Script to Temporary Elevate the admin rights to local user

Similar Messages

• Resetting the Admin password in single user mode

  Ok, my friend bought an old Imac from someone she went to school with with OS 10.4.2 on it. It works fine except that she can not install any programs because there is an admin password that she does not know. She asked the person she bought it from, he says he doesn't even remember setting a password. Normaly with this issue id just pop in the install disk and reset it from there, except neither of them have the install disk, and my install disk is to current for the machine. Does anyone know how I can reset the admin acount using single user mode commands? I can do it on my Mac Book pro but it doesn't seem to work the same way on 10.4. Please help!
  EDIT: It is a Power PC G3 if that helps.
  Message was edited by: CartooNxHerO

  CartooNxHerO wrote:
  Ok, so I used the advice from the third link you gave me but i'm still in single user mode trying to figure out how to delete the users home folders.
  Message was edited by: CartooNxHerO
  You do not need to delete "the users home folders". Nor do you need to delete the netinfo database. Here are two proceedures:
  Change Password
  Mac OS X:
  Changing or resetting an account password via GUI:
  Resetting a user's password
  Resetting the original administrator account password
  http://docs.info.apple.com/article.html?artnum=106156
  You do not have a CD/DVD
  Changing password from single user mode:
  You can also change the administrator's password from single user mode or create a new administrator account.
  You need to get into single use mode for steps one and two that are listed below.
  This page will tell you how to get into single user mode.
  http://support.apple.com/kb/HT1492
  Basically, you hold down the command-s key then powering on your machine. The command key has a little apple symbol on the lower left. It is between the alt/option key and the space bar. On a PC keyboard, it will be the windows key, I think.
  1) You can change the password on an account. ( Do you know Unix. You are in a Unix single user console. ) The setup commands you need should be listed on the screen. For Mac OS 10.4.11, the commands are:
  # Type the follow two instructions to access the startup disk in read/write:
  /sbin/fsck -fy
  /sbin/mount -uw /
  # Start up some utility processes that are needed.
  sh /etc/rc
  # You will probably need to press the return key once the system stops typing.
  # To find out the users on the system type, use the list command. The l is a lower case L:
  ls /Users
  # One of these accounts will be the administrator.
  # Pick one of the users which I'll call a-user-name and type it in this command:
  passwd a-user-name
  # and enter the new user password. You need six characters.
  # You will need to enter your password twice. Your typing will not show up on the screen just
  # press enter when you complete the typing.
  # For cryptic information on these commands try:
  man ls
  man passwd
  The root account isn't enabled by default. I am not sure if changing the password on root will enable it.
  2) Get the Mac to set up an additional administrative account. You can then change the password on your old account.
  Start with your computer power off. Hold down command-s. Power on your computer.
  Type in the following:
  The first two commands will depend on your release of Mac OS X. Look at what is typed out in the console to determine the exact format.
  # Type the follow two instructions to access the startup disk in read/write. Press return after each command.
  /sbin/fsck -fy
  /sbin/mount -uw /
  cd /var/db
  pwd
  #List all files. The l is a lower case L.
  ls -a
  #The move command acts as a rename command in this format.
  mv -i .applesetupdone .applesetupdone.old
  reboot
  Once you've done that the computer reboots and it's like the first time you used the machine. Your old accounts are all safe. From there you just change all other account passwords in the account preferences!!
  Limnos adds detailed explainations:
  http://discussions.apple.com/message.jspa?messageID=8441597#8441597
  The above the idea came from a post by JoseAranda at September 9, 2006 3:48 AM
  http://www.askdavetaylor.com/howdo_i_reset_my_mac_os_x_admin_rootpassword.html
  You will need to scroll down to see this post. Search for applesetupdone
  Or see:
  http://superpixel.ch/articles/running-setup-assistant-again/
  Once you have a new administrative account, you can change the password of your old administrative account
  blue apple > System Preferences > Accounts

• Granting workstation admin rights to windows users

  Is it possible to setup OD users to have administrator rights on the local workstation? In order to do this the user needs to be a member of the Administrators group on the local machine, however, I can't see any way of doing this in Workgroup Manager.
  Thanks
  Ian
  iMac CoreDuo   Mac OS X (10.4.6)  

  To make an account defined in Open Directory an administrator of a client's local domain, you have to define that account as an administrator at the client system.
  On a Mac OS X system, log on as that user, then open the Accounts preference pane. Authenticate as an existing local administrator, then select the network account in the list and check "allow user to administer this computer." This effectively adds the network account as a member to the local admin group, as well as to the /etc/sudoers file, for allowing root access via su.
  On a Windows XP system, log on as that user, open Control Panel, then Users & Accounts. You should have to authenticate as an existing local administrator to be able to continue. Select the network account and edit it, changing its type to Administrator. Note that you must have Windows XP Pro to do this; XP Home won't work.

