Setting workgroup backup permissions for server admin user

Similar Messages

• How to allow access to winrs for non-admin user?

  I have Windows Server 2012 (and Server 2008, but it is next priority) to monitor it using txwinrm. txwinrm library internally is using WinRS protocol. I have to monitor it using least privileged user, but don't know how to configure access for him.
  All I managed to do - is to configure remote Powershell session for my user, but it's look like that winrs and powershell sessions have different security descriptors:
  Invoke-Command -ComputerName 192.168.173.206 -Credential (credential Administrator $pwd) -ScriptBlock { 2 + 2}
  # gives 4
  Invoke-Command -ComputerName 192.168.173.206 -Credential (credential lpu1 $pwd) -ScriptBlock { 2 + 2}
  # gives 4
  winrs -r:192.168.173.206 -u:Administrator -p:$pwd 'powershell -command "2+2"'
  # gives 4
  winrs -r:192.168.173.206 -u:lpu1 -p:$pwd 'powershell -command "2+2"'
  # Gives Winrs error: Access is denied.
  Configuration for my user is following:
  (Get-Item WSMan:\localhost\Service\RootSDDL).value
  # O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;S-1-5-21-3231263931-1371906242-1889625497-1141)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)
  (Get-PSSessionConfiguration -name Microsoft.Powershell).SecurityDescriptorSddl
  # O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;S-1-5-21-3231263931-1371906242-1889625497-1149)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
  (In each security descriptor my user is given general access to protected object).
  So what security descriptor should I set to make my winrs query work for non-admin user?

  Hi Bunyk,
  I can not recreate the erroe you posted, and please also post the screenshoot in your convenience.
  I tested with a non-domain user but has the local admin permission of the remote computer, and this worked, before running the remote cmdlet in powershell, I also configured the TrustedHosts.
  In addition, the access denied could be also caused to the Protocol Filtering on the remote server, for more detailed information, please refer to this thread:
  winrs error:access is denied
  I hope this helps.

• Remote Desktop Service Manager - configure permissions for Remote Desktop Users to Send Message, Disconnect, Logoff

  Hello, dear colleagues.
  We are using Windows Server 2012 R2 as Remote Desktop Server. Also use Windows Server 2008 R2 with Remote Desktop Service Manager to control RDS user sessions (Send Message, Disconnect, Logoff, Query Info). 
  Send Message, Disconnect, Logoff options works only for users in Administrators group.
  I can't to configure permissions for Remote Desktop Users, specific user or AD group. 
  To set permissions I'm running RDS Host Configuration on Windows Server 2008 R2 and connect to Windows Server 2012 R2. Then double-click
  RDP-Tcp, Security tab, add specific user account , AD group or configure
  advanced permissions
  for Remote Desktop Users.  
  But, as I sad above, these options works only for users in Administrators group. How to make it work for Remote Desktop Users or specific user, AD group?
  Thanks.
  P.S. If move specific user from Remote Desktop Users group to Administrators group on
  Windows Server 2012 R2 - it works. 

  Hi,
  You can prevent administrators from changing the permissions for a connection by applying the
  Do not allow local administrators to customize permissions Group Policy setting. 
  This Group Policy setting is located in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security
  Apart there is one command with which you can set the permission for that check the related
  article. Additionally checkthis
  thread for more detail.
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• QuickTime fails to initialize for non-admin users (Error 63441)

  I have installed iTunes 6.0.4 (including QuickTime 7.0.4) on my XP PC. iTunes and QuickTime work fine for the Admin users, but not for non-Admin accounts.
  iTunes crashes with the generic Microsoft 'send error report' message; QuickTime gives "QuickTime failed to initialize. Error # 63441".
  Any help / suggestions appreciated.

  Eventually fixed it!
  As mentioned in numerous other posts this came down to an issue with registry keys.
  Updated the permissions for HKEYLOCALMACHINE\SOFTWARE\Apple Computer, Inc.\QuickTime to give 'Full Control' to 'Everyone'.
  Initially had a lot of difficulty accessing the Apple Computer, Inc. branch - kept getting 'access denied'. This turned out to be because there was no owner set for the key. Once I had made myself owner I was able to make the other changes.

• Propagate permissions with Server Admin?

