Non-admin user cannot access Essbase server level variables

Similar Messages

• [Solved] Non-root user cannot access mounted ntfs filesystem

  Hi -,
  i have a dualboot system (arch/xfce + win7) and i use a ntfs partition /dev/sda2 to store files i use with both operating systems. I added the partition to fstab and it gets mounted, but i cannot access it with my non-root user. With root it works fine...
  My fstab:
  # cat /etc/fstab
  # /etc/fstab: static file system information
  # <file system> <dir> <type> <options> <dump> <pass>
  tmpfs /tmp tmpfs nodev,nosuid 0 0
  LABEL=home /home ext4 defaults 0 1
  LABEL=root / ext4 defaults 0 1
  LABEL=swap swap swap defaults 0 0
  /dev/sda2 /media/sda2 ntfs defaults 0 2
  Is there any option that allows all users to use the mounted device? Or how is this usually done ...
  Last edited by muzzel (2012-05-30 20:39:58)

  See: NTFS-3G for important setup information.
  My fstab line looks like:
  /dev/sdb1 /media/Win_USB ntfs-3g uid=1000,gid=users,fmask=113,dmask=0022 0 0
  This sets up some important parameters which the NTFS-3G Wiki Page covers.  Basically, "ntfs" is only a basic driver and is built into the kernel.  "ntfs-3g" is a much better, and less disk-eating, driver that you should install and use if you need the drive in Linux any more than occasionally.  My fstab line makes my user (1000) the owner and the masks lets me write and etc to it.  When you install NTFS-3G it is automatically used when you use the mount command to mount NTFS drives.  In fstab, as above, you would specify it explicitly.
  You can find your own user number by entering "id" at a terminal.

• Non-admin users and Time Machine

  We have a 1-1 laptop program with 7th and 8th grade students. The students are not admins of their own laptops.
  This year we gave each student an external hard drive and had them use Time Machine to back-up their accounts. The problem was when a student needed to restore from Time Machine, we needed to enter the administrator's password.
  We'll be switching to Lion over the summer, and by default, a non-admin user cannot even turn on Time Machine without an adminsitrator's password, which makes Time Machine useless. I don't want to have our students go back to manually dragging and dropping all of their school data (and movies and music) to back it all up (what a messy process).
  Is there any way around the need for an admin password to use Time Machine?

  Time Machine (the application) is already allowed. That's not the problem.
  In order to set-up Time Machine the first time, users have to open the Time Machine Preference, and that is locked. When a user tries to unlock it, they need to enter an administrator's password, but our students are only standar users.
  We don't want to have to enter that password for 250 machines each time students need to access that preference.
  In addition, an administrator's password is needed to restore anything from a Time Machine drive, and we'd like a way around that too.

• Can't login to local NON-admin accounts-Directory Access set to server

  I have a strange problem on a set of laptops that I cannot resolve and am hoping someone can help me.
  Here is the issue:
  I have a set of building laptops (PowerPC, OSX.4.11) that seemingly will not "search locally" in the authentication process. The logins seem to work fine for NETWORK logins to our Open Directory Master xserve, but these machines will not login to any LOCAL non-admin accounts. The local root and local admin account logins do, however, work fine. ?? The remainder of the building computers (Intel iMacs OSX.4.11) appear to have the exact same settings and login fine both locally and via the network home directories.
  I have tried the following:
  Deleted DirectoryService preferences folder (MacintoshHD-->Library-->Preferences->DirectoryService)
  Deleted the mcx cache in Directory Access
  Tried adding a new non-admin user to test (still will not login)
  Removed and re-created LDAP configuration (all set to custom)
  Tried setting the LDAP to the automatic settings ("Add DHCP-supplied LDAP servers to automatic search policies")
  Disabled all network connectivity (turned off Airport and disconnected the ethernet cable), still cannot login to local accounts
  Tried to bind in LDAP configuration (when I did bind the machine, it would no longer authenticate to the network authentication server, so I did an "unbind" and restarted and it went back to performing the network logins, but still will not login to local non-admin accounts).
  Reset passwords in System Prefs and also re-typed them in NetInfo Manager
  Deleted login keychains
  Deleted mcx.plist
  Reinstalled the OS from disk and local logins worked TEMPORARILY--UNTIL I set the LDAP directory access to authenticate to our server (which I also need for the network logins to work),then, the issue started again.
  *Same results with both ethernet and wireless connectivity enabled.
  *Note: I also manage these local accounts via WGM (installed on the local machine) and even tried disabling that and still no luck.
  Please help...I have spent hours and hours trying to find a solution and nothing seems to work! What am I missing??

