How can I grant users to access/modify system folders (C:/Windows/Fonts) by using GPO in Win7 ?

In our company there are some folks that require often new fonts that they take from the internet. Unfortunately, some of them have offices on in a diferrent country, so going there to insert my admin paswoord is not a solution.
If you copy the ttf file into the C:/Windows/Font folder is enough, you don't have to also add the registry.
One way to bypass the window that asks for admin credentials is to insert my crdentials into the bat file (runas). But this is very unsecure, as I am an administrator.
Is there a way to create a shared folder that can also store fonts that can be used by windows? Can I give them the right to modify files in this folder without making them administrators? Or do you see any solution to this issue? Any help would
be greatly appreciated.
Thank you in advance.

Another solution which will not compromise your security is to create a share folder and have the users to download fonts to the folder. After that a simple schedule task GPO on clients to copy the
*.ttf files from the folder to the C:\Windows\Fonts folder. Since tha task can be run by administrative privileges I guess there will be no problem.
Regards.
Mahdi Tehrani Loves Powershell
Please kindly click on Propose As Answer
or to mark this post as
and helpful to other people.

Similar Messages

  • How can i telnet or get access to other LAN members in LAN without using third party software?

    I have admin access to the main  router in our LAN, so how can i telnet or get access to other LAN  members in LAN without using third party software?
    its linksys3500 router and  i login as admin using the gateway address in address bar..
    i  want to access the c drive of my colleague in same subnet in same  office and i know his ip address.but he not configured telnet accept  request.so without it how can i open his telnet port and access him

    I think you are using the wrong terminology. You can browse the hidden share of any pc if you know the ip and have a valid user account on the pc by typing in the following \\computername\c$ or \\ipaddress\c$ . It should prompt you for a user account. You may have to allow this through the windows firewall (or disable it completely).

  • I have admin access to the main router in our LAN, so how can i telnet or get access to other LAN members in LAN without using third party software?

    I have admin access to the main router in our LAN, so how can i telnet or get access to other LAN members in LAN without using third party software?
    its linksys3500 router and  i login as admin using the gateway address in address bar..
    i want to access the c drive of my colleague in same subnet in same office and i know his ip address.but he not configured telnet accept request.so without it how can i open his telnet port and access him

    Duplicate post. 

  • How can I grant users the ability to pause/resume printing without a "print operators group" password.

    Greetings,
    We are running 10.8.5 on 30 machines in an active directory environment (graphics lab). The clients are experiencing a persistant error when pausing or resuming print jobs. Each time something is paused, it requires an administrator password to resume the job. Administrators are not always present so designers are locked out of all of the printers until we come in (or remote in) to authenticate.
    I spoke with Apple today and they said they would not support active directory accounts and that the account must be edited by the department that created the account because the restrictions come from the Active Directory account preferences.
    On the other hand, I ALSO read that I can edit this in the CUPS interface or modify it with the terminal command below, locally.
    dseditgroup -o edit -u admin_name -p -a user_name -t user _lpadmin
    "dseditgroup" adds the user_name to a group (in this case, _lpadmin).
    And admin_name is the name of your administrator's account.
    a) Must this be modified on the Active directory account or CAN I modify this on the local machine via CUPS or terminal?
    b) If so, how would I grant users the ability to resume printing without an admin password?
    c) If not, exactly what must be modified in the active Directory account to allow pause/resume without an admin password.
    I have seen a terminal command that adds users to the print operatiors group (Ipadmin) and I have seen some info on editing the CUPS interface, If i must edit the CUPS interface to allow this, can anyone point to detailed instructions on how to make this change.
    I also saw info on editing the CUPS interface but the suggestion lacked details as to how and how to return to default if it does not work.
    I also saw a post with these suggestions below but without detail as to how one would carry this out.
    /etc/cups/cupsd.conf
    # All administration operations require an administrator to authenticate...
    <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
    AuthType Default
    *#Require user @SYSTEM*
    *Require valid-user*
    Order deny,allow
    </Limit>
    # All printer operations require a printer operator to authenticate...
    <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType Default
    *#Require user @AUTHKEY(system.print.operator) @admin @lpadmin*
    *Require valid-user*
    Order deny,allow
    </Limit>
    /etc/authorization
    +The system.print.operator key is new to Snow Leopard and seems to control resuming and pausing a printer queue among other things.+
    <key>system.print.admin</key>
    <dict>
    <key>allow-root</key>
    <true/>
    <key>class</key>
    <string>user</string>
    <key>group</key>
    <string>staff</string>
    <key>shared</key>
    <true/>
    </dict>
    <key>system.print.operator</key>
    <dict>
    <key>allow-root</key>
    <true/>
    <key>class</key>
    <string>user</string>
    <key>group</key>
    <string>staff</string>
    <key>shared</key>
    <true/>
    </dict>
    I have read all posts on this subject and I still am not clear on how to proceed, please assist.
    Thanks in advance,
    V

