Permissions/All-Access Master Admin Account

Similar Messages

• How to prevent guest account from accessing my admin account files/documents?

  I have an iMac 21" running OS 10.6.8.    I have a guest account set up in addition to my own administrators account.  When I log on as a guest, I am able to access all of the file documents on my computer, including the ones created on my administator's account.  These are files I do not want a guest to be able to access.  My question is how to change the settings so these do not show up when logged in to the guest account.  I have tried changing Finder Preferences in the guest account - this can be easily changed back by the guest user, and the settings also revert back after I log out.  In the admin account I checked System Preferences settings - the only thing on is printer and bluetooth sharing.  Any suggestions would be appreciated.

  Here's a way to reset the Home folder permissions and ACLs posed by Linc Davis that may do the job. 
  Linc Davis
  Re: Reset Home Folder Permissions and ACLs not working?
  This helped meRe: Reset Home Folder Permissions and ACLs not working?
  Apr 30, 2014 10:06 PM (in response to plcmms)
  Triple-click anywhere in the following line on this page to select it:
  { sudo chflags -R nouchg,nouappnd ~ $TMPDIR..; sudo chown -R $UID:staff ~ $_; sudo chmod -R u+rwX ~ $_; chmod -R -N ~ $_; } 2>&-
  Copy the selected text to the Clipboard by pressing the key combination command-C.
  Launch the built-in Terminal application in any of the following ways:
  ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
  ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
  ☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
  Paste into the Terminal window by pressing command-V. I've tested these instructions only with the Safari web browser. If you use another browser, you may have to press the return key after pasting.
  You'll be prompted for your login password. Nothing will be displayed when you type it. You may get a one-time warning to be careful. If you don’t have a login password, you’ll need to set one before you can run the command. If you see a message that your username "is not in the sudoers file," then you're not logged in as an administrator.
  The command may take a few minutes to run, or perhaps longer if you have literally millions of files in your home folder. Wait for a new line ending in a dollar sign ($) to appear, then quit Terminal.
  Here's another way to do the same thing but this time when booted into the Recovery volume:
  You may need to rebuild permissions on your user account. To do this,boot to your Recovery partition (holding down the Command and R keys while booting) and open Terminal from the Utilities menu. In Terminal, type:  ‘resetpassword’ (without the ’s), hit return, and select the admin user. You are not going to reset your password. Click on the icon for your Macs hard drive at the top. From the drop down below it select the user account which is having issues. At the bottom of the window, you'll see an area labeled Restore Home Directory Permissions and ACLs. Click the reset button there. The process takes a few minutes. When complete, restart.

• Managed user account can't be accessed thru admin account

  In trying to get a handle on my 14 year old son's computer habits I established myself with an administrator account and his user account is managed by me through parental controls.
  When in my Admin account I go through System Preferences> Accounts. My son's account (and mine) appear on the left however I cannot get into his account. I created a test user and it does allow me to enter into it to create parental controls.

  Is the son's account logged out? Parental controls can't be applied to an account that is logged in.

• Read all email from admin account

  Hi,
  I have a portal page, and I need to put icon in the homepage when the user have email not read.
  But my probleme is, is not possible to my to get the user password. So I created a power user to see all email account. I don't find a solution to use it...
  So can't you help me please thank
  jsgillca

  Hi,
  the "power user" can see all account in server.
  So i need to add icon in web page when user have email not read.
  This is my code.
  Properties props = System.getProperties();
  //props.setProperty();
  Session session = Session.getDefaultInstance(props, null);
  // -- Get hold of a IMAP message store, and connect to it --
  store = session.getStore("imap");
  store.connect(host, power_username, power_password);
  //I need to change email account read to end_user_1
  folder = store.getDefaultFolder();
  if (folder == null) throw new Exception("No default folder");
  // -- ...and its INBOX --
  folder = folder.getFolder("INBOX");
  if (folder == null) throw new Exception("No IMAP INBOX");
  // -- Open the folder for read only --
  folder.open(Folder.READ_ONLY);
  int count = folder.getUnreadMessageCount();
  So when I log with power_user I can not change email account to end_user so do you have solution for that?
  thanks

• Windows 7 Firefox worked and still works on all but my admin account where it gives me the message below:

  Gives me this message: Could not initialize the application's security component. The most likely cause is problems with files in your application's profile directory. Please check that this directory has no read/write restrictions and your hard disk is not full or close to full. It is recommended that you exit the application and fix the problem. If you continue to use this session, you might see incorrect application behaviour when accessing security features.

  In case anyone else has this problem I found the fix at:
  https://mail.google.com/mail/?shva=1#inbox/1308ed79fc4dfa29
  The file cert8.db in your profile folder may have become corrupted. Delete this file while the application (Firefox, SeaMonkey, etc) is closed.[1] To do this on Windows machines:
  Close the application by choosing File -> Exit.
  Open your profile folder in Windows Explorer.
  Click on the file named cert8.db.
  Press delete.
  Restart the application. cert8.db will be recreated when you do so.

