User Login(s) / Account gone - BUG - thread overview - summary - solutions?

Similar Messages

• I had renamed my user login name and assumed that there will be no change in the settings and files. When I login with the new profile name everything is gone. How can I get back all my files and settings?

  I had renamed my user login name and assumed that there will be no change in the settings and files. When I login with the new profile name everything is gone. How can I get back all my files and settings? Please help. Thanks.

  You should have asked this before you tried: Changing username or short name- User Account and Short Name- OS X- How to change user account name or home directory name.

• My wife has a separate User Login. How can she access photos and documents on my User Account?

  What do I need to do under my wife's user login so she can have access to photos and documents on my user account?

  Move the data you want to share to the hard drive level Users/Shared folder and she will be able to access them. You may have to do a Get Info (command - I) on the folder and add her with read/write permissions, then select the gear at the bottom and Apply to enclosed items.

• How to seperate the accounts based on user login?

  I'm creating a system where I have a public page that is to be displayed for all the users then in the login box the user can login and then he will get his session. The problem I'm facing is that after I login from the public page I still get the page that is gurantee to public. how can I login directly to user1 account ??

  Hi
  Do you know how Portals 'Default user group' works?
  This construct could be your solution if the number of users isn't too high or the users can be grouped easily.
  Otherwise you could work with a menu hierarchy based on individual user privileges.
  Follow my answer to such a topic in this link to see how it works:
  hiding menu items if the user does not have the privs
  A combination of these two suggestions would probably be the best.
  Hope this helps.
  Thanks
  Peter

• Any method to prevent a user login with 1 account, but several machines?

  May I ask for your recommendations to prevent a user to login my application with his/her account through different computers?
  Background information:
  1. My application is developed with BC4J framework.
  2. Login details: Once a user's is validated with their user id and password stored in a backend database table, he/she would be granted the right to use my application with a common connection account, as stated with the configuration details specified.
  Here is my solution:
  - When a user login my application, I'll lookup if there is any existing user record in a database table, let say, TBL_CURR_USERS. If no user record is found, the user will be granted the right of launching my applications and have a user record written down in the table TBL_CURR_USERS. If a user record is found, the user will receive an error message - "Your specified account is in use. You are not allowed to enter until your specified account has been logged off."
  - Problem: My problem is - how to trigger the event for removing the record in the table TBL_CURR_USER when user logs out implicity or internet connection interrupts. Let say, when the user close the browser by clicking the 'X' icon, I have nothing to trigger my deletion for the user record in the TBL_CURR_USERS table. If so, in the long term, many users will not be able to use my application until housekeeping is done for the table TBL_CURR_USERS ... what should I do? Any Java solutions or JDeveloper solutions available?
  Thanks for your replying!

  I had the same problem and I resolved in a different way. In the application server I have a Set in the context and I add a user when the login is successful and I remove it (I store the user even in the session) when the session expires (I have a session listener) or when the user explicitly logouts.
  I don't need table and I don't need to do anything if the application server crashes.
  If you don't use connection pooling you could use a logon trigger on the database.
  I hope it helps,
  Giovanni

• User accounts gone after Restoring disk

  Hello -
  I am running OS 10.4.11 on a PowerMac G4 Dual 450MHz Desktop. Recently I purchased a new IDE Hard Drive to put into my computer. I wanted to make an exact copy of my old hard drive onto the new hard drive and use the new hard drive as my main startup volume. I used the Restore tab in Disk Utility to create the copy.
  What happened is that none of the user account data was copied over. Even more strange is that now I cannot find any of my user account data on the original hard drive!
  I used the application "Whatsize" to figure out where all the data is allocated to on the original hard drive. It only accounted for about 25GB of the 30GB of data that are being used on the hard drive. I'm guessing the remaining 5GB of data is what was in my user account, but it can't find it for some reason.
  Anyhow, I guess my question is, how do I recover the data from my user account that I can't seem to find?
  Also, steps I've taken so far:
  - I ran Disk Utility (from another computer using the disk in Target disk mode) to see if I could repair permissions or repair the disk. Neither Repair Permissions nor Verify Permissions were enabled for me to check - only Verify and Repair Disk. I clicked Verify Disk and got a message saying that it had failed and said that "The underlying task reported failure on exit". I then tried to Repair Disk, but got the same error. Disk cannot be verified or repaired.
  - I've also tried DiskWarrior on it, but it doesn't seem to do anything.
  Thanks,
  Steve Pederson

