Permissions needed for mobile account file sync

Similar Messages

• Permissions needed for SCOMAction account

  Hi, can anyone give me precise answer for this question: Which permissions SCOMAction account does need to have in order to SCOM 2012 R2 work properly?
  I found on many sources that SCOMAction account DOES need to be member of local administrators group on all computers agent was deployed to. Having installed agents only on all my domain controllers using my domain admin account I have not experienced any
  problems yet - since DCs do not have local administrators group if above is a MUST that means I would have to give SCOMAction account domain admins right i.e. put it into domain admins group which certainly is huge overkill (in that case SCOMAction account
  would be automatically local administrator on all domain computers).
  I have to repeat again: I deployed agents to all my DCs using my domain admin account - SCOMAction account does not have any special permission except being local administrator account on SCOM server itself along with SCOMDataAccess, SCOMDataReader
  and SCOMDataWriter accounts. Everything works well but there is a possibility something is wrong because of the fact that SCOMAction account does not have needed perms on DCs and I have not noticed yet. Almost 10 hours passed since I deployed agents to DCs
  and start monitoring them (I have imported Windows Server MP, AD MP, GPO MP, DFS-R MP, DNS MP . . .) - I have not noticed any errors caused by lack of perms for any of SCOM accounts.

  SCOM Action account does not required to be local administator of agent machine
  The action account is used to gather information about, and run responses on, the managed computer (a managed computer being either a management server or a computer with an agent installed). The MonitoringHost.exe processes run under the action account or
  a specific Run As account.
  You may use local system or domain account for agent action account.
  For Domain user agent's action account, you can use a low-privileged account by ensurin that the account have the following minimum privileges:
  • Member of the local Users group
  • Member of the local Performance Monitor Users group
  •“Allow log on locally” permission (SetInteractiveLogonRight)
  https://technet.microsoft.com/en-us/library/hh212808.aspx
  Roger

• Deleted items reappear on mobile account with syncing?

  On a mobile account with syncing, deleted items will reappear after syncing. One can manually do a full sync. Then delete stuff. Then do a full manual sync again and the deleted items are back.
  This is on Leopard 10.5.6 client and Leopard 10.5.6 server.
  Open to ideas one what I ought to look at.
  Best Wishes,
  Paul

  Paul,
  I'm happy I'm not alone (sorry..)
  I have exactly the same problem, although I'm using Linux server, not OSX.
  It all worked nicely until 10.5.6 upgrade, after that I'm having lots of home sync problems, including:
  1. locally deleted items re-appear after sync
  2. a lot of sync conflicts, specially when sync cannot resolve latest file or directory version between mobile and network copy (and mobile copy will be always the latest one)
  3. huge syncs even if no data has been modified, ie:
  I'm syncing all on login and logout, background sync is disabled.
  I do login then straight away logout, so practically no data has been modified, but the sync may show me tens of GB being transferred.
  Now, this is weird: I've done tests on a freshly created mobile account, with approx 50MB of data. Basically I've logged in and out repeatedly, sometimes modifying small files. Some of the syncs showed me transfer of 60MB!!! That's 10MB more than the size of the home directory!
  I've looked through release notes for 10.5.6 and some sync issues were 'fixed'. I'm wondering if other ones were introduced...
  As I've said, it all worked perfectly until the latest update - I have many machines behaving in the same, bad way.
  Perhaps someone has a solution?
  Thanks,
  Pawel

• Permissions needed for Applying SQL Tuning Sets/SQL Plans 11g?

  What permission are needed for a user to apply/activate sql tuning sets (sql plans) in 11g? The user can capture and move the the sql tuning sets from a 10g database to an 11g database but is getting "ORA-01031: insufficient privileges" when trying to activate/apply the sqlplans in 11g.
  The user has:
  ADMINISTER SQL MANAGEMENT OBJECT and ADMINISTER SQL TUNING SET and EXECUTE on SYS.DBMS_SPM
  The user is an administrator for our Data Warehouse team but they do not have sysdba priviliges.
  Do you also know of a good white paper that covers the step by step instructions and permissions needed for aquiring and applying/activating sqlplans?
  If more information is needed in order to respond please advise.
  Thank you

  What permission are needed for a user to apply/activate sql tuning sets (sql plans) in 11g? The user can capture and move the the sql tuning sets from a 10g database to an 11g database but is getting "ORA-01031: insufficient privileges" when trying to activate/apply the sqlplans in 11g.
  The user has:
  ADMINISTER SQL MANAGEMENT OBJECT and ADMINISTER SQL TUNING SET and EXECUTE on SYS.DBMS_SPM
  The user is an administrator for our Data Warehouse team but they do not have sysdba priviliges.
  Do you also know of a good white paper that covers the step by step instructions and permissions needed for aquiring and applying/activating sqlplans?
  If more information is needed in order to respond please advise.
  Thank you

• Automatic direcroty mounts for Mobile Accounts

  I am seekign advise on how to provide automatic mounting of network directories for mobile account users.
  The issue comes when the user is not attached to the local network, and the mobile user logs into their laptop, the "Login Items" set up to mount the directories fail and will never work again (even when attached to the local network).
  Ideally, I would seek to have the directories mounted automatically only when the user is connected to the local network.
  Any advise would be appreciated.
  Thank you.

