Rights of a non-admin user

Similar Messages

• JDK 1.6 u12 installation on Windows XP as non-admin user

  I am working on a machine which does not grant my user the admin rights. I had wanted to use JDK with Netbeans. The Netbeans was available as ZIP file, but it required pre-installed JDK. I am not able to install JDK (latest version 1.6 u12) as non-admin user. Is this even possible and how?
  Operating System : Windows XP (SP3)
  JDK Version : 1.6 update 12
  User : Non-Administrator
  Thanks,
  Akbar.

  Contact your admin and ask him to install or to give you local admin rights.

• Not able to install ActiveX (OCX) on Non-Admin user in Windows 7 ( internet Explorer 8/9)

  I need the solution to install ActiveX controls throught CAB file (Micorsoft Cabinet) for non-admin users. Our solution is working for user accounts with adminstrator rights but not for nonadmin users.
  So far we have tried solution given here: http://msdn.microsoft.com/en-us/library/dd433049(v=vs.85).aspx
  and here:
  http://blogs.msdn.com/b/askie/archive/2012/09/27/guidlines-on-implementing-activex-installer-service-axis.aspx
  But we could not succeed. Pls Help !

  Hi,
  Apologize for the late reply and the misunderstanding about the ActiveX download location, we could change the location through the below registries:
  Use Registry Editor to change the "ActiveXCache" value to the location you want in the following registry key:
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
  Use Registry Editor to change the "0" value to the location you want in the following registry key:
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache
     NOTE: The values you enter in steps 1 and 2 must match.
  More information, please check
  How to Change the Download Location for ActiveX Files (registries exists in IE11).
  Regarding the urls that download the cab files into user profile directory, would you mind to share the URL?
  And here is some information regarding inf files:
  About INF File Architecture
  We may check the value of DestDir, DestDir can be set to 10 to place the file into the \Windows directory or to 11 to place the file into the \Windows\System directory. If no value is specified, the file is placed into the \Cache directory.
  Best regards
  Michael Shao
  TechNet Community Support

• Majority of reports missing for non admin users

  I have followed the instructions here (SCCM 2012–Reporting in console for non-admins (Reporting User Role) v2) to allow non admin users the ability to view
  reports in the console. So far, so good. However, when viewing the reports with the non admin user, only about 100 of the 400+ reports appear.
  Am I missing something here?

  The custom reporting one in the link I provided, and also modified versions of the following:
  OS Deployment manager (removed rights to All driver related items (drivers and driver packages), Boot image packages (except read access), Operating system installation packages).
  Application Administrator (removed Application>Approve; Distribition Point>Set Security Scope; Distribution Point Group>Set Security Scope; Global Condition>Set Security Scope)
  The reports missing we care about primarily are Software ones (companies and products and files).

