Prevent user from changing accessibility
Hi,
I have set up an additional user but find that when I sign in as that user I can change the permissions of MY folders using Get Info. The new user, named "guest", cannot access my folders by double clicking on them, that's good, but can change the permissions of them (which I haven't tested out to see if that means guest can really access them then. It is just disturbing that gues can change permissions at all.)
I have set up that guest cannot change settings in the Finder, under Parental Limits. Why can I, when signed in as guest, change permissions of MY folders? (I have administrator privileges.)
I have logged out, gone between the two users, shut down, quit the Finder so it has to restart and still guest can change these permissions. I have heard that it seems to take time for my changes to take effect. When will they (or do I need to do additional things?)
More precisely, I can unlock the permissions using Get Info, change the permissions to guest from my admin name, the OS asks for the admin name and password (might be something the guest may know) and then, when the name and ID are entered in, they can change their accesibility to my folders and get in. Yes, the permissions are password protected but I don't like the idea that having set it up to prevent this, it can still be done by a (non-administrative) user. (Sorry if there are mispellings here. This paragraph wasn't spell checked.)
I basically want to prevent that user from accessing anything other than my apps. I do want and have it set up now so that guest can create their own documents.
Thanks for any help.
John L
More precisely, I can unlock the permissions using
Get Info, change the permissions to guest from my
admin name, the OS asks for the admin name and
password (might be something the guest may know) and
then, when the name and ID are entered in, they can
change their accesibility to my folders and get in.
Yes, the permissions are password protected but I
don't like the idea that having set it up to prevent
this, it can still be done by a (non-administrative)
user. (Sorry if there are mispellings here. This
paragraph wasn't spell checked.)
Why would a Guest user or anyone else know your admin password? They wouldn't unless you provide it and without it, what you are describing can' t happen.
I'm the only user of my Mac and I've disabled automatic login even though there are no other users so with multiple user accounts especially, automatic login should not be enabled which requires each user to enter their password to login to their account. Even with Fast User Switching enabled, no one can gain access to your admin login account or to anyone else's account and without anyone else knowing your admin login password, you maintain control.
A non-admin Guest user or any user account without admin privileges can become the admin (you) if you provide your admin password to a Guest or to anyone else. Without it, no one else has your admin privileges.
Regarding the spell checker at the Discussions, it was removed with the new software but if you are using Safari, Safari includes a spell checker.
When entering text for a post, at the Safari menu bar go to Edit > Spelling. You can select "Check Selling as You Type" and misspelled words as you type with Safari will be underlined in read.
Similar Messages
-
Prevent user from changing calendar permission
Hi team,
How to prevent users from changing calendar permission in outlook. When user open calendar option in Outlook he should either he should able to view the calendar sharing tab or he should not able to make modification in calendar permission by assigning permission
to others.Hi,
Agree with Andy. Exchange has no built-in feature to prevent mailbox owner to modify their calendar permissions. Since they are owners, they can set their calendar permissions.
Thanks for your understanding.
Best regards,
If you have feedback for TechNet Subscriber Support, contact
[email protected]
Amy Wang
TechNet Community Support -
I need to stop network users from changing the proxy settings to avoid the firewall. Is there any way to disable or prevent them from getting to the advanced, connections tab, and changing the settings for the proxy?
You can lock the corresponding prefs, then users won't be able to change the settings.
See http://kb.mozillazine.org/Locking_preferences
See also http://kb.mozillazine.org/about%3Aconfig_entries -
How to prevent user from changing a field on a Form.
I have a form and a report on the same page. The form is used to set criteria for the report. So after the criteria is entered on the form a button is clicked, which passes the criteria to the report. The form also displays some additional data based on the criteria, i.e. I do a query on the form.
The problem I'm having is preventing the user from changing the additional data which is displayed. I tried all the wizzard options; i.e. not updatable, not insertable etc. but the user can still change the data.