  Assuming that they are using apple laptops you could just setup different "Locations" for them on the computer itself. (System Preferences -> Network -> Locations -> New Location.) and then specify that when they are at home use the "Home" location which would NOT have the mount points listed as auto connect.
  I'm not sure if they have something similar to that in the windows world as I've only used Macs (Luckily!)
  Another way to connect to the local share points would be to setup a VPN and have them VPN in and then connect to the shares, that way it still connects to the private addresses from "inside" the network.
  Anyway, give that a shot and let us know how it goes.

• Mobile Account Home Sync Duplicate Files

  We use profile manager, with an OSX mobility profile with home sync, for management of our OSX devices, combined with AD sign on with "create a mobile account on sign on.
  For many of our users, they are experiencing files are duplicating with .network extension on the end, and that deleted files are being re-synced back to their device.
  Setting the keep most recent option with the sync conflicts appears to fix the .network file issue, but the returning of deleted documents, appears to be repeat occurring.
  I haven't found any documentation regarding the issue on how to resolve it, and I am currently in the process of trying to replicate the issue myself.
  Is there a work around or fix to this issue?
  Appears to be happening across different versions of OSX. 10.8 - 10.10

  Hi, the only workaround I know of, is to uncheck the library folder from syncing, ANYTHING running live while the home folder is syincing (MS office for example, it's DB is in your docs folder, will cause a sync error, as well as iphoto.. etc.. the only other way to fix this, is to set it to sync manually at login & logout. I wish my issues were that easy

• Plist files keep being duplicated (for mobile accounts)

  We are running a Max OS X Server 10.6.8 on a local network. On the same network we have several users under mobile accounts. Some of the mobile account users are experiencing a lot of issues recently. They were running on Snow Leopard, we upgraded them to Mavericks, but the problems persist. In their ~/Library/Preferences folder, they have a lot of plist files duplicated, example for iTunes:
  com.apple.iTunes.plist
  com.apple.iTunes-network.plist
  com.apple.iTunes-network-2.plist
  com.apple.iTunes-network-3.plist
  com.apple.iTunes-network-4.plist
  com.apple.iTunes-network-5.plist
  And it's doing that for most of the plist files in the ~/Library/Preferences folder.
  The same behavior is noticed for iPhoto in the ~/Pictures folder, and each one of the duplicate is pretty big (we are talking about an iPhoto Library around 30GB):
  iPhoto Library
  iPhoto Library-network-2
  iPhoto Library-network-3
  iPhoto Library-network-4
  Is there a way to avoid this duplication and to clean the preferences files properly?
  Thank you

  Other observations:
  *1. from /Library/Logs/DirectoryService/DirectoryService.error.log*
  2010-06-18 14:04:11 CEST - T[0xB0185000] - Misconfiguration detected in hash 'Global UID':
  2010-06-18 14:04:11 CEST - T[0xB0185000] - User 'user1' (/LDAPv3/macsrv1.disney.ch) - ID 1035 - UUID 80699B6C-A90E-4D2F-9B07-FB78F72E9709 - SID S-1-5-21-4063190502-2217233148-2094676766-3070
  *2. user IS showing up in the login window.*
  If I configure the login window to show all users (including network users), then user1 does indeed show up.
  *3. Logging into user1 via ssh works.*
  *4. dscl on macsrv1*
  dscl /LDAPv3/127.0.0.1 -list /Users
  does indeed show user1 (and any other user I create)
  So why can't I login/create user1 on the client mac without toggling the FULL PATH to /Network/Servers/macsrv1.disney.ch/users/user1 first? arghh!

• Mobile accounts not syncing at logout

  Hi guys,
  We are experiencing some synchronisation issues when attempting to use mobile accounts for the first time at our school.
  Synchronisation is only occurring at login and not at logout even though all options are selected under Rules>Home Sync in group preferences. Manual and scheduled syncing works ok.
  Points to note:
  User accounts are hosted in AD with OD supplying managed preferences.
  Home directories are stored on the mac server (Windows domain member) and shared/automounted via AFP.
  The mac clients and server are running 10.6 and are fully up-to-date.
  Has anyone experienced this issue before?

