Network Time & Clients logged in as non-admin users

Similar Messages

• Non Admin user can cancel the time machine backup an Admin user started?

  Today I had to do a new time machine backup but as it was running the user was switched to a non admin user but that admin user was able to terminate the backup that Time Machine was running since the panel showed up on their screen. Why is that?

  Barney-15E wrote:
  I wouldn't think it was a bug. If I was a user trying to get something done that was processor intensive, I'd like to be able to stop the backup. As the admin, I wouldn't think missing one backup was a big deal.
  The o.p. didn't seem to agree.
  I'm not sure what I'd think in that situation.
  But it could easily be allowed, for those who want it -- just put the TM icon in the other user's menubar before locking the preferences panel.

• Non-admin users and Time Machine

  We have a 1-1 laptop program with 7th and 8th grade students. The students are not admins of their own laptops.
  This year we gave each student an external hard drive and had them use Time Machine to back-up their accounts. The problem was when a student needed to restore from Time Machine, we needed to enter the administrator's password.
  We'll be switching to Lion over the summer, and by default, a non-admin user cannot even turn on Time Machine without an adminsitrator's password, which makes Time Machine useless. I don't want to have our students go back to manually dragging and dropping all of their school data (and movies and music) to back it all up (what a messy process).
  Is there any way around the need for an admin password to use Time Machine?

  Time Machine (the application) is already allowed. That's not the problem.
  In order to set-up Time Machine the first time, users have to open the Time Machine Preference, and that is locked. When a user tries to unlock it, they need to enter an administrator's password, but our students are only standar users.
  We don't want to have to enter that password for 250 machines each time students need to access that preference.
  In addition, an administrator's password is needed to restore anything from a Time Machine drive, and we'd like a way around that too.

• Borland C++ Delphi application is not able to connect to SQL Server as Non Admin user

  Hi,
  I am working on a Borland C++ and Delphi application. This application connects to  SQL Server and returns database queries results. Once we migrated to windows Server 2003 we have started facing an issue.
  1. IF we login to client application as admin user then this connects properly with SQL Server and returns database queries.But if we connect using Non- Admin users then application is not able to connect SQL Server.
  SQL Server 2008
  Windows Server 2003.
  Can anybody help on this.
  Thanks in Advance.
  Rakesh

  This application is written in Borland C++ and Delphi running on Windows 2003 Server. This  is a Windows GUI based small tool. Basic functionality of the tool is : 1) Once we invoke the tool it connects to DB(SQL Server 2005) and populates a list of
  all the tables present in DB.   2) If we select any table from the list populated in step (1) and provide query parameters, this will return results from Database.
  Issue:  IF we login to the Windows machine as Administrator this application runs perfectly .This application populates the DB tables correctly and returns results from database when queries executed as in step (2)
  But if we login as some other user (like hubapp) then this populates some different set of table which are not from the same database instance .Also the queries does not return any results. In the logs we get following error message : (TiltData is the instance
  name for our Database)
  Msg:Application Exception : Cannot locate or connect to SQL server.Unable to connect: SQL Server is unavailable or does not exist.  Specified SQL
  server not found.Alias:
  TiltData1 occurred in main thread.
  As for the connection string 
        'DATABASE NAME=tiltdata'
        'SERVER NAME=SDV3'
        'USER NAME=sa'
        'OPEN MODE=READ ONLY'
        'SCHEMA CACHE SIZE=8'
        'BLOB EDIT LOGGING='
        'LANGDRIVER='
        'SQLQRYMODE=SERVER'
        'SQLPASSTHRU MODE=NOT SHARED'
        'DATE MODE=0'
        'SCHEMA CACHE TIME=-1'
        'MAX QUERY TIME=300'
        'MAX ROWS=-1'
        'BATCH COUNT=612'
        'ENABLE SCHEMA CACHE=FALSE'
        'SCHEMA CACHE DIR='
        'HOST NAME='
        'APPLICATION NAME=QueryTool'
        'NATIONAL LANG NAME='
        'ENABLE BCD=FALSE'
        'TDS PACKET SIZE=65535'
        'BLOBS TO CACHE=64'
        'BLOB SIZE=32'
        'PASSWORD=jstart')
  Any help is appreciated. I have spent a lot of time on this issue with no results.
  Regards
  Rakesh