  Mostly just a bump...
  How about that .local extension, or trailing / ?

• How to allow access to winrs for non-admin user?

  I have Windows Server 2012 (and Server 2008, but it is next priority) to monitor it using txwinrm. txwinrm library internally is using WinRS protocol. I have to monitor it using least privileged user, but don't know how to configure access for him.
  All I managed to do - is to configure remote Powershell session for my user, but it's look like that winrs and powershell sessions have different security descriptors:
  Invoke-Command -ComputerName 192.168.173.206 -Credential (credential Administrator $pwd) -ScriptBlock { 2 + 2}
  # gives 4
  Invoke-Command -ComputerName 192.168.173.206 -Credential (credential lpu1 $pwd) -ScriptBlock { 2 + 2}
  # gives 4
  winrs -r:192.168.173.206 -u:Administrator -p:$pwd 'powershell -command "2+2"'
  # gives 4
  winrs -r:192.168.173.206 -u:lpu1 -p:$pwd 'powershell -command "2+2"'
  # Gives Winrs error: Access is denied.
  Configuration for my user is following:
  (Get-Item WSMan:\localhost\Service\RootSDDL).value
  # O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;S-1-5-21-3231263931-1371906242-1889625497-1141)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)
  (Get-PSSessionConfiguration -name Microsoft.Powershell).SecurityDescriptorSddl
  # O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;S-1-5-21-3231263931-1371906242-1889625497-1149)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
  (In each security descriptor my user is given general access to protected object).
  So what security descriptor should I set to make my winrs query work for non-admin user?

  Hi Bunyk,
  I can not recreate the erroe you posted, and please also post the screenshoot in your convenience.
  I tested with a non-domain user but has the local admin permission of the remote computer, and this worked, before running the remote cmdlet in powershell, I also configured the TrustedHosts.
  In addition, the access denied could be also caused to the Protocol Filtering on the remote server, for more detailed information, please refer to this thread:
  winrs error:access is denied
  I hope this helps.

• Borland C++ Delphi application is not able to connect to SQL Server as Non Admin user

  Hi,
  I am working on a Borland C++ and Delphi application. This application connects to  SQL Server and returns database queries results. Once we migrated to windows Server 2003 we have started facing an issue.
  1. IF we login to client application as admin user then this connects properly with SQL Server and returns database queries.But if we connect using Non- Admin users then application is not able to connect SQL Server.
  SQL Server 2008
  Windows Server 2003.
  Can anybody help on this.
  Thanks in Advance.
  Rakesh

  This application is written in Borland C++ and Delphi running on Windows 2003 Server. This  is a Windows GUI based small tool. Basic functionality of the tool is : 1) Once we invoke the tool it connects to DB(SQL Server 2005) and populates a list of
  all the tables present in DB.   2) If we select any table from the list populated in step (1) and provide query parameters, this will return results from Database.
  Issue:  IF we login to the Windows machine as Administrator this application runs perfectly .This application populates the DB tables correctly and returns results from database when queries executed as in step (2)
  But if we login as some other user (like hubapp) then this populates some different set of table which are not from the same database instance .Also the queries does not return any results. In the logs we get following error message : (TiltData is the instance
  name for our Database)
  Msg:Application Exception : Cannot locate or connect to SQL server.Unable to connect: SQL Server is unavailable or does not exist.  Specified SQL
  server not found.Alias:
  TiltData1 occurred in main thread.
  As for the connection string 
        'DATABASE NAME=tiltdata'
        'SERVER NAME=SDV3'
        'USER NAME=sa'
        'OPEN MODE=READ ONLY'
        'SCHEMA CACHE SIZE=8'
        'BLOB EDIT LOGGING='
        'LANGDRIVER='
        'SQLQRYMODE=SERVER'
        'SQLPASSTHRU MODE=NOT SHARED'
        'DATE MODE=0'
        'SCHEMA CACHE TIME=-1'
        'MAX QUERY TIME=300'
        'MAX ROWS=-1'
        'BATCH COUNT=612'
        'ENABLE SCHEMA CACHE=FALSE'
        'SCHEMA CACHE DIR='
        'HOST NAME='
        'APPLICATION NAME=QueryTool'
        'NATIONAL LANG NAME='
        'ENABLE BCD=FALSE'
        'TDS PACKET SIZE=65535'
        'BLOBS TO CACHE=64'
        'BLOB SIZE=32'
        'PASSWORD=jstart')
  Any help is appreciated. I have spent a lot of time on this issue with no results.
  Regards
  Rakesh

