Non Admin Recovery

Similar Messages

• Find my mac and non-admin account

  Hello all,
  so, on my macbook pro I have 2 user accounts. One is the administrator account, that I don't normally use to work. The other is a non-admin regular account which is what I log into every day for my work.
  Today I upgraded to Lion 10.7.2 and went to configure iCloud, using the regular account. I saw that I could not select Find my mac as administrative authorization was required.
  Fair enough, so I logged out and logged back into the administrator account, went to iCloud settings, and sure enough I was able to check find my mac. I was asked for confirmation, said ok, then closed system preferences and logged out of the administrator.
  I then logged again into my normal account, and went to check the iCloud settings. I expected to see that Find my mac would be selected (although not modifiable from this account). Instead, it was not checked. Going to iCloud.com's "Find my iPhone" panel showed a message that no device was configured.
  So, am I getting something wrong? Do I actually have to be logged in as an administrator to let Find my mac work? Note that, even logging in as the administrator, if I go to iCloud.com I still see that no device is configured.
  Thanks for any suggestions. Cheers.

  I have the same setup as yourself (standard user for everyday use, admin user for software install and system settings change) and I was able to set up FMM in the admin account with no problems, except some pre-requisites: while logged in to the admin profile you have to 1) install the Lion HD Recovery Update, 2) enable location services in the Security & Privacy PrefPane and 3) enable Wake For Network Access in the Power Adapter section of the Energy Saver PrefPane.
  I didn't want to set up iCloud sync in the admin profile but Apple made me to. Anyway, it seems I don't have to stay logged in to the admin account for FMM to work.
  I hope this helps.

• ITunes sharing on Vista non-admin account

  I've looked fairly hard and can't find any reference to exactly this problem. Any ideas?
  Setup is a home network of 3 macs and 2 pc laptops, based around a NetGear DG834Gv2. 2 macs running 10.5.4, other mac running Tiger, PCs running Vista. All updates applied.
  All iTunes sharing works across all machines except that the Vista laptops won't access the shared music on the other machines when using a non-admin account. They work fine when logged in as admin but give "can't access shared library (-39), Check firewall allows access to port 3689" etc. when logged in as normal user. The Windows Firewall is off and I've tried turning off the Norton firewall that was pre-installed as part of the security setup - no different.
  The macs can see the music shared from the PCs - just not the other way round.
  Help!
  Thanks,
  Pete

  I have the same setup as yourself (standard user for everyday use, admin user for software install and system settings change) and I was able to set up FMM in the admin account with no problems, except some pre-requisites: while logged in to the admin profile you have to 1) install the Lion HD Recovery Update, 2) enable location services in the Security & Privacy PrefPane and 3) enable Wake For Network Access in the Power Adapter section of the Energy Saver PrefPane.
  I didn't want to set up iCloud sync in the admin profile but Apple made me to. Anyway, it seems I don't have to stay logged in to the admin account for FMM to work. You'll notice that, even though FMM has been configured on the admin account, it will still appear as "authorization required" in the standard account.
  I hope this helps.

• Non admin user - changes not saved (Safari settings, system prefs, etc.)

  iMac, 2 users, one is administrator and other is standard user. Recently, in the non-admin user account, it has become impossible to make any changes. For example, adding an application to the the Dock, after logging out and back in next time, the application is not in the Dock any more. Also, making changes to the prefs in Safari, changes are not saved.
  I noticed this after installing FireFox v4. I installed it as admin whilst in the non-admin users account. However, I don't believe that the installation of FF has anything to do with the problem, it just highlighted it. I've checked the permissions for the various directories that hold prefs info such as user/libraries/application prefs/etc. etc. and also Safari prefs. Nothing I can see that has changed in system prefs.
  Any ideas on what has caused the problem (kids are known to fiddle from within the non-admin account) and any ideas on how to fix it?
  Thanks

  Hi PPRuNe,
  You could try making the standard user an Admin too. To do this, make sure you are logged in to the standard user, go to System Preferences > Accounts > Standard user (you may have to unlock the padlock) > Allow user to administer this computer
  This will allow changes to be made without being prompted for a password all the time.
  However, if you had Parental Controls on, they probably won't work on an admin account because as an admin you have complete control over a computer, so the computer thinks there is no point in having the controls turned on. And if the kids are known to "fiddle," just think carefully!
  Hope this helps you.
  Chris.

• How to allow access to winrs for non-admin user?