  Hi Steve,
  I found the following in the Apple Help Viewer. Read thoroughly first to see if this might help you:
  Restoring a deleted user account
  If a user's account was deleted and the contents of the user's home folder were saved, you can restore that user's account and the contents of their home folder. Saved items in the deleted home folder are stored in a disk image file (the filename ends in .dmg) in the Deleted Users folder in the Users folder on the startup disk.
  1. To open the user's deleted files, double-click the disk image in the Deleted Users folder in the Users folder on the startup disk. The disk image content appears in a new window.
  2. Note: If there is no disk image for the user's deleted account, no files were saved when the account was deleted. You will need to create a new account for the user.
  3. To restore the deleted user's home folder, open the Users folder on the startup disk and choose File > New Folder.
  4. Type a name for the folder and then press Return.
  5. To copy the contents of the disk image to the new user account, in the disk image file, choose Edit > Select All and then drag the contents to the user folder you created. 
  6. To re-create the deleted user account, choose Apple menu > System Preferences and click Accounts. If some settings are dimmed, click the lock icon and type an administrator name and password.
  7. Click Add + and then type the user name. If you don't want to use the automatically generated short name, type a new short name. (After the account is created, you won't be able to change the short name.)
  8. Type the user's password in the Password and Verify boxes. You may type a hint to help the user remember the password.
  9. Click Create Account.
  10. In the dialog that appears, click OK restore the user's account. The user's home folder will contain all their saved files.
  Carolyn
  Message was edited by: Carolyn Samit

• Lion Server Setup (Network Login/Mobile Account and more...)

  Hardware:
       Mac mini Intel Core i7, 2 GHz, 8 GB memory (Server)     x 1
       iMac 21.5" 2.8GHz Intel Core i7, 12 GB memory (Workstation)     x 6
  Operating System:
      Mac OS X Server Lion 10.7.4 (11E53)
       Mac OS X Lion 10.7.4 (11E53)
  Relevant Software:
       Server.app Version 10.7.4 (1.4.3)
       Workgroup Manager Version 10.7 (400.3)
       Server Admin Version 10.7 (355)
  So my head's swimming with "I dunno's" and I've been perusing probably all the wrong threads trying not to sound like a noob and find the literature that will finally lead me to a solution.  This is my first rodeo so make no assumptions about my experience (maybe).
  Short Version
  I can't login network users.  I get an error "You are unable to log in to the user account "<%short_name%>" at this time.  Logging in using >console tells me this No home directory: <path to home directory>    i.e. /Network/Servers/department.domain.com/Department/Accounts/bbunny
  If anyone can point me where to read, I will do so.
  Perhaps a longer discussion on how to verify that the proper permissions exist on the share/home directory in question and what those would be.
  More detail...
  I want to setup a Mac Mini server to have network login accounts stored on the 2nd data volume in a directory we shall call Accounts*.  Here all the "network users/logins" have their home directories, so that when they login at the workstation the idea is the workstation will sync their account and allow them to login, if the server is not available, the hope is I can configure it to allow them to login if they've logged in before and the files will sync when they are able. That being the ideal, I get the impression that for best practices, Apple is discouraging the use of mobile accounts that use Home Sync perhaps because it's reliability has been iffy, please advise.  A windows user might think of this as "roaming profiles" but, if I understand it, its a little more than that.
  Note, I do not want to login to the server and actively work on that network share, I want the account to be local and sync'd as needed.  But I want the user to be able to sit at any of the 6 other workstations and see the same documents, emails etc.  Obviously if the server is down, it won't be possible to authenticate, but I think it should have cached credentials that should allow the user to login if the server is down and still go about their work.
  This is the small picture...there is a larger picture that involves, parallel virtual machines of Windows Server 2008 R2 on server and and Windows 7 on the client, ical, ichat and perhaps wiki's.
  I apologize for the roughness of this question, in the interest of brevity, I have plenty of problems that led me here that I can expound upon if asked.
  Also a silly question someone might know the answer too, Why does the login payload settings that I have pushed to a workstation device, sometimes vanish inconsistently upon logout? 