• Cannot set admin right to my user root account has STANDARD RIGHTS!

  I had this common problem, my account turned to standard.
  I followed the instructions here.
  I changed the root password from the install DVD, restarted.
  logged in as "root", but the root user has standard rights as well!!
  therefore I cannot change the rights of my user...
  any suggestions?

  Wow, it looks like you went for the deluxe bugs package.
  ..."now I'm the adminstrator. but this didn't change the fact, that folder I'm creating ( doesn't matter where ) have "read only" rights for the admin. system has read write....
  You hadn't mentioned that before, but actually that sounds like a completely different problem, one that can be caused by using "repair permissions" on a 10.5 volume while booted from a 10.4 (or earlier) disk - this might also include having used "DiskWarrior" to repair permissions (something the manufacturer advises against). Unfortunately, Apple is in the process of revising how "repair permissions" works, and the new method in 10.5 doesn't appear to be fully implemented. As a result, it does not fix this problem, which is purely a permissions issue. If this is indeed the problem, the most straightforward way to get back to a normal system is to reinstall - an "archive and install" while preserving network and user settings should be sufficient for this particular issue. If you are comfortable with the command line, it may be possible to change permissions manually - it would be necessary to attempt a permissions "repair" or "verify" under Leopard, and to record and carefully analyze the messages to determine what needs to be fixed, and how.
  The "Finder" crashes are due to another bug - the GUI crashes when there are files or folders with a group ID that doesn't correspond to a group record in "DirectoryService". There are various strategies to use as workarounds: if all of the problem files have the same group ID, it is probably fastest just to create a group record for that group. If there are a number of different groups involved, doing a batch change of group from the command line might be easier. To get an ideal of what groups are involved, the following command can be used to display the various factors regulating access to a particular file or folder - try using it to survey a selection of different items exhibiting the problem:<pre>
  ls -elO /path/to/item</pre>
  Copying the items to an external drive, then copying them back to a folder that does not display "(unknown)" in "Get Info" might be another strategy (but note that there have been some reports of data loss copying large amounts of data - even after the 10.5.1 update, and even copying instead of moving). Ultimately, these are just workarounds and Apple really needs to fix this sooner than later - it's getting stupid.
  But actually, considering all of the different issues you are experiencing, backing up the data to an external drive (and verifying the integrity of the backup), then performing a full "erase and install" might be the one stop solution. I'm not sure about the best strategy for reimporting the data once that is done since I have never used the Apple tools and do not know how they handle ownership and permissions (what is perserved, etc.) - hopefully someone else will be able to fill in those details.
  So you were bitten by the "Get Info" crash bug, a second issue caused directly by following what turned out to be bad advice in an official kb article, and had a permissions problem that couldn't be resolved using the tool that is supposed to deal with permissions problem. I'd call that a Leopard beta hat trick.

• I've lost the admin rights to my hard drive...?

  All of a sudden I can no longer add/remove things on my HDD.  I have my OS on a SSD and I've been able to access everything just fine until yesterday...Is there any way to fix this without system restore?  I'd really rather not go through that
  headache...

  Login with Admin account --> Browse to the HDD --> Goto Security tab, in properties --> Take ownership --> Once its complete --> add your ID to ACL and give full rights. 
  Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
  the thread.

• Cannot update BIOS on Tecra A9 due to the admin rights

  Hello,
  I want to update the BIOS of my A9 Tecra from 1.70 to 2.10 for (Windows XP SP 2).
  When I start the update (P0054v210.exe), I get the error message: "[Error] The starting of service was aborted. The user does not have administator privilieges".
  The eventlog entries are:
  Application:
  ErrorCode: 9
  Source: CHGBIOS
  Description: "CHGBIOS" (The complete message are on german and this forum not allow german error messages, because they "contains profanity or inappropriate language")
  System:
  ErrorCode: 7000
  Source: Service Control Manager
  Description: "NCHGBIOS2SVC" not found. (The complete message are on german and this forum not allow german error messages, because they "contains profanity or inappropriate language")
  I started the update as the local Administrator but it doesn't work.
  Can someone help?

