OD and local admin user

Similar Messages

• Photoshop cs6 crashes with "appcrash - module ig75icd64.dll; no problem for a local admin user however. i've tried giving specified user full access to photoshop.exe and set it to Win XP compatibility. how do i fix this without giving user local admin acc

  photoshop cs6 crashes with "appcrash - module ig75icd64.dll; no problem for a local admin user however. i've tried giving specified user full access to photoshop.exe and set it to Win XP compatibility. how do i fix this without giving user local admin access?

  Danny,
  Topic or subject titles should be clear, pertinent and concise so that individual users can tell at a glance if they can help or not.
  That field is not for attempting to fit your entire question in there.
  Please keep this in mind next time you post.  Thank you.

• Clients local admin user is managed - how can it be unmanaged

  Hi. I have a local user on all my client machines called admin with admin rights. Have had this same user with same password for many years for over 300 client machines from emacs to intel macs. With the 10.6.3-5 server update (major issues for the last6 months) with 10.6.2-5 intel imac clients, logging in as admin gives me a reduced dock. just finder and trash. Every use of any applications comes up with "you dont have permission to use the application "xyz". with 3 buttons Always Allow, Allow once and OK. entering admin and password always results in a second box with the same message. entering admin and password then allows me to use it. This behaviour does not happen on 10.5.8 clients and has never happened before.
  In system preferences it says administrator, admin is managed. clicking the lock and authenticating allows me to access the tick for Enable parental controls. If I click on the tick to remove it, it comes up with the message. "You cannot enable parental controls for an adminstrator account. Create a new user account etc." It is unticked but the tick comes back on restarting the system preferences and even restarting the computer immediately.
  I have tried deleting managed prefs etc but to no avail. I have tried removing the computer from the network account server and I get my dock back and can use applications but it still says I am a managed user. and I need the network account server for student logins. Any thoughts how to unmanaged local admin users on client machines to get back to the way it has been since 10.2.4 clients!!!

  Did you try creating a new admin user, and then using that new account to make the Change to unmanage your "admin" account?
  I don't think osx will let you create anaccount called admin these days, as security precaution. Perhaps that has something to do with your problem.

• Can local admin users override mcx?

  Can a local admin user override managed computer settings?  ie, the "automatically hide dock" is set to hide in mcx, but a local admin wants to "always show". 
  Is this possible?
  In another post, I found an interesting statement that might apply, but don't know where to do this:
  (https://discussions.apple.com/message/5781831?searchText=Is%20there%20a%20way%20 for%20local%20users%20to%20override%20mcx%20settings#5781831)
  "There's a Workgroup Manager Computer settings that allows admin users to turn off managed preferences. Be sure this is disabled."

  Hi Don,
  Thanks for your suggestions.
  I find these two helpful links [1211821 - How to determine what folders the TEMP and TEMP variables are set to |http://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/oss_notes_boj/sdn_oss_boj_erq/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/scn_bosap/notes%7B6163636573733d36393736354636443646363436353344333933393338323636393736354637333631373036453646373436353733354636453735364436323635373233443330333033303331333233313331333833323331%7D.do] and [1215142 - Exporting to disk file defaults to the Temp folder |http://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/oss_notes_boj/sdn_oss_boj_erq/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/scn_bosap/notes%7B6163636573733d36393736354636443646363436353344333933393338323636393736354637333631373036453646373436353733354636453735364436323635373233443330333033303331333233313335333133343332%7D.do]. I also check the folder permissions and find that non-admin has full control to it.
  And during create report, two files ~DFC500.tmp and ~DFC493.tmp are successfully created into TEMP folder, but the mentioned error still comes up.

• PowerBook G4 boots to unfamiliar login. List of known user accounts does not appear and original admin user name and password is rejected. What is going on here?

  PowerBook G4 boots to unfamiliar login. List of known user accounts does not appear and original admin user name and password is rejected. What is going on here?

  There are no children, nor other suspicious characters that have "played" with my computer. One moment I'm in, the next time I turn on/restart the powerbook I'm at a screen with the name of the hard drive and two fields: username and password. Not a list with pictures and names ie 'Katie Jo' with an orange icon and 'Guest' with a silhouette of a head.
  In an attempt to remedy this problem, I backed up files using target disk mode and firewire cable. I then, rebooted in single user mode, typed in the correct script and essentially made the computer appear virgin again. Original start up welcome screen display with multiple languages, and then set up prompts such as language, network, and registration. After completing the cues and the "just a few more questions" page, I press continue and am left at a grey standstill, with the continue button greyed out, and no other actions. I'm only able to "go back" by clicking the go back button, all the way to the beginning of the set up, and as I proceed through the steps a second time, I'm greeted with the same halt. What is this?