• Non-admin Users SQL Server Configuration Manager

  Hi Everyone,
  I'm wondering if it's possible to grant non-admin users to start/stop SQL services using SQL Server Configuration Manager. Using the sc command, I was able to grant non-admin users access to services applet in Windows.
  However, our DBA said that the best practice to stop/start SQL is via SQL Server Configuration Manager. Based on testing, they are unable to stop/start SQL from SQL Server Configuration
  Manager though they are able to do so (stop/start SQL services) via Services applet.

  Check these links.. Yes you can stop/start SQL is via SQL Server Configuration Manager, services.msc,
  SSMS --> InstanceName-->Stop / Start
  http://support.microsoft.com/kb/325349
  http://social.technet.microsoft.com/Forums/en/w7itprosecurity/thread/8848c72c-37fa-4d7f-90a6-769e4204f2f3
  Raju Rasagounder Sr MSSQL DBA

• User cannot access redirected Documents folder, but can connect to share in Windows Explorer and access folder on server

  I am in the final stages of a cross-forest migration.  Users have Windows 7 workstations with redirected folders on a Windows Server 2012 box running in the old forest.  User accounts were not migrated.  The accounts in use have always
  been in the "new" forest.  One of our challenges was the large volume of data in redirected folders.  I made sure users in the target forest had continued to have access to their redirected folders in the old forest and robocopied
  the entire users share, copying the permissions with the files.  By doing incremental robocopies, we can get a final copy done now in about six hours.  The plan was simple: copy the files, do an incremental copy every night, on the night of the cutover
  change the folder redirection policy Documents path from
  \\oldserver\users\%USERNAME% to
  \\newserver\users\%USERNAME%. The policy is configured to NOT copy user files from the existing folder to the new redirected folder.  Everything was going well until I tested the policy change.  After the folder redirection policy is updated
  and applied, the user cannot access the private Documents folder.  For example, user Chester Tester logs on as ctester.  I open Windows Explorer and click the Documents shortcut.  I see one subfolder, which is subfolder of Public Documents. 
  So I can look at Public Documents but when I click on the Documents folder (Under the Documents library link) I get an access denied error.  Now for the kicker, if I open another Windows Explorer window and edit the address bar to
  \\newserver\users\ctester, I can navigate the Documents folder tree and see my thousands of documents. What the ....?
  I'm hoping this is something really simple to fix!
  TIA

  HI Vivian,
  Thank you for your reply.  Yes, the path in Group Policy Folder Redirection Root Path was updated to
  \\NEWSERVER\users.  I had planned to point this to the distributed file system, so the first used was actually
  \\domain\dfs\users.  To simplify things I have backed off to copying to just a normal share
  \\newserver\users. 
  We are using BASIC folder redirection and we create a folder for each user under the root path. 
  We did not want the policy to move content, as we were seeing users requiring 15-20 minute logon times  (or higher) after the policy is changed.
  Grant the User exclusive right to Documents - Disabled
  Move the contents of Documents to the new location - Disabled
  Related folder settings
  Video - Follow Documents
  Music - Follow Documents
  Pictures - Follow Documents
  Now when I change the folder redirection from old server to new server I now have TWO My Documents folders in the user's redirection folder on the server.  The redirected Documents points to an empty folder set.  The copied folders with all user
  data are there, but folder redirection refuses to recognize the original folder.
  I am looking at the full view of the folder, nothing hidden, so I'm wondering how a folder can have two subfolders with the exact same name.  For now, I just want the redirection to move from the old server to the new server properly.  I deleted
  the new My Documents folder, rebooted the user's workstation and tried again.  The behavior repeats itself, i.e., a new My Documents folder is always created when the redirection policy is changed from the old server to the new server.  The environment
  has about 1500 users with approximately 1.3TB of data in the redirected Documents folders.  OUCH!