• Access to Resources via Non-admin accounts

  Is there any way to provide access to resources so that they are accessible via
  non-admin accounts. For e.g. to Retrieve my JMSConnectionfactory i do a
  Environment env = new Environment();
  env.setProviderUrl(url);
  env.setSecurityPrincipal(username);
  env.setSecurityCredentials(password);
  Context ctx = env.getInitialContext();
  The username and password here is the admin account. This works fine but if i
  use a non-admin account(member of Operators group), i get exceptions on Domainloghandler
  runtime
  Problem: I need to register a mbean that needs to access JMS Resources. Since
  our deployment team doesnt want to provide us access to admin accounts, we use
  a "operators" group account to register our mbeans. if i do this, i get a
  Access not Allowed for subject:principals=[operator, Operators], on ResourceType:
  DomainLogHandlerRuntime Action: execute Target: registerToMe.
  This happens when my managed resource tries to access a JMS ConnectionFactory.
  Instead if i register my mbeans using the admin account, everything is fine and
  my managed resource works nice.
  This is on weblogic 81 SP1 on Solaris. Please let me know if you need more details.
  Any clues/hints/solutions greatly appreciated. There is not a lot of documentation
  on how to access/register mbeans using non-admin accounts.
  TIA
  Raj

  I have done some more debugging on this and have narrowed down the issue to the
  location where my initialcontext is being obtained.
  so if i register my mbean as a non-admin account and do an operation on the managed
  resource which fetches initial context, i get the below exception. This is how
  i get my initialcontext
  weblogic.jndi.Environment env = new weblogic.jndi.Environment();
  env.setProviderURL("t3://machine:8102,machine:8103");
  env.setSecurityPrincipal("operator");
  env.setSecurityCredentials("operator");
  Context ctx = env.getInitialContext();
  I am doing this from a mbean thats registered on a different managed server(t3://machine:8101)...
  Whats wrong with this?
  TIA
  Raj
  "Raj" <[email protected]> wrote:
  >
  Is there any way to provide access to resources so that they are accessible
  via
  non-admin accounts. For e.g. to Retrieve my JMSConnectionfactory i do
  a
  Environment env = new Environment();
  env.setProviderUrl(url);
  env.setSecurityPrincipal(username);
  env.setSecurityCredentials(password);
  Context ctx = env.getInitialContext();
  The username and password here is the admin account. This works fine
  but if i
  use a non-admin account(member of Operators group), i get exceptions
  on Domainloghandler
  runtime
  Problem: I need to register a mbean that needs to access JMS Resources.
  Since
  our deployment team doesnt want to provide us access to admin accounts,
  we use
  a "operators" group account to register our mbeans. if i do this, i get
  a
  Access not Allowed for subject:principals=[operator, Operators], on ResourceType:
  DomainLogHandlerRuntime Action: execute Target: registerToMe.
  This happens when my managed resource tries to access a JMS ConnectionFactory.
  Instead if i register my mbeans using the admin account, everything is
  fine and
  my managed resource works nice.
  This is on weblogic 81 SP1 on Solaris. Please let me know if you need
  more details.
  Any clues/hints/solutions greatly appreciated. There is not a lot of
  documentation
  on how to access/register mbeans using non-admin accounts.
  TIA
  Raj

• Mac Mini Snow Leopard Server - can't login with admin account

  SO....i was having problems setting up network accounts from my mac Mini Server. I took it to the Apple Genius bar one night after work to get some help on why the login screen appears for Other..but could not login into any of the accounts I created.
  They made an appt for me for the next morning since they had a "guy" that could help the next morning.
  When I got there for my second appt..they said they don't support server issues. Only consumer products..I though the server WAS and i WAS a consumer of their products..so..they gave me a number of a consultant..of course..for pay...
  So later that day I was trying some other configurations....the power came out while I was checking a monitor cable..and when I restarted I couldn't login to the master admin account.
  Since mac mini server doesn't have a DVD drive..you have to boot up with their Server DVD from another computer and the Server installs it through airport.
  So I did the boot up via airport from the server install DVD.
  Did the Utility disk repair AND password changed. Got some error about not being to able to login if I don't change the keychains to the account.
  Rebooted the server.
  It didn't work.
  So now stuck with a login window..and NO ACCESS to change anything.
  HELP!!!!

  You can access to system with root account.
  If you didn't enable before, boot from SLS DVD and activate from menu (after choose language).
  After that, reset all the passwords (there is a menu to do that).
  After that exit from installer and reboot.
  At login screen you can try to login with your user and new/blank password.
  If it fails, you have to login with user root and the password you choose before.
  With root user, you can access to all system, be very carefull.
  Now you can create a new user and import all the files (you have to do a little work with permissions)
  I hope i help you!