• How to reset local admin user password in

  Dear members,
  i want to reset local admin account(not administrator built-in), let say i have user adminlocal and member in administrator group. my question, how to reset this user via GPO in domain, because i have more than 5000 workstation in my environment. and how to
  generate summary of all workstation which are password reset.
  i've tried from this link,
  http://community.spiceworks.com/how_to/show/1966-how-to-change-local-user-or-admin-passwords-on-remote-computers
  using PSTools sysinternal from microsoft, but while i execute one PC on domain for sample using this script, they showing access denied
  anyone in this forum can help me to resolve this problem?.

  Dear,
  you can use Powershell to do this.
  I've found a script in the script center which can do this.
  http://gallery.technet.microsoft.com/scriptcenter/66a5b38f-cdf1-4126-aa0c-be65e16dd650/view/Discussions#content
  Set-Password -computer 'server' -user 'Administratorlocal' 
  You can create a loop in powershell to check all your servers which you've posted in a .txt file for example.
  $strcomputers = Get-Content c:\servers.txt
  foreach ($strcomputer in $strcomputers)
  $admin=[adsi]("WinNT://" + $strComputer + "/administratorlocal, user")
  $admin.psbase.invoke("SetPassword", "Whatever1")

• SCCM 2012 - Query Local Admin Users

  Hi Guys,
  I´m trying to get all users that are local admins of my network using sccm12.
  How it´s possible?
  Thank you.

  Hi,
  We can use the following query as follows
  SELECT DISTINCT SYS.Netbios_Name0, SYS.User_Name0, LocalAdminMembers.TimeStamp, LocalAdminMembers.Type0 as Object LocalAdminMembers.Account0, LocalAdminMembers.Domain0   FROM fn_rbac_GS_LocalAdminMembers0(@UserSIDs)  LocalAdminMembers JOIN fn_rbac_R_System(@UserSIDs)
   SYS ON SYS.ResourceID = LocalAdminMembers.ResourceID   WHERE   SYS.Netbios_Name0 LIKE @variable    ORDER BY SYS.Netbios_Name0
  To create a custom report
  1. Go to SCCM console – Reports – Create report
  2. Complete the Reporting Wizard. The MS SQL Report Builder will be opened up now
  3. Double Click the Table or Matrix which will open to select a new dataset window. Select ‘Create a dataset’
  4. Select the existing Data source connection and enter the data source credentials
  5. Under Design a Query window, Select “Edit as text” and copy the above query
  6. Next arrange the field as per the attached doc
  7. Choose the Layout of the Report and complete the wizard
  8. Right Click on report, where the empty area of report page and select properties. Go to reference tab, Click on assemblies. 
  Add following assemblie  -  SrsResources, culture=neutral 
  And Click OK.
  9. Select UserSIDs under Paramter and edit the properties
  10. Go to Default Value and select Specific Values and Add expression. Leave the rest of the tab as default and complete it
  11. Select Variable under Parameter and edit the properties
  12. Type Computer Name under Prompt field and leave the rest of the tab as default and complete it.
  13. Type Computer Name under Prompt field and leave the rest of the tab as default and complete it.
  You are done.
  Regards,
  Vinod

• Deny local admin users from logging on (or at least restrict them)

  I have a fully managed environment (AD authentication, using managed preferences from OD) that I am testing before rollout.
  My concern is that once preferences are managed, admin users will be able to create local admin accounts (I can't block the accounts pane otherwise users will not be able to change their passwords), then login and bypass preference management.
  Is there a way for local admin accounts logging on to inherit a default set of preferences that are only applied when a local account (or someone not in one of my directory groups) logs in, or better still - DENY local admins from logging in, or deny anyone from being able to create new local accounts?
  (Please don't suggest denying the users admin rights - it's not possible for political reasons).
  Many thanks in advance!
  FZ.

  There is no root or admin privilege that controls root or admin privilege. You have it, or you don't.
  I've been in exactly this case many years ago, and with replete with the politics of privileges and perceived prestige.
  I ended up documenting the foibles of the privileged folks and the time spent on recovery and restoration and related for each event, and waiting for a sufficient accumulation of same (and that didn't take very long), and I then preemptively yanked the access.
  Yes, the good folks squawked. Loudly. Yes, I got called onto the carpet.
  The Designated Responsible Individual (DRI) was then left to ruminate and make a decision, and (with the assistance of the foibles-related documentation around the efforts and time and costs) made the call. The proffered alternative (with the costs and the design and time estimates ready) with a private subnet or private LAN and private services and and a dedicated firewall configured between the privileged folks and the production LANs to keep the good folks safe and secure. Here's what that'll cost...
  Either way, you've punted the responsibility and the decision up the management chain to the DRI.
  (Oh, wait, did I mention which way that firewall was going to be facing? No? Oops. Bummer.)