    Hello again.  For AD environments you can run the following command on each workstation:
    sudo dseditgroup -o edit -n /Local/Default -u localadmin -p -a "Domain Users" -t group _lpadmin
    This command assumes you are typing this interactively on the machine.  Obviously change localadmin to the Mac's local admin's name.  When running you will be prompted for password twice.  Once to elevate permissions (sudo) and once to validate you are localadmin.
    If you are using Apple Remote Desktop (or JAMF or other management suite), you can push this command out while embedding the localadmin's password. 
    sudo dseditgroup -o edit -n /Local/Default -u localadmin -P yourpass -a "Domain Users" -t group _lpadmin
    Please note, if your password uses special characters (/-\) this may fail over ARD.
    In Mavericks, AD groups are cached once they are referenced.  If you are dealing with a lot mobile users (laptops) you might want to replace Domain Users with everyone
    R-
    Apple Consultants Network
    Apple Professional Services
    Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store

  • How can i restrict user to access database object (procedure) or JSP

    Hi
    I have 9ias infrastructure 902, on win2k box with 9i DB.
    and I have one PL/SQL web application and another J2EE application both are hosted by 9ias 902.
    Now we are looking forward to couple both with SSO.
    I have deloyed samples of both and works fine.
    Each application have different set of users, i mean there is no common user.
    How can i restrict user not to view the web page which is not authorised to them.
    as far as i understand from the Grocery demo is pick the role (which is a string only) from OID and programaticall apply security via if else endif construct.
    can any one through light upto my concern.
    regards
    [email protected]

    Hey Mary
    No i haven't try to do that via pl/sql....
    as the our application is j2ee app... deployed in oc4j.. with sso and ldap....
    still finding to do so....
    what i have realized that LDAP is just to store user information in inverted tree... and one have to build separated access security mechnisum that will be applicable to j2ee system....
    thanx...
    samir....

  • How can I allow users to access SQLPLUS?

    Hi everyone,
    I have been charged with the task of creating an Oracle server on a CentOS VM. Installation and configuration is complete and SQL is working fine for the database admin user "oracle." I copied the environment variables to the .bashrc file for "oracle" and SQLPLUS starts without a hitch.
    Here is where I need a little guidance...
    I need to create basic Linux user accounts that will have access to the database, so they can then in turn log into their SQLPLUS accounts. The problem is, all of the database files and software are in located in the user "oracle's" directory. This means that no one but "oracle" and root have access to these files because they are the only ones with proper permissions.
    Before I put a ton of time into this, I thought I would pose these questions to the Oracle Linux community:
    1) Could I enable a specific Linux group (ex. "Oracle Users") to have access to the main database folder or possibly all folders along the path? I am hoping this would allow any users I put in the group access to the folders, and essentially the SQLPLUS application. (here is ORACLE_HOME=/home/oracle/app/oracle/product/11.2.0/dbhome_1)
    2) If that is not an option, will I need to make a completely new database and locate it in a location that all users can access?
    I understand that my first idea may not be the SAFEST method, but this is only for a small class of students learning how to use SQL and writing queries. There will be no sensitive information at risk. This would be a quick fix until I learned more about Oracle and how to use it.
    Thank you everyone.

