Standardise Local User Set

Hi all,
We're looking at moving over into an ADOD environment having previously only had local users on each machine. We have about 100 or so Macs all with various different local users on them (some with admin access and some without).
We'd like to standardise the local users to just two for each machine (each with a standard password) one 'Local User' for them to use if the network is down, and one 'Administrator' with local admin access.
We'd prefer to do it over Apple Remote Desktop if possible?
Cheers

I can tell you right now this will be a nightmare to setup, but it can be done if you're careful and take the time.
The issue is one of user IDs - even tough you see yourself as a username, everything on the inside uses an associated user ID to keep track of permissions - every file is 'owned' by a specific user ID (not a user name). When you create local accounts on a machine, the OS always starts at the same User ID number.
This means that on one machine, user Joe may have UID 501.
On another machine user Jane may also have UID 501.
That's OK as long as the machines are separate, but if you try to unify them there's no way the OS can tell who should own the file - as far as the OS is concerned the file is owned by user ID 501, and you can't have both Joe and Jane using the same ID.
So what you're going to have to do is create all the users in the main directory and note the user ID that's assigned (or assign a specific one for each user if you prefer).
Then when you bind the client system to the directory server you need to do several things.
First you need to change the ownership of all the files in the user's home directory to their new UID. For example, if user 'joe' on the machine has a new central account with UID 12345 then you could:
sudo find /Users -user joe -exec chown 12345 {} \;
The above command will find all files in /Users that are owned by 'joe' and change them to be owned by user 12345
Then remove the existing user account from the local directory (via System Preferences -> Accounts)
Then bind the client system to the directory server using /Applications/Utilities/Directory Utility
Now users should be able to log on using the central account.
Note, though, that this doesn't deal with using network home directories. In this scenario Jane won't be able to log onto the machine previously used by Joe and see her files because they'll be stored on some other machine.
If you're planning on implementing network home directories then there's an additional step of moving each user's data to the corresponding directory on the network file server that's storing home directories.

Similar Messages

Dynamic Local User Issue

When i look at snapins thru consoleone i can see that Zenwork 7.0.1 snapin is installaed.
I have Novell Client 4.91 SP5 and Zenwork Client 7.0.173.91015 installed on the clients running WinXP Pro SP3.
There is different of failures that happens..
Senario 1:
I install a Latitude D610 with a WinXP Pro SP3 original CD, from scratch. I only install the drivers for the LAN-card to get access to the network. I do not update windows updates etc.
I install the Novell Client 4.91 SP5, after that i install Zenwork Client 7.0.173.91015. And apply some registry settings to make the novell client to use the "tab-function" and hide advanced settings etc..
I have my eDir user "ADMIN1" with the policy package with settings to Dynamic Local User set to create a local user with name Admin, but im not using volatile user. So the local windows user Admin will be saved when logged out.
I login once with my Admin1 user, it creates the local profile Admin from Default User (with the help of Zenworks, and the policy Dynamic Local User?). I restart the computer and login again, and the local profile Admin craches and create a new one from Default User but this local user profile is namned Admin.Computername.
Ive tested this with atleast four other computers (different hardware) so it cant be a driver issue.
Ive looked thru the local logs, and i cant find anything about any problem with reading the NTUSER.DAT as could be a problem to load the local profile.
I even tested this senario when i update all windows updates etc, with two different version of the zenworks client and so on. ive been testning this for like 100 times now atleast. and same failure is happening. Ive even tested this in a virtual environment (vmware workstation).
Senari 2:
Like the problem descried above, in some cases it loss the connection or something with the zenwork server side and the zenwork client on the client computer... Since it does not attempt to use the settings from Dynamic Local User, becuase i got the windows login window, and i have to login to an already existing windows local account (with otherwords i cant login to the Admin-profile since i dont know the login information to this account since its created by zenworks / dynamic local user settings, and from the settings there you cant set a password, just the name and role of the windows accout that should be created)..
And after a while i try again, and then the settings from Dynamic Local User passes by and log into the, (let me say) Zenworks created local user profile (set by Dynamic Local User settings).
I wanna mention that all computers thats old, no reinstallation.. I can login to without problem, without any crashes of the Windows Local Profile.
Ive succeded once without any Windows Local profile crash, rebooted this computer over and over again, and no failure. If you succed twice, it seems like its fine. But then i reinstalled this computer, just like i did to make it success. But this time it failed on the second try, and got a crashed profile....
Its kinda old hardware to the server where i have my Zenworks, could that be the case? Could it be some timeouts?
The concults i use to fix some problems in our environment updated zenworks from the serverside just before christmans.. Could it be any problems with some windows patch etc?
Any help would be appreciated!
// Jokohanho