  Hi guys,
  We've managed to get sync at logout working. Here's how:
  -Add "/System/Library/CoreServices/ManagedClient.app" into the WGM Group Preferences Details tab.
  -This adds additional preference manifests, one of them being "Home Sync".
  -Modify the "Home Sync", "Always" settings by adding any item to the "Managed Preference Sync Items" array. We added the path to some necessary email config files stored in ~/Library.
  Doing these steps, for some reason, enabled syncing at logout. Hopefully it'll work for you too.

• Mobile Accounts: Manual Sync works, Automated Sync Does Not

  I've got a small office network with about 10 users. Each have mobile accounts under Tiger (server and clients) and they've been working flawlessly for years.
  All of a sudden we've noticed that for some users the background sync is no longer working. If they choose "Sync Home Now" from the menu the sync runs else. Otherwise, it does not run at all.
  All background syncing is set (via WGM) to run every 30 minutes.
  What is the best way to debug this?
  Thanks!
  scotto

  if you configure mobile prefs to popup a dialog to confirm creating a mobile account on new machines, train them to choose "no," and they'll login with network homes on other machines.

• Mobile Account: Home Sync over VPN

  Hi,
  We 're now setting-up our mobile accounts to be used with laptops across several locations. Our servers will soon be moved to a datacenter. Before we do this, we're testing different functionalities. For instance there is a requirement to sync iOS devices with ITunes on two different laptops of the same user (manager).
  To be honest we've encountered several issues. We had to delete the mobile accounts both on server / client, as well as to Remove/Enrol again the laptops. However the most important problem we have is the syncing speed. In our setup we have the servers behind a SRX240 firewall. When the clients are connected on the SRX240 (acting as router as well) we have acceptable speed. What we can't understand is why the speed is reduced (say 4 times) when we do the same across the VPN over WiFi. We're supposed to have a GBit Wi-Fi LAN. Would you have any ideas why the speed is so slow?
  Thank you and best regads
  D.
  P.S. We run Yosemite on all servers / clients. We noted that Lion clients were incompatible with Yosemite server in that respect, anyway.

  Create an OD replica at the remote site, which is easy to do in the OD service settings.
  A network user is automatically converted to a mobile user on a portable Mac at the first login. On a desktop Mac, the conversion is optional. If the conversion is declined and the user opts not to be prompted again, the setting can be undone as follows:
  sudo defaults delete /Library/Preferences/com.apple.MCX MobileAccountNeverAsk-username
  (substituting the short user name for the string username.)
  Credit for this solution to "E.Uncle" on the Apple OS X Server mailing list.

• Local NTFS permissions needed for Palm software?

  Does anyone know the NTFS permissions needed on the local computer for a standard user to run the Palm software?
  Post relates to: Palm TX

  Hello Cajuntank and welcome to the Palm forums.
  Palm Desktop needs to be installed with the local administrator priviledge during the install of Palm Desktop, the HotSync Manager, the first HotSyn sync, and the installation of any third-party conduits on the desktop.
  After that, the local admin rights can be revoked.
  Alan G

• Documents, Downloads, Pictures, etc Folders Invisible for Mobile Accounts

  For some reason, when any user navigates to their home directory, most of the subfolders (Applications, Desktop, Documents, Downloads, Library, Movies, Music, Pictures, & Public) are invisible. It's not consistent which ones can be seen: one user can see Library and Desktop, while another can see only Library. It is possible to navigate to any of the folders with the Go to Folder item in Finder's Go menu. Here are the results from listing everything in my own home directory (ls -l@):
  drwx------@ 3 username staff 264 Sep 15 12:37 Desktop
  com.apple.FinderInfo 32
  drwx------@ 5 username staff 264 Sep 15 15:54 Documents
  com.apple.FinderInfo 32
  drwx------@ 4 username staff 264 Sep 15 12:37 Downloads
  com.apple.FinderInfo 32
  drwx------+ 27 username staff 874 Sep 17 09:24 Library
  drwx------@ 3 username staff 264 Sep 15 12:37 Movies
  com.apple.FinderInfo 32
  drwx------@ 4 username staff 264 Sep 15 13:00 Music
  com.apple.FinderInfo 32
  drwxr-xr-x+ 2 username staff 264 Sep 15 15:35 New Folder
  Library and New Folder are the only ones I can see in Finder. All of the invisible ones have extended attributes, but, oddly, when I navigated to one of the invisible folders in Finder and Get Info on it, there is no "invisible" checkbox in the General settings.
  Here is some more info on the network setup:
  Network is a Golden Triangle: our OS X server is bound to the Active Directory domain, and each client is bound both Open Directory and AD (OD has higher precedence in search policy). Network accounts are created in AD with the home folder at //osxserver.domain.local/Network Users/username (mapped to drive X:\ or Z:\ for Windows users). Accounts are imported into OD, which (through policy on each user's group) creates a mobile account at login (no prompt) using the network profile and syncs at login, logout, in background and manually. The client-side AD plugin does not force local home directories, derives network home from UNC path in AD (using AFP), and allows administration by domain admins; all other settings are default.
  Any help in making all folders visible would be greatly appreciated.