• Non-admin users can't view GAL with Outlook Connector

  Non-admin users are unable to view the Global Address List with Outlook Connector. When I give a test user admin rights (in our portal), the user can view the GAL. The VLV index is setup and functioning correctly for admin users. My versions are Directory Server 5.2 Patch 4, JES 2005Q4, Outlook Connector 7.1.222.4.
  I've reviewed the ACIs on o=cp per http://docs.sun.com/app/docs/doc/819-5200/gbnse?a=view and verified that they are getting passed down to the child entries. I added a new ACI for a specfic test user, but I see no effect when I run an ldapsearch as that user. Here are the ACIs:
  1. Allow Calendar Administrators to proxy
  (targetattr = "mail || uid || icsCalendar || givenName || sn || cn")
  (targetfilter = (|(objectClass=icscalendaruser)(objectClass=icscalendarresource)))
  (version 3.0;acl "Allow Calendar administrators to proxy - product=ics,class=admin,num=2,version=1";
  allow (proxy)(groupdn = "ldap:///cn=Calendar Administrators, ou=Groups, o=cp");)
  2. Allow Calendar users to read and search other users
  (targetattr = "mail || uid || icsCalendar || givenName || sn || cn")
  (targetfilter = (|(objectClass=icscalendaruser)(objectClass=icscalendarresource)))
  (version 3.0;acl "Allow Calendar users to read and search other users - product=ics,class=admin,num=3,version=1";
  allow (read,search)(userdn = "ldap:///uid=*,ou=People,o=pcc.edu,o=cp");)
  3. Allow test users to proxy
  (targetattr = "mail || uid || icsCalendar || givenName || sn || cn")
  (targetfilter = (|(objectClass=icscalendaruser)(objectClass=icscalendarresource)))
  (version 3.0;acl "Allow test users to proxy - product=ics,class=admin,num=2,version=1";
  allow (proxy)(userdn = "ldap:///uid=299899598658566,ou=People,o=pcc.edu,o=cp");)
  Here's the log for an ldapsearch as a non-admin user:
  -bash-3.00$ grep "conn=386080 op=1 msgId=2" access
  [02/Jan/2008:15:15:44 -0800] conn=386080 op=1 msgId=2 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid"
  [02/Jan/2008:15:15:44 -0800] conn=386080 op=1 msgId=2 - SORT cn
  [02/Jan/2008:15:15:44 -0800] conn=386080 op=1 msgId=2 - VLV 1:1:dpelinka 2964:11852 (0)
  [02/Jan/2008:15:15:44 -0800] conn=386080 op=1 msgId=2 - RESULT err=0 tag=101 nentries=0 etime=0
  When the same search is run by an admin user, nentires=3.
  Here is the test ldapsearch:
  ldapsearch -h vmpt1 -p 389 -D "uid=299899598658566,ou=People,o=pcc.edu,o=cp" -w {password} \
  -b "ou=People,o=pcc.edu,o=cp" -x -s "sub" -S "cn" \
  -G "1:1:dpelinka" "pdsRole=Employee" uid
  David,

  Jay,
  Here's a full set of logs. The first set is from my test search; the second from an actual OC search. I don't see anything different between the admin and non-admin except for the number of entries returned.
  ADMIN TEST SEARCH
  -bash-3.00$ ./test_vlvindex.shl
  version: 1
  dn: uid=375308679900788,ou=People,o=pcc.edu,o=cp
  uid: 375308679900788
  dn: uid=534616896694744,ou=People,o=pcc.edu,o=cp
  uid: 534616896694744
  dn: uid=506947161967075,ou=People,o=pcc.edu,o=cp
  uid: 506947161967075
  index 2973 content count 11893
  DS log-bash-3.00$ grep "conn=1964292 op=1" access
  [07/Jan/2008:16:36:02 -0800] conn=1964292 op=1 msgId=2 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid"
  [07/Jan/2008:16:36:02 -0800] conn=1964292 op=1 msgId=2 - SORT cn
  [07/Jan/2008:16:36:02 -0800] conn=1964292 op=1 msgId=2 - VLV 1:1:dpelinka 2973:11893 (0)
  [07/Jan/2008:16:36:02 -0800] conn=1964292 op=1 msgId=2 - RESULT err=0 tag=101 nentries=3 etime=0
  NON-ADMIN TEST SEARCH
  -bash-3.00$ ./test_vlvindex.shl
  index 2973 content count 11893
  DS log-bash-3.00$ grep "conn=1973983 op=1 msgId=2" access
  [07/Jan/2008:16:37:53 -0800] conn=1973983 op=1 msgId=2 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid"
  [07/Jan/2008:16:37:53 -0800] conn=1973983 op=1 msgId=2 - SORT cn
  [07/Jan/2008:16:37:53 -0800] conn=1973983 op=1 msgId=2 - VLV 1:1:dpelinka 2973:11893 (0)
  [07/Jan/2008:16:37:53 -0800] conn=1973983 op=1 msgId=2 - RESULT err=0 tag=101 nentries=0 etime=0
  ADMIN OC SEARCH
  -bash-3.00$ grep -i vlv access
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=14 msgId=15 - VLV 0:8:0:0 1:11893 (0)
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=15 msgId=16 - VLV 0:10:9:0 10:11893 (0)
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=16 msgId=17 - VLV 0:17:20:0 21:11893 (0)
  -bash-3.00$ grep "conn=1000785 op=14 msgId=15" access
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=14 msgId=15 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid mail cn title company telephoneNumber physicalDeliveryOfficeName objectClass"
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=14 msgId=15 - SORT cn
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=14 msgId=15 - VLV 0:8:0:0 1:11893 (0)
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=14 msgId=15 - RESULT err=0 tag=101 nentries=9 etime=0
  -bash-3.00$ grep "conn=1000785 op=15" access
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=15 msgId=16 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid mail cn title company telephoneNumber physicalDeliveryOfficeName objectClass"
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=15 msgId=16 - SORT cn
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=15 msgId=16 - VLV 0:10:9:0 10:11893 (0)
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=15 msgId=16 - RESULT err=0 tag=101 nentries=11 etime=0
  -bash-3.00$ grep "conn=1000785 op=16 msgId=17" access
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=16 msgId=17 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid mail cn title company telephoneNumber physicalDeliveryOfficeName objectClass"
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=16 msgId=17 - SORT cn
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=16 msgId=17 - VLV 0:17:20:0 21:11893 (0)
  [07/Jan/2008:16:42:58 -0800] conn=1000785 op=16 msgId=17 - RESULT err=0 tag=101 nentries=18 etime=0
  NON-ADMIN OC SEARCH
  -bash-3.00$ grep -i vlv access
  [07/Jan/2008:17:26:04 -0800] conn=2220710 op=1 msgId=2 - VLV 1:1:1:0 2:11893 (0)
  [07/Jan/2008:17:26:04 -0800] conn=2220710 op=2 msgId=3 - VLV 0:8:0:0 1:11893 (0)
  -bash-3.00$ grep "conn=2220710 op=1" access
  [07/Jan/2008:17:26:04 -0800] conn=2220710 op=1 msgId=2 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="cn mail uid objectClass"
  [07/Jan/2008:17:26:04 -0800] conn=2220710 op=1 msgId=2 - SORT cn
  [07/Jan/2008:17:26:04 -0800] conn=2220710 op=1 msgId=2 - VLV 1:1:1:0 2:11893 (0)
  [07/Jan/2008:17:26:04 -0800] conn=2220710 op=1 msgId=2 - RESULT err=0 tag=101 nentries=0 etime=0
  -bash-3.00$ grep "conn=2220710 op=2" access.20080107-171147
  [07/Jan/2008:17:26:04 -0800] conn=2220710 op=2 msgId=3 - SRCH base="ou=people,o=pcc.edu,o=cp" scope=2 filter="(pdsRole=Employee)" attrs="uid mail cn title company telephoneNumber physicalDeliveryOfficeName objectClass"
  [07/Jan/2008:17:26:04 -0800] conn=2220710 op=2 msgId=3 - SORT cn
  [07/Jan/2008:17:26:04 -0800] conn=2220710 op=2 msgId=3 - VLV 0:8:0:0 1:11893 (0)
  [07/Jan/2008:17:26:04 -0800] conn=2220710 op=2 msgId=3 - RESULT err=0 tag=101 nentries=0 etime=0
  -bash-3.00$
  David.