> installed on the clients running WinXP Pro SP3.
<snip>
> I restart the computer and login again, and the local
> profile Admin craches and create a new one from Default User but this
> local user profile is namned Admin.Computername.
I only know of one XP SP3 issue that could cause this, but it involves a pw
change and RP:
"When you try to log on to a Windows XP SP3-based computer by using a
roaming profile, the roaming profile cannot load."
http://support.microsoft.com/kb/958058
Regards
Rolf Lidvall
Swedish Radio (Ltd)

What happens to my local user data? -newbie question sorry

Hi All,
Firstly apologies if this seems a dumb question, I've scoured the forums but I require something that fits my specific situation.
I've had a (my first) MacBook for about 9 months, built up a fairly healthy local user, setup just how I like it, MobileMe, iTunes, Chrome, iPhoto library, lots of other apps, etc etc and so forth.
I'm setting up a Mac Mini Server, and was wondering what I can do to join the new server, but take all my settings/downloads/iTunes etc with me... I don't want it all stored on the server, but I come from a Micro$oft Windows background. With MS, when you add a PC to a domain, login with the appropriate user account, you have a fresh profile, no settings, no files, no customisations etc etc is this also the case when I hit that Join Network Account server button on my Mac? Will I get a blank fresh account on my Macbook?
I'm guessing this must happen quite often as people start their way into Apple technology and build up a nice healthy local account before branching further into the Apple world...

The two laptops I use everyday have access to all the servers via my network account. It is set so that my user account is listed as having "no home" So I log into the laptop with my local user account with a UID of 501 but access all the network services via the go menu and my network account of the same name but with a UID of 1034.
For all other users in the company, if they are on a laptop, I use network accounts. The machines are managed to ask if the user wants to create a mobile account when they login. For permanently assigned laptop users, the answer is yes. This puts their home on the laptop and ties them to that machine. I use mobile account syncing to make sure their critical data is copied to the server for backup.
By having the machine ask to create the mobile account, users can answer no and login to their network home. The use of the laptop may be needed temporarily if a regular workstation is down.
Once in a while I will need to convert a local account to a network account. While a bit more laborious that setting it up correctly at the beginning, it can be done.
But I never let any user account have the UID of 501. I would set that up as the local admin account I use for installing updates and performing other maintenance. If needed, I would back up the user data and erase and re-install the OS.