The only options seems to be writting some Java code for one of the triggers, but I haven't written any Java before.
So I was wondering if anyone has a non-Java solution for this problem or an example of a Java program I could use to solve the problem.
Thanks for any help
LarryHi,
Suppose you want Empno, Sal fields of Employee table as Query only and all other fields user updateable then
uncheck all the three check boxes
Mandatory , Updatable , Insertable under validation options for those fields.
When you run the form, these fields appear as text items in query mode and will appear labels once the querying done.
Hope it works
Madhav -
Is it possible to prevent users from changing iPad background?
I am currently helping deploy 130 iPads for a school using Apple Configurator. I have set the desired wallpaper and lockscreen text via Apple Configurator, however this can easily be removed if a user decides to change the lockscreen wallpaper. Is there any way to set a restriction that would prevent a user from changing the lockscreen wallpaper? Any ideas would be greatly appreciated! Thanks for the help in advance!
I heard that with iOS6 MDMs could have the ability to remotely change the wallpaper and lockscreen OTA. So far Airwatch is the only one I've heard of that claims to be able to do it:
http://www.air-watch.com/company/news-room/press-releases/2012/09/airwatch-offer s-same-day-comprehensive-support-for-apple-ios-6
(scroll down to "New MDM Capabilities")
I hope other MDM's adopt this. It sure would be nice to be able to do this from an MDM.
Hope this helps!
~Joe -
How do I prevent other Mac users from changing my Airport Extreme Network Name and Password within the Airport Utility? My company is using an Airport Extreme in our office now and I want to prevent other employees from messing with the network/settings. Is there a way to place a password on the settings to allow only the admin to access the network name and password?
Hi - you have will have to change the device passwords on all the base stations and then don't give them to anyone except the administrators and tell them not to save them on their computers that use the older versions of the Airport Utility - for the newer versions like the mobile apps, as soon as you enter the pasword it is saved and is visible in the advanced pane along with the network password - so if anyone gets a hold of your iPad or iPhone, they can edit the whole network - I have this same issue with my networks in the office and it is inconvenient but doable - I hope this helps
-
Is there a way to prevent an end-user from changing their own password?
All you guru's out there, I need your help. Is there a way to prevent an end-user from changing their own password? Is there a function or procedure I can create or what?
In this case, you do not want someone (whoever they are DBA etc) to connect as that
particuler user to change the password.Yes, but I wouldn't expect the users to[i] know that password. The connnect would be handled automatically, behind the scenes.
The clear implication of the OP's question and response was that users would not be allowed to change their own passwords. I'm guessing this is in response to a policy that says users mustn't have simple passwords like 123abc or mom. In such a scenario a better approach would be to apply regexp to a user's password to ensure it contains a mix of letters, numbers, punctuation, etc to achieve the desired level of complexity.
So questions, should not be regarded as daft Agreed, but the same is unfortunately not always true of business decisions. As the OP has told us not to ask we cannot know why they want to do this. Personally, I think a user's individual password should always be their responsibility; anything else strikes me as insecure. YMMV.
Cheers, APC -
Prevent a user from changing the Project ID in P6 EPPM 8.3.7
Does anyone know if there is a Global or Project Security Profile privilege that will prevent a user from changing the Project ID on an existing Project? We are using Primavera P6 EPPM 8.3.7
Thank you,
EricHi,
Below project security profile may help you,
Edit Project Details Except Costs/Financials
Determines whether the profile will enable users to edit fields in General, Dates, Defaults, Resources, and Settings tabs in Project Details. To assign a project baselines, users must also have the "Assign Project Baselines" project privilege assigned to their profile.
Regards,
Marcos -
GPO to prevent users from accessing the root folder of their profile doesn't work
Hi,
Here's the scenario:
In a Windows 2012 RDS I created two groups called RemoteApp users and remote desktop users.
These groups are defined in the collection for the corresponding RD Session hosts.