  Here are the results from listing everything in my own home directory (ls -l@):
  Use the xattr Terminal command to clear that attribute. For usage instructions, run xattr -h.
  All of the invisible ones have extended attributes, but, oddly, when I navigated to one of the invisible folders in Finder and Get Info on it, there is no "invisible" checkbox in the General settings.
  That's intentional.
  (53827)

• Mobile accounts: Only sync with specific computers?

  Is it possible to have a mobile account sync with the local computers only on selected machines?
  Most of my users have a computer in their own offices, and I want those to be synched (and it works well with mobile accounts).
  But when they go the labs, I don't want all their data (possibly a lot) to be copied, and if they could then behave as network accounts it would perfect.
  Is it possible?

  if you configure mobile prefs to popup a dialog to confirm creating a mobile account on new machines, train them to choose "no," and they'll login with network homes on other machines.

• Need for Purchase Accounting

  Hi,
  My client has given a requirement to implement the Purchase Accounting.
  Now for india there is no legal reqmnt for purchase accounting.
  Now i want to ask all you there what can be the advantages & dis advantages after implementing the Purchase accounting.
  For config point, there are hardly 3-4 settings to be done.
  So based on your experience & interaction with client, plz suggest.
  regards
  AV M
  Points will be rewarded

  HI,
  Why do you want to capture them via reports? These all have its own importance. The account keys defined are the media to integrate the transactions between FI & MM. Whatever the cost you are incurring for freight, Taxes, customs etc etc. how you are going t account them. You need to capture these costs automatically to some chart of accounts(COA) which your company manages and these will reflect in you balance sheet or P/L accounts. If you try to do it manually these will be a hectic job.
  Suppose tomorrow your client ask you, what is the freight expense for Raw Material? how will you show them. If you maintain these accounts, you will get these from standard report. no need of any ABAPer.
  So these accounts are required for proper functioning and healthy implementation.
  Hope this has cleared your doubts.
  Regards

• App Pool Account permissions needed for People Picker

  Greetz!
  The peoplepicker runs under the credentials of the application pool the site is running in.  However I am not able to retrieve users from Active Directory. What rights does this account need on AD, if any?
  Love them all...regardless. - Buddha

  I verified that the sAMAccountName matches what I'm entering. When I used your Peoplepicker Port Tester I ran it as an admin and when I clicked search I got an errot that said it had stopped working:
  Description:
    Stopped working
  Problem signature:
    Problem Event Name: CLR20r3
    Problem Signature 01: peoplepicker port tester.exe
    Problem Signature 02: 1.0.0.0
    Problem Signature 03: 54d84550
    Problem Signature 04: mscorlib
    Problem Signature 05: 2.0.0.0
    Problem Signature 06: 526717bd
    Problem Signature 07: 20ce
    Problem Signature 08: 100
    Problem Signature 09: N3CTRYE2KN3C34SGL4ZQYRBFTE4M13NB
    OS Version: 6.3.9600.2.0.0.272.7
    Locale ID: 1033
  I believe I got that error because I added a CN which perhaps wasn't correct. When I removed the CN and just used 2 OU identifiers the tool connected to the client forest. I have failures in UDP 88, 135, 137, 138, 389, 445 and 749. Some are because
  the response wasn't timely. Some because they were 'forcibly closed' by the remote host.
  I am in a 2 way trust between separate forests. My SA says there are not ports closed between my server and the AD. When I run the port test tool is there a requirement that I be on a specific service where a particular SharePoint service is running? I ran
  it on the app server and got the results above. When I run it on the web front en all ports just say 'connection failed'
  TCP/389 connection failed
  TCP/636 connection failed
  TCP/135 connection failed
  TCP/137 connection failed
  TCP/138 connection failed
  TCP/139 connection failed
  TCP/3268 connection failed
  TCP/3269 connection failed
  TCP/53 connection failed
  TCP/88 connection failed
  TCP/445 connection failed
  [Opt]TCP/749 connection failed
  [Opt]TCP/750 connection failed
  No such host is known
  Love them all...regardless. - Buddha