How to Move Local Users to Network Domain Users

Before you follow these instructions...... I'm a rank amateur so I'd check to see if the smart kids have corrected my errors or improved on the method in the replies below
The reason for the post is I have good and established local user accounts on all the computers and moving them to domain controlled accounts is the one topic I could not find a script to follow that worked for my low level of knowledge of OS X.
Let me first explain my setup and needs. I'm replacing a Windows Home Server (WHS) with the Mac Mini Server. My goal was to have the Mac Mini as the server holding all our photos, data, etc. and running a user account to run the family iTunes account to feed the Apple TV and be the backup / sync point for a family sized set of iPod Touches, iPads and iPhones. I want to be able to log into each mac and have the same information setting, links, etc........ basically walk around the house, find any mac shaped device not used by someone else, log in and carry on where I was before - with the MacBook Air having a portable account so it can come travelling with us.
The key hardware is...
Mac Mini Server running Snow Leopard 10.6.8
Apple TV
2 x iMac Running Lion 10.7.1 [upgraded from 10.6.8]
MacBook Air running Lion 10.7.1 [upgraded from 10.6.8]
Normal stuff like wifi, hubs and a router doing the DHCP (and for me reserving IP addresses based on the 'MAC Address' to save me having to manually configure all the IP addresses)
Key Resources I used as I learnt how to do this; to level set you all, I'm a relative newcomer to OS X having had a Windows life with Linux for fun, so i'm not a mac or IT specialist but like to play around.
Apple's podcast series 'Apple Quick Tour of Leopard Server' - this is great, it informed me and kept me motivated through all the bah moments, all 33 episodes and it's in the iTunes store as a podcast.
The book 'Mac OS X Snow Leopard Server For Dummies' - I bought this about half way through the whole process and wish i'd bought it earlier, my reccomendation would be get the Kindle version so you can search it for advice.
The excellent information on DNS from Hoffman Labs http://labs.hoffmanlabs.com/node/1436
The video 'Setting up a primary DNS zone.....' from Lynda.com on youtube http://www.youtube.com/watch?v=OOEgQY9oFK4
The Series of PDF document on Snow Leopard Server from Apple http://support.apple.com/manuals#mac%20os%20x%20server%20v10.6
And finally this excellent post from Joe Ferrante which was the core of what I used http://joeferrante.net/how-to-migrate-local-user-account-to-network-user-account -with-networked-home-folder-on-snow-leopard-server/
Right off we go....
Setting up the Server [this took me 6 goes to get it right as I learnt a little each time].
So i'm not going to go through this step by step because it in the 'dummies' book and the videos from Apple above and those will be better than anything I write but here's my details/advice.
I split the primary disc into 2 partitions using disk utility so I could reformat the operating system without moving my data.
100GB for the OS X system
400GB for user data
Install OS X from the DVD, press the buttons based on your desires but stop at the bit about naming you computer titled Network Names
READ UP ON DNS - this one of the reason I had so many goes as it was the 1st time i've set up a server like this using DNS and guessing didn't get me there.
If you don't have one buy a domain name for your network it make it much easier in the long run & is $10 well spent
The name needs to be [the computer name].[your domain name].[com or net or org, etc]
So if you want you computer to be called fred and you bought or have the domain location.com enter fred.location.com in the primary DNS name box
This shoud automatically put fred in the computer name box.
Follow along with the set up guide to finish
After you have finished the set up test the DNS with NSLOOKUP in a terminal window
nslookup fred.location.com in my example and you should get the IP
Add your servers IP address to the list of DNS servers in network preferences on the client mac.
Bind [link] the client computers to the server in Accounts on the client computer - I used the 'dummies' book for this but there's lots of data on the web.
Clean up the user profile on the client to reduce the size of the Home folder as much as possible or the data transfer is loooooooonnnnng - i also connect the iMac on a cable rather than wifi to speed it up.
Read Joe's post http://joeferrante.net/how-to-migrate-local-user-account-to-network-user-account -with-networked-home-folder-on-snow-leopard-server/ and follow along.useful info I learnt somewhere - to get the paths to the folders correct in the terminal window go to the folder in Finder and then drag it to the terminal window and let go - this will put the correct link in the instruction.
You now need to be on a terminal window on your server, with a finder window open and logged into the client as the user you are moving
THE CLIENT COMPUTER NEEDS TO BE LOGGED OUT or logged in as a different user than the one you're trying to move.
so when you're at the right point - type sudo cp -R then hit the space bar, drag the existing user folder onto the finder window, add the /* and hit space then find the users folder on the server and drag that onto the terminal window to complete the instruction.
Hit enter and wait a while assuming it starts ok - i used network traffic on the Activity Monitor utility to check if it was working.
If you got this far and it all worked - login to the profle you moved on any computer linked to the server or the server but not the original client computer to see if it worked and all your setting and data are intact and then delete the profile off the original client if it was ok [archiving the home directory took ages for me].
As you can probably guess most of this was good learning for me and it worked successfully for me in the end, moving all my history, saved password, etc, etc without any problems.
Hope this helps other in the same situation & feel free to expand or correct this if I've missed anything.
Ed

Hi,
I was unable to access the Joe Ferrante information (it appears to now requrie a password and was not able to determine how a username and password were assigned) Would you happen to have a copy of the post that you refer to above?
I am still at the early stages of this process but am hoping that the steps you refer to are going to get me where I want to be. Your stated end goal is where I hope to get to.
Thanks,
Sean

Domain users and local users can't login to reporting service web environment

Hello,
We installed reporting services at one of our customers but aren't able to use domain users to login. We've tried to login with a domain user, a local user but both aren't working. We set the proper permissions for the users on the reports folders.
We can only login with the buildin/administrator account on the local url: http://servername/reports
How can we allow login with domain users on other report manager url's?

Below link may be helpful,
http://social.msdn.microsoft.com/Forums/sqlserver/en-US/623da309-21fa-42a8-905f-1424144a347d/setting-up-a-user-in-ssrs?forum=sqlreportingservices
Regards, RSingh

How to Export local security setting all filed name & value against filed.

