Local Admin Rights - add / remove ?

Similar Messages

• Old/Legacy application requires Local Admin Rights to open Reader

  Hi,
  I've got few users who has a very old application. The app generates certain report in PDF format and then it's supposed to open it up in Adobe Reader. Currently, the users are using Adobe Reader version 6.
  I'm trying to get these users upgraded to latest version of Adobe Reader. After some testing, it seems that this old application works fine if the users are given Local Admin Rights to the computer. The application can successfully generate its reports and then open it up in Adobe Reader.
  The users are running on Windows XP SP3. While testing, I gave users full access to "C:\Program Files\Adobe\" and the legacy application's installation folder, since I'm not sure why the Local Admin Rights allows Reader to open. However, this didn't seem to help.
  Is there anything you can suggest in this case?

  Chris Will wrote:
  >
  http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_In staller_Full.exe%3E
  >
  > HTTP 404 Not Found.
  What's with the %3E entity on the end of the URL you posted?
  What
  happens if you remove it ;-)
  Here's a tinyurl that hopefully won't wrap (being the reason
  I bracketed
  the original in with <> characters)
  http://tinyurl.com/2f2brm

• Installing SQL server with local Admin rights

  Dear DB experts
  I have a concern about installing SQL server 2000 on win 2003 with out local admin rights
  I have delegated local admin rights to a Domain user.  that user can install and configure SQL with out any issues or its is a must to install SQL using local administrator account   pls advise.
  Regards
  Rabbani
  RaSa

  Hi Syed_R,
  SQL Server 2000 was out of support in SQL Server Forums since April,2013. You can install SQL Server 2005 or later version and more experts will assist you.
  As other post, the user that runs the SQL Server installer must have Admin rights on the server when installing. For local installations, you must run Setup as an administrator. If you install SQL Server from a remote share, you must use a domain account
  that has read and execute permissions on the remote share.
  In addition, in preparation for setting up Microsoft SQL Server on this system, you add the Setup account to the local administrators group, also the Setup account need to have certain user rights for avoiding SQL Server installation fails. Such as Local
  Policy Object Display Name, Backup files and directories and so on.
  For more information, you can review the following article.
  http://support.microsoft.com/kb/2000257
  Thanks,
  Sofiya Li
  Sofiya Li
  TechNet Community Support

• GPO - 2012 - Enforce Local Admin Right

  Hello,
  Just wondered if there was a way to deploy a GPO to enforce local admin rights for individual endpoints.
  We need a way to control who has local admin rights to what, but in this case we need to say grant local admin rights to Users A, B and C on workstations D, E and F only. 
  Other than creating a GPO 'per workstation' I don't see a way.  DFL / FFL will be 2012.
  Anyone got any ideas?
  Thanks
  Stuart

  Hello
  Thank you for the reply.  This issue is a little hard to grasp and to explain clearly.  I understand what you have said, I am fairly proficient with Group Policy.
  I want to be able to give one single user, access to one single PC and control it centrally.  I think that is a better way of explaining it.  So if I have 100 PCs and 100 users, and say 20 of those users needs to have admin rights on their own
  PC only and not on other PCs. 
  That is what I am trying to accomplish.  If I great a security group called 'Desktop Admins' then link a GPO to an OU where the 100 PCs are, then security filter by the security group, then everytime I add in a user, they will get local admin rights
  to all 100 PCs.  However I only wanted to grant them local admin rights on one PC.  That being their PC.
  I want to manage this centrally rather than remotely assigning local ACLs.  I also like GPO because if a local admin user decides he/she wants to give their mate local admin rights on their PC, GPO will overwrite it.
  Hope that makes sense
  Much Appreciated

• Delay when starting accdb without local Admin rights.

  Hi,
  I have a problem with one application, the front end of the application is MS Access DB that's connects to our SQL Server over odbc driver If the user is in a local administrator group everything is working fast. When the same user is put in the user group
  without Administrative rights I recive a delay for about 60 sec then the error pops up
  After I hit ok a new SQL login pops up and I just press second time ok and the application starts without entering any user and pass. This is not happening if the user is in the built in Administrators Group.
  Thanks for the help
  fract

  Hi fract,
  as a Microsoft partner I have asked support for help.
  Here is their answer:
  Hi Partner,
  Thanks for your reply.
  Based on my research, the issue is identified as a compatibility issue that Access 2010 has with SQL Server 2008 R2. Access uses PERMISSIONS function to check the privileges. The PERMISSIONS function is deprecated in SQL Server 2008 R2. I haven’t found
  any workaround for this issue currently.
  You can check the more detail information at below link:
  PERMISSIONS (Transact-SQL)
  http://msdn.microsoft.com/en-us/library/ms186915(v=sql.105).aspx
  I think you need to access SQL Server 2008R2 with local admin right.
  If you have any further questions, please let me know.
  Best Regards,

• GroupWise 6.5.7 distribution without local admin rights

  I would like to distribute the GroupWise 6.5.6up1 (6.5.7) client
  installation (from 6.5.1).
  Im using the setup.cfg and setup.ini to have an unattended installation.
  It is working great with local admin rights.
  Now I would like to distribute this version with ZENworks. Im using the
  workstation object (association) so the distribution will take place when
  the workstation starts up.
  But (as far as I can see) the registration of DLLs will not take place.
  What kind of alternatives are there to distribute GroupWise without local
  administrator rights?
  Thanks.
  Armand.