• Non admin user - changes not saved (Safari settings, system prefs, etc.)

  iMac, 2 users, one is administrator and other is standard user. Recently, in the non-admin user account, it has become impossible to make any changes. For example, adding an application to the the Dock, after logging out and back in next time, the application is not in the Dock any more. Also, making changes to the prefs in Safari, changes are not saved.
  I noticed this after installing FireFox v4. I installed it as admin whilst in the non-admin users account. However, I don't believe that the installation of FF has anything to do with the problem, it just highlighted it. I've checked the permissions for the various directories that hold prefs info such as user/libraries/application prefs/etc. etc. and also Safari prefs. Nothing I can see that has changed in system prefs.
  Any ideas on what has caused the problem (kids are known to fiddle from within the non-admin account) and any ideas on how to fix it?
  Thanks

  Hi PPRuNe,
  You could try making the standard user an Admin too. To do this, make sure you are logged in to the standard user, go to System Preferences > Accounts > Standard user (you may have to unlock the padlock) > Allow user to administer this computer
  This will allow changes to be made without being prompted for a password all the time.
  However, if you had Parental Controls on, they probably won't work on an admin account because as an admin you have complete control over a computer, so the computer thinks there is no point in having the controls turned on. And if the kids are known to "fiddle," just think carefully!
  Hope this helps you.
  Chris.

• Reader 9.5.1 Crashes after a few seconds for non-Admin users

  I have Adobe Reader 9.5.1 installed on some Citrix XenApp 5.0 servers that are Windows 2003.  Any time a non-admin user launches Reader it is open for a matter of seconds and then crashes.  It shows a Dr Watson crash in the error logs each time. If I logon as an Administrator, it works just fine.  I've tried reinstalling/repairing the installation to no avail. 
  Has anybody run into this in the past or does anyone have any ideas on how to fix it?

  My company is into same issue but thing is that I cannot uninstall the MS patch as it will be vulnerability for our servers and we have opened a case with MS and they have reveiwed the proc dump and now MS is asking to get this reviewed with Adobe. I'm not sure how to reach out to Adobe Support to get the fix from them. Any solution on this regard, it will be great help. Thanks, Sayed.

• Is there any way to prevent non-admin user accounts to receive software update prompts?

  I am the admin account user on our MacBook Pro, and there is one standard user account on it as well. Generally we are both logged on so we can quickly switch between user accounts and 'spin the desktop'.
  For some reason, all the software update notifications seem to be received when the standard user account is the active one.
  I know that the standard user cannot actually update without my account password and my Apple ID, but a) The notifications confuse the non-admin user, and she gets flustered, and b) Even if she manages to cancel them from the notification area, she then has to remember to tell me verbally that she had had one.
  Is there any way to stop her receiving the update notifications altogether?
  Running OS X 10.8.2 on MacBook Pro.
  Thanks in advance.