HI all,
I am trying to export local security setting from local policy using bellow scrip. but it is showing only these are configured. I need expert help which allowed me to export all filed with value where it is configure or not. Please give me.
$output=@()
$temp = "c:\"
$file = "$temp\privs.txt"
[string] $readableNames
$process = [diagnostics.process]::Start("secedit.exe", "/export /cfg $file /areas USER_RIGHTS")
$process.WaitForExit()
$in = get-content $file
foreach ($line in $in) {
if ($line.StartsWith("Se")) {
$privilege = $line.substring(0,$line.IndexOf("=") - 1)
switch ($privilege){
"SeCreateTokenPrivilege " {$privilege = "Create a token object"}
"SeAssignPrimaryTokenPrivilege" {$privilege = "Replace a process-level token"}
"SeLockMemoryPrivilege" {$privilege = "Lock pages in memory"}
"SeIncreaseQuotaPrivilege" {$privilege = "Adjust memory quotas for a process"}
"SeUnsolicitedInputPrivilege" {$privilege = "Load and unload device drivers"}
"SeMachineAccountPrivilege" {$privilege = "Add workstations to domain"}
"SeTcbPrivilege" {$privilege = "Act as part of the operating system"}
"SeSecurityPrivilege" {$privilege = "Manage auditing and the security log"}
"SeTakeOwnershipPrivilege" {$privilege = "Take ownership of files or other objects"}
"SeLoadDriverPrivilege" {$privilege = "Load and unload device drivers"}
"SeSystemProfilePrivilege" {$privilege = "Profile system performance"}
"SeSystemtimePrivilege" {$privilege = "Change the system time"}
"SeProfileSingleProcessPrivilege" {$privilege = "Profile single process"}
"SeCreatePagefilePrivilege" {$privilege = "Create a pagefile"}
"SeCreatePermanentPrivilege" {$privilege = "Create permanent shared objects"}
"SeBackupPrivilege" {$privilege = "Back up files and directories"}
"SeRestorePrivilege" {$privilege = "Restore files and directories"}
"SeShutdownPrivilege" {$privilege = "Shut down the system"}
"SeDebugPrivilege" {$privilege = "Debug programs"}
"SeAuditPrivilege" {$privilege = "Generate security audit"}
"SeSystemEnvironmentPrivilege" {$privilege = "Modify firmware environment values"}
"SeChangeNotifyPrivilege" {$privilege = "Bypass traverse checking"}
"SeRemoteShutdownPrivilege" {$privilege = "Force shutdown from a remote system"}
"SeUndockPrivilege" {$privilege = "Remove computer from docking station"}
"SeSyncAgentPrivilege" {$privilege = "Synchronize directory service data"}
"SeEnableDelegationPrivilege" {$privilege = "Enable computer and user accounts to be trusted for delegation"}
"SeManageVolumePrivilege" {$privilege = "Manage the files on a volume"}
"SeImpersonatePrivilege" {$privilege = "Impersonate a client after authentication"}
"SeCreateGlobalPrivilege" {$privilege = "Create global objects"}
"SeTrustedCredManAccessPrivilege" {$privilege = "Access Credential Manager as a trusted caller"}
"SeRelabelPrivilege" {$privilege = "Modify an object label"}
"SeIncreaseWorkingSetPrivilege" {$privilege = "Increase a process working set"}
"SeTimeZonePrivilege" {$privilege = "Change the time zone"}
"SeCreateSymbolicLinkPrivilege" {$privilege = "Create symbolic links"}
"SeDenyInteractiveLogonRight" {$privilege = "Deny local logon"}
"SeRemoteInteractiveLogonRight" {$privilege = "Allow logon through Terminal Services"}
"SeServiceLogonRight" {$privilege = "Logon as a service"}
"SeIncreaseBasePriorityPrivilege" {$privilege = "Increase scheduling priority"}
"SeBatchLogonRight" {$privilege = "Log on as a batch job"}
"SeInteractiveLogonRight" {$privilege = "Log on locally"}
"SeDenyNetworkLogonRight" {$privilege = "Deny Access to this computer from the network"}
"SeNetworkLogonRight" {$privilege = "Access this Computer from the Network"}
$sids = $line.substring($line.IndexOf("=") + 1,$line.Length - ($line.IndexOf("=") + 1))
$sids = $sids.Trim() -split ","
$readableNames = ""
foreach ($str in $sids){
$str = $str.substring(1)
$sid = new-object System.Security.Principal.SecurityIdentifier($str)
$readableName = $sid.Translate([System.Security.Principal.NTAccount])
$readableNames = $readableNames + $readableName.Value + ", "
$output += New-Object PSObject -Property @{
privilege = $privilege
readableNames = $readableNames.substring(0,($readableNames.Length - 1))
#else = $line."property"
$output