  Ive heard that the common modules are very important, so I would reinstall the common modules and try the BIOS update again.
  Are you sure your Antivirus is not blocking the BIOS update? Disable it and see how that goes.

• Read user groups from realm. Admin rights to each user ??

  Greetings to ALL,
  I am reading users, groups from realm. If I give the user admin priviliges I am
  able to get the information else I get the error weblogic.management.NoAccessRuntimeException:
  Access not allowed for subject: principals=[ruser1, B10AP01, B10MP01, B10MP03A,
  B10MP03], on ResourceType: Security:Name=myrealmDefaultAuthenticator Action: execute,
  Target: listGroups
  Is there more effective way to read the information.
  I can execute the program standalone ( from DOS PROMPT) and read all information
  if I do the following
  adminHome = (MBeanHome) Helper.getAdminMBeanHome (username,password,url);
  But when calling from the application I get the above error.
  Any code, suggestion will be very helpful.
  Fred

  "Fred Boon" <[email protected]> wrote in message
  news:3fa7cb98$[email protected]..
  >
  Greetings to ALL,
  I am reading users, groups from realm. If I give the user admin priviligesI am
  able to get the information else I get the errorweblogic.management.NoAccessRuntimeException:
  Access not allowed for subject: principals=[ruser1, B10AP01, B10MP01,
  B10MP03A,> B10MP03, on ResourceType: Security:Name=myrealmDefaultAuthenticatorAction: execute,
  Target: listGroups
  Is there more effective way to read the information.
  Commo mbeans require admin role in order to be able to invoke methods.
  I can execute the program standalone ( from DOS PROMPT) and read allinformation
  if I do the following
  adminHome = (MBeanHome) Helper.getAdminMBeanHome (username,password,url);
  But when calling from the application I get the above error.
  Try doing a runAs with a subject that has admin role.

• Question on ADMIN rights for EP user with ECC also installed on same system

  Hello EP/ECC gurus
  I have a situation here where we have installed EP and ECC on the same system using same SID and system number.
  I have logged into ECC using a user name that has been registered as a developer.
  I can create a table, populate with data etc., without any problem.
  However, when we try to use EP, we are getting errors that the says that there are no roles assigned to this user.
  What are we doing wrong? Any suggestions or recommendations will be highly appreciated.
  Thanks
  Ram

  Hi Ram,
  When the installation of EP was performed it should have created a user named J2EE_ADMIN. Try to log on to the portal with this account (password should be known from time of installation). You can examine the user/role assignments of your developer user and assign the portal roles you would like that particular user to have accordingly.
  Regards
  Daniel

• Is it can grant an admin right for special application ?(No Runas as Administrator)

  Dear All
  Background: We have an application which run on users group in server 2000 SP4 is normal.
  We want upgrade the OS to Win7 , on the Win7 the application can not launch on normal users group.
  I was try the properties of compatibility to server 2000 and choose "Run this program as an administrator" and edit the regedit key permission , both of all is not work on my case.
  It is ok right-click the application and runas as administrator, but on the other hand I find runas administrator has some other error with the application.
  May I know is it has a method can grant the admin right to special user when running special application ?
  Regards All

  Hi,
  What application can not run in Windows 7? I think there is a application compatibility issue, so please attempt to run Program Compability troubleshooter.
  Also, you said you got some error while you ran as administrator with runas command. And what are the errors?
  RUNAS /user:<Username> Program
  Based on my knowledge, we cannot grant the special user with admin right unless you add this special user to Administrators group. When a special user is running a application requiring administrator permission, it will prompt to input administrator username
  and password.
  Andy Altmann
  TechNet Community Support

• Deployment Software on user with no admin rights

  Hello,
  We are using SCCM 2012 R2 and our environment machines are Windows 8.1 with no admin rights for all users.
  We are trying to deploy some sprecific software but with no luck.
  On the Deployment method we specify "Install for User" and what happens on User side is "Past due it will be retried".
  If I modify my script and instead of /qn I use /qb I have the UAC control that pops up.
  But from my understanding SCCM should install the software as system account.
  How can we do to make it work?
  Thank You,
  Chris