  You should be able to do this by unchecking the software update service in the system preferences to prevent the system from running the check as the "_softwareupate" user and passing it to the notification service that broadcasts to all user accounts. Then you can check for the software update in an admin account using the following Terminal line:
  /System/Library/CoreServices/Software Update.app/Contents/Resources/SoftwareUpdateCheck -Check YES
  This line can be scripted via Terminal services to run on a schedule (ie, every few hours), and if there are found updates it will launch the App Store for that account and present them. Granted this approach circumvents the notification service, but should work. To try this, open TextEdit on your computer and in a new document choose "Make Plain Text" from the Format menu.
  Then copy and paste the following text into the new document:
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  <plist version="1.0">
  <dict>
            <key>Label</key>
            <string>local.softwareupdatecheck</string>
            <key>ProgramArguments</key>
            <array>
                      <string>/System/Library/CoreServices/Software Update.app/Contents/Resources/SoftwareUpdateCheck</string>
                      <string>-Check</string>
                      <string>YES</string>
            </array>
            <key>StartInterval</key>
            <integer>21600</integer>
  </dict>
  </plist>
  When done, save the document to your desktop as "softwareupdatecheck.plist" or anything as long as it ends with ".plist." Then get information on the file in the Finder to ensure its name ends with plist and not anything else like "plist.txt" (rename it accordingly in the Info window's "Name & Extension" section.
  With the file name appropriate, hold the Option key and choose the "Library" option in the Finder's "Go" menu. Then locate the folder called "Launch Agents" in the library and drag the text file to this folder. Then log out and log back into your account.
  This text file is a launch agent script that instructs the system to run the program arguments every 21600 seconds (6 hours) whenever the user is logged in. The program arguments here are simply those to check for software updates for the system. You can change this time interval to be any number of seconds you would like, but there are other options to use besides the "StartInterval" key for scheduling the task. This approach simply has it repeat every number of seconds, but you can use other options to have it only run on specific hours or days, or only have it run once when you log in, etc.
  If this works for you, then if you'd like to explore these other options write back here and we can go over them for you.

• When trying to log in as the Admin user, get "error on page"

  Hi gurus, I am brand new on this new product. Yesterday I just downloaded the latest Apex (2.2) and installed it successfully by following the instuctions (for I got these two lines in the install log: Thank you for installing Oracle Application Express.
  Oracle Application Express is installed in the FLOWS_020200 schema.
  ). I have got two problems. First, when I try to log in as the Admin user, and as soon as I start typing the user name and password on the logon page, I see "error on page" at the very lower left corner of the browser (IE 6). So I can not log in. Second, the Oracle HTTP server takes up almost 100% of my CPU (by itself, the 10g instance does not take up any noticeable CPU if I am not doing anything, but the HTTP server keeps the CPU busy all the time no matter what).
  What did I do wrong? Please help me. Thanks a lot.
  Ben

  Hello user526627 and all,
  I also have installed apex 2.2 successfully. At least I've not found any errors and this is the tail of install.log:
  Thank you for installing Oracle Application Express.
  Oracle Application Express is installed in the FLOWS_020200 schema.
  The structure of the link to the Application Express administration services is as follows:
  http://host:port/pls/apex/apex_admin
  The structure of the link to the Application Express development interface is as follows:
  http://host:port/pls/apex
  timing for: Upgrade
  Elapsed: 00:00:00.12
  JOB_QUEUE_PROCESSES: 10
  Completing registration process.
  Validating installation.
  timing for: Validate Installation
  Elapsed: 00:03:18.10
  timing for: Complete Installation
  Elapsed: 00:38:11.54
  Interesting thing is that I am getting 404 when I use suggested http://host:port/pls/apex/apex_admin or http://host:port/pls/apex (I am using host name of the machine or ip address). However the http://host:port/pls/htmldb/ and http://host:port/pls/htmldb/apex_admin works (at least, I am getting a page without images). In addition, when I provide user name and password on the http://host:port/pls/htmldb/apex_admin page and click on 'Login' nothing happens... :(
  This is a clean install. I've also used a HTMLDB 2.0 install from companion cd (Oracle10g R2 for Windows) - this had worked ok, however it did stop working when I istalled apex 2.2 on top of it. I've dropped flow-schemas and tablespaces I've created for apex 2.2 install and started the install over again. However, still no luck. Here is the command I am using to start apex 2.2 installation:
  @apexins ********** htmldb_data htmldb_files htmldb_temp /i/ none
  I have installed oracle http server in a standalone home, the http server works.
  Thank you for your time,
  Daniel

• (Windows Server 2003) Cannot run SQLSERVERAGENT service under non admin user after SP1 Installation