• Problems with a Software update and Admin account

  After updating my software two days ago, the administrator account on my 13" Aluminum MacBook has not worked. It works for 5-10 seconds after login and then totally freezes and doesn't recognise any change in status such as the removal of the power source or the plugin of my iPhone. I am positive that it was the update that caused this problem, as I have not updated the software on the other user account on my laptop, and that works perfectly fine.
  Has anyone else had this problem, and if so, how can it be fixed?
  I called Apple Support yesterday before I realised that my secondary account was still working, and we established that there was no problem with the hard drive, but we were unable to get into "safe mode". The only advice the tech could give me was to find my startup discs and take it to an Apple store and call back in.
  Now that I have more information, and am able to actually use most of the computer, I'm starting to think there may be an easier solution?
  Thanks!
  since then I have been discussing the issue with another user on this forum at this link: http://discussions.apple.com/thread.jspa?threadID=2474312&tstart=0
  but so far we have had no luck!
  Can anyone here help at all please? I can't make any sense of it!

  Somehow setting up a root account and using it to access my admin account resolved the problem!

• OS X server Admin accounts turned Standard

  i am running 10.8.5 server on a mac pro. I tried to login  to my OD server and found that all of the admin accounts were changed to Standard. I logged into root to try and fix it but that would let me log in but not change any of the accounts to admin.

  Do you have a question?

• Can't login to local NON-admin accounts-Directory Access set to server

  I have a strange problem on a set of laptops that I cannot resolve and am hoping someone can help me.
  Here is the issue:
  I have a set of building laptops (PowerPC, OSX.4.11) that seemingly will not "search locally" in the authentication process. The logins seem to work fine for NETWORK logins to our Open Directory Master xserve, but these machines will not login to any LOCAL non-admin accounts. The local root and local admin account logins do, however, work fine. ?? The remainder of the building computers (Intel iMacs OSX.4.11) appear to have the exact same settings and login fine both locally and via the network home directories.
  I have tried the following:
  Deleted DirectoryService preferences folder (MacintoshHD-->Library-->Preferences->DirectoryService)
  Deleted the mcx cache in Directory Access
  Tried adding a new non-admin user to test (still will not login)
  Removed and re-created LDAP configuration (all set to custom)
  Tried setting the LDAP to the automatic settings ("Add DHCP-supplied LDAP servers to automatic search policies")
  Disabled all network connectivity (turned off Airport and disconnected the ethernet cable), still cannot login to local accounts
  Tried to bind in LDAP configuration (when I did bind the machine, it would no longer authenticate to the network authentication server, so I did an "unbind" and restarted and it went back to performing the network logins, but still will not login to local non-admin accounts).
  Reset passwords in System Prefs and also re-typed them in NetInfo Manager
  Deleted login keychains
  Deleted mcx.plist
  Reinstalled the OS from disk and local logins worked TEMPORARILY--UNTIL I set the LDAP directory access to authenticate to our server (which I also need for the network logins to work),then, the issue started again.
  *Same results with both ethernet and wireless connectivity enabled.
  *Note: I also manage these local accounts via WGM (installed on the local machine) and even tried disabling that and still no luck.
  Please help...I have spent hours and hours trying to find a solution and nothing seems to work! What am I missing??

  Mostly just a bump...
  How about that .local extension, or trailing / ?

• Cant Access external shares from my admin account

  Hi,
  the title says it all.
  No matter if I try to connect via smb or afp. If I try to log in from the admin account to external afp or smb shares the login is refused cause of permissions.
  IF I do switch to a user other than the system admin account, the access to external shares works like a charm.
  In my case its an external NAS from Buffalo (Linkstation Duo).
  Also from other Lion machines ... no problem when trying to access that share.
  Im aware of the DHCAST128 changes but as you can read above it seems that this is not the issue.
  Any hints or suggentions?
  Thanks!
  Andrew

  Hi-
  You can use the account that you use daily, as SuperDuper will clone the entire drive, which includes all accounts, applications and data. SD will require an administrator password to run the cloning, but this can be done from any account.

