Unsecure System User and HKCU

Similar Messages

• System user and Dialog user

  Hi All,
  Can anybody tell me the difference between System user and Dailog user? Can we use System user for BSP applications?
  Thanks in advance.
  Neha Bansal

  user types
  http://help.sap.com/saphelp_nw04/helpdata/en/3d/3272396ace5534e10000000a11405a/frameset.htm

• How to read system user and password to login to a application

  Hello Experts,
  i need to open a application with out asking for the user name and password. the application when opened should take system user name ans password can u tell me how can i do this in webDynpro java. or is there any alternate method to do this

  hello,
  This can be achived in following manner,
  1) Ask ur basis peron to creat ur id on the server (for ex. if u are using a dev server ask him to creat a user their)
  2)Now Logon to your user id n system password
  it will take you to the portal and the roles assigned to you by basis.
  Result:
  u will be able to see a portal logged in by your name and rols assigned to u
  With Regards,
  Prajakta

• HT1528 system users and "root"

  Im just now learning about this but root as always been performing tasks and other functions on my computer.  atleast since I've been checking.   How can i tell the difference between just normal system function and outside entity?              
  Also noticing obscure users accessing the hard drive....
  who the **** is "wheel"????
  for OS X 10.8.2 Macbook pro  15" early 2011 model

  Hi,
  I'm not sure what your problem is, it seems that a user is missing.
  Maintaining relationships are done with PPOM transaction.
  Kind regards, Rob Dielemans

• Providing operating system user and password

  sir
  for various task in enterprise manager of 10g , it ask for the Operating system administrator usert id and password to perform various tasks.
  what userid and password of o/s administrator be provided.
  my o/s does not have any password for the o/s administrator account..
  pls guide
  thanks with regds

  Depending on the context of the OS user credentials, usually it is the OS user ID (name and password) of the software owner for the target in question.
  For example, if you are trying to perform an operation against a database target in EM, and you were requested to provide OS credentials, you should provide the OS username and password for the RDBMS home.
  You could post this question on the Grid Control forum instead of the HA forum for further discussion if needed.
  I hope this helps.
  Farouk

• Lock sys and system user

  Dear all,
  We have 10.2.0.4 on solaris 10.
  Currently we had I.T audit on our environment and auditor commented to lock sys and system user and use one user with any name (not oracle generic name) and grant him sys and system privilege and to use this user for admin purposes. is this right ?.. is this recommended ?
  Please advise

  Hello,
  I think it's not a right way to lock SYS.
  More over, if you connect as OS Administrator (root for Unix/linux) on the server and use
  OS Authentification then, you can connect on SYS AS SYSDBA anyway.
  So, in fact, it's not possible to lock out SYS even if you execute the following:
  ALTER USER SYS ACCOUNT LOCK;If you want to prevent access on SYS you should set a complex and long password and
  apply the same rule for the Administrator / root OS user.
  These passwords must be known by very few and well - identified people and written nowhere
  (in any files or scripts).
  More over, you should limit DBA roles to SYS and SYSTEM and remove this powerful Role
  from other Oracle Users.
  Then, you may enable session AUDIT so as to control the connexion on the database and,
  create a LOGON TRIGGER so as to check the login, workstation, program of the end users
  who connect to the database.
  On 10g, EM DBConsole shows an alert everytime a User is connected with SYS.
  Please, find enclosed, an interesting document written by Pete Finigan on this topic:
  http://www.insight.co.uk/files/presentations/Hacking%20and%20securing%20Oracle.pdf
  Hope this help.
  Best regards,
  Jean-Valentin

• Unable to install SPSS12 as system user

  Hi everybody,
  We are using ZFD 6.5, Netware 6 SP5 4 node cluster and XP SP2 clients, about
  1000 workstations.
  I am not able to install the SPSS12 MSI on the workstations due to the fact
  that we are using DLU to let our users log in as normal user on the
  workstations, and SPSS12 is trying to put files in the Windows directory and
  the HKLM as the user. Obviously the install errors out because of rights
  issues. The SPSS12 helpdesk could not offer a solution.
  If i monitor the installation i can see two msiexec processes on the
  workstation, one uses the system account, and one uses the DLU account of
  the currently logged in user.
  We have the elevated rights settings in the Group Policy with the right
  properties and tried all the Zen settings, secure, unsecure users etc. Tried
  the dcomcnfg .exe settings for Installshield for both the interactive and
  launching user.
  As soon as i change DLU to login as a power user, the install works
  perfectly, unfortunately we have to use DLU login as user due to the
  security policy in our company.
  I am getting a bit desperate, does anybody have an idea how i can install
  the SPSS12 MSI so that the install itself uses only the system user or
  administrator account instead of using the the DLU-user account ? In fact,
  is this possible at all in ZFD, i can not find any setting that lets me push
  an install with an account i can choose myself ?
  Thanking you kindly in advance for your reactions.
  Kind regards,
  Marcel van den Berg
  Netherlands