  Hi All,
  I need a hand here, referring to this knowledge base on Microsoft (http://support.microsoft.com/default.aspx?scid=kb;en-us;Q283811) i applied this knowledge base, and it worked, the MSSQL and SQLSERVERAGENT have run under local non admin account.
  But after i installed SP1, MSSQL service is ok, but SQLSERVERAGENT wont run. The warning message is : "Some service run and then stop if they have no work to do."
  Is there any way i can install SP1 but in the same time run SQLSERVERAGENT under local non admin account?
  Your assistance will be much appreciated
  thank you very much in advance.
  Felix Adhitya

  Please go to the windows services list and check that the service is configured as start Automatic first
  1. run -> services.msc -> look for a service named "SQL Server Agent" -> proporties
  2. make sure the startup type is Automatic
  3. start the service again.
  4. If it stop then post for us the full error message from the sql log file
  5. move to the "Log On" tab and check what Log on you are using (this will be used for next step if startup type Automatic did not help, therefore write this information).
  [Personal Site] [Blog] [Facebook]

• A Solution for Enabling Sandbox activation by non admin users for testing (OIM 11gr2 PS2)

  I just wanted to post what i came up with as a solution the the problem of not being able to Test the effects of sandbox changes for non admin level users prior to their publication.  We are constantly making changes to the UI through sandboxes, the problem is rolling a sandbox back isn't easy, and we cannot be sure of the effects they will have on non administrative users until they are published, since the out of the box sandbox link isn't available to non Sysadmin level users.
  To allow these non admin user accounts to test the effects of sandbox changes in our development environment, I did the following (as always, follow at your own risk):
  Create and activate a new sandbox.
  Close all open tabs (including the Home and Sandbox tabs) and click the "Customize" link.
  Click the view -> source drop down in the upper left.
  After the source is visible, click the Accessibility or Sandbox link to find the area that you will add the new "UserSandboxTest" (call it whatever you want) link.
  Add a new commandImageLink directly in the panelGroupLayout: horizontal item before the "switcher" item (see the UserSandboxLink in my screen shot below):
  Edit the Link you just inserted, Entering whatever you want the link to display as in your browser in the "Text" field.
  Export the sandbox.
  Unzip the exported sandbox and navigate to the IdmShellV2.jspx.xml (path should be: \templates\mdssys\cust\site\site).
  Edit the IdmShellV2.jspx.xml file and find the new item you added in step 5.
  Add the following to the commandImageLink xml item: actionListener="#{pageFlowScope.uiShell.context.launchSandboxes}" rendered="#{oimcontext.currentUser.roles['SANDBOX_USER'] != null}".  Note: I used a new custom enterprise role, SANDBOX_USER, to control the display of the new link, You should substitute whatever EL conditions you need in the rendered property.
  Save your IdmShellV2.jspx.xml file and zip the contents back up, just like you would for any other customization.
  Import your newly edited sandbox back into the target environment.
  Publish the sandbox.
  This seems to work great for allowing us to test other sandbox changes effects on different types of users. 

  On step 10, adding the check to determine if the user should have access to the role ended up breaking access to the unauthenticated pages like the self registration page and the forgot userid/user login pages.  Non-authenticated users cannot execute the method to return the role, so that fails which leaves the page not loading.  To correct this I changed the rendered property to rendered="#{securityContext.authenticated}".  This prevents the link from displaying on non authenticated pages, but displays for anyone else who's logged on.  We only plan on using this in our development environment where no one but developers and system admins have access anyway, so it's not an issue that everyone will see the link.  I wouldn't recommend putting this in an environment where end users will be logging in and testing without developing a method (or finding another way to limit the display) that can be called by unauthenticated users to prevent them from seeing the link.

• Acrobat 7 requires admin password at every launch for non admin users?

  acrobat 7 requires admin password at every launch for non admin users?
  any one with a solution or similar problem?
  thanks for any help.