• Allowing non-admin users partial admin privileges

  Hi All
  I manage a number of Macs on a large corporate (PC-centric) network. Organisation policy prohibits giving users admin privileges. However, I want users to be able to do some admin tasks like installing software, but not to have admin privileges per se. The Parental Controls option for non-admin accounts does not offer sufficient functionality.
  All the Macs are stand alone (not managed accounts), and are accessible via Apple Remote desktop. Few of the Mac users are command line savvy, so any solution has to be invisible, or via a simple gui.
  Thanks in advance
  Dave Mitchelll

  Most software does not need to be in the Applications folder to run. Non-admin users can install most drag-and-drop software right inside their home folders and run the apps from there.

• ColorSync and non-admin users

  Is there a way to allow non-admin users to change ColorSync profiles for printers using the ColorSync Utility? Our non-admin users can launch the utility and see all the printers listed in the "Devices" section but the option to change the default profile for any particular printer is greyed out.
  Thanks.

  Kurt is far more expert on this than I am, so take his advice first.
  Hi,
  There are three things to consider...
  #1. Profiles in use, like Fast User Switching being on and another User logged in, cannot be changed/edited.
  #2. There are at least 2 locations for the .ICCs...
  /Library/ColorSync/Profiles/Displays/
  /Users/YourUserName/Library/ColorSync/Profiles/
  Profiles in the 1st location cannot be edited. ICCs in the 2nd location could have copies made & the copies moved to another User's folder & Rights/Privileges changed accordingly.
  #3. See what "Scope" Colorsync reports... I think it has to do whether all users was selected when installing drivers, not certain on that though.