• Creat new admin cannot access old user accounts

  i got a macbook running os x 10.6.8 i forget the admin account's password i created new administration account using command+s and typing following commands
  mount -uw /
  rm /var/db/.AppleSetupDone
  shutdown -h now
  now i can not access my old data i got 80 gb hard drive i can only access 6 gb of it how can i access my old user accounts and all of its data
  thanks for help in advance
  regards
  hardeep

  Does the old user account have the same name as before , or has it been changed to 'xyz (deleted)' ?.
  If it has a usable name, just go to System Preferences - Accounts & create a new one with that exact name.
  Click OK when "A folder in the Users folder already has the name 'account name'. Would you like to use that folder as the Home folder for this user account?" appears. Note: This will correct the ownership of all files in the Home folder, and avoid permissions issues with the contents
  You can then logout & into the 'new' one.
  If the name needs changing : follow https://web.archive.org/web/20130919225809/http://support.apple.com/kb/HT1428
  rather than the current version at Apple
  If you want to continue using the new account you've already made, but access the old folders :
  Select the old account home folder in Finder, then use Finder - File menu - Get info (command I). Open the 'Sharing & Permissions' section at the bottom, then click the padlock icon at bottom right & authenticate with an admin name & password.
  Click the + button & add your new account name to the list, then select it & change 'Read only' to 'Read & Write'.
  Now click the gear icon at the bottom & choose 'Apply to enclosed items...'

• SL:How do I give the Admin account premissions to access other accounts?

  How do I give the Admin account the permissions needed to read and write the folders desired in the other account(s)?

  hassiman wrote:
  I have a MacPro running Tiger and for whatever reason when I am logged into the machine with my user account which has Admin privilages I can open/drag and drop etc. from my desktop to my wife's account ( which I set up as limited with parental restriction to only what she needs to access and use.)
  a parental controlled account for your wife. you must have an interesting relationship...
  I am setting up a Mac Mini running SL for my 90 year old in-laws and it was my intention to give them a STANDARD user account so that they can not download and install anything nasty which they did all the time on the Windoze machine the Mini is replacing. I have set up an Admin account on the machine so I can install stuff and perform maintenance functions VIA VNC connection from San Dieg to them in NYC... But I was surprised when I could not access any folders on their account... specifically their desktop where I tried to drop a file.
  Not sure why it's no biggie on Tiger but Leopard's throwing a fit. Any ideas?
  this is quite normal and is the default in all versions of OS X. a user has write access too their own home directory but not to any other users home directories. being an admin user does not change that. as an admin user you can give yourself write writes to it as discussed earlier but that won't happen by default. the best thing to do in the situation you describe is to log in as your in-laws once you vnc into their computer. then you can copy what you need to the desktop. it's of course possible to do it from the admin account by giving it write access to their desktop as you were intending but that will give you extra problems later because their users won't have write privileges to anything you copy that way.

• How can I set up a new user account that has access to iPhoto data on Admin account?

  I have set up a new user account for my son.  I have set up his parental controls but I would like him to have access to the data in iPhoto and iTunes from the Admin account.  I do allow him access to the applications with the parental controls, but they are empty.  Thanks for your help!

  Is your regular user an Admin?
  Yes. So is the new account I tried to set up.
  Are these apps installed in the main /Applications folder?
  Yes.
  Are they App Store apps or installs from disc/download?
  Both, but App Store purchases are a clear minority, and aren't much of a problem, due to the ease of re-downloading and activating. The downloaded programs are the ones that present the problems. I have not been good about archiving serial numbers and the like, mostly because I've never had a problem like this before.
  What specific apps are you having trouble with? For instance, I know that MS Office and Adobe CS5 for perfectly well for all users on my MBP.
  This is a very long list. Let me give you some of it, and if you really need all of them, I'll add to the list later.
  1Password 4
  ABBYY FineReader for ScanSnap
  Adobe Acrobat 8 Professional
  Adobe Photoshop Elements 8 plus On ONE add-on filters
  Burn
  calibre
  DiskTracker
  Dragon Dictate
  Flv Crunch 1.5.0
  GraphicConverter
  Harmony Assistant
  iBank
  iSkysoft iMedia Converter Deluxe
  MacX Video Converter Pro
  QMidi
  Screenium
  Unison
  WireTap Studio
  Also, what troubleshooting steps have you taken so far?
  Not much, since I have no idea where the problem is. I looked for some central repository of software serial numbers or activations, but didn't find one.

• All my hard drives (internal and external) have a small lock in the lower left corner of the icon and I don't have permissions to access. Permissions are set to 'Custom' in the get info window and I can't change them.

  All my hard drives (internal and external) have a small lock in the lower left corner of the icon and I don't have permissions to access. I have 3 user accounts set up and I cannot access any of them.   Permissions are set to 'Custom' in the get info window and I can't change them. Originally I had Snow Leopard installed on one hard drive and 10.5.8 installed on another.   I started to have some problems accessing data between them and so I tried changing the permissions on ONE hard drive partition.   The next thing I know, all my drives are locked (except the ones with the systems on them), the small lock appeared in the lower left corner of the drive icons and I don't have permissions to access any of them.   In the get info window, permissions are set to 'Custom' and I can't change them.

  There is suddenly a lock icon on my external backup drive!
  Custom Permissions