ABOUT ME

    -

    Today
    -
    Yesterday
    -
    Total
    -
    • Give Non Admin Account The Right To Install Software Mac
      카테고리 없음 2021. 3. 3. 06:31

      Jan 24, 2017  It allowed users to right click on an executable and get the option to install software and have the back end audit whether the software was permitted for install or not. For the most part it worked pretty well so long as a user was listed in AD as the owner of the machine they were trying to run it on. As soon I bind a Mac to the AD Domain, I usually log into the Mac with the user account. Of course, under System Preference, User & Groups, the user account is marked as: Managed, Mobile. My second step, is to make the user an Administrator account because I want to allow him/her to install/remove stuff from her/his Mac.

      Hi, i have a similar issue: needing to limit user access to administrator privileges on a shared mac. But i also have another issue in addition to that one: when i am logged in as admin and trying to open origin from inside the applications folder i got the following message-'In order to manage your games, Origin needs to install a helper tool. Office Product Release: License Type: Office Version: Build: Part Number: Download: Office 365: Subscription: 16.38.0: 1401 64-bit: Subscription. An admin account on a Windows PC enjoys more privileges than any other account types. This account can install apps and make modifications to the system easily without too many steps. However, sometimes you may want to enable allow users to install software without admin rights in Windows 10.

      Many Mac users have a complaint no administrator account on their Mac after High Sierra update. some users said that admin account changed to standard. If you are one of them, this article will help you to fix this issue.


      Solution 1: Restore a deleted admin account
      You should have saved a deleted user’s home folder to restore the deleted user account and user’s home folder.
      1. Launch Finder.
      2. Select Go->Go to Folder.
      3. Enter /Users in the pop-up box and then click “Go”.
      4. Open Deleted Users folder.
      5. Deleted user’s home folder will have the same name of your deleted user account, followed by (Deleted).
      6. Remove Deleted. Now this folder name will exactly match with your deleted user.
      7. Enter your Admin Name & Password and then click “OK”.
      8. Go to Apple menu->System Preferences->Users & Groups.
      9. Tap the lock icon.
      10. A pop-up menu will appear, then enter your Password.
      11. Click the + Plus symbol that is above lock icon.
      12. A pop-up box will appear. Select Administrator.
      13. Enter the name for new user. you can also give an old deleted username to the new one. Account name will be generated automatically.
      14. Enter the password for new user. Again enter the password to verify.
      15. Enter the password hint.
      16. Then click “Create user”.
      17. Click “Use Existing Folder”.
      18. Choose “Allow user to administer this computer”.
      19. Click “Ok” in the pop-up box.
      20. Select “Enable parental controls” and then click “Enable” in the pop-up box.
      21. Restart your computer via Apple menu->Restart.

      Solution 2: If Admin account has changed to Standard

      1. Go to Apple menu->System Preferences.
      2. Click Users & Groups icon.
      3. Select the Account that has changed to standard from admin.
      4. Choose “Allow user to administer this computer”.
      5. Click “Ok” in the pop-up box.
      6. Restart your Mac to approve changes.

      Solution 3: Create a new Admin Account

      1. Go to Apple menu->System Preference.
      2. Select “Users & Groups”.
      3. Tap the lock icon.
      4. A pop-up menu will appear, then enter your Password.
      5. Click the + Plus symbol that is above lock icon.
      6. A pop-up box will appear. Select “Administrator”.
      7. Enter the name for new user. Account name will be generated automatically.
      8. Enter the password for new user. Again enter the password to verify.
      9. Enter the password hint.
      10. Then click “Create user”.

      If you know any other solutions to fix this issue, let us know through your comment.

      Are you the designated IT person for your family, or maybe for your small business? If you are, then perhaps you’re getting a bit tired of everyone asking you to provide your administrator name and password every time a printer jams, an app needs updating, or Time Machine throws an error code.

      The Mac has a pretty straightforward model for assigning privileges to a user’s account, and in many cases, only the administrator has the right to stop, start, or pause services, such as pausing the print server when a printer jams. Only a user with administrator privileges can get the print server running again.

