User's rights

Similar Messages

• How to create the file on a location where user having rights?

  Hi,
  I have requirement, in my application a lot program thatcreating a report in a file and it is written into a user location. Now it specified directly like ( c:\ or d:\......).
  The problem is that the user doesn't have rights to access that directories. What i suggest or feel i want to create that particular reports on a location where the end user having rights.
  Basically in Windows system %userprofiles% having right to do anyting. Suppose the OS installed in C: the %userprofiles% c:\documents and settings\username or D: then D:\Document and settings\username.
  How to achieve this please help me.
  Good help will be appreciated.
  kanish

  Hello,
  The best practice would be to create the file in My Documents for the current connected user to the windows.
  Unfortunately, you did not mention your forms version. In older version like 6.x there is function in d2kwutil library called Read_Registry in win_api_environment section and in latest versions the same function availble in webutil library with client_ name.
  So, you can read the registery for current connected user by using the above mentioned function from the following path of registry.
  My Computer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
  There is an entry called Personal. Read the path from that entry at runtime while generating/saving file to the client's location and save the file into that path.
  -Ammad

• Run with User's rights not working as expected

  I have a VBscript that runs the Quest Client Profile Updating Utility for migrating Outlook e-mail profiles to a new Exchange Server.  For this tool to work it must be run using the User's security context when the user is logged onto the computer. 
  What I have found is that the script fails to run because SCCM is running the script with elevated privileges.  The program is set with 'Only when a user is logged on' and a run mode of 'Run with user's rights'.  The advertisement is set to run from
  a distribution point and has two mandatory re-occuring schedules (Logon, and at 6:00 a.m. every day).
  To test what is happening I created a separate Program that has the same program settings but only runs 'Cmd.exe /k echo' for the command line.  If I run this SCCM program as a user who is not a member of the local administrators group
  I can execute privileged programs like regedit.exe.  If I run the Command Prompt from the Start\Accessories folder and try to run Regedit I receive an 'Access denied' message.  It appears SCCM is running with elevated privileges.
  Does SCCM run a program with elevated privileges?  How can I make a program run without elevated privileges.
  thank you for your help.

  Actually I ran into a similar issue today trying to gather info about mapped network drives and found this thread when trying to troubleshoot it.  Here's a summary of what I've done:
  I have an SCCM package set up to run a script to dump the users' mapped drives to a text file.  The program is set to run only if a user is logged on and to run in the logged on user's context.  UAC is enabled.  For users who are members of
  the local Administrators group, the resulting text file was empty, as if no drives were mapped.  Running the script manually (not via SCCM, just double-clicking the script) populated the text file with the expected results.  So the script works correctly. 
  I suspected SCCM was running the package elevated, since drives mapped in the non-elevated context aren't visible to the elevated context.
  To test, I created another package & program that runs a command I know requires elevation (ipconfig /registerdns) and pipes the output to a text file. I configured it in the same way, and for users who are in the local admin group, the text file results
  indicate that the command ran successfully (which means it ran elevated). If I take the user out of the local admin group, making no changes to the package, then run the package again, the text file results say "This command requires elevation."
  So, it appears SCCM is running with the highest elevation level for which the user has rights.  I guess this makes sense, and it's not doing anything the user wouldn't normally have rights to do, but it does cause a problem when a program needs to run
  under the user's non-elevated token.  Any suggestions?
  Thanks,
  Matt

• Problems Managing User Access Rights for Web Gallery

  Has anyone else had issues changing the user access rights for a web gallery? It seems like the access is everyone or no one. Are the user rights handled per event in the gallery? I had issues adding events to the user's view/download rights in the publish settings.
  Also, can these settings only be set when an event is first published? Attempting to change the user access rights after the event is published seems to require a re-upload of the images.
  Any thoughts?

  Problem solved.
  I had to put the following lines in the specified "0000_any_80.my.website.conf" file:
          <Directory "/Library/WebServer/subdomain.domain">
                  Options All +MultiViews -ExecCGI -Indexes -Includes
                  AllowOverride None
                  # For Password protection
                  AuthType Digest
                  AuthName "Password Protection"
                  require valid-user
                  <IfModule mod_dav.c>
                          DAV Off
                  </IfModule>
          </Directory>

• How to extract a users designate rights or group contacts

  Greetings,
  We're running OCS9.0.4.2 on RedHat EL3
  In Calendar, how do I extract a users designate rights or their personal groups? I'm unable to find a way to do this using any of the 'uni' Calendar Server Utilities or Calendar SDK.
  I am intending to migrate our OCS calendar to Oracle Calendar Standalone 10.1.2 on RedHat EL4
  I've been able to succesfully extract everything except designate rights or personal groups.
  much appreciated,