• Not able Access Page in Page in Page Library for Non Admin users in Shrepoint 2013

  Hi all,
  All Non Admin users are not able access the page in pages library.If you have idea realting to this please give reply.
  Regards
  VeerendraNadh

  Hi Veerendra,
  Thanks for posting your issue,
  I think you have not published your pages for Major version. thus, other users are unable to see your pages from page library.
  for more details, kindly check out below mentioned URL
  http://blogs.technet.com/b/tothesharepoint/archive/2013/04/10/stage-7-upload-page-layouts-and-create-new-pages-in-a-publishing-site.aspx
  I hope this is helpful to you, mark it as Helpful.
  If this works, Please mark it as Answered.
  Regards,
  Dharmendra Singh (MCPD-EA | MCTS)
  Blog : http://sharepoint-community.net/profile/DharmendraSingh

• User Interface Access Customisation for non admin users

  Hi,
  It is understood that for non-admin users, some features of the Planning Interface is not enabled and this can be controlled by proper access permissions. But, is it possible to extend the customization to provide some additional features in the menu bar for an user?
  For example, if View User wants to manage task lists. Is it possible by some sort of customization? Please advise.
  Thanks.

  Hi,
  You can create right click menus, and you can also create links on the tools page. Would any of these help you?
  Here is the doc on those subjects:
  Creating and Updating MenusAdministrators can create right-click menus and associate them with data forms, enabling users to click rows or columns in data forms and select menu items to:
  Launch another application, URL, or business rule, with or without runtime prompts
  Move to another data form
  Move to Manage Approvals with a predefined scenario and version
  The context of the right-click is relayed to the next action: the POV and the Page, the member the user clicked on, the members to the left (for rows), or above (for columns).
  When designing data forms, use Other Options to select menus available for Data Form menu item types. As you update applications, update the appropriate menus. For example, if you delete a business rule referenced by a menu, remove it from the menu.
  To create, edit, or delete menus:
  Select Administration, then Manage, then Menus.
  Perform one action:
  To create a menu, click Create, enter the menu's name, and click OK.
  To change a menu, select it and click Edit.
  To delete menus, select them, click Delete, and click OK.>
  Specifying Custom ToolsAdministrators can specify custom tools, or links, for users on the Tools page. Users having access to links can click links from the Tools menu to open pages in secondary browser windows.
  To specify custom tools:
  Select Administration, then Application, then Settings.
  For Show, select Advanced Settings.
  Click Go.
  Select Custom Tools.
  For each link:
  For Name, enter the displayed link name.
  For URL, enter a fully qualified URL, including the http:// prefix
  For User Type, select which users can access the link.
  Click Save.

• A Solution for Enabling Sandbox activation by non admin users for testing (OIM 11gr2 PS2)

  I just wanted to post what i came up with as a solution the the problem of not being able to Test the effects of sandbox changes for non admin level users prior to their publication.  We are constantly making changes to the UI through sandboxes, the problem is rolling a sandbox back isn't easy, and we cannot be sure of the effects they will have on non administrative users until they are published, since the out of the box sandbox link isn't available to non Sysadmin level users.
  To allow these non admin user accounts to test the effects of sandbox changes in our development environment, I did the following (as always, follow at your own risk):
  Create and activate a new sandbox.
  Close all open tabs (including the Home and Sandbox tabs) and click the "Customize" link.
  Click the view -> source drop down in the upper left.
  After the source is visible, click the Accessibility or Sandbox link to find the area that you will add the new "UserSandboxTest" (call it whatever you want) link.
  Add a new commandImageLink directly in the panelGroupLayout: horizontal item before the "switcher" item (see the UserSandboxLink in my screen shot below):
  Edit the Link you just inserted, Entering whatever you want the link to display as in your browser in the "Text" field.
  Export the sandbox.
  Unzip the exported sandbox and navigate to the IdmShellV2.jspx.xml (path should be: \templates\mdssys\cust\site\site).
  Edit the IdmShellV2.jspx.xml file and find the new item you added in step 5.
  Add the following to the commandImageLink xml item: actionListener="#{pageFlowScope.uiShell.context.launchSandboxes}" rendered="#{oimcontext.currentUser.roles['SANDBOX_USER'] != null}".  Note: I used a new custom enterprise role, SANDBOX_USER, to control the display of the new link, You should substitute whatever EL conditions you need in the rendered property.
  Save your IdmShellV2.jspx.xml file and zip the contents back up, just like you would for any other customization.
  Import your newly edited sandbox back into the target environment.
  Publish the sandbox.
  This seems to work great for allowing us to test other sandbox changes effects on different types of users. 