  Ok, Some Good news and clearer understanding to disseminate in this post I hope it helps
  "the Universe" so I am posting it here in my "ever-the-noob" blog on apple forums.
  Problem
  What do you do when you get an error when logging into a mobile account setup?
  One symptom would be the error message below...
       "You are unable to log in to the user account "<%short_name%>" at this time.
  Logging in using >console  You get the message…
       "No home directory: <path to home directory>"
       or
       "You are unable to log in to the user account "<%short_name%>" at this time. 
       Logging in using >console tells me this No home directory: <path to home directory>
  Solution
  Do the check list…
  Short Version
  Sever Admin.app > Access (Key Component)
  Check Permissions on directories for your file shares. 
  (The reason stuff doesn't work especially when you're rebuilding/recovering a server)
  File sharing setup (Turned ON, Home sharing Enabled)
  Directory Utility > Directory Editor or dscl 
  ( Do not underestimate the importance of this part!!!!
  Use white-gloves when you're handling it though!!! )
  Workgroup Manager
  (You're poopy "main" interface that really is a "window", not a "door", but maybe Apple likes to do things "Dukes of Hazard" style?)
  Long Version
  Check Sever Admin.app > Access
  Make sure that your user has the "Proper" access.  For me I created a test user from Server.app and saw what access he had as a way to "check myself for a properly created users" and because I think one is kind of on his/her own using WGM and duplicated the same access. (I was a little neater, though and did it with a group, not individual users, that would have been a mess!)
  Server Admin.app > Access
  Click the "+" sign, sort by UID and Add the imported users  to the following Services…
  ( You can use a group, but understand when Server.app creates users they get added
  individually to each of these groups. )
  Address Book
  AFP
  iCal
  iChat
  Mail
  Profile Manager
  SMB
  VPN
  Check Permissions on directories for your file shares. 
            (That's an understatement) I could go in depth about all the crap I had to read about, I still
            know I am missing a chunk of tech brain when it comes to the particulars. Basically, I boil
            it down to this…
            Permissions require thinking about things first with regards to POSIX permissions... good
            ole ls, chmod, chgrp, chown to the rescue with ugo permissions or the old 755, 600 etc
            stuff.
            Apple's file-sharing access uses this as a starting point to see what the user is allowed to
            access.
            I also needed to use chflags once to unhide a file that I mucked around with using xattr. 
            I still haven't figured out why folders can lose their triangles, but I didn't find out if you cp or
            move them from terminal, the triangles come back in the moved or copied directory.  For a
            minute I thought it was because cp alone doesn't preserve flag attributes, but mv actually
            works by doing a cp that preserves the flags, unless it's a bug.  I dunno.
            This helped me get my file visible again...
            chflags hidden path_to_file
            chflags nohidden path_to_file
            Read up on those manuals, if you're not a terminal type go to apples website
            http://developer.apple.com/library/mac/#documentation/Darwin/Reference/ManPages/
            or download...
            http://www.bruji.com/bwana/ I thought that was cool.
            or if you prefer to read the manual in pdf try…
    man -t sharing | pstopdf -i -o ./Desktop/Sharing\ Manual.pdf
            man -t chown | pstopdf -i -o ./Desktop/CHOWN\ Manual.pdf
            man -t chmod | pstopdf -i -o ./Desktop/CHMOD\ Manual.pdf
            man -t chgrp | pstopdf -i -o ./Desktop/CHGRP\ Manual.pdf
            My basic guideline was avoid using ACLs if at all possible, if you try to use them, things
            can get crazy complicated, take notes and plan, baby. If you read above, opening up
            permissions wide is wrong though.  You would restrict permissions tightly to begin with and
            then place ACE (Access Control Entries) to specifically target the rights you want to enable.
            Here's one that's obviously a novice attempt to do this, but since the novice is the only one
            speaking…. here it is, Universe… >:P
            sudo chmod -R +ai "admin allow read,write,delete,file_inherit,directory_inherit,search,list" Department/
            That allowed my admin to do all the things a normal user could do so far… It fixed things for
            my admin, which made me happy.  I really hate having to authenticate or sudo just to see
            the contents of a nested directory.  I could explain it, and even give a few notes on why its
            probably overkill, but I will attempt to look less stupid till "poked".
            There's another command line utility I STILL haven't read, which may bear mentioning
            because…well I haven't read it.  umask (see wikipedia or unix.com)…I worked past my
            problems without going into it so far, but obviously it's there, and it serves a purpose.
            I also found this article helpful…and educational.  :O
            http://www.bresink.de/osx/300321023/Docs-en/pgs/ACL.html
            (          Its enlightening to hear the air whistling between a developer/coder's ears, still it's
                      apparent he has a clear idea what's going on.
                      Ever wonder why when you use get info to check or assign permissions it kind of
                      flakes out and doesn't take?  Read this article!          )
            Second, if you can't obtain the "specific" permissions you need with POSIX, chmod also
            can set the 2nd category of permissions, which windows users may be familiar with
            Access Control Lists (ACLs) and here you get some really fine granularity...messy stuff. 
            All in all, if I felt I could guide you through these murky waters, I would, but I think I'll let
            the professionals weigh in on that one and cut my wall-of-text to ribbons.
            To heuristically check I would connect from a client as one or two of my users and see what
            folders I could mount as a share, armored with an understanding of what ls -le@O * showed
            me in Terminal.
  3.)           File sharing setup (Turned ON, Home sharing Enabled)
            Here is an example of using command line sharing utility where each share is properly
            labeled (that took a bit for me to figure out) still this share only enables the AFP share as
            you can see from my flags.
    sudo sharing -a /Volumes/Hard\ Drive/Department/Database -A Database-afp -F Database-ftp -S Database-smb -n Database -s 100 -g 000 -i 10
            Then you do a sudo sharing -l and get back what you just did…
                                            List of Share Points
            name:                    Database
            path:                    /Volumes/Hard Drive/Department/Database
                      afp:          {
                      name:          Database-afp
                      shared:          1
                      guest access:          0
                      inherit perms:          1
                      ftp:          {
                      name:          Database-ftp
                      shared:          0
                      guest access:          0
                      smb:          {
                      name:          Database-smb
                      shared:          0
                      guest access:          0
            If you mess up the sharing command, you may not be paying attention (I wasn't) but there
            are a lot of defaults that Apple will just assume you meant to do anyway and it won't read
            any of your flags, you have to get it right or the flags will be defaulted. 
            (          Basically I could tell I was bombing it for one, I explicitly only wanted afp working, but