  I have Windows Server 2012 (and Server 2008, but it is next priority) to monitor it using txwinrm. txwinrm library internally is using WinRS protocol. I have to monitor it using least privileged user, but don't know how to configure access for him.
  All I managed to do - is to configure remote Powershell session for my user, but it's look like that winrs and powershell sessions have different security descriptors:
  Invoke-Command -ComputerName 192.168.173.206 -Credential (credential Administrator $pwd) -ScriptBlock { 2 + 2}
  # gives 4
  Invoke-Command -ComputerName 192.168.173.206 -Credential (credential lpu1 $pwd) -ScriptBlock { 2 + 2}
  # gives 4
  winrs -r:192.168.173.206 -u:Administrator -p:$pwd 'powershell -command "2+2"'
  # gives 4
  winrs -r:192.168.173.206 -u:lpu1 -p:$pwd 'powershell -command "2+2"'
  # Gives Winrs error: Access is denied.
  Configuration for my user is following:
  (Get-Item WSMan:\localhost\Service\RootSDDL).value
  # O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;S-1-5-21-3231263931-1371906242-1889625497-1141)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)
  (Get-PSSessionConfiguration -name Microsoft.Powershell).SecurityDescriptorSddl
  # O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;S-1-5-21-3231263931-1371906242-1889625497-1149)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
  (In each security descriptor my user is given general access to protected object).
  So what security descriptor should I set to make my winrs query work for non-admin user?

  Hi Bunyk,
  I can not recreate the erroe you posted, and please also post the screenshoot in your convenience.
  I tested with a non-domain user but has the local admin permission of the remote computer, and this worked, before running the remote cmdlet in powershell, I also configured the TrustedHosts.
  In addition, the access denied could be also caused to the Protocol Filtering on the remote server, for more detailed information, please refer to this thread:
  winrs error:access is denied
  I hope this helps.

• Flash player does not work on Non Admin accounts

  I have 2 citrix servers running Windows Server 2k3. Flash
  installs and plays fine as the administrator, but once logged in as
  a regular user. Flash does not work. I have set the security
  permissions for the C:\Windows\System32\Macromed\Flash folder so
  that non admin users can modify and write to the folder. That did
  not work, flash asks to install, but when you click ok, it becomes
  a red X. Any ideas?

  Hi all,
  Please see the following article that may address this issue:
  http://www.adobe.com/go/624850b5
  “After successful installation under the Windows
  Administrator account, Restricted User accounts are unable to
  display Flash Player content.”
  This issue is never encountered with a new install of
  Windows. It is sometimes encountered with older images and it is
  strictly an issue with the ActiveX installer not for plug-ins.
  Please reply to this thread with your results. If the
  registry fix mentioned on this article helps, we will update the
  document to reflect that it is still an issue.
  Important Note: These online forums are for user-to-user
  discussions of Adobe products, and are not an official customer
  support channel for Adobe. If you require direct assistance, or
  prefer to contact Adobe support staff directly, please contact
  Adobe support.
  http://www.adobe.com/support/contact/

• Access to Resources via Non-admin accounts

  Is there any way to provide access to resources so that they are accessible via
  non-admin accounts. For e.g. to Retrieve my JMSConnectionfactory i do a
  Environment env = new Environment();
  env.setProviderUrl(url);
  env.setSecurityPrincipal(username);
  env.setSecurityCredentials(password);
  Context ctx = env.getInitialContext();
  The username and password here is the admin account. This works fine but if i
  use a non-admin account(member of Operators group), i get exceptions on Domainloghandler
  runtime
  Problem: I need to register a mbean that needs to access JMS Resources. Since
  our deployment team doesnt want to provide us access to admin accounts, we use
  a "operators" group account to register our mbeans. if i do this, i get a
  Access not Allowed for subject:principals=[operator, Operators], on ResourceType:
  DomainLogHandlerRuntime Action: execute Target: registerToMe.
  This happens when my managed resource tries to access a JMS ConnectionFactory.
  Instead if i register my mbeans using the admin account, everything is fine and
  my managed resource works nice.
  This is on weblogic 81 SP1 on Solaris. Please let me know if you need more details.
  Any clues/hints/solutions greatly appreciated. There is not a lot of documentation
  on how to access/register mbeans using non-admin accounts.
  TIA
  Raj