As an alternate approach wee can preset the hash and just update it. This version also deal with trapping the errors.
function Get-UserRights{
Param(
[string]$tempfile="$env:TEMP\secedit.ini"
$p=Start-Process 'secedit.exe' -ArgumentList "/export /cfg $tempfile /areas USER_RIGHTS" -NoNewWindow -Wait -PassThru
if($p.ExitCode -ne 0){
Write-Error "SECEDIT exited with error:$($p.ExitCode)"
return
$selines=get-content $tempfile|?{$_ -match '^Se'}
Remove-Item $tempfile -EA 0
$dct=$selines | ConvertFrom-StringData
$hash=@{
SeCreateTokenPrivilege =$null
SeAssignPrimaryTokenPrivilege=$null
SeLockMemoryPrivilege=$null
SeIncreaseQuotaPrivilege=$null
SeUnsolicitedInputPrivilege=$null
SeMachineAccountPrivilege=$null
SeTcbPrivilege=$null
SeSecurityPrivilege=$null
SeTakeOwnershipPrivilege=$null
SeLoadDriverPrivilege=$null
SeSystemProfilePrivilege=$null
SeSystemtimePrivilege=$null
SeProfileSingleProcessPrivilege=$null
SeCreatePagefilePrivilege=$null
SeCreatePermanentPrivilege=$null
SeBackupPrivilege=$null
SeRestorePrivilege=$null
SeShutdownPrivilege=$null
SeDebugPrivilege=$null
SeAuditPrivilege=$null
SeSystemEnvironmentPrivilege=$null
SeChangeNotifyPrivilege=$null
SeRemoteShutdownPrivilege=$null
SeUndockPrivilege=$null
SeSyncAgentPrivilege=$null
SeEnableDelegationPrivilege=$null
SeManageVolumePrivilege=$null
SeImpersonatePrivilege=$null
SeCreateGlobalPrivilege=$null
SeTrustedCredManAccessPrivilege=$null
SeRelabelPrivilege=$null
SeIncreaseWorkingSetPrivilege=$null
SeTimeZonePrivilege=$null
SeCreateSymbolicLinkPrivilege=$null
SeDenyInteractiveLogonRight=$null
SeRemoteInteractiveLogonRight=$null
SeServiceLogonRight=$null
SeIncreaseBasePriorityPrivilege=$null
SeBatchLogonRight=$null
SeInteractiveLogonRight=$null
SeDenyNetworkLogonRight=$null
SeNetworkLogonRight=$null
for($i=0;$i -lt $dct.Count;$i++){
$hash[$dct.keys[$i]]=$dct.Values[$i].Split(',')
$privileges=New-Object PsObject -Property $hash
$privileges
Get-UserRights
A full version would be pipelined and remoted or, perhaps use a workflow to access remote machines in parallel.
¯\_(ツ)_/¯

Problem with local users printing to the printer queue

We have just upgraded our servers to 2.8GHz Quad-core Intel Xeon which is running OS X 10.5.6
I have set up the printer queue to the network printers, through LPD.
Open directory users are able to print to the network printers without any problem however when a user local user to a machine (all 10.5.6 but different models) are not able to print.
The printer pauses and does not print.
Any solutions?

Hi there,
I am not quite sure of your setup based on your posting so apologies if my reply is not appropriate.
Are you saying that when the Mac attempts to print directly to the network printer (rather than via a queue created by selecting an Open Directory printer) the printer queue pauses?
If yes, then I would ensure that the LPD protocol was selected and the correct queue name was entered - as this can often cause the spooler to pause.
PaHu

Adding a domain user to the admin role within the local user management breaks all metro apps for all users!!

Hi,
I have posted this in another large thread under the "Windows 8 General" group but have not had any appropriate feedback from MS.
After hours of testing and working with other users I have managed to isolate a simple situation that breaks all metro ui applications within Windows 8 for all users on the machine. Here are my exact steps and notes.
Before continuing if you are running Avast then your solution may be to turn of the behaviour shield functionality as this also breaks metro apps. This is NOT the problem we are having!
I have performed 3 cleans installs after isolating the problem and am able to reproduce the issue every time using the same steps on two different machines.
First thing to say is that for us it has nothing to do with simply joining the domain, domain/group policies nor does it appear to have anything to do with the software we installed, the problem here is much more simple but the result is pretty terrible.
Here are my exact steps of what I did to reproduce our problem:
Complete format of HDD in preperation for a clean install
Clean install performed
Set up the machine initially with a local account
Test metro apps - all working fine
Open control panel from the desktop, click on System, change the system to join the domain, click reboot
Log into the system using my domain account
Test metro apps - all working fine
Here's were the problem starts. I need my domain account to have admin rights on the local machine so I can install programs without the IT men having to come over and enter their password every 5 mins.
I go to control panel via the desktop and click on User Accounts. From with here I then click on "Manage User Accounts". This requires the IT guys to enter their details to give me access to such functionality. This is fine
In the dialog box that opens I can only see the local user that was initially created during setup. The "Group" for this local account shows as "Administrators" - Image included below (important to note that metro apps are working at this point)
I click add and then add my domain account - also giving it administrator access
Sign off or reboot to ensure the new security is applied
Sign back in to the domain account
Test metro - ALL BROKEN
Sign out
Sign in as local account
Test Metro - NOW ALL BROKEN FOR THIS USER ALSO
So as soon as I add my domain account to the local user accounts and set it as admin it breaks all metro apps for all users. This is on a totally clean install with nothing at all installed other than the OS.
Annoyingly if I go back and change the domain account to a standard user or if I totally remove the domain account from the local account management system the problem does not go away for either user. basically it is now permanently broken. The only fix I
could fathom was a full re install and not giving the domain user admin access to the local machine.
Screen one - this is the local user accounts window AFTER joining the domain and logging in with my domain account (All metro apps working at this point)
Screen 2: User accounts AFTER joining the domain and AFTER adding domain account to local user management (METRO BROKEN)
I have isolated my machine from all group policies so nothing like that is affecting me. Users I have spoken to in different companies have policies that automatically add users to the local user management. This means that metro apps break as
soon as they join the domain which leads them to wrongly think it is group policies causing the error. Once they isolate themselves from this they can reproduce following my steps.
Thanks