                      the default was afp and smb.  So each time I ran sudo sharing -l after I shot my sharing
                      command…back would come smb shared: 1 and I knew that wasn't right.  Also my
                      custom names were defaulting to the name of the directory not the name I had
                      specified.           )
            I like to know what protocol my share is over so when it doesn't work, I know which protocol's
            are connecting. It's not full-proof, but it's a bookmark.  I wish the network browser would
            identify the protocol that its available listed shares are using, because small visual queues
            like that help when you're trying to see what works.  Maybe that's something I should
            investigate via the command line?
            As a note about reading forums, I discovered using command line that "\" is kind of like a
            way of going to next line neatly with long commands…."\ " is a way to insert a space. As you
            can see above where I have a volume with a space in it. 
            Removing shares was a little trickier though, sharing -r Share\ With-space didn't work….I
            had to enclose it in quotes and do "Share With-space" instead. So nooby beware!
            (          *nix users are now rolling their eyes at this tip.          )
            I wasn't sure how you enabled a share for home directories from the command line, maybe its
            in the manual, but I was up to my eyeballs in manuals already so I haven't gone back to
            revisit this question since my work around was to go to Server.app and verify that what I set
            up in the sharing in terminal was being reflected in the gui…sort of my own MVC
            (model-view-controller) check.
  4.)           Directory Utility > Directory Editor or dscl 
    Make sure what you see in WGM and Server.app are reflected here….to that question let's
            take a journey where I did some exploring about that.
    Ever really wonder "WHY CAN"T I REMOVE AN OLD HOME DIRECTORY SHARE?!!!"
            Ah, then you will  - LOVE -  this tip…
            (          Provided my testing or yours, later, doesn't prove that in my ignorance I've broken
                      Open Directory. Remember, WHITEGLOVES!!!! but here we get a little dirty.  I think of
                      OD as Apple's Registry, but that's not what it is at all. However, you as the user do have
                      to "****" around in it from time to time.          )
            I scoured the forums and everyone was saying things like "You have to change your server
            role" etc. which seemed a little bit dumb to me (dumb because you're pushing views around
            not "controlling"), and well, yea, that share that I couldn't modify or delete was REALLY
            bugging me.
            Now hmm… Before you do ANYTHING, how do you try to not hurt yourself…in Windows you
            can make a Registry Backup….(yea bad analogy)  In Server Admin.app you can go to your Open
            Directory Service > Archive and Choose a place to Archive your information. (Figure this out by
            yourself, this is getting long…sheesh! It's easy. Restoring is just as easy and painless.)
    Before we can remove the entry we "SEE" in WGM we should make sure no
            one has it selected so as not to "corrupt" the OD db, so in WGM first before going to Directory
            Utility set the Home directory to "None".  (We need to remember to set this to a correct share
            later….Mental Note!!!)
            Now Open Directory Utility
            Method 1
            System Preferences > Users & Groups > Login Options
            Click the Lock to make changes…
            Authenticate -> click "OK"          (do I REALLY have to step-by-step this?)
            Network Account Sever: • Local Server - click "Edit" button here.
            Open Directory Utility > Directory Editor
            (          Wow, did Apple hire someone from Microsoft?  You'ld think with all their research in to
                      Human Interface Design that's WAY too many clicks to get to something you need.          )
            or
            Method 2 (It's good to know about this directory, neat-o speed-o app's hidden here.)
            Use "Go to Folder" Under Finder > Go > Go to Folder...
    ⇧⌘G /System/Library/CoreServices/ 
            Click "OK"
            and Double click Directory Utility.app
            or
            Method 3
            Terminal
            open /System/Library/CoreServices/Directory\ Utility.app/
            Now From the Directory Editor Pane you will see a Pop-up menu Labeled "Viewing"
            You should glance through this and get to know it.  You should use it to see what
            information is really being stored about your Users, Groups, Mounts…
            We are interested in Mounts, which is where we want to go…and there is the pesky
            mount that you will see reflected in WGM.
            Authenticate, and delete the bugger.
            Quit WGM and restart it.  Voila, bad share is GONE!!!!!
            a.)          First select all my users
            b.)           Then I clicked on the "+" and added the correct share
                      (          Remember, I only showed you the first one we created, this is another and
                                for THIS one you HAVE to go into Server.app and verify that it is set to be
                                available for Home Directories in this case for AFP.          )
                      For the home directory entry you do this...
                      afp://computer.domain.com/Accounts-afp
                      %short_name%
                      /Network/Servers/computer.domain.com/Volumes/Hard\ Drive/Department/Accounts/%short_name%
    %short_name% is a wild card for the short name there are other wild cards check out Apple's
                      Documentation on them.  I lost the link   sorry \<shrug\>
            Interesting dscl commands…(check it out in command line form and compare side by side with
            what you see in the GUI Directory Utility)
            dscl . list /users
            dscl . list /groups
            If you want to output information about each user, though, use readall:
            dscl . readall /users
            dscl . readall /groups
            And if you need to programatically parse said information, use -plist to make your life easier:
            dscl -plist . readall /users
            dscl -plist . readall /groups
            This made a little more direct sense to me, language wise…but fyi "." is kind of a wild card I think so the first
            commands I think look in ALL directories local, Search, LDAP whatever you have.  The command here
            corresponds to the Entry from the Pop-up menu "…in node > Blah…" see GUI of Directory Utility to confirm.
            dscl /LDAPv3/127.0.0.1 -list /Users
            dscl /Local/Default -list /Users
  5.)          Workgroup Manager
            Remember this is a utility that is not long for this world.  Apple's Mountain Lion is rumored to fully
            replace it, why? Yea, Apple's making a go at MDM (Mobile Device Management) and somehow
            desktop computers are being pulled/dragged along for the ride.  I have plenty of issues with
            Profile Manager, but I'll likely revisit it in a couple of months and see where we stand.
            Anyway, treat this baby like the bottom rung, because, well it is built like you start your
            foundation here, but it's just a viewer with controlling "tweaks".  Use the other areas to get a solid
            grasp of what is actually going on.  Server.app is where you should create accounts you can
            feel are safe.  When you create accounts in WGM, you are responsible for making sure they
            have the appropriate EVERYTHING.
  This list is by no means complete, but these are the areas this noob is or was prepared to talk about.
  Good night for now.  Enjoy climbing my wall of text, and yea sorry about that.  :O Run for you lives!!!!
    - Signed Shadowwraith