  On step 10, adding the check to determine if the user should have access to the role ended up breaking access to the unauthenticated pages like the self registration page and the forgot userid/user login pages.  Non-authenticated users cannot execute the method to return the role, so that fails which leaves the page not loading.  To correct this I changed the rendered property to rendered="#{securityContext.authenticated}".  This prevents the link from displaying on non authenticated pages, but displays for anyone else who's logged on.  We only plan on using this in our development environment where no one but developers and system admins have access anyway, so it's not an issue that everyone will see the link.  I wouldn't recommend putting this in an environment where end users will be logging in and testing without developing a method (or finding another way to limit the display) that can be called by unauthenticated users to prevent them from seeing the link.

• Add root user to access all server services?

  Hi,
  How do I add root user in snow leopard server to access all its services. I have a admin account from which i can access all services but looking for root user to access all server services.
  When ever I'm trying to ssh using root it gives an error.
  Please find the error output below.
  arth:~ gulab$ ssh [email protected]
  Password:
  Permission denied (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive).
  Thanks,
  Gulab Pasha

  The root account is, and should be, disabled. There is no need to log in as root.
  If you require root-level privileges for any task, use sudo once you've logged in using your admin account. If you need a root shell, then:
  sudo -s
  is your friend.
  There used to be a way to enable the root account under earlier OS versions. There may still be a way to do it in 10.6 but I've never bothered looking since it's not needed.

• Rights of a non-admin user

  When I install an application being an administrator, is the non-admin user able to modify anything in the new program folder?
  Vice-Versa: When I install an application which needs authentication being a non-admin user. Is this non-admin able to modify the program folder after installation with no authentication?
  To what security risks may I be exposed to when I always use a non-admin account? What can a script or application do?
  Can it cause code injactions or change my startup folder or anything unwated else(like hijacking my Safari or log my passwords)?
  Regards, Clemens

  the /Applications folder is only writable by administrators. Anything put inside cannot be modified by a non-administrator unless that non-administrator has been specifically given write access.
  To what security risks may I be exposed to when I
  always use a non-admin account? What can a script or
  application do?
  A script or application running under non-admin can only modify files that are writable by that user; i.e. the contents of the user's home folder and not much else.
  Can it cause code injactions or change my startup
  folder or anything unwated else(like hijacking my
  Safari or log my passwords)?
  Most of what you have listed are admin tasks; they can only be accomplished with an admin account, or from a non-admin account after admin authentication.
  As far as password logging, a malware running under a non-admin account could theoretically install a keyboard logging app inside your home folder, and transmit your keystrokes out without your knowledge. That's why it's important to practice safe computing even when running as non-admin.
  OTOH, a malware running under a non-admin account couldn't modify any existing applications to do this, whereas the same malware running under an admin account could. This is one more reason to save your admin account for tasks that need it and do everything else from a non-admin account.