    It certainly is rather a question for the General Database forum, though I doubt you will get a lot of happy replies for such a basic question.
    You can use / as sysdba OS authentication through SSH or using the server console, provided the user's account belongs to the "dba" user group. For remote connection through sqlnet you need create a $ORACLE_HOME/dbs/orapw$SID password file.
    If you would like to know more about this:
    Connecting / as sysdba is used for OS authentication. It ignores password credentials stored in the database and allows any user belonging to the OSDBA system group to connect to the database. Connections as sysdba will always connect to the SYS schema of the database, regardless of any username or password specified. Using OS authentication relies on the BEQ protocol, which connects to the database directly, without using the Oracle Listener process.
    The "oinstall" group will give access to the database software repository. There could be different oracle home installations, each with a different oracle user/owner like "oracle_prod1" and "oracle_prod2", but both users must be able to read/write the shared oraInventory, in which case both users must have read and write access to the oraInventory directory, hence the oinstall group.

  • How can I get users who accessed the database during last one month

    Hi All,
    How can get the list of users who logged on to the database DBProd and made changes to the tables of particular schema during say last month and current month.
    Thanks & Regards.

    DBA_PRIV_AUDIT_OPTS :-Describes current system privileges being audited across the system and by user and who has updated what can be done through trigger which would send the information to a history table. If you have it ready ask your team..
    SQL> select PRIVILEGE,SUCCESS,FAILURE from DBA_PRIV_AUDIT_OPTS where user_name='SCOTT';
    no rows selected
    SQL> audit ALTER SYSTEM by scott by access whenever not successful;
    Audit succeeded.
    SQL> audit session by scott by access;
    Audit succeeded.
    SQL> select PRIVILEGE,SUCCESS,FAILURE from DBA_PRIV_AUDIT_OPTS where user_name='SCOTT';
    PRIVILEGE SUCCESS FAILURE
    CREATE SESSION BY ACCESS BY ACCESS
    ALTER SYSTEM NOT SET BY ACCESS
    Regards
    Karan
    Edited by: Karan on Aug 2, 2012 7:15 PM

  • How can I authenticate users against a WAS system from third-party app?

    We are looking at developing a third-party standalone web application e.g. in Rails (but it could be on any framework for that matter).
    How would we go about authenticating users against a SAP WAS backend? Are there some standard web services for this? What other means are there for authentication?
    Kind Regards,
    Martin

    From the comment in SUSR_LOGIN_CHECK_RFC you just need to pass user name and it will return if user can still log on. Only your system will know credentials for this user so an attacker won't be able to use this service for cracking passwords.
    This FM is in the same function group as:
    CREATE_RFC_REENTRANCE_TICKET
    SUSR_CHECK_LOGON_DATA
    SUSR_DELETE_OWN_PASSWORD
    SUSR_GENERATE_PASSWORD
    SUSR_GET_ADMIN_USER_LOGIN_INFO
    SUSR_GET_X509CERT_MAPPING_LIST
    SUSR_LOGIN_CHECK_RFC
    SUSR_USER_CHANGE_PASSWORD_RFC
    SUSR_USER_EXTID_DEL
    SUSR_USER_EXTID_GET
    SUSR_USER_EXTID_GET_ALL
    SUSR_USER_EXTID_LOOKUP
    SUSR_USER_EXTID_RENAME
    SUSR_USER_EXTID_SET
    SUSR_USER_EXTID_SET_ALL
    SUSR_USER_FROM_CERTIFICATE_RFC
    SUSR_USER_SETEXTID
    You would need to ensure that only the service exposing the "login check" can be called, and not the FM's in the group.
    BTW: SAP Java WAS can provide SAML 2.0 assersions (technically a component shipped with IdM, but you don't have to use the rst of the IdM if you don't want to..). If your applications are all web enabled ones (WDA?) then that is an option to consider, which is also strategically supported.
    SSO2 Logon tickets are not really a strategy anymore... and installing a double-stack system on all ECC sytems just to have SAML is not strategic either.. 
    I have heard several wishes for SAML authentication for SAPGui, but not seen anything official yet in that direction.
    Cheers,
    Julius

  • How can all the users in my computer (my kids) have access to all the photos I have in I Photo?