• Default Dashboard not working after user login

  Hi All,
  We have one issue in 11.1.1.7.1 where PORTALPATH is not working for users. As a result, user lands on home page/recent page instead of the default dashboard after login.
  I followed Doc ID 1576576.1 and Bug 17071629 - PORTALPATH SESSION VARIABLE IS INEFFECTIVE is reported. I applied patch 17071629 on top of 7.1. I have tried and verified that
  ·     The URL we are using to login is “http://machinename:9704/analytics/saw.dll?bieehome&startPage=1”
  ·         There is no Start Page set  in user’s My Account other than Default.
  ·         In Answers, the PORTALPATH session variable fetches correct dashboard path.
  ·         I removed space in the dashboard name and tried with following path “/shared/Dashboard/_portal/PortalPathTest”. Also, assigned same default value to the session variable. I also tried “/Shared Folders/Dashboard/Dashboards/PortalPathTest” and “%2fshared%2fDashboard%2f_portal%2fPortalPathTest” but nothing works.
  ·         lsinventory shows the patch got applied successfully.
  One thing to notice -
  1.       Login url is: "http://machinename:9704/analytics/saw.dll?bieehome&startPage=1"
  2.       After login, browser URL gets changed to "http://http://scoreboard-sit.wellsfargo.com:9704/analytics/saw.dll?bieehomemachinename:9704/analytics/saw.dll?bieehome" and shows Home Page instead of default dashboard.
  3.       Now at this stage, if I append "&startPage=1" to the above step 2 URL in browser, it automatically navigates to correct default dashboard.
  Also, This patch has fixed default dashboard in Act As. That means, If I act as a User, I land on correct default dashboard. But if same user actually logs in, s/he lands on home page.
  I suspect if URL redirection after login is the actual issue. Please suggest if anyone has an idea.
  Thanks,
  Akshat