  Can someone help me change permissions using Server Admin under Mac OS X10.5.7?
  I am able to set permissions to a single file or folder, but when I go to propagate the permissions to sub folders and files server admin just hangs. The status bar pops down and spins until I force quit. The permissions never propagate.... This is driving me nuts! ( I could do it by file by file, folder by folder but I have thousands to change.)
  Am I doing something wrong? This seemed to work fine in past versions of the OS....
  Thanks,
  Robert
  Message was edited by: Robert LaRocca

  A better way to propagate permissions is to use chmod to set your ACL. See the following post for a basic example that resets ACLs and adds a new one granting read/write access for a group:
  http://discussions.apple.com/thread.jspa?messageID=9488313&#9488313
  As mentioned, you could simply change the POSIX permissions to 0777 (which grants read and write for the POSIX owner, POSIX group, and POSIX everyone fields). This solution will not apply the same permissions to newly-created files or folders and copied items, however.
  This means that you'll have to continue propagating permissions (chmod -R 0777 /example) each time a new file or folder is created or copied. Not fun.
  Using an ACL entry that has file_inherit and directory_inherit controls will ensure that the particular ACL entry is inherited to a newly-created or copied file or folder.
  See my other posts for a detailed explanation of how new, copied, or moved items get their permissions:
  http://discussions.apple.com/message.jspa?messageID=9209840#9209840
  and
  http://discussions.apple.com/message.jspa?messageID=9134807
  Hope this helps!
  --Gerrit

• Itunes hangs for non admin users

  I've got itunes 10.6.3 running on 10.6.8 Macs which are joined to AD and OD for network authentication.
  When starting itunes as anything other than an administrator (local or domain) itunes simply hangs - on the very first run you can Agree to the EULA but after that it hangs at the startup. Sometimes you get the authentication dialogue for our proxy server but not always.
  I've checked and the proxy isn't even receiving any requests, and it works fine for an admin user. I've taken the proxy out of the users preferences and it still hangs.
  So is itunes dead in the water for non admins, or do I have to resort to the Windows 95 days of making everyone an admin of the Mac?

  Fgi42 wrote:
  The backup destination is an OpenSolaris ZFS directory shared with netatalk.
  That doesn't sound like a supported destination for Time Machine backups. See Apple's Disks that can be used with Time Machine.
  You'll probably need to find someone familiar with the OpenSolaris OS.

• Acrobat 7 requires admin password at every launch for non admin users?

  acrobat 7 requires admin password at every launch for non admin users?
  any one with a solution or similar problem?
  thanks for any help.

  I've been avidly following all of the threads regarding this issue...yet none of the solutions have worked for me. I've got 11 Mac users that do not use the Creative Suite..only Acrobat, Quark, etc. I've tried installing and re-installing through both Admin and User accounts, I've tried the AdobeBib XML change, I've tried enabling Root and installing, changing permission on the Acrobat folder, etc. all to no avail. I still get asked for Admin Authentication every time Acrobat and Distiller are opened (except on the Admin account side). This is happening on one particular Mac (G4, 1GB Ram, OS 10.4.3) for both Acrobat Standard 6 and 7 as well. The biggest issue that also happens in tandem with the Acrobat installs is the inability to print from Quark. I get the following error when printing: "The process "pictwpstops" terminated unexpectedly on signal 6." Because of the necessity to print Quark documents, I have uninstalled all Acrobat on the machines until we can get a fix. This resolves the printing problem with Quark. The only option left is to set up all users as Admin accounts - which I really do not want to do. Any other suggestions out there? I've got more information available if needed.