    How can all the users in my computer (my kids) have access to all the photos I have in I Photo? My photos only appear when I (the administrator) log into the computer. I want my kids to be able to access them also.

    For iPhoto 09 (version 8.0.2) and later:
    What you mean by 'share'.
    If you want the other user to be able to see the pics, but not add to, change or alter your library, then enable Sharing in your iPhoto (Preferences -> Sharing), leave iPhoto running and use Fast User Switching to open the other account. In that account, enable 'Look For Shared Libraries'. Your Library will appear in the other source pane.
    Any user can drag a pic from the Shared Library to their own in the iPhoto Window.
    Remember iPhoto must be running in both accounts for this to work.
    If you want the other user to have the same access to the library as you: to be able to add, edit, organise, keyword etc.
    Quit iPhoto in both accounts. Move the Library to the Users / Shared Folder
    (You can also use an external HD set to ignore permissions, a Disk Image or even partition your Hard Disk.)
    In each account in turn: Double click on the Library to open it. (You may be asked to repair the Library Permissions.) From that point on, this will be the default library location. Both accounts will have full access to the library, in fact, both accounts will 'own' it.
    However, there is a catch with this system and it is a significant one. iPhoto is not a multi-user app., it does not have the code to negotiate two users simultaneously writing to the database, and trying will cause db corruption. So only one user at a time, and back up, back up back up.

  • I no longer have access to system folders that allow me to remove old or incorrect PAGES templates. Need to find out how to do that. The only way I can do it now is to blank the template and replace the bad template with a blank.

    I no longer have access to system folders that allow me to remove old or incorrect PAGES templates. Need to find out how to do that. The only way I can do it now is to blank the template and replace the unwanted template with a blank. It was previously possible to go to MY TEMPLATES and remove the unwanted templates. I don't if this issue is before or since installation of 10.8 (a nightmare in my case, which led to significant failure issues).  And because I haven't tried to remove templates since finally managing to install 10.8 (now at 10.8.4), I don't know if this is typical of the newer OS or a problem. I've been a Mac user for more than 25 years, but I think I'm nearing the end of the road. By the way, I've never needed to do this before because the manuals always offered an answer... they don't seem to do that anymore. In any case, I don't know how this works... I'd prefer an email reply if that's possible. But that would probably be too easy, and I don't know how to get a reply.

    Thanks, I appreciate the help.  I think this is one of the problems Apple is creating by changing the OS so often. I had fomer colleagues at [a major aerospace contractor] who told me that so many original files were ultimately lost because of the deadly change in the "Save As" operation that they are now afraid of every OS update. Apple has badly damaged their support base with that very prominent company (they won't update now until they've fully examined and understand changes in the pre-conditioned nature of OS computer functions), and they are a whole lot less enthaled with Mac-related equipment/software. Can't blame them, I too used orginal files that way (as easy-to-use templates), and lost some important files before I realized what was happening (to late to revert). Companies should not have to retrain employees each time an OS gets an update, it's can be very expensive several different ways. They learned a painful lesson with that one. And because I'm now retired and don't use multiple devices, I need iCloud like I need a hole in the head... but I'm told there's no way to keep Apple out of my computer. Fortunately, because of major problems when initially installing Mountain Lion, one hold-over of the hardware/software damage I experienced was that iCloud can no longer access my computer even though everything else is working fine again. That was the only "good luck" I had as a result of that expensive nightmare.