  I think this was the issue -
  There was a java script error related to an undefined object, "accessMode" in logon.js.  This is related to Accessibility or Section 508 (checked by Developer Tools of IE).  We may have removed this code from the logon page which was causing the error. We had customized the page quite a bit previously. When I ignore the error and step through, I go to the correct portal path page. So we are going to replace the logon.js file with backup and hopefully it will fix the issue.
  Cheers!
  Akshat

• MDT 2012 - Auto login settings were gone at the end of the deployment

  I need to make some PC for public use (Has a local user account that no need to login)
  There's no problem for me to created the local user account and and its profile folder by using custom tasks.
  The auto login settings also successfully set by modify the registry or use Sysinternals - Autologon.exe
  But after the last restart of th PC (I set to restart at the end of the deployment), Windows stuck at the login screen.
  Then I found that all the auto login settings were gone (Both in the registry and netplwiz).
  Since this custom task is place near the end in the Task sequence (which means there should be no other task that can influence it). So, I suspect may be the Group Policy reset all those settings.

  I had the same problem, and these were my solutions:
  Comment out the relevant lines in LTICleanup. I tried to avoid this, in case any updates to MDT reversed the change. Also even if I documented it, it might not be apparent to another technician years down the line. I prefer to leave the MDT files unchanged.
  Create a script that runs after the task sequence has completed. This is the option I chose, and it was a bit more complicated than it appeared.
  What I did was as follows:
  Create a new AutoLogon Script application.
  The "application" must consist of two script files: install and autologon.
  The "install" script does the following:
  Copy the "autologon" script to a temporary folder on the local drive
  Create a new scheduled task which runs on startup, as the SYSTEM user, and runs the "autologon" script (using schtasks.exe)
  The "autologon" script does the following:
  Create the relevant registry keys to enable automatic logon.
  Delete the above scheduled task.
  Reboot the workstation.
  In the MDT task sequence, create a new task at the very end, which installs a single application. Choose the AutoLogon Script application.
  In your CustomSettings.ini, set FinishAction=REBOOT
  So at the end of your task sequence, the workstation will reboot. It will then run the autologon script after boot up, but will not autologon. When the script finishes, it will reboot again, at which point it will autologon with the details you specified.
  It's a little fiddly, but works for me.
  Johan Arwidmark has another method here, which might be even easier - http://www.deploymentresearch.com/Research/tabid/62/EntryId/122/Final-Configuration-for-MDT-2013-Lite-Touch-now-with-Autologon-support.aspx

• Limit a Windows 7 machine to 1 user login at a time

  I've searched everywhere for a solution to this but have not found anything outside of restarting the machine.
  I need to limit a Windows 7 computer to only allow one user logged in at a time. This machine has applications only allow one user to run them at a time. So if a user locks this machine and walks off and if the next user switches user and logs in, none of
  the programs will work because the first user's session is now suspended.
  Is there anything that will kick the suspended user off? So if a user forgets to log out and the screen is locked, the second user's login would force the first user to log off?

  I know this was 1.5 year ago, but people search the web for these solutions for years and for years these solutions continue to help others, but not when people are so very much OFF TRACK with what the OP asked for. It shouldn't surprise me, but it is astounding
  at how people do not communicate well and instead of reading what the OP asked for carefully the proposed answer here does NOT address the OP's question... it got the "BREEZE BY ANSWER".
  NOW - TO the OP Cherickson HERE's the BEST answer I've been able to determine on my OWN since ALLLLLLLLL of the other posts online I read ALSO were answered OFF TOPIC:
  DISABLE FAST USER SWITCHING (speaking from a Windows 7 environment)
  Here's the GPO to do it (Open Group Policy Management Editor on a DOMAIN or Active Directory server):
  Default Domain Policy [ServerNameHere] > Computer Configuration > Administrative Templates > System > Logon > Hide entry points for Fast User Switching
  Set Hide entry points for Fast User Switching to Enabled.
  FOR non-DOMAIN non-Group-Policy controlled PC's use "Local Group Policy Editor" via gpedit.msc
  (NOT NOT NOT "Local Security Policy" via secpol.msc) and visit:
  Local Computer Policy > Computer Configuration > Administrative Templates > System > Logon > Hide entry points for Fast User Switching
  Set Hide entry points for Fast User Switching to Enabled.
  Now, to be "EXACTING" here, this does not "PREVENT" multiple users from logging into the same PC at one time "per say", but it ends up having that effect on "PEOPLE" because "PEOPLE" are very predictable
  in a network environment and they aren't worried about saving PC resources for themselves or others... they just use the PC.
  Setting Hide entry points for Fast User Switching to Enabled REMOVES the option for users to "SWITCH USER" while they are logged into Windows (fat client) and it also removes the "SWITCH USER" from the Welcome/Logon screen,
  thereby forcing them to "LOG OFF" themselves (or whomever is logged in) manually and thereby then they are presented with an option to Log In using their own Windows user account. This is great, because it keeps the PC resources for just 1 logged
  in user at a time instead of you being called to examine a slow PC only to find that the lazy users out there left 2 or 3 or MORE users logged in at once despite being told 100 times or more that they shouldn't do that. :) EXPERIENCE??? :)
  Now, if you have an advanced user, doing things with other users logging in the background of their own user session (IE: RUN-AS on some shortcut lets say) then they should still be able to do all that jazz too even though Fast User Switching is turned off.....
  but this is usually pretty unlikely and usually that would be someone amongst the IT staff.
  So to summarize:
  Set policy "Hide entry points for Fast User Switching" to Enabled in order to have only 1 user logged on any given PC "at one time" - IE: Prevent concurrent Windows user Logins
  NOW.... I elect MYSELF and MY ANSWER as BEST ANSWER in this THREAD, because its the ONLY ANSWER that addresses the OP's request.