  I have done some more debugging on this and have narrowed down the issue to the
  location where my initialcontext is being obtained.
  so if i register my mbean as a non-admin account and do an operation on the managed
  resource which fetches initial context, i get the below exception. This is how
  i get my initialcontext
  weblogic.jndi.Environment env = new weblogic.jndi.Environment();
  env.setProviderURL("t3://machine:8102,machine:8103");
  env.setSecurityPrincipal("operator");
  env.setSecurityCredentials("operator");
  Context ctx = env.getInitialContext();
  I am doing this from a mbean thats registered on a different managed server(t3://machine:8101)...
  Whats wrong with this?
  TIA
  Raj
  "Raj" <[email protected]> wrote:
  >
  Is there any way to provide access to resources so that they are accessible
  via
  non-admin accounts. For e.g. to Retrieve my JMSConnectionfactory i do
  a
  Environment env = new Environment();
  env.setProviderUrl(url);
  env.setSecurityPrincipal(username);
  env.setSecurityCredentials(password);
  Context ctx = env.getInitialContext();
  The username and password here is the admin account. This works fine
  but if i
  use a non-admin account(member of Operators group), i get exceptions
  on Domainloghandler
  runtime
  Problem: I need to register a mbean that needs to access JMS Resources.
  Since
  our deployment team doesnt want to provide us access to admin accounts,
  we use
  a "operators" group account to register our mbeans. if i do this, i get
  a
  Access not Allowed for subject:principals=[operator, Operators], on ResourceType:
  DomainLogHandlerRuntime Action: execute Target: registerToMe.
  This happens when my managed resource tries to access a JMS ConnectionFactory.
  Instead if i register my mbeans using the admin account, everything is
  fine and
  my managed resource works nice.
  This is on weblogic 81 SP1 on Solaris. Please let me know if you need
  more details.
  Any clues/hints/solutions greatly appreciated. There is not a lot of
  documentation
  on how to access/register mbeans using non-admin accounts.
  TIA
  Raj

• A Solution for Enabling Sandbox activation by non admin users for testing (OIM 11gr2 PS2)

  I just wanted to post what i came up with as a solution the the problem of not being able to Test the effects of sandbox changes for non admin level users prior to their publication.  We are constantly making changes to the UI through sandboxes, the problem is rolling a sandbox back isn't easy, and we cannot be sure of the effects they will have on non administrative users until they are published, since the out of the box sandbox link isn't available to non Sysadmin level users.
  To allow these non admin user accounts to test the effects of sandbox changes in our development environment, I did the following (as always, follow at your own risk):
  Create and activate a new sandbox.
  Close all open tabs (including the Home and Sandbox tabs) and click the "Customize" link.
  Click the view -> source drop down in the upper left.
  After the source is visible, click the Accessibility or Sandbox link to find the area that you will add the new "UserSandboxTest" (call it whatever you want) link.
  Add a new commandImageLink directly in the panelGroupLayout: horizontal item before the "switcher" item (see the UserSandboxLink in my screen shot below):
  Edit the Link you just inserted, Entering whatever you want the link to display as in your browser in the "Text" field.
  Export the sandbox.
  Unzip the exported sandbox and navigate to the IdmShellV2.jspx.xml (path should be: \templates\mdssys\cust\site\site).
  Edit the IdmShellV2.jspx.xml file and find the new item you added in step 5.
  Add the following to the commandImageLink xml item: actionListener="#{pageFlowScope.uiShell.context.launchSandboxes}" rendered="#{oimcontext.currentUser.roles['SANDBOX_USER'] != null}".  Note: I used a new custom enterprise role, SANDBOX_USER, to control the display of the new link, You should substitute whatever EL conditions you need in the rendered property.
  Save your IdmShellV2.jspx.xml file and zip the contents back up, just like you would for any other customization.
  Import your newly edited sandbox back into the target environment.
  Publish the sandbox.
  This seems to work great for allowing us to test other sandbox changes effects on different types of users. 

  On step 10, adding the check to determine if the user should have access to the role ended up breaking access to the unauthenticated pages like the self registration page and the forgot userid/user login pages.  Non-authenticated users cannot execute the method to return the role, so that fails which leaves the page not loading.  To correct this I changed the rendered property to rendered="#{securityContext.authenticated}".  This prevents the link from displaying on non authenticated pages, but displays for anyone else who's logged on.  We only plan on using this in our development environment where no one but developers and system admins have access anyway, so it's not an issue that everyone will see the link.  I wouldn't recommend putting this in an environment where end users will be logging in and testing without developing a method (or finding another way to limit the display) that can be called by unauthenticated users to prevent them from seeing the link.