  Thanks for the reply.
  The .aot files give problems, dll files are missing (the known
  vslwp7.dll) and I found a lot of bad experiences on the forums with the
  viewer etc.
  Armand.
  > I've been using the AOTs included with the GW Client (Zen directory). =
  > They import into Zenworks easily and have worked well for me the last 2 =
  > upgrades.
  >
  > >>> <[email protected]> 10/11/2006 1:34:27 AM >>>
  >
  > I would like to distribute the GroupWise 6.5.6up1 (6.5.7) client
  > installation (from 6.5.1).
  > I=92m using the setup.cfg and setup.ini to have an unattended installation.=
  >
  > It is working great with local admin rights.
  >
  > Now I would like to distribute this version with ZENworks. I=92m using the
  > workstation object (association) so the distribution will take place when
  > the workstation starts up.
  > But (as far as I can see) the registration of DLL=92s will not take place.
  >
  > What kind of alternatives are there to distribute GroupWise without local
  > administrator rights?
  >
  > Thanks.
  > Armand.
  >
  >

• Local admin rights when Edit locally

  Hello, all!
  We have the same problem as in
  Local Admin rights to "Edit Locally" ?
  "The end users do not have administrator rights on their local PCs , they logon to the domain server with restricted rights. When it comes to portal, when trying to edit a document with "Edit locally" it is not possible to do is even if the user has all the rights for the document in the Portal KM configuration. When we make the user local admin, everything is OK"
  We are on SPS14, Windows XP SP2. Domain users can run corresponding applications and can create dirs or files in a temp directory. We also utilize env. variable SAPKM_USER_TEMP but with no success.
  Could yoã please suggest, how to find rights needed to execute Local Edit. Are there any way to trace this Docservice ActiveX?

  Hello Roman,
  here a note which describes a solution for a user account wuth restricted rights:
  The Edit Locally activex will be installed based on following
  installation steps:
  The browser will recognize that the KM DocService activex has to be
  started.
  In case of the activex isn't installed on the the PC, it will be
  downloaded from the KM server (...etc/docservice/docservice.cab)
  The browser will extract two DLLs from the docservice.cab file
  (docservice.dll and sapkmprogressplayer.dll) and register them on the
  local PC. To see if the installation succeed you can open within the
  browser following dialog: Tools/Internet Options/Settings/View Objects,
  look for program file SAP KM DocService Control.
  Registry keys in following areas will be created:
  Area HKEY_CLASSES_ROOT:
  HKCR\AppID\{5F8983A6-347C-46B9-BA7A-1B87E5DAE0BC}
  HKCR\ProgressPlayerMod.ProgressPlayer
  HKCR\ProgressPlayerMod.ProgressPlayer.1
  HKCR\CLSID
  HKCR\TypeLib
  Area HKEY_LOCAL_MACHINE:
  HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Down
  Downloaded Program Files/DocService.dll
  HKLM\Software\Microsoft\Code Store Database\Distribution Units\
  When finishing these steps successfully the installed version can be
  located within the browser dialog Tools/Internet Options/Settings/View
  Objects SAP KM DocService Control and den KM DocService will
  start loading the document content from the KM server and starting the
  corresponding application for editing.
  Installation with restricted user accounts:
  With restricted user accounts e.g. no access rights to create registry keys in the area of HKCR or HKLM etc., which lets the described installation fail, following installation procedure leads to success:
  Register the needed DLLs manually on the PC (e.g. via a shell command script) with a user account having enough access rights.
  1.1 Create an installation folder (don't use /windows/system32) on the PC and copy the DLLs (docservice.dll and sapkmprogressplayer.dll) to it (extract them from docservice.cab with a tool e.g. winzip).
  1.2 Open a command shell on this installation folder.
  1.3 Unregister possible existing versions with the following command:
  "regsvr32 docservice.dll /U " and "regsvr32 sapkmprogressplayer.dll /U "
  1.4 Register the both DLLs with: "regsvr32 docservice.dll" and "regsvr32 sapkmprogressplayer.dll "
  1.5 If the two registration steps fail check the permissions to write
  into the system registry.
  1.6 The installation folder do not need special permissions, the linkage to the DLLs will be done via the system registry.
  1.7 Additionally the following setting is mandatory to succeed the installation:
  Disable the "ActiveX Version Check" function within the KM Configuration
  SystemAdministration->SystemConfig->KnowledgeManagement->
  ->Configuration->ContentManagement->Utilities->Editing->LocalEditing-> ActiveX Version Check (Uncheck the checkbox)
  Setting a different TEMP directory:
  In cases that it is problematic to use the standard %TEMP% directory, setting the environment variable SAPKM_USER_TEMP pinpointing to a corresponding directory path (e.g. X:\SHARES\USERS\xxx\CheckedOutDocuments) will be also supported. If the access to that directory fails the standard %TEMP% directory will be used as fallback.
  Hope this helps,
  Michael
  Message was edited by: Michael Braun