  Had a similiar issue. SPSS 12 snapshot fine for our students however, SPSS 13 did not.
  SPSS 13 also did not like any transforms with our network-based license server, so I had to do a few workarounds...
  Using the premsi and postmsi that's available from cool tools for elevated install, then created a simple application that calls msiexec.exe
  with params
  /i "\\path\to\spss 13.0 for windows.msi" /qr /L*v "c:\temp\spss13.log" INSTALLDIR="C:\Install\Here" ISX_SERIALNUM="bleh" SPSSLICENSE=NETWORK LSHOST=server.dns.com
  This runs in unsecure system space. The \\unc\ path requires Windows Installer 3.1 if I remember correctly. If that's not built into your images you can of course map a drive on the application object and use that path instead. All of these tricks work well with unsecure system user.
  Also, even though the settings were specified, had to force the LSHOST in environment variables on the application object or it wouldn't work.
  >>> Marcel van den Berg<[email protected]> 9/3/2005 3:50 PM >>>
  Hi everybody,
  We are using ZFD 6.5, Netware 6 SP5 4 node cluster and XP SP2 clients, about
  1000 workstations.
  I am not able to install the SPSS12 MSI on the workstations due to the fact
  that we are using DLU to let our users log in as normal user on the
  workstations, and SPSS12 is trying to put files in the Windows directory and
  the HKLM as the user. Obviously the install errors out because of rights
  issues. The SPSS12 helpdesk could not offer a solution.
  If i monitor the installation i can see two msiexec processes on the
  workstation, one uses the system account, and one uses the DLU account of
  the currently logged in user.
  We have the elevated rights settings in the Group Policy with the right
  properties and tried all the Zen settings, secure, unsecure users etc. Tried
  the dcomcnfg .exe settings for Installshield for both the interactive and
  launching user.
  As soon as i change DLU to login as a power user, the install works
  perfectly, unfortunately we have to use DLU login as user due to the
  security policy in our company.
  I am getting a bit desperate, does anybody have an idea how i can install
  the SPSS12 MSI so that the install itself uses only the system user or
  administrator account instead of using the the DLU-user account ? In fact,
  is this possible at all in ZFD, i can not find any setting that lets me push
  an install with an account i can choose myself ?
  Thanking you kindly in advance for your reactions.
  Kind regards,
  Marcel van den Berg
  Netherlands

• APPS install as "system user" don't work

  Hi,
  I currently using ZfD3 SP1a ona Nw5.1 server.
  I want to upgrade mu client to 4.90SP2 with a Zen apps object.
  Users don't have admin rights on their workstation.
  I don't want to use DLU (except if it can be activate once!).
  Does anyone have the same issue with the system user? (secure or not
  secure give the same results!)
  Regards,
  Maurice

  [email protected] wrote:
  > Hi,
  >
  >
  > I currently using ZfD3 SP1a ona Nw5.1 server.
  > I want to upgrade mu client to 4.90SP2 with a Zen apps object.
  > Users don't have admin rights on their workstation.
  > I don't want to use DLU (except if it can be activate once!).
  >
  > Does anyone have the same issue with the system user? (secure or not
  > secure give the same results!)
  >
  > Regards,
  > Maurice
  We first do a copy of all the client files to the local workstation (to
  c:\temp\novell\client), then launch as unsecure system user from there.
  This has also the advantage that *if* something goes wrong, and network
  connectivity is lost, a helpdesk person can manually install the client
  without CD (they still carry around CD's with the 4.7 client version)
  Marcel de Roode
  Erasmus University Rotterdam

• How do I get system users/groups to appear in the Workgroup Manager list?