• Network user login keychain

  Guys,
  Got one of my network users using his network account - he has an RSS aggregator that's continually popping up and asking to use his login keychain password. I mean "continually" - 20-25 times a day. Now the reason it needs it is fine - he's accessing feeds from one of our own wiki servers which also authenticates using his network user account, however I've set it to "Remember this password" to no avail.
  I've even trashed his login keychain and created a brand new one, but still no joy. Has anyone got any incredibly helpful suggestions, lol?
  This is also posted in the 10.6 server section (since that's the OD server that manages his account).
  Thanks (hopefully) in advance,
  Matt

  Ok then, I got one for you. Similar sort of thing. Just created a 10.6 server, created all the relevant users within WGM, then imported the home folders from the previous 10.5 server. Ensured all new UIDs matched the UIDs from the 10.5 WGM because it then simplifies permissions - i.e. all the permissions are recognised by the new server automatically for the right users.
  Now for one of my users, her login keychain is never open by default. When you start Keychain Access (she's on 10.5.8 btw) you get the System keychain and the System Roots list of certificate authorities, but no login keychain.
  Have checked the permissions of her ~/Library/Keychains/ folder and they're correct, as are the permissions for ~/Library/Keychains/login.keychain.
  Double-clicking on the login.keychain file opens it up just fine in Keychain Access, however as soon as you close KA and re-open it, the login keychain's gone again.
  I've tried importing a keychain, adding an existing keychain (obviously the login one) and creating a new keychain called login, none of which work - there's no error, it just ignores me.
  I'd rather not create a temporary user account, transfer all the docsuments/mail etc, delete the original and recreate a new one using the old name and copy everything back, but unless someone can help me out, that's what I'm going to have to do.
  There has to be some guru's out there somewhere that can help???
  Thanks in advance,
  Matt

• By user login items to run UNIX executable file

  Hi all,
  Here is a plobem, I couldn't deal with for some days, please help me and give some advises .
  I want run a shell script when special user login the system, not all users.
  as I know and by test, the below methods are do the same work.
  1. System Preferences > Accounts > Login Items, add application and can run when user login.
  2. Two files: ~/Library/Preferences/com.apple.loginitems.plist or loginwindow.plist, and add useful items  to any of them.
  Because shell script can only open, but not run by "Login Items",  so at first I write a UNIX executable file , which is run the SH, and  gone into the System Preferences > Accounts > Login Items, add the UNIX file below, and set "Hide".
  When the user login the system again, it can auto open the terminal window, and run the UNIX exe file, but when the file end of exe, the terminal still open,
  and can't close. Here I have write command "exit" in the SH file, and the terminal show "the process has ended".
  I want the UNIX exe file  had better run in the backstage, if by terminal , how can make terminal hide?  or by what command can close the terminal ? 
  If it is not a good method,  whether there have any other way to  run the Shell Script flie in the backstage when certain  user login ?
  Here my Mac OS X workstation system is 10.5.8.
  please help me ,thank you .

  OK. My previous answer still holds. You don't need Terminal to run ssh, or AppleScript either, for that matter. What you do need is a process on the remote machine that will accept remote requests to run some appliction. It just so happens that sshd is such a program. I'm not sure about AppleScript. You may need to be logged on so that the Finder is running. I'm no AppleScript expert, so don't quote me. Again, I would just use ssh.