  Hello,
  I have already bypass my problem using the "install for system".
  Creating 2 deployment method. One for the application (msi) "Install for system" and the second for the settings (cmd) "Install for User" and it works like a charm.
  But there is no way for SSCM to elevate the privileges when installing an application with "Install for user" set?
  Chris

• Firefox Silent updater will not work unless I launch Firefox.exe one time with Admin rights

  I am building a Firefox 17.0.4 ESR package to use for my Enterprise. Everything is working great except for the updater piece. I am using the configuration.ini file during the install with the command MaintenanceService=true turned on, and a mozilla.cfg file with updates enabled, pref("app.update.enabled", true). I am running the install both manually, and through SCCM with Admin rights, including the maintenance service. After the install runs, I open Firefox as a limited user and go to Help->About, and it says Updates are available at www.firefox.com, and that the browser is set to the ESR release channel.
  In all my troubleshooting, the only 2 sure ways I have found that make the auto updates work for a user were to run firefox.exe as an admin 1 time, or to install the base esr package as an admin after my install package. That will fix it for the logged in user only, but another user would run into the same issue. It appears that something is not installing correctly, but I cannot determine the cause.
  My install command is:
  Firefox Setup 17.0.3esr.exe /INI=%INST%\Configuration.ini

  In my organization, we have removed Admin rights from all users, but use a product that can elevate any .exe with create a policy for to run with Admin rights. We have a policy set for updater.exe and it does work for future updates, just not this first update after install until Firefox itself is run as Admin for the first time. My thought is that when Firefox and the Maintenance service are installed with Admin rights through SCCM, the maintenance service should have inherited rights from that install. Forgive me if I am wrong in my conclusion.

• How can I remove admin rights to a mobile user group

  Hi Every one.
  I am using Snow Leopard in an environment of about 1200 users. I need to strip the admin rights (i presume by a script accessing DCSL) from a group of Mobile Account users.
  Does any body have suggestions on how to do this?
  thanks
  Matt

  Sorted out using DSCL in a script.

• Suddenly lose admin rights, and odd occurences

  I have no clue what has happened here so any help would really be appreciated.
  I log in as normal with my admin account. Everything seems fine. Then after a few minutes I suddenly notice the admin rights I had a second ago have disappeared, even though I am still logged in and have not touched a thing. Something somewhere has changed and I am unable to run some programs, change some system settings etc.
  Also during this 5 minute period my System Preferences changes. When I log in it is initially as I recognise it and as it has always been. After about five mins (and at the same time as the admin rights go) an "Ink" icon to the Handwriting recognition program has appeared. I have no tablet or anything similar and never have had!. In the sharing options my settings are different too. Things i had turned on are now off. (When i re log in again, for the first 5 mins everything is back to normal again)
  In the 5 mins that I have rights, I have run system optimzer and repaired permission, prebindings, run maintenance scripts etc but it still happens.
  Has anyone got the faintest idea what is happening. I literally had a working Imac, went away for a couple of days and come back to this. Help!

  Within the first five minutes of logging in, open the Activity Monitor in the /Applications/Utilities/ folder as well as another application, and see what account the second application is listed as running as. After the five minutes are up, launch a third application and check the same thing.
  In addition, around the time that you lose administrator access to the machine, check whether the name of the item in the Finder's sidebar changes, and whether you lose administrator access in a program which is running when the five minutes run out.
  As well as that, within the first five minutes, issue the following Terminal command:
  sudo tail /private/etc/sudoers
  Post back with the complete results of this command, including whether or not you were prompted for a password when running it.
  (15863)