• How to hide the page ribbon and quichlaunch for non admin users

  HI
  1 ) how to hide the ribbon in a page in sharepoint 2010 for non administrator users  
  2) how to hide quicklaunch also for non admin users
  in quick lanuch i want to hide links for all site content also.
  i used Document Center Template to create my web application.
  adil

  HI
  i did not get how i use this control 
  <Sharepoint:SPSecurityTrimmedControl
  runat="server"
  PermissionsString="FullMask">
  2
    <div>
  3
      <SharePoint:SPLinkButton
  id="idNavLinkViewAll"
  runat="server"
  NavigateUrl="~site/_layouts/viewlsts.aspx"
  Text="<%$Resources:wss,quiklnch_allcontent%>" AccessKey="<%$Resources:wss,quiklnch_allcontent_AK%>"/>
  4
    </div>
  5
  </SharePoint:SPSecurityTrimmedControl>
  adil

• User Interface Access Customisation for non admin users

  Hi,
  It is understood that for non-admin users, some features of the Planning Interface is not enabled and this can be controlled by proper access permissions. But, is it possible to extend the customization to provide some additional features in the menu bar for an user?
  For example, if View User wants to manage task lists. Is it possible by some sort of customization? Please advise.
  Thanks.

  Hi,
  You can create right click menus, and you can also create links on the tools page. Would any of these help you?
  Here is the doc on those subjects:
  Creating and Updating MenusAdministrators can create right-click menus and associate them with data forms, enabling users to click rows or columns in data forms and select menu items to:
  Launch another application, URL, or business rule, with or without runtime prompts
  Move to another data form
  Move to Manage Approvals with a predefined scenario and version
  The context of the right-click is relayed to the next action: the POV and the Page, the member the user clicked on, the members to the left (for rows), or above (for columns).
  When designing data forms, use Other Options to select menus available for Data Form menu item types. As you update applications, update the appropriate menus. For example, if you delete a business rule referenced by a menu, remove it from the menu.
  To create, edit, or delete menus:
  Select Administration, then Manage, then Menus.
  Perform one action:
  To create a menu, click Create, enter the menu's name, and click OK.
  To change a menu, select it and click Edit.
  To delete menus, select them, click Delete, and click OK.>
  Specifying Custom ToolsAdministrators can specify custom tools, or links, for users on the Tools page. Users having access to links can click links from the Tools menu to open pages in secondary browser windows.
  To specify custom tools:
  Select Administration, then Application, then Settings.
  For Show, select Advanced Settings.
  Click Go.
  Select Custom Tools.
  For each link:
  For Name, enter the displayed link name.
  For URL, enter a fully qualified URL, including the http:// prefix
  For User Type, select which users can access the link.
  Click Save.

• Enter a password for the ADMIN user,Error in installing Oracle Apex,

  hi, everybody,
  Greetings,
  Iam trying to install oracle Apex, By coming this step it shows this error, Could you Please help me to solve this error.
  SQL> @apxchpwd.sql
  Enter a value below for the password for the Application Express ADMIN user.
  Enter a password for the ADMIN user []
  Session altered.
  ...changing password for ADMIN
  l_error_lines wwv_flow_global.vc_arr2;
  ERROR at line 3:
  ORA-06550: line 3, column 28:
  PLS-00201: identifier 'WWV_FLOW_GLOBAL.VC_ARR2' must be declared
  ORA-06550: line 3, column 28:
  PL/SQL: Item ignored
  ORA-06550: line 5, column 5:
  PLS-00201: identifier 'WWV_FLOW_SECURITY.G_SECURITY_GROUP_ID' must be declared
  ORA-06550: line 5, column 5:
  PL/SQL: Statement ignored
  ORA-06550: line 6, column 5:
  PLS-00201: identifier 'WWV_FLOW_SECURITY.G_USER' must be declared
  ORA-06550: line 6, column 5:
  PL/SQL: Statement ignored
  ORA-06550: line 7, column 5:
  PLS-00201: identifier 'WWV_FLOW_SECURITY.G_IMPORT_IN_PROGRESS' must be declared
  ORA-06550: line 7, column 5:
  PL/SQL: Statement ignored
  ORA-06550: line 15, column 31:
  PLS-00201: identifier 'WWV_FLOW_SECURITY.STRONG_PASSWORD_VALIDATION' must be
  declared
  ORA-06550: line 15, column 5:
  PL/SQL: Statement ignored
  ORA-06550: line 22, column 35:
  PLS-00201: identifier 'WWV_FLOW_UTILITIES.STRIPHTML' must be declared
  ORA-06550: line 22, column 9:
  PL/SQL: Statement ignored
  ORA-06550: line 25, column 9:
  PLS-00320: the declaration of the type o

  suresh.m2015,
  It's going to be impossible for anyone in this forum to help with your issue if you don't provide any more detail about your environment and Apex installation. However, from your post it looks like the Apex database objects are missing or invalid.
  Did you follow the Apex installation guide step by step? For example, did you run apexins.sql?
  It's important to follow the documentation. The script you are running to change the admin user password should not be run until after the Apex installation is complete.
  --Keith Malay                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       