• User Interface Access Customisation for non admin users

  Hi,
  It is understood that for non-admin users, some features of the Planning Interface is not enabled and this can be controlled by proper access permissions. But, is it possible to extend the customization to provide some additional features in the menu bar for an user?
  For example, if View User wants to manage task lists. Is it possible by some sort of customization? Please advise.
  Thanks.

  Hi,
  You can create right click menus, and you can also create links on the tools page. Would any of these help you?
  Here is the doc on those subjects:
  Creating and Updating MenusAdministrators can create right-click menus and associate them with data forms, enabling users to click rows or columns in data forms and select menu items to:
  Launch another application, URL, or business rule, with or without runtime prompts
  Move to another data form
  Move to Manage Approvals with a predefined scenario and version
  The context of the right-click is relayed to the next action: the POV and the Page, the member the user clicked on, the members to the left (for rows), or above (for columns).
  When designing data forms, use Other Options to select menus available for Data Form menu item types. As you update applications, update the appropriate menus. For example, if you delete a business rule referenced by a menu, remove it from the menu.
  To create, edit, or delete menus:
  Select Administration, then Manage, then Menus.
  Perform one action:
  To create a menu, click Create, enter the menu's name, and click OK.
  To change a menu, select it and click Edit.
  To delete menus, select them, click Delete, and click OK.>
  Specifying Custom ToolsAdministrators can specify custom tools, or links, for users on the Tools page. Users having access to links can click links from the Tools menu to open pages in secondary browser windows.
  To specify custom tools:
  Select Administration, then Application, then Settings.
  For Show, select Advanced Settings.
  Click Go.
  Select Custom Tools.
  For each link:
  For Name, enter the displayed link name.
  For URL, enter a fully qualified URL, including the http:// prefix
  For User Type, select which users can access the link.
  Click Save.

• Giving Non-Admin User Admin Privileges to One Program

  Aaron19 wrote:
  Unfortunately updates don't erratic on when they come out. 
  Are erratic?
  I'm assuming the updates happen with such frequency that requiring IT to install them is a major hassle. Your other option is to find a way to script the install and push it to the required workstations.

  I thought I would come to the community and ask if there is any way to give a non-admin user admin rights to one program so that he can run updates.  I looked into making an elevated shortcut which worked to no avail.  Unfortunately updates don't erratic on when they come out.  Was just curious if there is an ability to give the user who is having problems admin privileges to this program without an admin password.  
  This topic first appeared in the Spiceworks Community

• Allowing non-admin users to use certain programs without authenticating

  I would like to allow certain programs to be run by non-admin users without forcing them to authenticate as an admin. Here is my example: I'm running Parallels Desktop with a VM to Windows. I want to allow my children to use this VM to access Windows programs. But, when starting a VM, the Mac OS requires an administrator to authenticate. Needless to say, I don't want my children to be administrators on the machine. I've been assured that this is not an issue related to how Parallels works (from the support team at Parallels). Instead, this is an issue with the Mac. i'm not sure one way or the other, but it seams useful to be able to (in general) allow non-admin users to use certain programs without forcing them to authenicate as administrators.
  There is only one summary in the Mac help on allowing non-admin users to change the time zone settings by directly editing the /etc/authorization file. Does anybody know if this procedure would work for other programs?
  Thanks!

  If you know what the requested right is, that procedure can be applied to any right in an application with a graphic interface by duplicating and modifying entries. The contents of that file don't control usage of sudo in the Terminal.
  (25922)

• Non admin user - changes not saved (Safari settings, system prefs, etc.)

  iMac, 2 users, one is administrator and other is standard user. Recently, in the non-admin user account, it has become impossible to make any changes. For example, adding an application to the the Dock, after logging out and back in next time, the application is not in the Dock any more. Also, making changes to the prefs in Safari, changes are not saved.
  I noticed this after installing FireFox v4. I installed it as admin whilst in the non-admin users account. However, I don't believe that the installation of FF has anything to do with the problem, it just highlighted it. I've checked the permissions for the various directories that hold prefs info such as user/libraries/application prefs/etc. etc. and also Safari prefs. Nothing I can see that has changed in system prefs.
  Any ideas on what has caused the problem (kids are known to fiddle from within the non-admin account) and any ideas on how to fix it?
  Thanks

  Hi PPRuNe,
  You could try making the standard user an Admin too. To do this, make sure you are logged in to the standard user, go to System Preferences > Accounts > Standard user (you may have to unlock the padlock) > Allow user to administer this computer
  This will allow changes to be made without being prompted for a password all the time.
  However, if you had Parental Controls on, they probably won't work on an admin account because as an admin you have complete control over a computer, so the computer thinks there is no point in having the controls turned on. And if the kids are known to "fiddle," just think carefully!
  Hope this helps you.
  Chris.