• Non-admin users can't view GAL with Outlook Connector

  Non-admin users are unable to view the Global Address List with Outlook Connector. When I give a test user admin rights (in our portal), the user can view the GAL. The VLV index is setup and functioning correctly for admin users. My versions are Directory Server 5.2 Patch 4, JES 2005Q4, Outlook Connector 7.1.222.4.
  I've reviewed the ACIs on o=cp per http://docs.sun.com/app/docs/doc/819-5200/gbnse?a=view and verified that they are getting passed down to the child entries. I added a new ACI for a specfic test user, but I see no effect when I run an ldapsearch as that user. Here are the ACIs:
  1. Allow Calendar Administrators to proxy
  (targetattr = "mail || uid || icsCalendar || givenName || sn || cn")
  (targetfilter = (|(objectClass=icscalendaruser)(objectClass=icscalendarresource)))
  (version 3.0;acl "Allow Calendar administrators to proxy - product=ics,class=admin,num=2,version=1";
  allow (proxy)(groupdn = "ldap:///cn=Calendar Administrators, ou=Groups, o=cp");)
  2. Allow Calendar users to read and search other users
  (targetattr = "mail || uid || icsCalendar || givenName || sn || cn")
  (targetfilter = (|(objectClass=icscalendaruser)(objectClass=icscalendarresource)))
  (version 3.0;acl "Allow Calendar users to read and search other users - product=ics,class=admin,num=3,version=1";
  allow (read,search)(userdn = "ldap:///uid=*,ou=People,o=pcc.edu,o=cp");)
  3. Allow test users to proxy
  (targetattr = "mail || uid || icsCalendar || givenName || sn || cn")
  (targetfilter = (|(objectClass=icscalendaruser)(objectClass=icscalendarresource)))
  (version 3.0;acl "Allow test users to proxy - product=ics,class=admin,num=2,version=1";
  allow (proxy)(userdn = "ldap:///uid=299899598658566,ou=People,o=pcc.edu,o=cp");)
  Here's the log for an ldapsearch as a non-admin user:
  -bash-3.00$ grep "conn=386080 op=1 msgId=2" access
  [02/Jan/2008:15:15:44 -0800] conn=386080 op=1 msgId=2 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid"
  [02/Jan/2008:15:15:44 -0800] conn=386080 op=1 msgId=2 - SORT cn
  [02/Jan/2008:15:15:44 -0800] conn=386080 op=1 msgId=2 - VLV 1:1:dpelinka 2964:11852 (0)
  [02/Jan/2008:15:15:44 -0800] conn=386080 op=1 msgId=2 - RESULT err=0 tag=101 nentries=0 etime=0
  When the same search is run by an admin user, nentires=3.
  Here is the test ldapsearch:
  ldapsearch -h vmpt1 -p 389 -D "uid=299899598658566,ou=People,o=pcc.edu,o=cp" -w {password} \
  -b "ou=People,o=pcc.edu,o=cp" -x -s "sub" -S "cn" \
  -G "1:1:dpelinka" "pdsRole=Employee" uid
  David,