  When I open the Workgroup Manager and select the Users tab, it only shows users set up in the Workgroup Manager -- same when I browse Groups. But, I also have a couple system users/groups set up not in the workgroup manager, but through the OS's System Preference interface for Users.
  Is there a way to automatically have System users appear in the Workgroup list?
  I also can't add users to System groups, since the groups also won't appear in the Workgroup Manager (like adding a user to the group Admin or Staff -- default system groups).
  I'd just like the option to "show System users and groups" somewhere.
  Thanks.
  Patrick

  Hi
  If I understand your post correctly then launch WorkGroup Manager and select Preferences from the WorkGroup Manager Menu. Enable the Show "All Records" tab and inspector option and click OK. In the Users/Groups/Computer tab you should now see the addition of another icon - it looks like a bullseye. Select this and under the filter field selecting 'AccessControls' will show you a long list. Scroll down and select Users. Now go back to the Users tab and you should see all users visible and invisible. You’ll see the same thing for Groups.
  You will see different Users and Groups depending which directory node you are in. In the LDAP node you should only see Directory and System Administrator as well as VPN MPPE Key Access User in addition to any user you have created within that node. In the local Net Info node you should see users such as Amavisd User, Clamav User, Cyrus IMAP User etc. You’ll also see UIDs and GUIDs amongst a wealth of other information if you select a user or group and select the Inspector tab.
  You can modify record attribute and values as well as adding your own. You can even use WGM in the same way you would use Net Info Manager locally if you wish.
  Tony

• I can't see system users in Workgroup Manager

  How do I get the user accounts that are already on Mac OS X Server to show up as users in Workgroup Manager? Re-adding the user from "Add User" creates a conflict, so I know the account is being seen by Workgroup Manager. Thanks for the help.

  Hi
  Yes. Firstly de-select the option to show System Users and Groups. Use the Filter to only show you Users with UIDs above a certain number. If you've used the default numbering system start with IDs over 1000. This gets around you inadvertently exporting and/or deleting the default Administrator account.
  Select the users you're interested in the Local node. Go the Server Menu and select Export. Save the exported file to the Desktop and give it a meaningful name. Now delete those exported users from the local node. You can't have the same users in both directory nodes. Select the LDAP node and select Import from the Server Menu. The rest should be fairly obvious.
  A couple of things to look out for. When importing those Users they should automatically be assigned Open Directory for their User Password Types in the Advanced Tab. Change them to suit if they come in as Crypt. Passwords don't carry over so you will have to either assign these again or force users to change them at next log on. Assuming these are users with networked home profiles?
  Tony

• Outputting System User Name in Ad Hoc Query (S_PH0_48000513)

  I am trying to create an HR Ad Hoc Query and one of the fields that I am trying to output is System User Name from infotype 0105 Communications.  If I choose this field and do not choose the Communication Type, I get two records per employee - one record with the System User Name populated and one record with a blank value for System User Name.
  If I choose the System User Name field for output and also make a selection on Communication Type (= subtype 0001), employees with no System User Name (i.e. no Infotype 0105, subtype 0001) are eliminated from the report.
  I want the report to show all selected employees, including those without a System User Name; however, I do not want the same employee to appear on the report twice.
  Has anyone else experience this problem?  If so, have you figured out how to eliminate the extraneous record for each employee when you do not select the Communication Type?
  Thanks in advance.

  Hi,
  Love to know if you managed to find a solution for this issue as I'm experiencing the same problem.  However I'm reporting on both system user and email address which are distinct fields and would prefer to see this information only on a single line.  With my report I get communication system user on one line and then email address on the another, I'd also like to be able to include those users where the info types have not been maintained.
  With the query I have created I also included logon data from the USR02 table.
  Cheers
  Bill

• After sql server 2012 installation, I have changed sql server database engine service account from network service user to system user. What is disadvantages of this process?

       After
   sql server 2012 installation, I   attached my production db. Because of some reasons, i
   changed sql engine account from network service user to system user by means of sql server configuration manager.
       Now , there isn’t
   a problem at sql server running system.  But
  I have doubts that
   this can produce problems later. Because  sql server database engine account must have privileges that listed below;
  Log on as a service (SeServiceLogonRight)
  Replace a process-level token (SeAssignPrimaryTokenPrivilege)
  Bypass traverse checking (SeChangeNotifyPrivilege)
  Adjust memory quotas for a process
  (SeIncreaseQuotaPrivilege)
  Permission to start SQL Writer
  Permission to read the Event Log service
  Permission to read the Remote Procedure Call service
   While sql server installation, setup gives these
   privileges to network service user automatically, but changing user by means of sql confugarition manager does not give these
  privileges.
  Now, system user has privileges listed below. And sql server has been running for 1,5 months without any problems.
  Log on as a service (SeServiceLogonRight)
       Bypass traverse checking
  (SeChangeNotifyPrivilege) (Everyone user has his privileges. So i think that system user has this privilege also)
  What problems can occur because of this situation? Shall i give other privileges to system user and restart sql server or not? And how can i give these privileges to system user listed below;
  Replace a process-level token (
  this can be set from user rights assignments)
  Adjust memory quotas for a process
  (this can be set from user rights assignments)
  Permission to start SQL Writer ( 
  ? - give advice )
  Permission to read the Event Log service (
  ? - give advice )
  Permission to read the Remote Procedure Call service (
  ? - give advice )