  Hi vincent,
  You can make the presence of all fields which you don't want them to be printed as Visible (Screen Only) , and the other fields presence as Visible.
  This will let only the needed fields to be printed.
  Hope this help.
  Regards,
  Mohammed

• Drilldown based on user access rights

  Hi
  I have a bar chart which displays monthly sales for Region A, Region B.
  I would like to know if it is possible to restrict drilldown based on user access rights (I'll get this from database and i know if the user has access or not when clicking, but i don't know how to disable the drill down or stop drilling down when user has no access rights)
  Thanks
  yesvee
  Edited by: yesvee123 on Jun 2, 2010 2:03 PM

  Hello Yesvee,
  Database security does not exist in CR Designer, only in Trusted Authentication but it doesn't support Row security. You'll have to use one of our other Products to get this feature/functionality.
  Call Sales for more info on which Products would be best suited for your needs and pricing.
  Thank you
  Don

• User access right / permission function

  how can i write a function user access right?
  How can i save the url in database, and then different user enter the ui have different ui/function display.

  The only solutions and they could get messy would be to create alternate rollups with the different combinations you want the users to see and filter on that. There might be a way to do a similar thing with an attribute dimension, but both approches would be rather messy. There is no "Create a summary on the fly" type of processing which is what you want.

• Removing User Admin Rights

  I am currently assisting in managing a domain of 3-4000 users. All of our users have administrative privileges on their machines. We are looking into several different ways of removing these administrative rights for obvious security reasons.
  I have read about privilege management software like Avecto, but it would be great if you could utilize something like Restricted Groups in Active Directory or SCCM 2012R2 to achieve this somehow.
  I read about Restricted Groups here:
  http://www.windowsecurity.com/articles-tutorials/windows_os_security/Using-Restricted-Groups.html
  I am wondering if we can achieve this by deploying these Restricted Group GPO's.  I understand that these GPO's are linked to computer accounts though, but from what I am under the impression I can restrict adding accounts to the admin group and explicitly
  allow other accounts.
  Our AD functional level is 2008R2 and 99% of our workstations are running Win7 32-bit.  Has anyone had any experience removing user administrative rights without purchasing third-party software?

  We are in the process of deploying Avecto Privilege Guard (new name is DefendPoint).
  We are doing this in conjunction with revising our GPP-Local Users & Groups settings (which we decided to use some time ago, instead of using classic Restricted Groups).
  You'll need to use some method (and GP seems to be a good one) to take control of the local Administrators group membership.
  Avecto PG can/will block all attempts to modify that group (due to its anti-tamper protections), but, presumably like us, you will need to evict unauthorised members of that group, and then protect that group from further modifications.
  We also found, that the anti-tamper protections of Avecto PG, even prevent GP from cleaning up the group members, and it was suggested to us by Avecto support, that we create Avecto PG policy which allows the LocalSystem to bypass the protection. (GP CSE's
  like this, will run in LocalSystem context)
  You don't need Avecto PG to remove admin rights, you can do it with Domain GP. But, how do you maintain that position/integrity? And, how do you then allow users to perform some tasks, tasks which require privilege but your organisation approves of those
  tasks being performed by users, but Windows doesn't allow that?
  There are many types of technical controls to implement "security" (if that is your goal), but, you will find that each and every control can be bypassed with enough time and effort. Especially if your users are the determined type of person, who
  also considers that their need to "do that thing" will make them productive/happy - they will ignore all company policies in pursuit of that productivity/happiness (or so it seems to me from my experience)
  IT Support efforts/costs will rise, not drop - we are seeing this already.
  Hatred towards IT (both systems and the people in IT) is also rising.
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• HT2470 allow user full rights ie save files in any location, change file attributes etc - how, where?

  how and where do I give my user full rights ie to save files in any location, change file attributed(from read only ) etc

  The simplest way is with the chmod Terminal command.
  Warning: unless you know exactly what you are doing, you are almost certain to break something with indiscriminate use of this command. Make sure at least your data files are backed up (& ideally in offline storage) before you experiment with this command, & note that you can mess things up enough that you will have to reinstall the OS to recover.

• Authorization in which user receive rights to see specific node in Orgunit

  Dear SDN's,
  We have Organizational Unit Hierarchy.
  We need to provide authorzation for the Org.Unit Hierarchy in which user receive rights to see specific node in Orgunit hierarchy.
  For example manager of MIC can see only MIC node, Manager of  0VTH ATL can see only 0VTH ATL.
  (1)Made Org.Unit info object as authorization relevant
  (2)created authorization object for Org.unit and given authorization fileds ORGUNIT,TCTAUTHH,ACTVT,9YPVCALVL,9YPVCGRP,1KYFNM,9YPVCALVL2 in that authorization object.
  (3) Assigned Authorization object to the Role.
  Please let me know how to give rights to user to receive rights to see specific node in Orgunit hierarchy.
  For example manager of MIC can see only MIC node, Manager of  0VTH ATL can see only 0VTH ATL.
  Thanks and Kind Regards,
  Lakshman Kumar G