• "Error while printing" in non-Admin user

  I have a non-admin account (for my wife) in my iMac G5, and from some days ago, all applications refuse to print. A msg telling "Error while printing" appears, and the application trying to print crash in some sort of way.
  I can print the test page from the Printer Utility, so the printer (a Canon MP130) is fine.
  Entering with my Admin account, i have no problem printing.
  I check some help in Apple support, and as there is stated, i repaired permissions on both accounts.
  And the problem doesn't solve. Still, ALL applications gives this message.
  I'm not very tech in this, but i just note that the msg appears while the doc info is "going" to the printer, after i accept "Print" (spooling??)
  Does anyone knows what i can do to correct this?

  I never solved this...and still having troubles to print from the other user

• Reader 9.5.1 Crashes after a few seconds for non-Admin users

  I have Adobe Reader 9.5.1 installed on some Citrix XenApp 5.0 servers that are Windows 2003.  Any time a non-admin user launches Reader it is open for a matter of seconds and then crashes.  It shows a Dr Watson crash in the error logs each time. If I logon as an Administrator, it works just fine.  I've tried reinstalling/repairing the installation to no avail. 
  Has anybody run into this in the past or does anyone have any ideas on how to fix it?

  My company is into same issue but thing is that I cannot uninstall the MS patch as it will be vulnerability for our servers and we have opened a case with MS and they have reveiwed the proc dump and now MS is asking to get this reviewed with Adobe. I'm not sure how to reach out to Adobe Support to get the fix from them. Any solution on this regard, it will be great help. Thanks, Sayed.

• How do I allow access to non admin network users to disk volume?

  I would like to allow access to a specific volume (disk) on one of our networked macs (Mac1) to all users. I've set user accounts on Mac 1 for all network users. These users are "regular" users, not admin. They can access this disk (and all others on Mac1) if I log in as Admin set Users to Admin. If I do this, then users have access to ALL data on all disks. If I do not, leaving them as "regular" users, when they log in they only see public folders. How can I allow access to the one disk volume without making network users admin? I tried changing various settings for the volume in Finder Info (everone else=read/write; ignore permissions) with no luck.
  Thanks
  iMac, ibooks, G5, Tibook   Mac OS X (10.4.4)  

  Your observations are correct - by default, an "admin" user connecting over AFP can choose from available "volumes" (default) or "shares", whereas a non-admin user can only mount "shares".
  By default, the only "shares" on an OS X client machine are the users' "Public" folders, and unlike pre-OS X Macs, it isn't easy to configure your own share points. Apple's official statement is that users wanting this functionality should buy OS X Server.
  However, it is possible to create an arbitrary share point using 3rd party software called "SharePoints" (donationware). I have never used it, but it seems to be well regarded. Alternatively, you can do it manually following the instructions in this hint & comments (especially apw8's):
  http://www.macosxhints.com/article.php?story=20011108161839416
  Once the external drive (or folder on the external drive) is configured as a share point, it should be possible for non-admin users to select and mount it once they connect over AFP.

• Is there any way to prevent non-admin user accounts to receive software update prompts?

  I am the admin account user on our MacBook Pro, and there is one standard user account on it as well. Generally we are both logged on so we can quickly switch between user accounts and 'spin the desktop'.
  For some reason, all the software update notifications seem to be received when the standard user account is the active one.
  I know that the standard user cannot actually update without my account password and my Apple ID, but a) The notifications confuse the non-admin user, and she gets flustered, and b) Even if she manages to cancel them from the notification area, she then has to remember to tell me verbally that she had had one.
  Is there any way to stop her receiving the update notifications altogether?
  Running OS X 10.8.2 on MacBook Pro.
  Thanks in advance.