Hi Juke,
Thank you for the response and apologies for the delay in getting back to you. My machine was running a long task so I couldn't try your suggested solution.
I had already tried running the registry merge suggested at the top of the thread to no avail. I had not tried deleting the OLE key totally so I did that and the problem still exists. I will post all the errors I see in event viewer below. For
your info, since posting my initial comment I have sent out my steps to 7 different people and we can all reproduce the problem. This comes to 10 different machines (3 of them mine then the other guys) in 3 different businesses / domains. We see the same errors
in event viewer.
Under "Windows Logs" --> "Application" : I get two separate error events the first reads "Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: The app didn't start. See the Microsoft-Windows-TWinUI/Operational log for additional
information." The second arrives in the log about 15 seconds after the first and reads "App winstore_cw5n1h2txyewy!Windows.Store did not launch within its allotted time."
Under "Windows Logs" --> "System" : I get one error that reads "The server Windows.Store did not register with DCOM within the required timeout."
Under "Applications And Services Logs" --> "Microsoft" --> "Windows" --> "Apps" --> "Microsoft-Windows-TWinUI/Operational" : I get one error that reads "Activation of the app winstore_cw5n1h2txyewy!Windows.Store for the
Windows.Launch contract failed with error: The app didn't start."
If you require any further information just let me know and I will provide as much as I can.
Thanks

WINDOWS 8.1 - System Tools no longer displaying User and Group Settings after adding a new LOCAL user.

I jumped on my parents computer, which is on a domain. I added a new local user(with my live.com login) and gave it admin status. That's when the trouble began.
The main user profile disappeared. I used the command prompt fix (see other fixes) to add the missing user back into admin. I logged back in, and it set up the account for the first time (WTF?). I cannot access any files from the main account
(that I logged into just fine before to get this debacle started.)
When going to Local Computer Management --> System Tools, my users and groups tool is missing.
I ran lusrmgr.msc only to find out that the most current version of Windows 8.1 and this is what it said "This snapin may not be used with this edition of Windows 8.1. To manage user accounts for this computer, use the User Accounts tool in the
Control Panel." <---- Awesome! (that was sarcasm.)
I have spent over two hours in the User Account tool during the course of this problem only to prove that a picture of a computer is more useful that that "tool".
To anyone reading this ticket, the best advice I can offer you (as long as its not a crucial machine) is to back up what you can gain access to, format your hard-drive and reinstall windows and start over again. I wouldn't recommend reinstalling 8.1,
I would say go back to 7 and wait until 10 comes out. Windows 8 is the new Vista. Good luck!

Hello AhavahOlam,
I can understand your feelings.
If my understanding is right, after adding a new local user in domain-joined Windows 8.1, you can’t open the local users and groups.
Can you still add account by going to Control Panel\User Accounts and Family Safety\User Accounts\Manage Accounts?
As this computer is domain-based, it is recommended to contact the domain administrator to see if the option is blocked.
Best regards,
Fangzhou CHEN
Fangzhou CHEN
TechNet Community Support

How to handle local user in SSO?

Hi all,
I'm setting up OAM 11g for SSO of web applications in our organization. Some of the applications have single URL for both corporate users, guest, and administrators. As the OAM is using corporate LDAP as authentication backend, guest and administrator can't be authenticated. Is it possible to define policy so that a webgate protected URL can fallback to original login page? I'm newbie to OAM and sorry for the newbie question. Thanks.
Regards,
/ST Wong

I think you misunderstood. The local users won't be added to the backend LDAP but in a local store on OVD. OVD then makes it appear that that user is in the backend LDAP if you want it to appear in the same tree structure, or you can place the users in a completely separate tree. This of course assumes that your user base search in OAM is set to the top level.