• How to allow access to winrs for non-admin user?

  I have Windows Server 2012 (and Server 2008, but it is next priority) to monitor it using txwinrm. txwinrm library internally is using WinRS protocol. I have to monitor it using least privileged user, but don't know how to configure access for him.
  All I managed to do - is to configure remote Powershell session for my user, but it's look like that winrs and powershell sessions have different security descriptors:
  Invoke-Command -ComputerName 192.168.173.206 -Credential (credential Administrator $pwd) -ScriptBlock { 2 + 2}
  # gives 4
  Invoke-Command -ComputerName 192.168.173.206 -Credential (credential lpu1 $pwd) -ScriptBlock { 2 + 2}
  # gives 4
  winrs -r:192.168.173.206 -u:Administrator -p:$pwd 'powershell -command "2+2"'
  # gives 4
  winrs -r:192.168.173.206 -u:lpu1 -p:$pwd 'powershell -command "2+2"'
  # Gives Winrs error: Access is denied.
  Configuration for my user is following:
  (Get-Item WSMan:\localhost\Service\RootSDDL).value
  # O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;S-1-5-21-3231263931-1371906242-1889625497-1141)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)
  (Get-PSSessionConfiguration -name Microsoft.Powershell).SecurityDescriptorSddl
  # O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;S-1-5-21-3231263931-1371906242-1889625497-1149)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
  (In each security descriptor my user is given general access to protected object).
  So what security descriptor should I set to make my winrs query work for non-admin user?

  Hi Bunyk,
  I can not recreate the erroe you posted, and please also post the screenshoot in your convenience.
  I tested with a non-domain user but has the local admin permission of the remote computer, and this worked, before running the remote cmdlet in powershell, I also configured the TrustedHosts.
  In addition, the access denied could be also caused to the Protocol Filtering on the remote server, for more detailed information, please refer to this thread:
  winrs error:access is denied
  I hope this helps.

• A Solution for Enabling Sandbox activation by non admin users for testing (OIM 11gr2 PS2)

  I just wanted to post what i came up with as a solution the the problem of not being able to Test the effects of sandbox changes for non admin level users prior to their publication.  We are constantly making changes to the UI through sandboxes, the problem is rolling a sandbox back isn't easy, and we cannot be sure of the effects they will have on non administrative users until they are published, since the out of the box sandbox link isn't available to non Sysadmin level users.
  To allow these non admin user accounts to test the effects of sandbox changes in our development environment, I did the following (as always, follow at your own risk):
  Create and activate a new sandbox.
  Close all open tabs (including the Home and Sandbox tabs) and click the "Customize" link.
  Click the view -> source drop down in the upper left.
  After the source is visible, click the Accessibility or Sandbox link to find the area that you will add the new "UserSandboxTest" (call it whatever you want) link.
  Add a new commandImageLink directly in the panelGroupLayout: horizontal item before the "switcher" item (see the UserSandboxLink in my screen shot below):
  Edit the Link you just inserted, Entering whatever you want the link to display as in your browser in the "Text" field.
  Export the sandbox.
  Unzip the exported sandbox and navigate to the IdmShellV2.jspx.xml (path should be: \templates\mdssys\cust\site\site).
  Edit the IdmShellV2.jspx.xml file and find the new item you added in step 5.
  Add the following to the commandImageLink xml item: actionListener="#{pageFlowScope.uiShell.context.launchSandboxes}" rendered="#{oimcontext.currentUser.roles['SANDBOX_USER'] != null}".  Note: I used a new custom enterprise role, SANDBOX_USER, to control the display of the new link, You should substitute whatever EL conditions you need in the rendered property.
  Save your IdmShellV2.jspx.xml file and zip the contents back up, just like you would for any other customization.
  Import your newly edited sandbox back into the target environment.
  Publish the sandbox.
  This seems to work great for allowing us to test other sandbox changes effects on different types of users. 

