Using non-administrator user to start/stop services

Similar Messages

• NI Update Service and non-administrative user

  On my Windows 7 PC I have 2 different users:
  a local Administrator user who can install application but can't navigate to the web (for security reasons)
  an User who can't install anything but can navigate to the web
  I launch NI Update Service under User account and it shows a list of available updates.
  I select one or more of these updates and I click on "Install" button
  Is asks me for the Administrator password, but then it gives a communication error with NI...
  Does it use Administrator user to download the updates?
  It should use it only to install and not to download
  Vix
  In claris non fit interpretatio
  Using LV 2013 SP1 on Win 7 64bit
  Using LV 8.2.1 on WinXP SP3
  Using CVI 2012 SP1 on Win 7 64bit, WinXP and WinXP Embedded
  Using CVI 6.0 on Win2k, WinXP and WinXP Embedded

  Yes, I tried but if I select "Run as administrator" Windows asks me for credential of an administrator account.
  I enter username and password, but my administrator account can't communicate to the web and so I get the error in the attached image (comm_err.jpg).
  As I wrote, I think that the problem is that NI Update Service uses the administrator user not only to install the programs but also to download them from the NI servers.
  I don't think this is OK because as shown in the attached install.jpg the button with the administrator shield is "Install", but after I click on it and enter the administrator credentials, NI Update Service tries to download the selected programs.
  But with my administrator user this is not allowed.
  It should download them with the user that launched it (with this user it is able to find the list of available updates) and use the administrator user only to install.
  Could someone from NI confirm that this is the behavior of NI Update Service, please?
  Vix
  In claris non fit interpretatio
  Using LV 2013 SP1 on Win 7 64bit
  Using LV 8.2.1 on WinXP SP3
  Using CVI 2012 SP1 on Win 7 64bit, WinXP and WinXP Embedded
  Using CVI 6.0 on Win2k, WinXP and WinXP Embedded
  Attachments:
  comm_err.JPG ‏27 KB
  install.JPG ‏63 KB

• App is getting damaged when I replace it as non-administrative user

  Hey people,
  When I want to update e.g. VLC Player, as an administrator, it is simple: I just download the dmg, mount it and drop the new version of the VLC.app into the Applications folder to replace the old VLC.app. Few days ago I created a new admin account and changed my old account  to normal user. If I want to install new software that I did not use before, everything works as expected: when I drop an .app package into the Applications folder, I need to type in the admin login and password to allow this operation, then the package will be copied and I can start the new app.
  My problem:
  If I want to update the software by replacing the app as non-administrative user, the system first will promt me to keep both files, replace an older one or to stop - so far so good. BUT, when I select to replace, the copying process actually begins before the administrator prompt and it results in corrupted file. I also tried to create a new user account. So then I need first to remove the broken app (admin prompt once again) and then to install the new one (3rd admin prompt).
  I attached some screenshots to visualize the issue. I have the same issue on two different macs with different  user/admin names. I hope you have any idea how can it be fixed.
  1. I download the package:
  2. Mount the package:
  3. Drag the VLC app to the Applications folder (selecting >Authenticate in the prompt)
  4. Copy prompt (>Replace):
  5. Authenticate with administrative user
  6. Error message:
  7. Corrupted file:

  Thanks, you helped me. I had gotten hung up on '--user = <vboxuser>' in the ExecStart line, which works for one of my other services, but not this one.

• Performance Tuning for non Administrator users

  Hi,
  Since i had performance issue on my cube i have followed tutorial:
  http://www.oracle.com/technology/obe/obe_bi/bi_ee_1013/aggpersist/aggpersist.htm
  to obtain best performance using aggregate tables.
  All works, but opening NQSQuery.log i've seen that only Administrator User uses aggregate tables, and not other users. In fact:
  Administrator User:
  WITH
  SAWITH0 AS (select sum(T209.SPESA_PRES0000004A) as c1,
  T202.Sesso00000057 as c2
  from
  SA_Nominat00000090 T202, (Aggregated table)
  ag_Fatti T209 (Aggregated table)
  where ( T202.Nominativo0000005F = T209.Nominativo0000005F )
  group by T202.Sesso00000057)
  select distinct SAWITH0.c2 as c1,
  SAWITH0.c1 as c2
  from
  SAWITH0
  Other user:
  WITH
  SAWITH0 AS (select sum(T32.SPESA_PRESCRITTA) as c1,
  T32.ASSISTITO__SESSO_LVLDSC as c2,
  T32.TEMPO_DIM_ANNO_LVLDSC as c3
  from
  STORDO_CUBE_CUBEVIEW T32
  where ( T32.TEMPO_DIM_LEVEL = 'ANNO' and T32.ASSISTITO__LEVEL = 'SESSO' )
  group by T32.TEMPO_DIM_ANNO_LVLDSC, T32.ASSISTITO__SESSO_LVLDSC)
  select distinct SAWITH0.c2 as c1,
  SAWITH0.c3 as c2,
  SAWITH0.c1 as c3
  from
  SAWITH0
  How can I do to obtain a query similar even for a non Administrator User?
  However, in your opinion, to have a TOTAL level for all dimensions, can me help to improve performances?
  p.s. In addition, aggregate measure value is wrong. It's 900, but it must be 300, infact the total of all rows in fact table is 300 and not 900. In this way, even the report result is wrong!!! Why?
  Thanks
  Giancarlo
  Edited by: user5380662 on 10-mag-2010 4.44
  Edited by: user5380662 on 10-mag-2010 5.47