NFS write access without local user

Hi,
I try to get write access to NFS from one to another linux system without local user account and group.
System 1. /etc/exports -->set nfs share /backup
Folder /backup all files owned by oracle:oinstall
oracle(104):oinstall(106) 664
System 2. user: root(1):root(1)
#>mount -t nfs .....
All files are owned by userid 104 and groupid 106
I can get write access If I change userid and group id on system 2 to 104/106 but I think that could be smart way.
Does anyone know the right was to get write access without have a same local user(id) and group(id)
Thanks
*T

You can try the following in your /etc/exports file:
/backup *(rw,insecure,all_squash,anonuid=104,anongid=106)
Then reload the exports file using the command "service nfs reload"The above will allow rw access to the /backup directory and map all requests to the nobody account and remap the nobody account uid and guid to 104 and 106 of the nfs server system. The insecure option is required by some PCNFS clients. For more detailed information please check the exports man page.

CUC 8 - converting local users with VM's to LDAP users - what is the best method?

Evening all
We are running a new Unity Connect 8.0 environment. Initially the users were either manually imported and created individually. The standard naming convention for the Alias names are first initial + surname.
I have integrated LDAP synch so now I can see all the users in the users OU. I want to be able to utilise the LDAP synch to its full potential. I want to create new users from LDAP. But my primary objective is to convert all local users to domain users. The only main issue which we identified is that domain users Alias length is set to 8 characters max in length whereas the local accounts are full length.
What would be the best way to migrate the users to LDAP, preserve the voicemails and update Alias names to be the same length as domain users?
I was thinking of the following:
Backup up system using COBRAS
Delete all local users from CUC
Do a bulk import of all users from LDAP into CUC as fresh accounts
Use COBRAS import tool to load backup
Amend the alias names manually to the correct length (8 letters)
Import all users and VM's back in
Pray it works!
Any more efficient suggestions welcome
Thanks in advance
Mus

There is a far easier way to do this using the Bulk Administration Tool in Connection.
Perform an export operation to get everything into a CSV file.
Delete all the columns except Alias, EmailAddress, MailName, and LdapCcmUserId.
Populate the LdapCcmUserId to match the user's sAMAccountName attribute from AD.
NOTE: Spot-check to be sure that you can find this user's account using the Import Users section. The account must have a Last Name value populated, be within the search base, and satisfy any filters you have applied to the syncrhoization agreement.
Update the MailName to match the LdapCcmUserId. If you are using VMO or Single Inbox also set the EmailAddress to match the user's real email address. When you do the Update operation the Alias should get corrected to match the LdapCcmUserId if memory serves [read: test this!].
NOTE: If you are setting the EmailAddress you also want the CreateSmtpProxyFromCorp column to be set to 1. This will ensure that the value is copied to the SMTP Proxy Address and can be utilized by the Unified Messaging integration.
Save your modified CSV file and run an update operation. I suggest starting with a batch of only a few accounts at first to get comfortable with the process. Be sure to specify a filename for failed objects; you almost always have a few and this will give you a little guidence on what failed.

Local Storage Setting Not Persisting.

Hi all,
I'm having a problem trying to increase the local storage
setting in my Flash Player. Since I installed the flash player the
local storage setting was set to None. Each time I try to increase
it and then go back to settings panel it has reset itself to None.
I think this is an issue with my machine, is there anything that
could cause this problem? Permissions on a directory perhaps? I
have seen that local storage information is stored in
%APPDATA%/Macromedia/Flash Player... but this directory does not
exist for my user.
Thanks in advance,
Paul

I am having the same problem. I even used the online Global
Manager and it kept going back to zero!
I am also having problems with the "Display" hardware
accelerator keeping my flash from going
to fullscreen. I can't uncheck the stupid thing! I am Going
step after step of uninstalling everything
completely and re-installing it again. Vista came with the
2nd version before this new one and it didn't
have the hardware accelerator option. It worked fine with IE,
but I use Firefox and had to download the newest
and achiest. If I find a solution, I will definitely write
back with it.