  On step 10, adding the check to determine if the user should have access to the role ended up breaking access to the unauthenticated pages like the self registration page and the forgot userid/user login pages.  Non-authenticated users cannot execute the method to return the role, so that fails which leaves the page not loading.  To correct this I changed the rendered property to rendered="#{securityContext.authenticated}".  This prevents the link from displaying on non authenticated pages, but displays for anyone else who's logged on.  We only plan on using this in our development environment where no one but developers and system admins have access anyway, so it's not an issue that everyone will see the link.  I wouldn't recommend putting this in an environment where end users will be logging in and testing without developing a method (or finding another way to limit the display) that can be called by unauthenticated users to prevent them from seeing the link.

• Reader 9.5.1 Crashes after a few seconds for non-Admin users

  I have Adobe Reader 9.5.1 installed on some Citrix XenApp 5.0 servers that are Windows 2003.  Any time a non-admin user launches Reader it is open for a matter of seconds and then crashes.  It shows a Dr Watson crash in the error logs each time. If I logon as an Administrator, it works just fine.  I've tried reinstalling/repairing the installation to no avail. 
  Has anybody run into this in the past or does anyone have any ideas on how to fix it?

  My company is into same issue but thing is that I cannot uninstall the MS patch as it will be vulnerability for our servers and we have opened a case with MS and they have reveiwed the proc dump and now MS is asking to get this reviewed with Adobe. I'm not sure how to reach out to Adobe Support to get the fix from them. Any solution on this regard, it will be great help. Thanks, Sayed.

• Is there any way to prevent non-admin user accounts to receive software update prompts?

  I am the admin account user on our MacBook Pro, and there is one standard user account on it as well. Generally we are both logged on so we can quickly switch between user accounts and 'spin the desktop'.
  For some reason, all the software update notifications seem to be received when the standard user account is the active one.
  I know that the standard user cannot actually update without my account password and my Apple ID, but a) The notifications confuse the non-admin user, and she gets flustered, and b) Even if she manages to cancel them from the notification area, she then has to remember to tell me verbally that she had had one.
  Is there any way to stop her receiving the update notifications altogether?
  Running OS X 10.8.2 on MacBook Pro.
  Thanks in advance.

  You should be able to do this by unchecking the software update service in the system preferences to prevent the system from running the check as the "_softwareupate" user and passing it to the notification service that broadcasts to all user accounts. Then you can check for the software update in an admin account using the following Terminal line:
  /System/Library/CoreServices/Software Update.app/Contents/Resources/SoftwareUpdateCheck -Check YES
  This line can be scripted via Terminal services to run on a schedule (ie, every few hours), and if there are found updates it will launch the App Store for that account and present them. Granted this approach circumvents the notification service, but should work. To try this, open TextEdit on your computer and in a new document choose "Make Plain Text" from the Format menu.
  Then copy and paste the following text into the new document:
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  <plist version="1.0">
  <dict>
            <key>Label</key>
            <string>local.softwareupdatecheck</string>
            <key>ProgramArguments</key>
            <array>
                      <string>/System/Library/CoreServices/Software Update.app/Contents/Resources/SoftwareUpdateCheck</string>
                      <string>-Check</string>
                      <string>YES</string>
            </array>
            <key>StartInterval</key>
            <integer>21600</integer>
  </dict>
  </plist>
  When done, save the document to your desktop as "softwareupdatecheck.plist" or anything as long as it ends with ".plist." Then get information on the file in the Finder to ensure its name ends with plist and not anything else like "plist.txt" (rename it accordingly in the Info window's "Name & Extension" section.
  With the file name appropriate, hold the Option key and choose the "Library" option in the Finder's "Go" menu. Then locate the folder called "Launch Agents" in the library and drag the text file to this folder. Then log out and log back into your account.
  This text file is a launch agent script that instructs the system to run the program arguments every 21600 seconds (6 hours) whenever the user is logged in. The program arguments here are simply those to check for software updates for the system. You can change this time interval to be any number of seconds you would like, but there are other options to use besides the "StartInterval" key for scheduling the task. This approach simply has it repeat every number of seconds, but you can use other options to have it only run on specific hours or days, or only have it run once when you log in, etc.
  If this works for you, then if you'd like to explore these other options write back here and we can go over them for you.