  Hi daqstudent,
  What versions of Windows (with service packs), LabVIEW, and the DAQmx
  drivers do you have?  It looks like this issue should have been
  fixed in DAQmx version 7.4.  As a work-around, you should be able
  to use the Measurement & Automation Explorer (MAX) to create
  DAQmx Global Channels, and then use those saved Global Channels in LabVIEW. The
  configuration for DAQmx Global Channels in MAX is the same as that of
  the DAQ Assistant in LabVIEW. The only experience lost is seeing the
  actual DAQ Assistant icon in LabVIEW.
  Thaison V

• BI server start/stop services

  Hi,
  We have OBIEE installed on a unix server. Previoulsy I worked on OBIEE on windows server and would go to services and start/stop services. My question is if we modify the rpd and ftp it to unix server, do we have to stop and start the BI server for the modified rpd to work. Is it mandatory to stop the BI server, ftp the rpd and then start BI server again. Or if we do not stop the BI server and just do Refresh matadata from Answers..will this work? Thanks.

  Hi User,
  You should restart the services if u ftping the rpd to unix means deploying the rpd to effect the changes
  When comes to refresh metadata this ll work in case when the rpd opened in online mode and some one has made changes to get the available changes u have to do "Refresh Metadata"
  Thanks,
  Saichand.v

• Worth it? Auto start/stop services and change iptables rules

  I have recently set up a crontab to start/stop services based on my schedule, such as when I'll be home or away. I intend to only have a service running when I'll probably use it.
  I also integrated rules for iptables into the start/stop of the services (systemd), so they automatically modify rules to accept/reject on their ports when the services start/stop.
  I am behind a router, so I only forward outside ports I use like ssh (which is not on port 22). I manually forward ports, but am looking at UPnP. This is my home network so I should be able to trust the devices on it.
  Now, to my question. Is it worth the time and effort to set this up? Would it be fine to just enable the services I use, let them run and always have firewall ports open for them? I feel like it's good to limit the time that ssh is running, but what about services not open to the Internet? Resources aren't really an issue. What do you guys think?
  I enjoyed learning about systemd, iptables, and cron in the process of setting it up. I'd just like to also learn about how much benefit there actually is, or if anyone has other ideas. Or if it's something that could go on the wiki (not really cron, but maybe the iptables/systemd stuff).

  I'd say, if resources aren't an issue; why limit the time ssh is reachable from the outside? You should have PasswordAuthentication and RootLogin disabled anyway so your vulnerability doesn't really decrease by updating iptables? This script probably works fine until you forget about it and it makes a boo-boo; making your machine unreachable.

• Allow a windows non-administrator user to run cmd.exe as administrator without sharing administrator password with the user

  I have standalone Windows 2003 and 2008 Oracle database servers (they are not in a Windows domain environment ). The Oracle DBAs can perform all their routine activities from command line with administrator privileges. For this i've to either share administrator
  user password with the Oracle DBAs or add their windows login user to Administrators group. If i can give the DBA user permission to run windows command prompt without sharing administrator password, i can give them non-administrator login access to Windows
  2003/2008 server. Normally when a non administrator user would try to run a program as administrator on Windows 2008, the user is prompted to input administrator username/password. Is it possible to give non-admin user access to run a program/application (cmd.exe
  in this case) on Windows 2003/2008 without sharing administrator credentials with them?