• Built-in Admin and local admin accounts can not logon locally

  When I attempt to logon locally to a Windows 7client as the built-in administrator or local admin I receive the message "You can not logon because the logon method you are using is not allowed on this computer"
  I can logon as a network administrator.  I run gpedit.msc to see the current group policy.
  Local Computer Policy/Windows settings/Security settings/Local policy/User Rights Assignment/Allow log on locally is set to EVERYONE, Administrators
  Local Computer Policy/Windows settings/Security settings/Local policy/User Rights Assignment/Deny log on locally is set to NONE
  This makes no sense as to why the local admin or built admin cannot logon.

  Hi,
  What is the network environment? Are you in a domain? Group Policy processing has a precedence, local GPO has the lowest priority, please make sure that it's not overwritten by other GPOs.
  After setting the policy, make sure to run gpupdate /force to update the policy.
  Does this issue happen only on this specific computer? Another situation is that the profile is corrupted, delete the profile and recreate one, and check if it works.
  Yolanda Zhu
  TechNet Community Support

• Unable to enable security and create admin user after reset - px4-300d

  Our px4-300d became inaccessible a few days ago.  I couldn't get to any shares from any machine, and I couldn't get to the admin console.  When I checked the unit, there was no indication that anything was wrong (ie - the panel didn't show any failure, I didn't get any emails indicating a failure, and there were no lights offering a clue to what was wrong).  However the unit was completely frozen...the buttons on the front would not scroll through the different information on the panel.
  I attempted to reset the device using the pinhole on the back, but the device wouldn't respond, so I had to power it down using the button on the front.  When I tried to power it back up, it would come on for about one second, then immediately power off.  I pulled all 4 drives out and powered it on again without any drives.  This time it came up completely and I got a message on the panel that drives were missing.  I started putting the drives in one at a time and the device recognized them all and I was able to login to the admin console.  However, all the shares were missing and I received an email that the Storage Pool was degraded.  I rebooted the device from the admin console and when it came back up, it started reconstruction.  After a few hours, it completed, but I still had no shares and couldn't create any new shares.  I also did not see any of my users, including the admin account I was logged in with.  I tried to create a new user, and also tried creating a user I knew existed and neither one worked.  The screen would just flash but nothing would show up.  At this point, I decided to try to reset using the pinhole on the back of the device to reset the admin user so I could just create a new one.  So, now I'm stuck at the 'Enable Security' screen.  Every time I try to create an admin account, it just flashes and returns me to the same 'Enable Security' window.  
  Now what?
  Solved!
  Go to Solution.

  If you are unable to get into it you will not be able to do the factory reset. You can try booting in buy removing one disk at a time. If you are still unable to then tech support should be able to supply you with the imager and try flashing it. I would keep it at 4.0.8 also,

• WLC 7 on 5508 - 802.1x and Local Net Users or LDAP

  Is it possible under the 7 version of the software to use LDAP or Local Net Users for authentication instead of RADIUS for doing 802.1x authentication, and if it is, is there any documentation around that has some configuration information?  I've been doing some poking around and haven't had much luck yet.

  Wireless users on 802.1x?  We're in the midst of testing this with 6.X and 7.X firmware.  So far, no complaints.  

• ColorSync and non-admin users

  Is there a way to allow non-admin users to change ColorSync profiles for printers using the ColorSync Utility? Our non-admin users can launch the utility and see all the printers listed in the "Devices" section but the option to change the default profile for any particular printer is greyed out.
  Thanks.

  Kurt is far more expert on this than I am, so take his advice first.
  Hi,
  There are three things to consider...
  #1. Profiles in use, like Fast User Switching being on and another User logged in, cannot be changed/edited.
  #2. There are at least 2 locations for the .ICCs...
  /Library/ColorSync/Profiles/Displays/
  /Users/YourUserName/Library/ColorSync/Profiles/
  Profiles in the 1st location cannot be edited. ICCs in the 2nd location could have copies made & the copies moved to another User's folder & Rights/Privileges changed accordingly.
  #3. See what "Scope" Colorsync reports... I think it has to do whether all users was selected when installing drivers, not certain on that though.