Sending to local user gives too many hops

I have set up Mavericks server for mail. Works perfectly for incoming and outgoing mail to other domains but fails when trying to send mail to a local user. Here are my settings:
example.com is my primary domain, it provides DNS and Mail service
there are other domains being hosted (web) with example.com providing mail service for them.
Mail Server setting under "Provide Mails for...": Domain Name is example.com, Virtual domains: myotherdomain.com, example.com (included in list, is this correct?), and some more
DNS settings: each domain has a machine record for the domain name (e.g. example.com has an A record, myotherdomain.com has its own A record), each domain has an MX pointing to example.com. Domain example.com has an alias (CNAME) record mail.example.com pointing to example.com. This is the only place where the name mail.example.com appears in the whole server.
Last night I tried to reply to a mail I received from a user on myotherdomain.com. My receiving account is also on myotherdomain.com (myotherdomain.com is one of my domains with MX pointing to example.com). When I simply hit reply the mail server eventually reported back that the mail was not delivered due to too many hops.
Here are the headers from the mail I received. I simply hit reply and got the too many hops. WHY?
Return-Path: <[email protected]>
Delivered-To: [email protected]
Received: from localhost (localhost [127.0.0.1])
          by miniserver.example.com (Postfix) with ESMTP id 9EE9C4DA4D7
          for <[email protected]>; Wed, 5 Mar 2014 17:09:10 +0100 (CET)
X-Virus-Scanned: amavisd-new at example.com
Received: from miniserver.example.com ([127.0.0.1])
          by localhost (miniserver.example.com [127.0.0.1]) (amavisd-new, port 10024)
          with ESMTP id 3oDO8uq8aS6W for <[email protected]>;
          Wed, 5 Mar 2014 17:09:10 +0100 (CET)
Received: from miniserver.example.com (localhost [127.0.0.1])
          by miniserver.example.com (Postfix) with ESMTPA id 628CD4DA4BE
          for <[email protected]>; Wed, 5 Mar 2014 17:09:10 +0100 (CET)
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="=_50c5075d15c85c7a43995d47cd97c851"
Date: Wed, 05 Mar 2014 17:09:10 +0100
From: anita <[email protected]>
To: [email protected]
Subject: Hello
Message-ID: <[email protected]>
X-Sender: [email protected]
User-Agent: Roundcube Webmail/RCMAIL_VERSION
Here is what the mail server reported back after trying to reply:
This is the mail system at host miniserver.example.com.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
                  The mail system
<[email protected]>: host 127.0.0.1[127.0.0.1] said: 554 5.4.0 id=78365-11
   - Rejected by next-hop MTA on relaying, from MTA(smtp:[127.0.0.1]:10025):
   554 5.4.0 Error: too many hops (in reply to end of DATA command)
Reporting-MTA: dns; miniserver.example.com
X-Postfix-Queue-ID: 98CF04DB967
X-Postfix-Sender: rfc822; [email protected]
Arrival-Date: Wed, 5 Mar 2014 18:52:58 +0100 (CET)
Final-Recipient: rfc822; [email protected]
Original-Recipient: rfc822;[email protected]
Action: failed
Status: 5.4.0
Remote-MTA: dns; 127.0.0.1
Diagnostic-Code: smtp; 554 5.4.0 id=78365-11 - Rejected by next-hop MTA on
   relaying, from MTA(smtp:[127.0.0.1]:10025): 554 5.4.0 Error: too many hops
Thanks for your help

Invoke the following diagnostic by launching Terminal.app from Applications > Utilities and see if there are any network or DNS issues reported:
sudo changeip -checkhostname
Also post the internal and external DNS translations of the following:
dig +short miniserver.example.com
dig +short mail.example.com
dig +short MX myotherdomain.com
dig +short MX example.com
dig +short @8.8.8.8 miniserver.example.com
dig +short @8.8.8.8 mail.example.com
dig +short MX @8.8.8.8 myotherdomain.com
dig +short MX @8.8.8.8 example.com
I'd look for a bogus or missing MX record for myotherdomain.com, to start with.
FWIW, myotherdomain.com is a real and registered domain.    Probably not yours, I'm guessing. The example.net and example.org domains are also available for obfuscation, in addition to the example.com domain.

Bug When Converting (Back) To Local User Account

I am using Windows 8.1 Pro and began by setting up a local user account, which is the Administrator account. I then successfully switched the account to a Microsoft account, with the same user name.
As a test, I then decided to switch back to a local user account.
The bug is that I was not permitted to use the same user name. I had to select a different user name. This defeats the purpose of transparently switching a from a Microsoft account to a local account.
Fortunately (for me) I had anticipated that something might go wrong and had performed a full system backup to a external USB drive before I began this switching test.
L.M.Cohen

While Windows 8.1 (Pro) allows you to create new User accounts, it is set up to "convince" you to create Microsoft-type user accounts, rather than local user accounts.
And if you try to convert a Microsoft-type account to a local user account,
with the same user name, it will not yet you do it. However it will allow you to convert in the opposite direction,
with the same user name.
So I started all over and carefully read the small print -- to learn that you can initially set up a local user account. But this is discouraged, but if you persist, it can be done -- even though it is implied that "the sky might fall."
This is disingenuous.
However now that I understand the dynamics, I have no more problems.
Regards,
L.M.Cohen
L.M.Cohen

Standardise Local User Set

Similar Messages

Maybe you are looking for