• Update says another copy is running and does not update if user does not have local admin rights

  An update message popped up when opening Firefox 9.1 Accepted the message to update. Got above error each time I open Firefox as a user without local admin rights.

  Hi,
  Please see [https://support.mozilla.org/en-US/kb/Updates%20reported%20when%20running%20newest%20version#w_delete-update-configuration-files this.]

• Running Desktop software without local admin rights

  Is it possible to run Blackberry Desktop Software without the user having local admin rights? I have a number of users who have work BBs who need to use BDS, but I am in the process of correcting my predecessor's decision to give everyone local admin rights.

  Hello gheatley,
  Welcome to the Support Community!
  The BlackBerry® Desktop Software will need to be installed in a Windows® user account with local admin rights, but it can be used from within other user accounts with more limited permissions.
  Thanks.
  -FS
  Come follow your BlackBerry Technical Team on Twitter! @BlackBerryHelp
  Be sure to click Kudos! for those who have helped you.
  Click Solution? for posts that have solved your issue(s)!

• Giving an OD Network User/Group local admin rights.

  Is there a way to manage workstation admin rights from the server?
  I ran into a problem with Lightroom that requires admin privileges to change the program preferences. We have alot of graphic art students with roaming profiles, spread out across 5 labs, that need to make this change. I would like to be able to add a group or all network users to the local admin group, for a few days, so the students can make the changes.

  This works on 10.5, not sure about 10.6.
  As root on the client.
  Upgrading legacy group for local admin group - this is from 10.4 days, not sure if you still need to do it.
  dseditgroup -o edit -f n -t group -n /Local/Default admin
  Nest OD group in local admin group
  dseditgroup -o edit -a DirectoryAdminGroup -t group -n /Local/Default admin
  Gen

• How to give permission to Internal client local admin rights to install applications

  Dear All,
  I want to give internal client rights to install application in his computer. At the same time I don't want him to login to windows server 2008 with admin rights. Could you please let me know how to do that?

  Unfortunately your post is off topic as it's not specific to Microsoft Training and Certification.  
  This is a standard response I’ve written in advance to help the many people who post their question in this forum in error, but please don’t ignore it.  The links I provide below will help you determine the right forum to ask your question
  in.
  For technical issues with Microsoft products that you would run into as an end user, please visit the Microsoft Answers forum ( http://answers.microsoft.com ) which has sections for Windows, Hotmail,
  Office, IE, and other products.
  For Technical issues with Microsoft products that you might have as an IT professional (like technical installation issues, or other IT issues), please head to the TechNet Discussion forums at http://social.technet.microsoft.com/forums/en-us, and
  search for your product name.
  For issues with products you might have as a Developer (like how to talk to APIs, what version of software do what, or other developer issues), please head to the MSDN discussion forums at http://social.msdn.microsoft.com/forums/en-us, and
  search for your product or issue.
  If you’re asking a question particularly about one of the Microsoft Dynamics products, a great place to start is here: http://community.dynamics.com/ 
  If you think your issue is related to Microsoft Training and Certification and I've flagged it as Off-topic, I apologise.  Please repost your question and include as much detail as possible about your problem so that someone can assist you further. 
  If you really have no idea where to post your question please visit the Where is the forum for…? forum http://social.msdn.microsoft.com/forums/en-us/whatforum/ 
  When you see answers and helpful posts, please click Vote As Helpful,
  Propose As Answer, and/or Mark As Answer
  Jeff Wharton
  MSysDev (C.Sturt), MDbDsgnMgt (C.Sturt), MCT, MCSE: Data Platform & Business Intelligence
  Blog: Mr. Wharty's Ramblings
  Twitter: @Mr_Wharty
  MC ID:
  Microsoft Transcript

• Why would a JNLP require local admin rights?