• Safari 5 seems to have slowed the OS for my Admin user account

  After installing Safari 5 (now 5.0.2), and after a few Safari hangs and force quits, my OS for my Admin user account has become slow. Opening folders and seeing the contents is slow; moving small documents from folder to folder is very slow; cutting and pasting text in a MS Word document sometimes takes two or three tries, as the text highlighting cursor function has slowed. (Interestingly, Safari's basic click and pageload functions seem to work fairly normally, but with the same highlighting and copy/paste slowness that affects all other programs. Also, my mouse pointer moves quickly as per normal.)
  However, I created a new user account as a test comparison and found that the new user account is NOT slow. It works perfectly fine.
  Any thoughts on what I should do? Is my original Admin account corrupted? Is it possible to simply move my personal files (Word docs, iTunes songs, bookmarks) to the new user account and then delete my original Administrator account?
  What should I do? Thanks everyone.

  Well, it was worth a shot.
  How full is your hard drive? Always a good starting point for diagnosing slowdowns.
  Sometimes running periodic maintenance scripts helps, because it cleans some caches that a Safari reset won't. The scripts are supposed to run automatically in the wee hours of the morning when most people are computing, but the problem is that they only run if the computer is on and not sleeping. Not too realistic.
  This article in an excellent series of "keep the Apple sweet" articles talks about the scripts and how to run them manually:
  http://thexlab.com/faqs/maintscripts.html
  They are less important in later incarnations of Mac OSX as some o the tasks they do were shifted to start-up, but doing them is worth trying.
  Also use Activity Monitor to check for a runaway background process. It's possible that this could affect only one user account. If you've not used Activity Monitor before, make sure you change its "Show" option from the default of "My Processes" to "All Processes" or you might miss some nasty troublemakers. Also click in the "%CPU" column header to sort by processor usage. With no user apps running, (basically an idling computer) no single process should demand more than ~5 percent of the processor. Let AM display for a few minutes while you watch it, as some processes toggle back and forth as they activate.
  Running any anti-virus software? Most does more Mac-harm than Mac-good.
  Keep us posted!
  A

• How to set password complexity and expiration for ClearPass admin users

  Requirement:
  As a server admin, i wish to set complexity for my ClearPass admin (management login) password and also as per company policy wish to set password expiration. This document explains how it can be achieved.
  Solution:
  From ClearPass 6.5.0 a new Password Policy Settings form was added for both local users and admin users.
  Configuration:
  To use this option, go to either Administration > Users and Privileges > Admin Users > Password Policy or Configuration > Identity > Local Users > Password Policy. Options that can be configured for the password include length, complexity, disallowed characters, disallowed words, disallowed user ID or repeated characters, and the number of days to expiration.
  Admin User
  Local User
  Verification
  In Password Policy updated the password complexity as following (atleast one uppercase and one lowercase letter and 3 as disallowed character). Also set the Password expiration to 5 days.
  After that tried to reset the admin password with character 3 and got an error as following

  Please follow below steps:-
  This is available starting in RUP4.
  The script to expire all passwords in the fnd_user table is $FND_TOP/patch/115/sql/AFCPEXPIRE.sql.
  It can be executed from SQL*Plus or as a Concurrent Program: sqlplus -s APPS/ @AFCPEXPIRE.sql
  or Submit concurrent request: CP SQL*Plus Expire FND_USER Passwords
  This script sets the fnd_user.password_date to null for all users which causes all user passwords to expire.The user will need to create a new password upon the next login.
  Thanks,
  JD

• Default acl permissions for root and user?

  after running permissions i keep getting acl permissions changed and will repair. Apparently it doesn't. Is their a manual way of resetting to defaults for both root and user.