  You should be able to do this by unchecking the software update service in the system preferences to prevent the system from running the check as the "_softwareupate" user and passing it to the notification service that broadcasts to all user accounts. Then you can check for the software update in an admin account using the following Terminal line:
  /System/Library/CoreServices/Software Update.app/Contents/Resources/SoftwareUpdateCheck -Check YES
  This line can be scripted via Terminal services to run on a schedule (ie, every few hours), and if there are found updates it will launch the App Store for that account and present them. Granted this approach circumvents the notification service, but should work. To try this, open TextEdit on your computer and in a new document choose "Make Plain Text" from the Format menu.
  Then copy and paste the following text into the new document:
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  <plist version="1.0">
  <dict>
            <key>Label</key>
            <string>local.softwareupdatecheck</string>
            <key>ProgramArguments</key>
            <array>
                      <string>/System/Library/CoreServices/Software Update.app/Contents/Resources/SoftwareUpdateCheck</string>
                      <string>-Check</string>
                      <string>YES</string>
            </array>
            <key>StartInterval</key>
            <integer>21600</integer>
  </dict>
  </plist>
  When done, save the document to your desktop as "softwareupdatecheck.plist" or anything as long as it ends with ".plist." Then get information on the file in the Finder to ensure its name ends with plist and not anything else like "plist.txt" (rename it accordingly in the Info window's "Name & Extension" section.
  With the file name appropriate, hold the Option key and choose the "Library" option in the Finder's "Go" menu. Then locate the folder called "Launch Agents" in the library and drag the text file to this folder. Then log out and log back into your account.
  This text file is a launch agent script that instructs the system to run the program arguments every 21600 seconds (6 hours) whenever the user is logged in. The program arguments here are simply those to check for software updates for the system. You can change this time interval to be any number of seconds you would like, but there are other options to use besides the "StartInterval" key for scheduling the task. This approach simply has it repeat every number of seconds, but you can use other options to have it only run on specific hours or days, or only have it run once when you log in, etc.
  If this works for you, then if you'd like to explore these other options write back here and we can go over them for you.

• PE13 on Windows 8.1 and non-admin or UAC issues?

  Before I try to evaluate Premiere Elements 13 64-bit, I want to ask if lingering problems related to UAC and non-admin user accounts were resolved since version 11.
  It's good to see a 64-bit version of Elements come out since then.

  Gordon Fecyk
  On what computer operating system is your Premiere Elements 13 running? For now I will assume Windows 7, 8, or 8.1 64 bit.
  Not sure what you mean by:
  It's good to see a 64-bit version of Elements come out since then.
  assume you mean version 11. So in that case....
  Premiere Elements Windows 10, 11, 12, and 13 are 64 bit applications when installed and run on specifically on Windows 7, 8, or 8.1 64 bit. Other Windows versions are 32 bit applications in 32 bit system or 32 bit application running in the 32 bit compatibility mode of 64 bit system. On the Mac side of things,  it is my recollection that Premiere Elements 11 Mac was the first to be a 64 bit application when run on Mac 64 bit system.
  It is my understanding that nothing has changed over the versions with regard to Premiere Elements and the matter of "UAC and non-admin accounts". Probably Microsoft would be a good source on that. Recent threads seem to suggest that Premiere Elements is not working with Domain accounts.
  This is not Adobe. Rather a user to user forum. If you want to contact Adobe about your feature requests, you could consider the Adobe Feature Request Bug Report Form.
  https://www.adobe.com/cfusion/mmform/index.cfm?name=wishform&loc=en
  When you have specific problems with aspects of your Premiere Elements 13 purchased or tryout, we would be glad for the opportunity to be of assistance. Definitely recommend tryout before purchase to assure the compatibility of your program with your specific computer environment and your project goals.
  ATR

• Whenever I launch firfox through non admin login, I get an alert message.

  Whenever I open firefox through non admin login, I get following alert message. "Could not initialize the application's security component. The most likely cause is problems with files in your application's profile directory. Please check that this directory has no read/write restrictions and your hard disk is not full or close to full. It is recommended that you exit the application and fix the problem. If you continue to use this session, you might see incorrect application behaviour when accessing security features."
  After this, firfox opens but whenever I go to any web page having secure connection like orkut, facebook etc. firefox crashes. It works normally through admin login.
  == This happened ==
  Every time Firefox opened
  == I suppose this started when I updated it to latest version i.e. 3.6.8 ==
  == User Agent ==
  Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)

  Thankyou, for contacting Mozilla Firefox, Please join us on live chat so we can better assist you with your issue.

• Screen sharing to OS X Lion Server with non-admin account

  I have set up a Lion Server with one admin (in addition to the root user) and several non-admin normal accounts. In Server.app, I have enabled remote login with ssh, and remote management via screen sharing.  I am unable to use Screen Sharing to connect to the server from the non-admin accounts, but able to use the admin account. I've read that it is only enabled for admin users, but need to access from non-admin accounts, and I can't add these accounts to the admin group. Is there a way to do this with Workgroup Manager? I tried changing the Remote Management settings in System Preferences by adding the non-admin, but when selecting 'Observe' and 'Control' in the options for the user, they are not saved.

  I resolved this issue by deselecting the "Enable screen sharing and remote management" in Server.app and going to System Preferences, Sharing Preferences, Screen Sharing, and allowing access for "All Users".  If you have some users you want to allow VNC, you can create a group, add the allowed users to the group, and add the group under "Only these users".