      (The print server always seems to enter a paused state when an administrator isn’t around to kick start it.)

      If you’re tired of running over to a user’s Mac just to enter a password so the print server can restart after a paper jam, then you may be thinking it’s time to give everyone admin privileges. And believe it or not, that may be a valid solution to the problem, depending on the competence and trustworthiness of your users.

      It is, in fact, the method we use; all users at our home and office are set up as administrators, relieving us of the more mundane tasks of Mac administration. But if you’re inclined to use the standard, managed, and administrator user models to ensure a bit tighter security, then this tip can help you keep your personal workload low, while allowing other users to perform routine tasks, such as resetting printers, without needing the local overlord to make an appearance.

      Mac User Accounts
      The first account created during the original setup of your Mac is an administrator account that includes elevated privilege levels that allow the account holder to manage the basic system. The Mac’s administrator account isn’t an all-powerful tyrant; it has a number of restrictions, including the inability to access another user’s data. It does, however, have power over all of the Mac’s system preferences, including the ability to add new apps, add new users, assign user groups, manage parental controls, set up accessibility options, and manage printers. You get the idea. If there’s a system preference pane for a service, users holding an administrator account can make changes as they see fit.

      (Some system preferences are restricted to those with administrator accounts, which can prevent Standard users from fixing common problems.)

      While the administrator is one type of account, the Mac OS supports additional types, including:

      Standard: Standard user accounts can install apps and change settings that affect only their own accounts. So, standard users can pick their own desktop wallpaper, customize the Dock, and set their own preference for how a mouse or track pad works. They can’t add or delete users, or change settings that would affect anyone else.

      Managed: Managed users are bound by the restrictions set up by Parental Controls. With Parental Controls, you can restrict the apps available, the websites that can be visited, and the contacts available to the user through various apps, such as Messages and Mail. Managed users can also have usage restrictions based on time, to ensure kids aren’t using their Macs when they should be sleeping.

      Sharing Only: Allows users to log in remotely and access their own files. It doesn’t allow general access to the Mac, or the ability to change any settings.

      Guest: Guest user accounts are for visiting family, friends, or clients who may need to use your Mac for a brief time, perhaps to check messages or access a website. All of a guest user’s data stored on the Mac is deleted automatically when the user signs out.

      Add Additional Administrators
      One method to help resolve the burden of administration is to spread the task around, allowing other trusted users to share the work. In general, this is a good idea; having a single administrator can cause problems if the administrator isn’t available when some task comes up that needs the admin password.

      (Standard and Managed users can have their privilege levels elevated to allow them to administer the computer.)

      The first step is to use the Mac OS Users & Groups preference pane to change the account type for the selected individual. In this example, you can change a standard user to an administrator.

      Of course, you must already be an administrator for this to work.

      If you’re not currently logged in to your administrator account, log out, and then log back in with the appropriate account.

      Launch System Preferences by clicking its Dock icon, or by selecting System Preferences from the Apple menu.

      In the System Preferences window, open the Users & Groups preference pane.

      Give non admin account the right to install software mac 2017Mac

      Click the padlock icon in the lower left corner, and then enter your administrator password. Click the Unlock button.

      Select the user account you wish to elevate to an administrator account from the sidebar list.

      Place a checkmark in the “Allow user to administer this computer” box.

      Note: If the account you wish to elevate is a managed user account, all parental control settings will be removed when the user is elevated to an administrator account.

      Provide Admin Privileges for Specific Tasks
      A slightly different approach is to provide admin-like capabilities to standard users, but restrict them to certain tasks. This is the way we fixed one of our headaches: clearing printer jams that cause the print server to pause. By giving all standard users admin rights to the Printer preference pane and print server, they can be their own printer administrator.

      This same concept of limited administrator rights works for a number of system preference panes, including:

      • Printers & Scanners
      • Date & Time
      • Energy Saver
      • Startup Disk
      • Time Machine
      • Network

      The Mac OS doesn’t currently have a method to selectively apply administrator privileges using the GUI, but there are a number of ways to elevate user privileges using the Terminal app. In this example, we’re going to raise the privilege levels of every user (except the guest account) to manage the printer system. This same technique can be used for any of the preference panes listed above.