• How to allow multiple users login to a MAC PRO without interruption?

  I have a mac pro, which runs Yosemite, (2013 module) to be used as a server. However, I have difficult to let multiple users to use the mac simultaneously.
  Objective:
      One person uses the mac directly on his desktop, while the others to login remotely though VNC from PC (win 7/Linux).
      The users have their own workspace, and they will not interrupt each other.
  What I tried:
      I created two mange accounts on the MAC.
      Account 1 was used to directly login on the mac desktop.
      Account 2 was used to login to the mac from a PC though VNC. (I also tried this from a Centos workstation with the Tiger VNC viewer)
  Problem:
  When account 2 is login, the location monitor will automatically change to that account as well. Both accounts shared exactly the same screen, mouse & keyboard actions. It is impossible to let multiple users to use the MAC pro simultaneously without interruptions.
  If I use "hdiutil attach" to mount a dmg file though SSH with account 2, the folder will automatically show in the local desktop login with account 1.
  Question:
  I read something about the "Per-user screen sharing". It says, "You can remotely log into a Mac with any user account on that computer and control it, without interrupting someone else who might be using the computer under a different login." Is it possible to do this from a PC or Linux client?
  If the problem is simply due to the poor functionality of the build-in VNC service in Yosemite, I appreciate your help to suggest some other decent VNC server for Yosemite. I know the Vine Server (OSXvnc), but I failed to install it on the mac because it is incompatible with the Yosemite.
  Does the SSH is supposed to work in this way in OSX? I mean the local account can see the folder mounted by another account though SSH.
  If any specific version of Yosemite is required to allow multiple users to access a mac simultaneously? Just as the win 7 professional allow only one user to login in at each time. But with the remote desktop server of windows, multiple users are able to use the same computer at the same time without any problem.
  If you familiar with any of the above questions, please help. Any comments and suggestions are appreciated.
  I know the best way to get the solution is to direct call the apple support. However, it is really not easy to call them. Because it always results with long waiting time and then the people pick up the phone will transfer my call to an expert who will make me to describe the problem again.
  Since I'm not interested in the technique details of all the problems, it is also grateful if you would provide a direct instruction to let me setup the computer for the purpose.
  Thanks you very much for your kindly help.

  I cannot help with the screen sharing, although I have just tried it with a RealVNC client on an iPad and it seemed to work OK.
  However on the disk showing on all users desk tops have you unchecked the "ignore ownership on this volume" check box? You can check the drives permissions with CMD i command.

• Is there a way to create user logins or some other way to ...

  Is there a way to create user logins or some other grouping for a set of applications to use (memory) resources optimally -- for example only mail and Safari and Word in one grouping and another for Safari and an audio recording application, etc.?

  It is possible to use Parenal Controls to limit which applications can be used be a particular user account.
  But it's not really necessary as far as managing memory.
  Matt

• Error while Assigning database level role (db_datareader) to SQL login (Domain Account)

  Team,
  I got an error while creating a User for Domain Account. Below is the screen shot of the error (error : 15401)
  Database instance is on SQL 2000 SP3. ( I know it is out of support, But the customer is relutanct to upgrade)
  On Google search, i found below article which is best matching for this error
  http://support.microsoft.com/kb/324321
  I have follows each step of troubleshooting. But still the issue persists.
  Step 1. The login does not exist == The login is very much exist in the domain as i am able to add the same domain id to other database instances
  Step 2. Duplicate security identifiers == i have used this query to find duplicate SID
  /*  SELECT name FROM syslogins WHERE sid = SUSER_SID ('YourDomain\YourLogin') */
  But there was only one row returned with create date of today's.
  Error while Assigning database level role (db_datareader) to SQL login (Domain Account) 
  Step 3. Authentication failure == Domain is available. User is able to login on other servers via RDP connection.
  Step 4. Case sensitivity == Database collation is set to Case insensitivity. (CI)
  Other two 5. Local Accounts & 6. Name resolution == is not applicable to me.
  I tried other ways also.
  A. Creating login and providing permission in one go only = User account is not created
  B. Instead of GUI, use query to create login and provide required permission = Same error.
  Does anybody has faced any such situation
  Chetan

  See the below output
  srvid
  sid
  xstatus
  xdate1
  xdate2
  name
  password
  dbid
  language
  isrpcinmap
  ishqoutmap
  selfoutmap
  NULL
  0x010500000000000515000000A1F66E1BFC1DC75D26E72530A2B80400
  14
  20:25.9
  57:33.4
  UKBAA\LHRAPPMuttavarapuS
  NULL
  1
  us_english
  0
  0
  0
  Chetan