These groups are not included in any other group, but they are located under an OU -called Remote Users.
In the domain controller I have created a GPO named "Restrict access to root drive" which is linked to the Remote Users OU.
The GPO I selected is - "Prevent users from adding files to the root of their users files folder"
This doesn't seem to work. I have waited more than a few hours to allow the 90 minutes update, plus used the gpupdate /force
but when a user clicks on the RemoteApp (Excel in this example) then access to the C: drive (which is the root folder of the user's profile) is enabled, and the user can create folders and save files under C:.
I tried to run gpresult for the specific user but the GPO I created wasn't mentioned.
I thought this would be a straight forward mechanism, but somehow it looks like something is missing.
I have read about loopback and expanding, but not sure if this is what needs to be done, and if yes - I'd appreciate if I can get step by step instructions. Everything I found so far was VERY vague.
Thanks !
One more detail that may be relevant - the DC is a Windows Server 2012, and the session host is a Windows 2012 R2.> These groups are not included in any other group, but they are located
> under an OU -called Remote Users.
>
> In the domain controller I have created a GPO named "Restrict access to
> root drive" which is linked to the Remote Users OU.
>
The USER accounts need to be in the OU your GPO is linked to. Despite
their name, GPOs do NOT apply to groups, but to users (and computers).
Groups only provide an additional layer of filtering...
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :)) -
I am the System Administrator of my computer. I have managed to limit most of what my nephew can do via general Windows functions. However, I need to prevent him from changing his Firefox Options (listed under the Tools menu). He has already changed items that leave my computer vulnerable and although I've explained to him that he should not change anything in the Options area, he continues to do it. If there is not a way for me to prevent him from changing anything in Options, then I have no alternative than to prevent him from using the computer at all. I hope it doesn't come to that.
''"...although I've explained to him that he should not change anything in the Options area, he continues to do it. If there is not a way for me to prevent him from changing anything in Options, then I have no alternative than to prevent him from using the computer at all."''
Maybe taking away his privileges will could teach him a valuable lesson------respect other people's property! -
To prevent user from droping his own object .
Dear User
I have a database user like "aaa" in oracle 7.3.4.0.1 database.i do not want user "aaa" to drop his own schema objects like table and any other objects that he is owner.Do i have any system privilege to stop this user from doing so.User should be able to create objects and modify object but not to drop his own objects.For this purpose i have created a database trigger at database level to stop user "aaa" for doing above action.this trigger is giving me error on creation in oracle 7.3.4.0.1 .But when i tried same trigger in oracle 8i and 9i it work well.In oracle 8i and 9i it is preventing user from droping his own objects but i get other errors also along with raised error in trigger which i want to stop .The error which i am raising in trigger is
ORA-20001 INVALID COMMAND BUT OTHER TWO ERRORS THAT R RAISED AUTOMATICALLY ARE
ORA-00604 ERROR OCCURED AT RECURSIVE SQL LEVEL 1
AND
ORA-06512 AT LINE 8
I WANT TO STOP THESE TWO ERRORS .
PLZ HELP ME IN THIS REGARD AS SOON AS POSSBILE .
plz tell me is there any system privilege to stop user from droping his own object or any other way along with trigger at database level.
Thank u.Hi
DBAs can use PRODUCT_USER_PROFILE (in system schema) to disable certain SQL and SQL*Plus commands in the SQL*Plus environment on a per-user basis. SQL*Plus, not Oracle, enforces this security. DBAs can even restrict access to the GRANT, REVOKE, and SET ROLE commands in order to control users' ability to change their database privileges.