• Need help with deleting and resetting admin user

  I have a problem with the admin user on my computer. Here's the background: My computer started making popping noises. I found that the popping stopped when I switched to a different user account. I have repaired permissions and reset the PRAM, but this did not fix the problem.
  Can I fix this user problem by deleting some or all preference files, or by some other means?
  Or...how do I set up a new admin that has all my old settings and files from my original admin? I have never done this before and am very nervous. I have charged ahead to fix things before and then discovered that I erased important files! so I am going to be patient (sort of) this time.
  I have a backup of the drive that my user data is on, as well as a clone of it for booting.
  Any suggestions on ways to make this less painful are appreciated.
  Nathan

  Nathan:
  Here is what I suggest:
  1. Create an admin account that will be strictly an admin account. i.e. you won't be using it for anything else but to administer your computer. Here's how:
  Go to the Apple Menu, System Preferences, and open up the Accounts panel. Click the to add an account, and check the box to let that user "Administer this computer." You are temporarily creating a second admin account. Be sure you give it a good password and that you remember it! Now, log out. Don't just do a fast user switch. Log out completely, then log into the new admin account you just created. Go back to System Preferences, Accounts, and find your original user. Uncheck the box for that account that allows it to administer the computer. You've now changed your regular account into a Standard account and you've created a new admin account that you'll hardly ever use. That's the point: only use the admin account when you absolutely need to.
  Log out of the new Admin Account and into your former Admin Account, now Standard account. Check your access to the folders in your account. If you get notes telling you that you do not have sufficient privileges that can be corrected.
  Post back and let me know.
  Good luck
  cornelius

• Security Profiles - Difference between SYSTEM and TENANT admin user?

  Hi,
  In the OnDemand Enterprise workbook, some defualt security profiles have been configured.  This includes one called 'Tenant Admin'.   When I look in the system there is also a profiule called 'System Admin'.  Could somebody please explan the differences between system and tenant regarding these profiles?   I assume we shoul drarely use System Admin, and Tenant Admin is the safer option?
  Thanks
  John

  Hi,
  As you mentioned there are 2 status can be maintained for documents like Equipment Master, Notification, Maintenance Order & other important business documents.
  In case, client feels that system status is not enough to capture the details of the object, then user status can be used.
  System statuses will be updated automatically based on business transactions which will be done on SAP.
  For example, once the equipment is created, System status would CRTD (Created). If you install the same to some superior equipment or FL, then status would be INST (Installed).
  If you keeping that equipment in Spare, then for that, you have to maintain separate User Status like AVLB (Available in Stock / Spare) so that through IH08, by using User status, you can the report which is available as spare.
  These user status as per the name, should be updated by the user manually.
  Regards,
  Maheswaran.

• Newbie Question - application install/setup for admin and non-admin users

  Hi,
  I'm 100% new to the Mac environment and OS X and I'm a bit confused as to the environment and setting up applications and such for users.
  I have a brand new Macbook Pro that I need to set-up.
  USER Setup
  - have a dedicated admin account called "Administrator"
  - have a user account for my son, Joe.
  - have a user account for me, Matt, so I can fool around on the machine to see if I like it enough to get one myself.
  This is the account setup model I'm most accustomed to using under OpenVMS and Windows - an administrator account and separate lower privilege accounts for users.
  I have managed to accomplish these three tasks ok. I also enabled File Vault on my account only.
  APPLICATION Setup
  We want to install the following applications but I'm having problems:
  - Firefox, for use by all three accounts, but with separate bookmark files for each user. This is the browser we are familiar with and want to start with (sorry Safari, maybe as time goes by).
  - Eudora for e-mail for just the two user (mine and Joe's) accounts, with separate user files for each account. It's the program we're familiar with.
  - Microsoft Office for all three accounts.
  - An architectural CAD program (ArchiCAD) for use only in my account.
  - PGP for use only in my account.
  My real issues appear to be with how to install apps the way I need them to be 'visible' to users.
  I started by logging in as Administrator and downloading/installing Firefox.
  It installed ok under the administrator account but I can't find/access Firefox when logged in via my or my son's account and I don't know what to do to give my/Joe's account access to it.
  So,
  1) How do I install an application once and make it available to all accounts (admin & user)?
  2) How do I install an application and make it useable only by a subset of users
  Thanks for any assistance.

  matt212, welcome to Apple Discussions & the Mac community.
  Suggest you buy the book by David Pogue - Mac OS X The Missing Manual Tiger Edition.
  Includes everything you need to know about installing OS X, using OS X & maintaining OS X.
  Look at these links for new users. They should give you an overview regardless of which version of OS X you are using.
  Switch 101
  http://www.apple.com/support/switch101/
  Mac 101
  http://www.apple.com/support/mac101/
  Quick Assist
  http://www.apple.com/support/quickassist/
  A guide for switching to a Mac
  http://lifehacker.com/software/mac/hack-attack-a-guide-for-switching-to a-mac-224674.php
  Welcome to the Switch To A Mac Guides
  http://switchtoamac.com/guides/
   Cheers, Tom