this?
  Thank you in advanced.

  you should read this
  it seems if you use os x server you can bind to AD.
  Don't know how many features you get though!
  try posing a message in the OS X server folder on
  this site.
  thanks but we are in a WINDOWS server enviorment-not a mac-though after reading the OS X and windows server section, it appears that Virtual PC might be needed-my question is can someone take essentaily move a file from Virtual PC to the local mac client- like copy a file from a sever being accessed via virtual PC and put it on the mac desktop?

• How to access unread mails of all users in Exchange server without having Passwords and without giving mailbox access to other user.

  Hi all,
     I am using Exchange server 2013, my task is to create
  Service , that
  need's to  monitor continuously for new mails of all Mailboxes in
  my server. if any user got new mail i need to get that Mail Subject, Mail Body, Sender Email Address [From emailId] .  
  Limitation
  : I don't have Passwords of mailboxes , so i gave all mailbox access permission  to one user , then i completed this   service using below code.
   But now, Client
  not willing to give Mailbox Permissions to one user because of security problems.
  How can i do this without passwords and without giving permissions to other user ?
  i don't want all mailbox access , i just need only
  access Mail Subject , Body and Sender mail address .
  How can i achieve
  this ?
  Process i follow
  => I created new user in server , and then i gave full permissions of all Mailboxes to newly created user[ex: james] in database level.
       i use below command for giving permissions in database level.
  Get-MailboxDatabase -Identity <Database Name> | Add-ADPermission -User <User> -AccessRights GenericAll
   => using below code i am searching unread mails of all user Mailboxes and then getting Subject, body and Sender Email            address . here i am have list of users,
  ExchangeService service = new ExchangeService(ExchangeVersion.Exchange2013);
  service.Credentials = new WebCredentials("[email protected]", "password");
  service.AutodiscoverUrl("[email protected]");  foreach (Object obj in usersList) // here i have Mailbox users list in usersList
               { var userMailbox = new Mailbox(obj.user);
  var folderId = new FolderId(WellKnownFolderName.Inbox, userMailbox);
  SearchFilter.IsEqualTo filter1 = new SearchFilter.IsEqualTo(EmailMessageSchema.IsRead, false);
  var itemView = new ItemView(50);
  var userItems = service.FindItems(folderId, filter1, itemView);
  foreach (var item in userItems)
  item.Load();
  var senderEmail = ((EmailMessage)item).From;
  var subject = item.Subject;
  var body = item.Body;

  You would need to check that possibilities via WebServices but suggest you to post this in Development forum to get help from programmers....
  http://social.technet.microsoft.com/Forums/office/en-US/home?forum=exchangesvrdevelopment
  Blog |
  Get Your Exchange Powershell Tip of the Day from here