  With the OTORISER application I developed, normal users can run applications with admin privilege …  
  Otoriser is totally free ! Applications, mmc consoles, control panel cpl files can be run under admin and system context with Otoriser. Let’s say you donot want your users to be admin in their machines, but want them to run some applications with admin rights.
  If this is the case then you are on the right blog.
  There are two components for Otoriser. Management and client components. There are no complex implementation and no frustrating steps to be performed. Within 10 minutes you can start testing the results
  After you download the setup files, install client components in the client by running it directly (or any deployment method you have), it will take about 5 seconds to install it. Then, let’s say you want your user to change system properties of the machine.
  With the tool provided in Admin package produce the hash of system.cpl file and enter that hash into the group policy (details are provided in documentation). When policies are applied for that user then he or she can run that control panel applet under admin
  context but donot forget that the user is still an ordinary user.
  download link :
  http://burakuysaler.wordpress.com/2013/02/21/with-the-otoriser-application-that-i-developed-normal-users-can-run-applications-with-admin-priviledges

• Allowing non-Administrator "Users" to use AEBS (1)

  I'm getting tired of always having to "Authorize" other "Users" on my computer without Administrator Privilege when they wish to connect to my "Closed" AEBS. How can I work around this issue so all "Users" can conect to the AEBS?

  It seems that I have originally stated the happenings incorrectly. It should been titled.
  Allowing non-Administrator (or Standard) "Users" to use the Airport Card freely
  I am both the 'Administrator' and the 'User' in this scenario.
  I log in as the 'User', without "Allow user to Administer this computer" checked in System Preferences. This is for enhanced security while surfing at home and also when using open networks on the road. This way an Authentication by the Administrator is required every time when changes to Mac OS X are about to occur.
  And, as far as I am aware, MY 'User' keychain has all the passwords I need to do what I need to do.
  It's when I am logged in as the 'User' and I go to 'Turn Airport on' (in the Apple Menu) that I get the 'Authenticate' window asking me to "Type an Administrator's name and password to make changes to Mac OS X".
  How do I get around having to 'Authenticate' every time 'User" needs to turn the Airport on?

• Windows Server 2008 - Group policy for domain client to start/stop services installed on it

  Hello Experts
  I am a newbie to windows server administration , though did a Google  , but ended up with these question with my requirements
  I have created a new domain and 2 client/computer (A & B namely) to domain . Now A & B has tomcat server running with port 8080 , 9090 which i have installed
  domain ADMIN account .
  && now i am want to start/stop/restart services enabled for domain users  !! How do i achieve this !!
  basic question : How can i access A & B tomcat services on DOMAIN CONTROLLER server to create a GPO and that are on (A & B)
  what is the easiest way to achieve the same , (if not using GPO)???
  similarly I am looking for many features : where I want to control the permission to user on (A & B ) like : If the binaries of tomcat is available on machine say : A , if the user can install (now
  it ask for ADMIN credentials) 
  Thanks
  Mike~Ed

  Controlling services with Group Policy is done under Computer Configuration\Policies\Windows Settings\Security Settings\System Services.
  The limitation is that system services can only see the services the computer running the Group Policy management console. To access other services, you will either need to create the services on your computer (install the software the adds the service)
  or install the remote server administration toolkit (RSAT) on the computer with the service already on it.
  If my answer helped you, check out my blog:
  Deploy Happiness

• Write errors when using non-administrator shared accounts

  Dear all,
  we're experiencing an apparently weird issue with our Xserve machines. The entire setup comprises of 4 Xserve, all of them running Lion Server, connected together and to the network of our institution through an Ethernet switch.
  I've set up an OpenDirectory master on one of these servers and created several shared user accounts for the various people working here (the /Users folder is hosted on that machine and shared across the other three). Users can access any of these machines via VNC.
  A few days ago a guy reported to me that he was getting random write errors when attempting to perform basic operations on his shared user folder (e.g., unzipping a file or running a software which write data on the disk). I had a look into it and found that the guy was right. When attempting to extract a zip archive (which, I'm absolutely confident, is a non-corrupted .zip file) from the Terminal - using his account - a few errors came out, like:
  error:  cannot create pybrain-pybrain-87c7ac3/pybrain/auxiliary/importancemixing.py
  error:  cannot create pybrain-pybrain-87c7ac3/pybrain/rl/learners/meta/meta.py
  Every single time I run the unzip command the errors are related to different files.
  Weirdly enough, the problem arises only when the user works on one of the three machines that don't host the shared /Users directory. Furthermore, it only applies to non-administrator accounts (if I try to perform the same operation using my admin account everything works smoothly, no matter on which machine I'm working). Promoting that guy to administrator (Server->Users->right click on the username->Edit User->Allow user to administer this server) made the problem disappear. Even more weird, after I removed the flag on "Allow user to administer this server" for that user, he is not experiencing the issue anymore.
  What the heck is going on?
  Cheers,
  Fabio

  1.  You can delete the Test1 and Test2 accounts if you log into your Administrator Account. Once in your Admin Account, open System  Preferences > Users & Groups and you will see and be able to delete the Test1 & Test2 accounts.
  2.  Leave your Guest account for, well, guest users.  Do not use it in the normal course of events.  When you log out of the Guest account, all the settings, caches, etc. are wiped, as are all files and folders that you may have saved in the Guest account home folder.  The Guest account is truly designed only for temporary, guest use.
  3.  Leave your Administrator account for use only for installing programs, doing system administration, managing accounts, etc.
  4.  User your named account as your regular account.  It appears to already be a User account.  The primary limitation is you cannot install programs in a regular User account.  This actually helps protect your Mac from viruses and other malware that would need to install software in order to corrupt your system.
  5.  You can turn off the need to enter a password when your computer sleeps in System Preferences > Security & Privacy > General.  UNcheck the option called "Require password for sleep and screen saver."