  I've been avidly following all of the threads regarding this issue...yet none of the solutions have worked for me. I've got 11 Mac users that do not use the Creative Suite..only Acrobat, Quark, etc. I've tried installing and re-installing through both Admin and User accounts, I've tried the AdobeBib XML change, I've tried enabling Root and installing, changing permission on the Acrobat folder, etc. all to no avail. I still get asked for Admin Authentication every time Acrobat and Distiller are opened (except on the Admin account side). This is happening on one particular Mac (G4, 1GB Ram, OS 10.4.3) for both Acrobat Standard 6 and 7 as well. The biggest issue that also happens in tandem with the Acrobat installs is the inability to print from Quark. I get the following error when printing: "The process "pictwpstops" terminated unexpectedly on signal 6." Because of the necessity to print Quark documents, I have uninstalled all Acrobat on the machines until we can get a fix. This resolves the printing problem with Quark. The only option left is to set up all users as Admin accounts - which I really do not want to do. Any other suggestions out there? I've got more information available if needed.

• Non-admin user can not logon to web pages

  I setup an iMac, I am the administrator and I set up a non-admin user. I also setup parental controls to their default settings.
  The user can log on to their account but when they go to a web page, any web page, that requires a logon, the authentication fails. I can login to the iMac as the administrator and can go to those same pages and try to logon and it works.
  I tried disabling parenting controls but it still doesn't work. I don't think that I should have to change any settings to allow a non-admin user to log on to a website, but maybe there is something I am missing...
  Any tips or things I should try?

  It's recommended to have your Security mode on.
  Anyways if you wish to, go to ''''Firefox'''' tab > ''''Options'''' > ''''Options'''' > '''''Security'''''
  and do your custom settings.
  Re-installing Mozilla Firefox may fix this problem.

• Rights of a non-admin user

  When I install an application being an administrator, is the non-admin user able to modify anything in the new program folder?
  Vice-Versa: When I install an application which needs authentication being a non-admin user. Is this non-admin able to modify the program folder after installation with no authentication?
  To what security risks may I be exposed to when I always use a non-admin account? What can a script or application do?
  Can it cause code injactions or change my startup folder or anything unwated else(like hijacking my Safari or log my passwords)?
  Regards, Clemens

  the /Applications folder is only writable by administrators. Anything put inside cannot be modified by a non-administrator unless that non-administrator has been specifically given write access.
  To what security risks may I be exposed to when I
  always use a non-admin account? What can a script or
  application do?
  A script or application running under non-admin can only modify files that are writable by that user; i.e. the contents of the user's home folder and not much else.
  Can it cause code injactions or change my startup
  folder or anything unwated else(like hijacking my
  Safari or log my passwords)?
  Most of what you have listed are admin tasks; they can only be accomplished with an admin account, or from a non-admin account after admin authentication.
  As far as password logging, a malware running under a non-admin account could theoretically install a keyboard logging app inside your home folder, and transmit your keystrokes out without your knowledge. That's why it's important to practice safe computing even when running as non-admin.
  OTOH, a malware running under a non-admin account couldn't modify any existing applications to do this, whereas the same malware running under an admin account could. This is one more reason to save your admin account for tasks that need it and do everything else from a non-admin account.