  • How can i stop user to get the same screen while entering same T code

    hi experts,
    how can i stop user to get the same screen while entering same T code (_Means i want user enter same t code but got different different screen how it is possible.)_
    i want to know how can we set a authorization is such a manner ...
    Through different different login id user got different different screen while entering same T-code.
    for example if there is two functional login id mum & noida...
    then user login through that and
    enter any same functional tcode (for getting purchase order)
    but get different different window...so how come it is possible.....
    plz explain in brief
    thanks in advance...plz do reply as soon as possible

    For a custom transaction this is easy, you need to ask your developers to be able to direct users to different screens based on the results of an authorisation check.  You could have an auth field e.g. ZSCREEN which is checked in the program & decides what screen the user has access to.
    For standard transactions, unless already coded, I would forget it & do what is recommended by Subramaniam and create transaction variants as required.  Assign each variant to a custom t-code and users access it that way.
    What I am interested is is why do you want to do this?

  • How can a normal user get shmmax, shmmin value programmatically on sol10?

    How can a normal user( not root ) get shmmax, shmmin value programmatically on solaris10?

    The Sun Solaris 10 documentation is clear enough on what tunables still exist, although I have found inconsistent information about the default values of at least one. What isn't clear is the best way to check these values from within a zone. sysdef is no longer useful for these, and grep'ing in /etc/project isn't very elegant, and doesn't help if the default values are in use.
    For programmatic access, you'll need to use
    getrctl(2). There's an example in the manpage.I suspect that what was wanted was not just a C interface to get these values but something that might be used in a shell script. I second that.
    The Zones forum is not exactly the best place for
    this kind of query, though.Kernel tunables are proving to be one of our biggest obstacles to getting 3rd party apps to install in a zone because of old methods of checking for appropriate values. It would be great if Sun provided more help on this than the getrctl manpage.

  • HT4798 I'm seeing the above problem, how can i open "Users&Groups" if i can't login?

    I'm seeing the above problem, how can i open "Users&Groups" if i can't login?

    If the system is associated with an Apple ID, and you know that account password, the Apple ID can be used to reset your user account password.
    Otherwise, boot into Recovery by holding down the key combination command-R at startup. Release the keys when you see a gray screen with a spinning dial.
    When the OS X Utilities screen appears, select Utilities ▹ Terminal from the menu bar.
    In the Terminal window, type this:
    resetpassword
    That's one word with no spaces. Then press return. A Reset Password window opens.
    Select your boot volume if not already selected.
    Select your username from the menu labeled Select the user account if not already selected.
    Follow the prompts to reset the password. It's safest to choose a password that includes only the characters a-z, A-Z, and 0-9.
    Select  ▹ Restart from the menu bar.
    You should now be able to log in with the new password, but you won't be able to unlock the Keychain. If you've forgotten the Keychain password (which is ordinarily the same as your login password), there's no way to recover it. You’ll need to reset your keychain in the preferences of the Keychain Access application.

  • HT6114 My Mac Book Pro had a split drive with Windows Microsoft Access on it and it was removed when Mavericks installed.  I need this so how can I go back to the old system?

    My Mac Book Pro had a split drive with Windows Microsoft Access on it and it was removed when Mavericks installed.  I need this so how can I go back to the old system?

    Restore from the backup you had prior to installing Mavericks.
    However, the upgrade should not have altered your partition scheme. Did your erase and format the drive prior to upgrading?

  • I am trying to update my time machine backup on time capsule, but time machine keeps trying to create an entirely new backup (evidenced by the 200GB backup size). How can I get time machine to modify my old backup rather than create a new one?

    I am trying to update my time machine backup on time capsule, but time machine keeps trying to create an entirely new backup (evidenced by the 200GB backup size). How can I get time machine to modify my old backup rather than create a new one?

    It must have found the old backup corrupt.. so you will more than likely have little choice. You can archive off the old backup if it is still useful.
    You can also verify it. See A5 http://pondini.org/TM/Troubleshooting.html
    He also has some info on this problem. eg C13.

Maybe you are looking for