   Our server is  windows server 2008 r2 enterprise edition. I have looked the bunch of permissions in user rights menu  that is in local security policy settings gui.
  And i have seen those permissions below were not granted to system user;
  Bypass traverse checking (SeChangeNotifyPrivilege)
  Adjust memory quotas for a process
  (SeIncreaseQuotaPrivilege)
  So, briefly you say, don't panic ?

• Need role/profile for ALE system user

  I have created a system user and assigned it to the necessary RFCs in our DEV system.  The RFCs are used to ALE data between our DEV, QAS, and PRD systems.  If I assign profile B_ALE_ALL to the user in the receiving system I do not get IDOCS created in our QAS system.  If I assign SAP_ALL to the user I do get IDOC's created in QAS.  Can anybody recommend another role to assign.  Or a method to troubleshoot this authorization error.  I want to limit this system user in the receiving system to creation of IDOCs only. 
  Thanks in Advance, Jay

  Hi,
  Then I recommend to give sap_all and trace the user in QAS system. Once the data transfers are complete, please anaylyze the trace and see what authorizations it requires. Now build a role with this authorizaiton and remove sap_all.
  Since you are transferring applicaiton data, the programs might also check that access as well.
  Regards,
  Gowrinadh

• Folder created in Windows Explorer not visible in Command Line as SYSTEM user

  Hello everyone,
  We have an odd behavior with an application installation, which I cannot make much sense of.
  We are trying to deploy an application on Windows 8.1 Enterprise x64 which tries to access
  C:\windows\system32\config\systemprofile\Desktop during installation.
  This folder does not exist by default in a Windows 8.1 installation. Hence we am creating this folder using a VBS script manually. The VBS script also launches the application EXE. The setup itself runs under the SYSTEM account (in order to be deployed using
  SCCM).
  When the install script is launched, we can see in the Windows Explorer that the "Desktop" folder is created in the systemprofile directory. However, to the setup running under the system account, this folder is not visible.
  I have verified this by running a command line prompt under the SYSTEM user and navigating to
  C:\windows\system32\config\systemprofile\. Using the "dir" command does not show you a "Desktop" folder under the EXACT same path.
  When we create the Desktop folder from this command prompt, the application installs just fine.
  What are we missing? Any inputs are highly appreciated.

  Hi,
  Might this need to quit the command prompt after the folder creation, then reload it to continue the installation of the software?
  Best regards
  Michael Shao
  TechNet Community Support

• How to reset users and groups in Server.app?

  Recently after change settings in the Server.app (like turn off/on open directory, delete/add certificates), I got a strange problem:
  In the users and groups list, it display all local users and groups (looks like system users and groups, about 100 users and groups, but this is a new server)
  I tried reset the server.app by following
  howto reinstall/reinitialize os x server
  http://support.apple.com/kb/HT200271?viewlocale=en_US
  These users and groups still showing there.
  Have you seen this before and how can I completely reset the server.app to factory default so that I can start over the set up?

  In theory, that should restore the users.  You can do some surgery if you are really brave.  But the reinstall generally should be enough. 
  These accounts are in the DSLocal data store.  Basically, this is very similar to the any OS X machine.  Apple keeps a default copy of the Local Database here:
  /System/Library/DirectoryServices/DefaultLocalDB/Default
  Should you need to reset a machine to the default local database, you can remove the current database (/var/db/dslocal/nodes/Default) and then copy the default one to the same location.  I would not go this far unless the reinstall was unsuccessful. 
  To check, you can run this command:
  dscl . list /Users
  That will list all the Users in the local DB.   To get a count, pipe to wc
  dscl . list /Users | wc -l
  On a Server that I just jumped on, I see 79 users and 111 groups (dscl . list /Groups | wc -l)  But this is a system will man SACL groups so I likely have more than the default.
  Hope this continues to help.  Probably more info that you want. 
  Reid
  Apple Consultants Network
  Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store
  Author "Mavericks Server – Control and Collaboration" :: Exclusively available in Apple's iBooks Store