• Non-admin users can't view GAL with Outlook Connector

  Non-admin users are unable to view the Global Address List with Outlook Connector. When I give a test user admin rights (in our portal), the user can view the GAL. The VLV index is setup and functioning correctly for admin users. My versions are Directory Server 5.2 Patch 4, JES 2005Q4, Outlook Connector 7.1.222.4.
  I've reviewed the ACIs on o=cp per http://docs.sun.com/app/docs/doc/819-5200/gbnse?a=view and verified that they are getting passed down to the child entries. I added a new ACI for a specfic test user, but I see no effect when I run an ldapsearch as that user. Here are the ACIs:
  1. Allow Calendar Administrators to proxy
  (targetattr = "mail || uid || icsCalendar || givenName || sn || cn")
  (targetfilter = (|(objectClass=icscalendaruser)(objectClass=icscalendarresource)))
  (version 3.0;acl "Allow Calendar administrators to proxy - product=ics,class=admin,num=2,version=1";
  allow (proxy)(groupdn = "ldap:///cn=Calendar Administrators, ou=Groups, o=cp");)
  2. Allow Calendar users to read and search other users
  (targetattr = "mail || uid || icsCalendar || givenName || sn || cn")
  (targetfilter = (|(objectClass=icscalendaruser)(objectClass=icscalendarresource)))
  (version 3.0;acl "Allow Calendar users to read and search other users - product=ics,class=admin,num=3,version=1";
  allow (read,search)(userdn = "ldap:///uid=*,ou=People,o=pcc.edu,o=cp");)
  3. Allow test users to proxy
  (targetattr = "mail || uid || icsCalendar || givenName || sn || cn")
  (targetfilter = (|(objectClass=icscalendaruser)(objectClass=icscalendarresource)))
  (version 3.0;acl "Allow test users to proxy - product=ics,class=admin,num=2,version=1";
  allow (proxy)(userdn = "ldap:///uid=299899598658566,ou=People,o=pcc.edu,o=cp");)
  Here's the log for an ldapsearch as a non-admin user:
  -bash-3.00$ grep "conn=386080 op=1 msgId=2" access
  [02/Jan/2008:15:15:44 -0800] conn=386080 op=1 msgId=2 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid"
  [02/Jan/2008:15:15:44 -0800] conn=386080 op=1 msgId=2 - SORT cn
  [02/Jan/2008:15:15:44 -0800] conn=386080 op=1 msgId=2 - VLV 1:1:dpelinka 2964:11852 (0)
  [02/Jan/2008:15:15:44 -0800] conn=386080 op=1 msgId=2 - RESULT err=0 tag=101 nentries=0 etime=0
  When the same search is run by an admin user, nentires=3.
  Here is the test ldapsearch:
  ldapsearch -h vmpt1 -p 389 -D "uid=299899598658566,ou=People,o=pcc.edu,o=cp" -w {password} \
  -b "ou=People,o=pcc.edu,o=cp" -x -s "sub" -S "cn" \
  -G "1:1:dpelinka" "pdsRole=Employee" uid
  David,