• Allow normal user to start/stop Tomcat

  Hi,
  Recently I deployed a web app at client's pc running on WinXP SP2. However, I'm not allowed admin rights to that local machine. Is there a way to allow normal user ( like my case) to start/stop Apache Tomcat services without requesting my client to log in as admin to perform this simple task?
  Thanks.
  Z

  salafrance wrote:A simple way would be to write a small C program to run systemctl setuid root.
  So perhaps like this?
  #include <stdlib.h>
  #include <unistd.h>
  int main(void)
  execl("/usr/bin/systemctl", "systemctl", "start", "calibre", NULL);
  return(EXIT_SUCCESS);
  compiled it, then "chown root:root test", "chmod u+s test" and it worked.
  But is this safe? I have absolutely no knowledge about potential security issues...
  I also have thought about periodically restarting calibre, but on the Raspberry Pi, with it's slow ARM, the start takes ages and the processor is completely busy with that task for some minutes.
  And that's the reason why I also want to avoid starting an entire second systemd session... Or is this not that resource intensive?

• Start/stop service log for workgoup server

  customer would like to know who start or stop the service on workgroup server.
  But we could not find such log. Is there any way to see this information?

  This one may help.
  http://windowsitpro.com/systems-management/access-denied-auditing-users-who-might-be-starting-and-stopping-services
  Regards, Dave Patrick ....
  Microsoft Certified Professional
  Microsoft MVP [Windows]
  Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

• Group Policy to Allow Non-Administrative Users to View All User Processes in Task Manager

  Hi All:
  Trying to get users with just Remote Services right (can remote in, no administrative permissions what-so-ever, to have the ability to view all processes by all users on the server.
  I would like to do through group policy, however I cannot seem to find a policy doing just this. Any ideas?
  2008 R2 Forest btw.

  Hi,
  Thank you for posting in Windows Server Forum.
  The connection permissions that are set in Remote Desktop Session Host Configuration also determine the actions that a given user can perform in Remote Desktop Services Manager. For example, a user must have at least the Remote Control special access permission
  to remotely control a user session by using Remote Desktop Services Manager.
  Please check below article for details.
  Configure Permissions for Remote Desktop Services Connections
  http://technet.microsoft.com/en-us/library/cc753032.aspx
  In regards to viewing process on RDSH server, can view the process in process Tab in RDSH manager.
  Managing Users, Sessions, and Processes
  http://technet.microsoft.com/en-us/library/cc732808.aspx
  Hope it helps!
  Thanks.
  Dharmesh Solanki

• Unable to view BIPub report in the Dashboard by Non Administrator users

  Hi All,
  I have created a BI Publisher report and added the same to the Dashboard, I can view it as the Administrator user but unable to view it as any other Users.
  I updated the privileges in the BI Presentation services and gave permission to Everyone for BI Publisher:
  Oracle BI Publisher Enterprise
  Add BI Publisher Reports to Dashboard - Everyone
  View BI Publisher Reports - Everyone
  Schedule BI Publisher Reports - Everyone
  Send BI Publisher Reports - Everyone
  Build BI Publisher Reports - Everyone
  Analyze BI Publisher Reports - Everyone
  but users still get the below error:
  The error message is :
  "Unauthorized Access: Please contact Administrator"
  Any help is greatly appreciated.
  Regards

  Hi Saichand,
  Thanks for the reply, I did add and it worked successfully; but the issue now is that I had assigned the XMLP_ADMIN, XMLP_DEVELOPER roles to this user and he now has XMLP Administration rights. Which is not very good.
  Is there any workaround to restrict XMLP Administration to this user and allow him just to view the BI Pub Report?
  Your comments are greatly appreciated.
  Best Regards
  B

• Install AM in JES WS container with JES WS installed using non-root user

  Does anyone know how to make Access Manager work when the Sun JES Web Server is installed using a non-root user? Is this even possible?

  Basically it is documented in JES install guide
  Sun Java Enterprise System 2005Q1
  Access Manager Configured to Run as a Non-root User Example . . . . . . . . . . . . . . . . . . . . . . . . . 120