  I'm working as a technical support contact for a user working on a third-party company's web app, which is a JNLP. (I.e.: this is a JNLP I have no control over and no idea how to use, but the goal is simply to get it to launch.)
  When I am a local admin, I am able to run the JNLP without issue. If I am not a local admin, the application starts to load... the Web Start appears with the application's logo, name, and a few JARs being loaded. Then, nothing. It closes without any errors, and I'm unsure of where I could find any logs with a trace.
  Now, here's the plot twist: the same conditions apply to the Java Console itself. That is, if I am not a local admin, and I try to run the console, Internet Explorer closes. No error, nothing in the event log.
  And, another twist: as I tried this across multiple workstations (Terminal servers, actually, running Server 2003 SP2) I discovered one has a different Java build. The problem occurs across several servers running Java 1.6.0_03. The one that's running 1.5.0_09 does NOT have this problem - the JNLP runs fine, and the console runs fine. IE is the same build (5730.11) on all.
  I'm not even sure where to begin. I don't know where the find relevant log files, I can't run the console, and there is no obvious way to get general support for a Java issue (technically it has nothing to do with this vendor's JNLP if even the console won't run!) except this jumble of forums. Any and all advice is appreciated.

  for troubleshooting failure on particular machines, look at the FAQ:
  http://java.sun.com/javase/6/docs/technotes/guides/javaws/developersguide/faq.html#602
  But it seems like your problems are sooner than would result in any trace file output.
  If the browser cannot show the java console, then it fails to initialize the java plug-in, so I would suggest trying stand alone java applications.
  1.) can you launch from a command line "java -version"
  2.) if you can, can you launch "java java.awt.Frame" it should reply NoSuchMethodError: "main" .
  3.) if that works, try downloading the JDK and run a stand alone demo application from the demos directory such as SeingSet2.
  (cd into C:\Program Files\Java\jdk1.6.0_04\demo\jfc\SwingSet2 , and run "java -jar SwingSet2.jar"
  If you can't do all of that, then java install is messed up, and so you would have no chance of running applets or jnlp applications.
  by the way, what os and hardware are you running on, and what version(s) of java are installed.
  /Andy

• Remove local administrator rights from multiple machines

  Hi all,
  We have a load of Macs on active directory. Most of them have local admin rights. Is there a quick and easy way to remove local admin rights and change them to standard users. I really don't want to do them one by one?
  Please give me some good news 
  Kind Regards,
  BigJava

  Hi baltwo,
  Thanks for the suggestion but I found out how to do it with this UNIX command:
  sudo dseditgroup -o edit -n . -d username -t user admin
  and running it as the "root" user.
  Thanks

• Add Local Users to the Local Admin Group

  I am looking either via GPO or Third Party Tool.  I would like to add 6 Users to the Local Admin Groups on all the computers running Windows 7/8.  I want to Create a Group called "OUR Local Admins" and add these 6 local users (Not domain
  Users) to this Group and then nest this Group into the Local Admin Group Built-in into Windows 8
  Thank u

  > local users (Not domain Users) to this Group and then nest this Group
  > into the Local Admin Group Built-in into Windows 8
  You cannot nest local groups.
  Greetings/Grüße,
  Martin
  Mal ein
  gutes Buch über GPOs lesen?
  Good or bad GPOs? - my blog…
  And if IT bothers me -
  coke bottle design refreshment (-:

• Access developer version with admin rights

  I have MS SQL Server 2012 Developer version installed on my local machine using Windows 7.
  I lost my access to SQL Server local developer version when my company change policy to remove admin rights to local machine for some reason.
  Since I lost local machine admin rights, I am unable to access MS SQL Server 2012 developer version.
  I would like to know are there any work around to access MS SQL Server 2012 Developer version without local admin rights for Windows 7.
  Your help and information is great appreciated,
  Regards,
  Souris,

  Hello Souris ,
  Please , could you provide more information about your problem ?
  Are you unable to create new databases ? The error messages would be appreciated.
  I don't think that you have posted in the "good" forum , but for a moderator , it is difficult to find a better forum as we don't know what it is happening on your computer.
  I think that you should always be able to create databases in your own directory Users\yourusername on which you should have every access rights . The main problem could be to start/stop the SQL Server service as you need some minimum administration rights.
  Please , could you tell us whether the lost rights are on the Windows 7 level or on your SQL Server level ?
  To connect , you should have at least the db_datareader and db_datawriter permissions on the databases you are using ( I would add db_backupoperator to restore a database in case of errors )
  You should have the public and maybe dbcreator ( if you have to create new databases ) and of course your login must be enabled and have the permission to connect to the database engine .
  As we don't know what your are doing with the databases with your SQL Server Developer edition , we are unable to help you without more precise information.
  We are waiting for your feedback to try to help you more efficiently.
  Papy
  Mark Post as helpful if it provides any help.Otherwise,leave it as it is.