The PRODUCT_USER_PROFILE table enables you to list roles which you do not want users to activate with an application. You can also explicitly disable use of various commands, such as SET ROLE. For example, you could create an entry in the PRODUCT_USER_PROFILE table to:
read more about this at
http://download-west.oracle.com/docs/cd/B10501_01/server.920/a90842/ch10.htm#1005648 -
CE10 how to prevent user from view hostrical instance
hi,
We are currently using CE10. One of our user used search functionality in enterprise to search for reports start with 'employee' and it came back with all the crystal reports on the server that started with employees, even the one the user doesn't have access to. My greatest concern about this is that users can view historical instance and it is sensitive data. Does anybody know whether or not this is a bug in CE10? Is there a patch/fix for this? Is there any configuration change that I can make to
prevent users from being able search all the reports on the server rather just their own reports? Any help is greatly appreciated.
Regards,
Susanhi,
I have an EVERYONE group with limited access(view object), and EVERYONE group is added to each folder with NO ACCESS. If I revoke view object(explicitly denied) privilege from EVERYONE group, do I still need to remove EVERYONE group from each folder? When I'm at folder level in CMC, I see EVERYONE GROUP added, but when I tried to remove the EVERYONE GROUP, the EVERYONE group is not an option for removal. What am I missing?
Thanks for your help!
Regards,
Susan Johnson -
How to prevent users from creating new folders in share folder directory?
Hello guys
I'd like to know How to prevent users from creating new folders in share folder directory but still keep their power of creating new folders in their personal 'my folder'?
I tried changing the 'manage privilage ---- create folder' to deny certain user accounts, but by doing so, it also stops the user from creating new folders in their 'my folder', which is not good..
I also tried going into these share folders and tried different access types such as 'change/delete', 'read', 'traverse folder' etc, but none of it work ideally. The 'change/delete' access still allows them to create new folders, 'read' access prevents creating new folders but also take away their power of saving reports..
Any thoughts on how to take away their ability to ONLY create new folders in share folder areas without affecting their other privileges?
Please advise
Thank youEasy, on the shared folders root folder only give them 'read' or 'traverse folder' but on the the folder inside the shared folders root folder give them 'change/delete'. That means they can change anything inside those folders but not create any folders at the shared folders root level.
-
How to stop the users from changing the Decimal in SAP
How to stop the users from changing User Profile
Hai,
It is not possible to restrict SU3 to display, because it has only S_TCODE has the authorization object.
If you really want to restrict users from changing their profile you have to remove the SU3 access and give SU1 or SU2 which gives access only to Personnel details and Parameters.
Hope this helps.
Regards,
Yoganand.V -
How to prevent users from saving and emailing intranet documents externally
Someone in our company needs to upload a pdf to our sharepoint intranet site for internal-only use. How can I prevent users from downloading it and emailing it externally?
I mean, a user could screenshot it I guess, but I need to give management a due diligence answer.You would need to look into a reverse proxy/firewall that had the ability to block access based on content. This isn't something you can accomplish out of the box with SharePoint (even with AD RMS).
Trevor Seward
Follow or contact me at...
  
This post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.
Maybe you are looking for
-
Customer Open Item Clearing F-28 / FBZ1
Dear Friends, My query is regarding Customer Open Items Clearing using Transaction Codes F-28 / FBZ1. We are implementing SAP for Healthcare Industry with IS-H.. We are using ECC6 EHP5. Client submits insurance claims relating to patient revenue to t
-
Difference between customizing request and workbench request?
Hi , What is the difference between customizing request and workbench request? please reply.........
-
I tried downloading the new update for my desktop PC I get the following error messages: Visual C++ Runtime library R6034 an application has made an attempt to load the C runtime library incorrectly Error 7 Windows Error 1114
-
I'm operating Windows 7 and reinstalled deivers to my Laser Jet 1022. It prints form adobe and MS Office applications, but not from email (aol) or internet screens. When not printing an error message shows "unexpected call to method or property acc
-
Using Resize effect to resize the component to 100percent
Hi all, I am using resize component to show the opening of a datagrid which contains itemrenderers.The number of itemrenderers is not fixed hence i want to use the resize effect to resize the grid from height=0 to height=100%. I m not getting any clu