  Jay,
  Here's a full set of logs. The first set is from my test search; the second from an actual OC search. I don't see anything different between the admin and non-admin except for the number of entries returned.
  ADMIN TEST SEARCH
  -bash-3.00$ ./test_vlvindex.shl
  version: 1
  dn: uid=375308679900788,ou=People,o=pcc.edu,o=cp
  uid: 375308679900788
  dn: uid=534616896694744,ou=People,o=pcc.edu,o=cp
  uid: 534616896694744
  dn: uid=506947161967075,ou=People,o=pcc.edu,o=cp
  uid: 506947161967075
  index 2973 content count 11893
  DS log-bash-3.00$ grep "conn=1964292 op=1" access
  [07/Jan/2008:16:36:02 -0800] conn=1964292 op=1 msgId=2 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid"
  [07/Jan/2008:16:36:02 -0800] conn=1964292 op=1 msgId=2 - SORT cn
  [07/Jan/2008:16:36:02 -0800] conn=1964292 op=1 msgId=2 - VLV 1:1:dpelinka 2973:11893 (0)
  [07/Jan/2008:16:36:02 -0800] conn=1964292 op=1 msgId=2 - RESULT err=0 tag=101 nentries=3 etime=0
  NON-ADMIN TEST SEARCH
  -bash-3.00$ ./test_vlvindex.shl
  index 2973 content count 11893
  DS log-bash-3.00$ grep "conn=1973983 op=1 msgId=2" access
  [07/Jan/2008:16:37:53 -0800] conn=1973983 op=1 msgId=2 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid"
  [07/Jan/2008:16:37:53 -0800] conn=1973983 op=1 msgId=2 - SORT cn
  [07/Jan/2008:16:37:53 -0800] conn=1973983 op=1 msgId=2 - VLV 1:1:dpelinka 2973:11893 (0)
  [07/Jan/2008:16:37:53 -0800] conn=1973983 op=1 msgId=2 - RESULT err=0 tag=101 nentries=0 etime=0
  ADMIN OC SEARCH
  -bash-3.00$ grep -i vlv access
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=14 msgId=15 - VLV 0:8:0:0 1:11893 (0)
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=15 msgId=16 - VLV 0:10:9:0 10:11893 (0)
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=16 msgId=17 - VLV 0:17:20:0 21:11893 (0)
  -bash-3.00$ grep "conn=1000785 op=14 msgId=15" access
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=14 msgId=15 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid mail cn title company telephoneNumber physicalDeliveryOfficeName objectClass"
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=14 msgId=15 - SORT cn
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=14 msgId=15 - VLV 0:8:0:0 1:11893 (0)
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=14 msgId=15 - RESULT err=0 tag=101 nentries=9 etime=0
  -bash-3.00$ grep "conn=1000785 op=15" access
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=15 msgId=16 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid mail cn title company telephoneNumber physicalDeliveryOfficeName objectClass"
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=15 msgId=16 - SORT cn
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=15 msgId=16 - VLV 0:10:9:0 10:11893 (0)
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=15 msgId=16 - RESULT err=0 tag=101 nentries=11 etime=0
  -bash-3.00$ grep "conn=1000785 op=16 msgId=17" access
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=16 msgId=17 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid mail cn title company telephoneNumber physicalDeliveryOfficeName objectClass"
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=16 msgId=17 - SORT cn
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=16 msgId=17 - VLV 0:17:20:0 21:11893 (0)
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=16 msgId=17 - RESULT err=0 tag=101 nentries=18 etime=0
  NON-ADMIN OC SEARCH
  -bash-3.00$ grep -i vlv access
  [07/Jan/2008:17:26:04 -0800] conn=2220710 op=1 msgId=2 - VLV 1:1:1:0 2:11893 (0)
  [07/Jan/2008:17:26:04 -0800] conn=2220710 op=2 msgId=3 - VLV 0:8:0:0 1:11893 (0)
  -bash-3.00$ grep "conn=2220710 op=1" access
  [07/Jan/2008:17:26:04 -0800] conn=2220710 op=1 msgId=2 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="cn mail uid objectClass"
  [07/Jan/2008:17:26:04 -0800] conn=2220710 op=1 msgId=2 - SORT cn
  [07/Jan/2008:17:26:04 -0800] conn=2220710 op=1 msgId=2 - VLV 1:1:1:0 2:11893 (0)
  [07/Jan/2008:17:26:04 -0800] conn=2220710 op=1 msgId=2 - RESULT err=0 tag=101 nentries=0 etime=0
  -bash-3.00$ grep "conn=2220710 op=2" access.20080107-171147
  [07/Jan/2008:17:26:04 -0800] conn=2220710 op=2 msgId=3 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid mail cn title company telephoneNumber physicalDeliveryOfficeName objectClass"
  [07/Jan/2008:17:26:04 -0800] conn=2220710 op=2 msgId=3 - SORT cn
  [07/Jan/2008:17:26:04 -0800] conn=2220710 op=2 msgId=3 - VLV 0:8:0:0 1:11893 (0)
  [07/Jan/2008:17:26:04 -0800] conn=2220710 op=2 msgId=3 - RESULT err=0 tag=101 nentries=0 etime=0
  -bash-3.00$
  David.

• Allowing non-admin users partial admin privileges

  Hi All
  I manage a number of Macs on a large corporate (PC-centric) network. Organisation policy prohibits giving users admin privileges. However, I want users to be able to do some admin tasks like installing software, but not to have admin privileges per se. The Parental Controls option for non-admin accounts does not offer sufficient functionality.
  All the Macs are stand alone (not managed accounts), and are accessible via Apple Remote desktop. Few of the Mac users are command line savvy, so any solution has to be invisible, or via a simple gui.
  Thanks in advance
  Dave Mitchelll

  Most software does not need to be in the Applications folder to run. Non-admin users can install most drag-and-drop software right inside their home folders and run the apps from there.