• Too many different admin rights, user preferred

  Hello,
  I have after migrating to my new Mac, 5 accounts, almost all with admin right now.
  Two migrations, the second one done with admin rights, doubled the number of accounts...
  I want to keep all accounts, that is ok - I use only one as main, with my first admin account on my old Mac, being left as "history".
  Now I need to get help with
  How to put all admin rights more normal than now, when I've got:
  staff, admin, system, and three different user accounts with admin rights.
  I had to give them admin rights in order to get Mail migration done, this worked ok when I did the second migration, and got more accounts..
  I want to get advice on what type of model/principle to aim for, for the admin rights all over the file system,
  I would love to have the rights as simple as possible, no special entries for all the above admin accounts.
  So, should I use my main admin account, which was the main account on my last Mac, and have
  my currently used account (with admin rights), reworked as a User account, just to be more safe,
  although Mac security seems to be improving.
  I am very unsure of how much I have to rework the rights on things in my whole file system,
  in order to normally be able to run using only a normal user account, with no admin rights.
  Things seem to work ok, now when everything is admin, but I'm afraid that I'll get many Apps
  starting to have trouble if I don't have rights set smartly.
  Thanks for any ideas about how to do this using as few principles as possible!
  Thanks,
  /groundliner

  I think it would be far to messy to do things over, since I've used the new setup for two month or so. I have, after the migration, evacuated the internal Macintosh HD's contents with 5 accounts, to my new external SSD.
  And it is of course not so easy to return to what the internal, dimounted partition contains, now a few weeks afterwards. And then I've had Mail and everything running for a month before that, after the messy migration. A problem also is that my Time Machine volume would get crowded with everything on the one drive. After all this...
  Installing a new system with recovery mode, was what I did when I did the second migration. But that whole adventure scared me a bit also, that I have to plan things before doing anything. I did not. I did not either know that my Snow Leopard partition had to go. (I bought a few new Upgraded Apps).
  One further problem I have, is that my Migration was done from my Time Machine volume, and now I have two, three Western Digital HDs, and they are hardware encrypted, so they had to be unlocked before I could do any Migration. I felt that I had to plan that, but it just got done a bit too fast. Also, I had trouble Importing all my mail into Mail, so Apple support recommended me to do a migration again using an Admin account. - So I got too many accounts, and it's no big hurry to clean out the somewhat doubled folders. (And I own "Spring Cleaning", so I can somewhat easily compare which folders are identical between the doubled accounts.)
  With your method I agree that I maybe could succeed getting a copy on my machine of everything on the old one. And eliminating things, I was pretty satisfied with having not copies of very much on the old one. That mess was the result of two Migrations. And that I accidentally, after the second Migration, got Time Machine starting suddenly - so I have backups that are unnecessary with intermediate results.
  Thanks, I'll look at the Setup New Mac guide.
  The sorting out of permissions is maybe only neccessary to do on the folders in Users/* and the like.
  And then I'll not touch the permissions for system, (but wheel have I not yet seen on the Mac).
  I know that I have added rights for administrators here and there, but I strongly suspect I only did that on the top levels. Also, some of my migration problems had to do with evacuating my main (Admin) account on my old Mac - I got tired of a messy account, and did some cleaning out and moved User data to a new (user) account. Apple support told me how to do some of the transferring, like moving Mail files and other stuff.
  Thanks anyway!
  /groundliner

• Access developer version with admin rights

  I have MS SQL Server 2012 Developer version installed on my local machine using Windows 7.
  I lost my access to SQL Server local developer version when my company change policy to remove admin rights to local machine for some reason.
  Since I lost local machine admin rights, I am unable to access MS SQL Server 2012 developer version.
  I would like to know are there any work around to access MS SQL Server 2012 Developer version without local admin rights for Windows 7.
  Your help and information is great appreciated,
  Regards,
  Souris,

  Hello Souris ,
  Please , could you provide more information about your problem ?
  Are you unable to create new databases ? The error messages would be appreciated.
  I don't think that you have posted in the "good" forum , but for a moderator , it is difficult to find a better forum as we don't know what it is happening on your computer.
  I think that you should always be able to create databases in your own directory Users\yourusername on which you should have every access rights . The main problem could be to start/stop the SQL Server service as you need some minimum administration rights.
  Please , could you tell us whether the lost rights are on the Windows 7 level or on your SQL Server level ?
  To connect , you should have at least the db_datareader and db_datawriter permissions on the databases you are using ( I would add db_backupoperator to restore a database in case of errors )
  You should have the public and maybe dbcreator ( if you have to create new databases ) and of course your login must be enabled and have the permission to connect to the database engine .
  As we don't know what your are doing with the databases with your SQL Server Developer edition , we are unable to help you without more precise information.
  We are waiting for your feedback to try to help you more efficiently.
  Papy
  Mark Post as helpful if it provides any help.Otherwise,leave it as it is.