  Jay,
  Here's a full set of logs. The first set is from my test search; the second from an actual OC search. I don't see anything different between the admin and non-admin except for the number of entries returned.
  ADMIN TEST SEARCH
  -bash-3.00$ ./test_vlvindex.shl
  version: 1
  dn: uid=375308679900788,ou=People,o=pcc.edu,o=cp
  uid: 375308679900788
  dn: uid=534616896694744,ou=People,o=pcc.edu,o=cp
  uid: 534616896694744
  dn: uid=506947161967075,ou=People,o=pcc.edu,o=cp
  uid: 506947161967075
  index 2973 content count 11893
  DS log-bash-3.00$ grep "conn=1964292 op=1" access
  [07/Jan/2008:16:36:02 -0800] conn=1964292 op=1 msgId=2 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid"
  [07/Jan/2008:16:36:02 -0800] conn=1964292 op=1 msgId=2 - SORT cn
  [07/Jan/2008:16:36:02 -0800] conn=1964292 op=1 msgId=2 - VLV 1:1:dpelinka 2973:11893 (0)
  [07/Jan/2008:16:36:02 -0800] conn=1964292 op=1 msgId=2 - RESULT err=0 tag=101 nentries=3 etime=0
  NON-ADMIN TEST SEARCH
  -bash-3.00$ ./test_vlvindex.shl
  index 2973 content count 11893
  DS log-bash-3.00$ grep "conn=1973983 op=1 msgId=2" access
  [07/Jan/2008:16:37:53 -0800] conn=1973983 op=1 msgId=2 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid"
  [07/Jan/2008:16:37:53 -0800] conn=1973983 op=1 msgId=2 - SORT cn
  [07/Jan/2008:16:37:53 -0800] conn=1973983 op=1 msgId=2 - VLV 1:1:dpelinka 2973:11893 (0)
  [07/Jan/2008:16:37:53 -0800] conn=1973983 op=1 msgId=2 - RESULT err=0 tag=101 nentries=0 etime=0
  ADMIN OC SEARCH
  -bash-3.00$ grep -i vlv access
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=14 msgId=15 - VLV 0:8:0:0 1:11893 (0)
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=15 msgId=16 - VLV 0:10:9:0 10:11893 (0)
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=16 msgId=17 - VLV 0:17:20:0 21:11893 (0)
  -bash-3.00$ grep "conn=1000785 op=14 msgId=15" access
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=14 msgId=15 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid mail cn title company telephoneNumber physicalDeliveryOfficeName objectClass"
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=14 msgId=15 - SORT cn
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=14 msgId=15 - VLV 0:8:0:0 1:11893 (0)
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=14 msgId=15 - RESULT err=0 tag=101 nentries=9 etime=0
  -bash-3.00$ grep "conn=1000785 op=15" access
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=15 msgId=16 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid mail cn title company telephoneNumber physicalDeliveryOfficeName objectClass"
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=15 msgId=16 - SORT cn
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=15 msgId=16 - VLV 0:10:9:0 10:11893 (0)
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=15 msgId=16 - RESULT err=0 tag=101 nentries=11 etime=0
  -bash-3.00$ grep "conn=1000785 op=16 msgId=17" access
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=16 msgId=17 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid mail cn title company telephoneNumber physicalDeliveryOfficeName objectClass"
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=16 msgId=17 - SORT cn
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=16 msgId=17 - VLV 0:17:20:0 21:11893 (0)
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=16 msgId=17 - RESULT err=0 tag=101 nentries=18 etime=0
  NON-ADMIN OC SEARCH
  -bash-3.00$ grep -i vlv access
  [07/Jan/2008:17:26:04 -0800] conn=2220710 op=1 msgId=2 - VLV 1:1:1:0 2:11893 (0)
  [07/Jan/2008:17:26:04 -0800] conn=2220710 op=2 msgId=3 - VLV 0:8:0:0 1:11893 (0)
  -bash-3.00$ grep "conn=2220710 op=1" access
  [07/Jan/2008:17:26:04 -0800] conn=2220710 op=1 msgId=2 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="cn mail uid objectClass"
  [07/Jan/2008:17:26:04 -0800] conn=2220710 op=1 msgId=2 - SORT cn
  [07/Jan/2008:17:26:04 -0800] conn=2220710 op=1 msgId=2 - VLV 1:1:1:0 2:11893 (0)
  [07/Jan/2008:17:26:04 -0800] conn=2220710 op=1 msgId=2 - RESULT err=0 tag=101 nentries=0 etime=0
  -bash-3.00$ grep "conn=2220710 op=2" access.20080107-171147
  [07/Jan/2008:17:26:04 -0800] conn=2220710 op=2 msgId=3 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid mail cn title company telephoneNumber physicalDeliveryOfficeName objectClass"
  [07/Jan/2008:17:26:04 -0800] conn=2220710 op=2 msgId=3 - SORT cn
  [07/Jan/2008:17:26:04 -0800] conn=2220710 op=2 msgId=3 - VLV 0:8:0:0 1:11893 (0)
  [07/Jan/2008:17:26:04 -0800] conn=2220710 op=2 msgId=3 - RESULT err=0 tag=101 nentries=0 etime=0
  -bash-3.00$
  David.

• Help-I want to move my stuff out of admin user account to a non-admin user account for security.  How can this be done?

  So... I have amassed loads of documents, videos, music, photos, etc. onto my MacBook Pro all under the admin user account I set up for myself.  I am the only one who uses the MacBook.  I now work virtually and am online at different free wifi spots, and I want to access all of my stuff under a non-admin user account for security reasons.
  I attempted to uncheck the "allow this user to administer this computer" box under my admin user account, but it is greyed out and I cannot.
  Is there an easier way to fix this than backing up all of my stuff and then moving it to a non-admin account?

  There is only one solution: create a new Standard user account and set it as your auto login account, if you use that feature.
  Using what you describe is mostly a false sense of security. Were someone to hack into the computer they could hack into the standard account, so you would not wish to keep any sensitive data in that account. Other things to consider:
  Turn on your Firewall in Security & Privacy preference panel.
  Use software to mask your online presence such as ProxyCap 2.03, MacProxy, Proxifier, or Hotspot Shield.