  Hi Lakshman Kumar G,
  Where are you up to with this??
  Have you assigned the org unit value in RSECADMIN to the analysis auth?  Once this is done assign the analsis aut to the user.  In the query you will need a filter on org unit which uses an authorisation variable.  This should do the trick.
  This whole process can be automated using standard DSO's.  Please refer to the SAP help below.
  http://wiki.sdn.sap.com/wiki/display/BI/Authorization%20in%20SAP%20NW%20BI
  http://help.sap.com/saphelp_nw04s/helpdata/en/59/fd8b41b5b3b45fe10000000a1550b0/frameset.htm
  http://help.sap.com/saphelp_nw70/helpdata/en/52/6715a2439b11d1896f0000e8322d00/frameset.htm
  http://help.sap.com/saphelp_nw2004s/helpdata/en/01/a7fb3a72a05546e10000000a114084/frameset.htm
  Get back to me if your stuck.
  Cheers.

• How do you get a list of all the machines a user has rights to remote control?

  Is there a way to get a list of the workstations that a user has rights to
  control?

  Wsixsmith,
  It appears that in the past few days you have not received a response to your
  posting. That concerns us, and has triggered this automated reply.
  Has your problem been resolved? If not, you might try one of the following options:
  - Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp
  - Check all of the other support tools and options available at
  http://support.novell.com.
  - You could also try posting your message again. Make sure it is posted in the
  correct newsgroup. (http://support.novell.com/forums)
  Be sure to read the forum FAQ about what to expect in the way of responses:
  http://support.novell.com/forums/faq_general.html
  If this is a reply to a duplicate posting, please ignore and accept our apologies
  and rest assured we will issue a stern reprimand to our posting bot.
  Good luck!
  Your Novell Product Support Forums Team
  http://support.novell.com/forums/

• Given the the user the right to save site template

  Hello,
  how can i give a user the right so save a site as site template. Being in the "Site Owners" group didn#t seem to be enough to do that.
  Like written in the manual: https://support2.microsoft.com/kb/2420856?wa=wsignin1.0
  the menu entry "Save site as template" just don't exist for all "Site Owners" users.
  Thank you.

  Hi Mafrei,
  Thanks for posting your query, Saving a site as a template creates a Site Template.
  Creating a web template in Visual Studio using the new WebTemplate feature creates a Web Template.
  When the Publishing features (web or site collection scoped) are activated it is not supported to save your site as a template. If you do want to save your site as a template using the SharePoint user interface you should not activate the publishing features.
  If you do need to activate the publishing features you should create web templates using Visual Studio instead of saving your site as a template through the user interface.
  I hope this is helpful to you. If this works, Please mark it as Answered.
  Regards,
  Dharmendra Singh (MCPD-EA | MCTS)
  Blog: http://sharepoint-community.net/profile/DharmendraSingh

• How can I give an user the right to change passwords

  I'm still absolute server beginner, so I have to ask here.
  How can I give users the right to change passwords or to view calendars?
  I didn't find it, yet.
  I've found an option to change rights, when I click on the user with two fingers (right mouse button). But all options in this menue are grey.

  Hi Holger,
  These are two fundamentally different issues. I'll try to address them each. For both you will need to have OpenDirectory set up (see the Users Next Steps list in the Server app). Once that is done. Additionally you will need the Server Admin Tools 10.7. Once you have them installed, you can specify the OpenDirectory password requirements for users
  User Passwords in OpenDirectory
  On the server, open Server Admin app.
  Connect to you server, then click on the OpenDirectory service.
  Click on the Settings icon.
  Click on the Policies tab.
  Click on the Passwords sub-tab, and you can set all the criteria for password requirements here.
  Resetting Passwords
  Users must log in as network users on the client computer.
  Once logged in, to change the password, open System Preferences.
  Click on Users & Groups.
  The user icon will be a silhouette with stars in the background. This means it is a network user. Click on the Password tab at the top.
  Click the Change Password ... button to change the password.
  Calendars in iCal are much like RSS feeds: users need to subscribe to them, like we discussed in our other posting. Network users will automatically be given a network iCal calendar, and will be automatically subscribed to it. However, if you want to automatically add subscribed calendars to network user's accounts, you will need to use ProfileManager.
  On the server, open Server app.
  Click on the Profile Manager menu item.
  Make sure that iCal service is running (green indicator next to it). Click on the "Include configuration for services: ...". Make sure the iCal icon is listed there.
  Click the "Sign configuration profiles" checkbox.
  Turn Profile Manager on.
  Once Profile Manager has loaded (the gear at the bottom right will no longer be spinning), go ahead and click the Open Profile Manager link.
  Log into Profile Manager as your directory admin user.
  Click on the Groups menu item to give all users of a specific group access to the wiki calendar. This is best if you have a wiki for a group and want to share that calendar. Use the Everyone group to add this calendar for all users.
  Click on Users to give access to only specific users.
  Edit the profile for the group(s) or user(s) you selected by highlighting that group and clicking the edit button.
  Scroll down and select the CalDav item on the left.
  Click configure. Here you will need to enter the specific details for that callendar based on the subscription details you get when subscribing to the calendar via the wiki.
  After all that you still need to configure each client computer to be set up for profile management, which really is a topic of its own. I recommend the following tutorials:
  Installing OS X Lion Server
  OS X Lion Server Administration Tool Tour
  Setting Up Profile Manager on OS X Lion Server
  Using Profile Manager on OS X Lion Server
  Hope this helps, good luck!
  ~Mike