      This method should work for any Mac running OS X Mavericks or later. It makes use of the authorization database that Apple introduced with Mavericks. This database is used to control the access rights for many different processes, such as printing, Time Machine, and networking. You’ll need to be logged in with your administrator account to make these changes.

      The process works by exporting the preference’s rules to a temporary property list file, then using the default write command to make changes to the file, and finally, reimporting the altered rights list back into the authorization database. This means you’ll need to execute three Terminal commands for each preference pane to which you wish to give non-admin access.

      Before you make changes to the authorization database, it’s a good idea to create a current backup of your Mac. Errors in making changes to the database can produce unexpected results; a current backup will let you recover to a known good state.

      If you’re ready, let’s begin:

      Launch Terminal, located at /Applications/Utilities.

      The following three commands allow general access to the System Preferences. They do not, however, give unrestricted access to every individual preference pane; it’s just the first step in the process.

      (The security command responds with YES or NO if the security change can be implemented.)

      Enter the following at the Terminal prompt. After each line is entered, hit Return or Enter on your keyboard.

      Note: Each command is a single line of text, but your browser may show them as multiple lines. You can copy/paste each line for easy entry into Terminal.

      /usr/bin/security authorizationdb read system.preferences > /tmp/system.preferences.plist

      /usr/bin/defaults write /tmp/system.preferences.plist group everyone

      /usr/bin/security authorizationdb write system.preferences < /tmp/system.preferences.plist

      Note: After the first and third lines are executed, Terminal will respond with the word YES if the command was carried out successfully or NO if there was a problem.

      To enable anyone to access the printer preferences as well as the print server, enter the following three lines:

      /usr/bin/security authorizationdb read system.preferences.printing > /tmp/system.preferences.printing.plist

      /usr/bin/defaults write /tmp/system.preferences.printing.plist group everyone

      /usr/bin/security authorizationdb write system.preferences.printing < /tmp/system.preferences.printing.plist

      The print server on your Mac uses its own special group to control access, so we need to enter the following command in Terminal:

      /usr/sbin/dseditgroup -o edit -n /Local/Default -a “everyone” -t group lpadmin

      The above example should allow anyone to manage printer issues that may come up, with one caveat: depending on the version of the Mac OS you’re using, an administrator account may still be needed to add printers.

      (After entering the Terminal commands above, the Printer & Scanner preference pane is unlocked for all users.)

      If you would like to add non-admin access to other preference panes that are usually restricted to an administrator, you should only need to change the word “printing” in the above example to the name of the appropriate preference pane. For instance, to allow everyone to access the Time Machine preference pane, the three commands would be changed to:

      /usr/bin/security authorizationdb read system.preferences.timemachine > /tmp/system.preferences.printing.plist

      /usr/bin/defaults write /tmp/system.preferences.timemachine.plist group everyone

      /usr/bin/security authorizationdb write system.preferences.timemachine < /tmp/system.preferences.timemachine.plist

      When granting access to a preference pane, the name you need to use in the Terminal commands is usually easy enough to figure out; in the example above, the Time Machine preference pane becomes just timemachine with no spaces or capitalization.

      Give Non Admin Account The Right To Install Software Mac Free

      The general rule for guessing the preference pane’s name in the authorization database is to remove any spaces in the name, provide the name in all lowercase, and remove the word “and” if present in the name.

      Give Non Admin Account The Right To Install Software Mac Pro

      Additional references: Security command, authorizationdb, defaults

      Be Sociable, Share This!

      Give Non Admin Account The Right To Install Software Mac 2017

      Prices, terms, and availability subject to change without notice. Not responsible for typographical, technical, or descriptive errors of products herein.
      OWC is on-site wind turbine powered at 8 Galaxy Way, Woodstock, IL 60098 | 1-800-275-4576 | +1-815-338-8685 (International)
      All Rights Reserved, Copyright 2018, OWC – Since 1988

      댓글

    Designed by Tistory.

    티스토리툴바