  Turns out they didn't change themselves, but authentication got out of whack. This post fixed it for me, but I just jogged access on ical and blogs. Not sure which or both is needed, but after I toggled them over and back I was up and running again.
  <SNIP>
  Solution found athttp://michaeljin.wordpress.com/2010/01/05/locked-out-of-mac-os-x-server/
  It’s blog update time! Updates have been a little scarce lately, been super busy with getting trophies on PS3
  Anyway, recently encountered the following with a Mac mini server running Snow Leopard Server:
  Despite being able to ARD / Screenshare the Mac mini, I was unable to get any further than the login window. Authentication credentials are obviously valid. No weird access permissions have been set. However, the weird thing was, I can connect to the server via Server Admin tools (from another Mac) and all other services were running without a hitch.
  After much head scratching it turns out to be a sACL (Service Access Control List) issue.
  This thread solved the mystery!
  http://discussions.apple.com/thread.jspa?threadID=1654864
  To save you the trouble, I’ll lay it out here. I cannot take credit for this, but Randall can!
  Open Server Admin on a computer (any), and connect with the local admin to the machine.
  Select the server and authenticate.
  Select Settings, then go to Access. You’ll want to make sure that Login Window and SSH have the local admin account listed if you select the option to “Allow only these users”. For now, I would suggest making sure all services have “Allow all users and groups” selected.
  If (as in my case) it was set to Allow All in the first place, simply toggle the settings – back and forth.
  Save.
  Try logging in again… should be a good one!
  </SNIP>

• Installing CRViewer 11 ActiveX for non-admin users

  I need to be able to deploy the the ActiveX control for CRViewer 11.0.0.2178 (not sure if this is CR11 R1 or R2) for a sizeable number of users who are not admins on their Windows XP (SP2 or SP3) systems.  I can deploy using Microsoft SCCM with Admin permissions if there is an exe version (as opposed to the cab version) but I have not been able to find one.
  If there is not an exe version, is it possible to deploy the cab version outside of Internet Explorer?
  I have tried downloading and extracting the cab from the hosting server, extracting the files, and then manually registering the various DLLs, but that did not work - well, it works on a system with XP only (no other applications) but does not work on a system with our standard software load - possibly due to conflicting versions of existing DLLs and the CRViewer dlls?  I don't know if the DependencyInstaller.exe that is included in the cab needs to be run to complete the registration, or what the command line option for that would be.
  Any help would be appreciated, as I need to get this working quickly, or we are going to have to manually install for some 300+ users in the next week.
  Thanks,
  David

  See Knowledge base [1218519|http://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/oss_notes_boj/sdn_oss_boj_erq/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/scn_bosap/notes%7B6163636573733d36393736354636443646363436353344333933393338323636393736354637333631373036453646373436353733354636453735364436323635373233443330333033303331333233313338333533313339%7D.do]
  I have seen people that have created an installer based on the information contained in this KB.

• Azure backup options for Server 2012 R2 Essentials

  Hello,
  I have configured a new on-prem HP server for a very small (5 users) non-profit client. This is a single server environment, and they use Office 365 for email. I have already configured AD Sync between the two with dirsync. I have installed the Azure agent,
  and imported the certificate, and I am ready to create a backup set.
  This is my first experience with Cloud based server backup - I'm used to products like Backup Exec and tape media. What are my options for backing up this server? Can I only do file/folder backup, as it appears?
  What would be best practice in this situation, as I need to back up the systems state as well? And then, how to restore it?
  All I can think of would be to use Windows Server backup to create a backup of the server, then back that up - but it's so messy, I must be missing something.
  Thank you in advance!!

  Hi,
  You may refer the following link for clear step-by-step procedure on Azure backup:
  http://blogs.technet.com/b/sbs/archive/2014/05/01/configuring-microsoft-azure-online-backup-on-windows-server-2012-r2-essentials.aspx
  As of now, you can only backup File & folders(Even entire drive) but you cannot perform System State backups with Azure Backup.
  For System State backup, as you mentioned about using WSB and then backing it up to Azure Backup vault may be the only work-around as of now. However, you may vote and provide feedback for this feature in
  here.
  You may also refer below links for more info:
  https://msdn.microsoft.com/en-us/library/azure/hh831419.aspx
  https://msdn.microsoft.com/en-us/library/azure/dn722422.aspx?f=255&MSPPError=-2147217396
  Regards,
  Manu