• How can I create a user with rights to install packages on a publish instance?

  Hi,
  I am trying to create a user with the rights to upload and install content packages on a CQ publish instance and I do not wish to use the admin user.  Simply adding a new user to the administrators group does not seem to be enough.
  I tried adding a rep:GrantACE node through crx de/explorer but it reported the node as locked.  I was able to upload a content package that removed the rep:DenyACE jcr:read for everyone, but this is not safe it seems.
  Is there some special privilege that I need to add to my user/group that will allow them to access the /etc/packages tree or do I just need to add some permission somewhere within the tree.
  Regards,
  Chris

  With some help from David Collie, Alex Klimetschek & Jörg Hoh I have a better idea of what is going on and we've found a solution. 
  It seems that the admin account always works in these scenarios as it has special privileges in the CRX security system; admin can do anything it likes.
  Instead of creating the rep:GrantACE nodes directly, I was able to add a new ACL entry for the administrators group to /etc/packages via the Access Control Editor (http://localhost:4502/crx/explorer/ui/aceditor.jsp?ck=1373027669916&Name=acEditor&Path=%2F etc%2Fpackages&_charset_=utf-8). 
  Strangely, the administrators account already had some inherited rights on this directory that were overridden by the deny|everyone|jcr:read ACL entry on /etc/packages node.  Adding allow:administrators|jcr:read gives any member of that group access to read and write to the /etc/packages. directory.
  Now that I have setup this user we can setup a deploy step in out CI build that does not rely on using the admin account.
  Thanks
  Chris

• How to disable the Super User menu - (Right click windows icon menu) - Server 2012 R2 - RDS

  Greetings all,
  Can anyone please advise how to remove the Administrator / Super User menu that appears when you right click the Windows Icon (old start button) in Server 2012 R2 - for RDS users. I have searched and been able to disable access to each of these menu items (Control
  Panel, Event Viewer, Run, etc). But I am searching for a way to completely remove the menu. This menu also appears when you use Win-X shortcut.
  Hope someone can help.
  Terry

  Hi Terry,
  You can try following points, might helpful in your case. Go to 
  C:\Users\Default\AppData\Local\Microsoft\Windows 
  there you will see file called WinX 
  Right click this file and copy then go to
  C:\Users\YOUR_USERNAME\AppData\Local\Microsoft\Windows 
  then paste the file into the folder.
  NOTE: replace YOUR_USERNAME with your actual username. 
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• CC for teams with Managed Desktops (ie no user admin rights)

  HI,
  Just getting started with CC for Teams. I like the concept of assigning users, but finding some lumps in our environment: Windows 7 with managed multiuser desktops. USers have limted rights on their workstations and cannot install software. Also we have users who use more than 1 system or use a system in a confernece room while in collaborative meetings.
  So users cannot download from adobe and run installer - no rights. Oh well its really slow anyway....Oh yeah updates - those don't work as well either....
  I need to distribute the apps to the workstations and allow users to sign in and out. I can see that I may be able to get it to work with SCCM, but for now to test I logged in as admin, signed into CC, installed an app, then logged out of cc.
  Invite UserA to the team.
  UserA logs in, starts app, signs into CC - all good so far. But to sign out user gets an error - please start in administrator mode.
  WHAT!?? userA needs does NOT need admin priveleges to sign in but DOES need them to sign out???
  Is there a resolution for this or some kind of workaround? Otherwise I have to log into the workstation as admin to log the user out? That pretty much defeats the value of the admin console.
  BTW - It really would be even nicer it it just use their windows credentials (or have the log in mechanism manage the CC connection) - log in to the desktop and you are good to go - log out and you are signed out of cc as well.
  PS - please fix the multiple license acceptance thing - feel like I'm using the nav system in my car - ONCE is enough...

  Same problem here, on Mac OS X. Maybe someone at Adobe can elaborate on what they were thinking and how they're going to address this issue...