i can't edit users privileges in apex as below image, it show read only.
account screenshot
the privileges are:
User is a developer
Application Builder Access
SQL Workshop Access
Team Development Access
The user in question is an administrator, which includes all of the other privileges already. There's nothing more to assign, and you can't assign the other privileges individually unless you take away the administrator privilege first.
Related
Is it possible in Microsoft Intune to set up this policy that every time a user wants to download, copy, or delete something, the admin has to get the notification?
Is it possible to prevent the user from installing any app or software unless the admin grants permission? If the user wants to install something, the admin must grant permission.
If anyone has knowledge on these two types of policies, please send the required settings. It will be so helpful for me.
I tried using the AppLocker but it is blocking ever app installation so I need customized restriction
Is it possible in Microsoft Intune to set up this policy that every time a user wants to download, copy, or delete something, the admin has to get the notification?
On mobile devices, you can block downloads or copies by application protection policy (same for W10). Or if you have a license for DLP, you can use the technology to audit events. Don't forget the cloud apps.
Is it possible to prevent the user from installing any app or software unless the admin grants permission? If the user wants to install something, the admin must grant permission.
We don't use this option but in device configuration, there is some restriction option that can block these features
I see that you have the option of setting the default account in windows in Google-Workspace Admin as a standard user or a Administrator. I wanted to ask is it possible that if a particular user signs in he gets a local account while another user when he signs in ..signs in as Windows Administrator?
I want to have two Workspace accounts on the windows. One with no admin privileges and other with admin privileges and no local Admin accounts. Only Workspace accounts should be on the system. However, in Google Admin, if I choose standard then ALL the users become standard. That is not what I want. I want to be able to choose. Is this possible?
I've coded a programm that require to be run as an admin privileges. I'm aware that I can do that through going to property/Compatibility/Run as adminstrator in Windows but how can I do that if possible to make it programmatically, so that when launched programm automatically gained Adminstrator privilege level?
Yes, with an application manifest that requests admin privileges.
http://msdn.microsoft.com/en-us/library/bb756929.aspx
(This will still ask the user whether he wants that, of course. And if your account cannot have admin privileges, the user will also have to use Run As to choose a different account.)
On this page, it talks about Windows NT, 2000, XP and 2003. Fortunately, I have a Windows 7 machine.
The very first line says:
In User Manager for Domains, create a local user for the ColdFusion
service to log in as.
I don't see a "User Manager for Domains", so do they mean just "Add a new user"?
If it DOES mean that, can I use my own user account as the ColdFusion user, or should I specifically create a new account just for ColdFusion?
If you are creating a domain account it has to be created ON the domain - using user manager for domains connected to your domain controllers. If that's what you need then a sys admin has to help.
If you are doing a "local" user on a windows 7 I always end up hunting around for the right view of user manager before I get it right :) Here are the steps that I use:
Search from start and open the "user accounts" cpl.
Click on "Manage User Accounts"
Click on the "advanced" tab
Click on the "advanced" buttton.
This takes me to the mmc-like view of users that I'm accustomed to where I can add a user, change membership, set passwords etc.
Hope this helps :)
You can use your own username or you can create one for CF to run as. Creating a user to run CF as probably more closely replicates your production environment ( an assumption ) so if production for example writes to a UNC path the coldfusion user must have acces. You could
Mimic this locally.
You can use either an account local to the OS where ColdFusion is running, or a domain account if the OS is joined to a domain. In your case, you can just create a local user on your Windows 7 OS and run the ColdFusion Application Service as that user. The user account will need access to ColdFusion's installation folder, as well as read access to the webroot.
The whole idea is to run the ColdFusion service as a user with the minimum privileges necessary to handle requests and prevent access to other resources in the event of a data breach or remote code execution (e.g. someone exploits an upload form and manages to get their own CF code to run on your server; it's not pretty but can be somewhat restricted by running the CF service under a user account with restricted access).
As someone else mentioned, if CF needs access to other network resources, the user account will need to be granted access to those resources as well (either by using a domain account or having a local account with the same username and password on the remote system).
Just did this on Windows 2008 R2 with CF 10. The trick was to change the ownership of the c:\windows and c:\windows\system32 directories as outlined here.
change ownership from trustedInstaller
I am designing a Service to run under LocalSystem account on Win2000, XP and Vista. It will need access to users registry hives, sometimes for extended periods of time, both when the users are logged-in, and also, when they are not logged-in (IF the profile is local. If the profile is Roaming and not loaded, I will not attempt to load it.)
If the user is logged-on, I can get the Users access token by various means (E.g. from its Explorer process, or by receiving Logon events from the Service Control Manager) then use ImpersonateLoggedOnUser and RegOpenCurrentUser to access the User's hive. However, what are the implications if the User selects LogOff from the start menu while I am impersonating and have his hive open? Will the logoff be prevented? Will my impersonation be terminated?
If the user is not logged on, I can use RegLoadKey to directly open the hive NTUSER.DAT. (Impossible for a logged-on user). But what are the implications of this if the user decides to log-on (I suppose the hive will be locked and the logon either prevented, or may experience difficulty?)
I will be setting up some test projects to explore these ideas however, regardless of their apparent results, these questions are theoretical in terms of what type of problems might, or would, be caused by the user loggin in/out during these actions by the service.
Caveat: ImpersonateLoggedOnUser can ONLY be used either for a logged-on user (token obtained from process or SCM event) OR for a user for which I have the plaintext password to call WinLogon and obtain a token - TRUE / FALSE ? In other words although I have maximum permissions as LocalSystem and am able to change the user's password or even delete the user's account, if the user is not logged-on, it is totally impossible to create a new token to impersonate the user without having the the password?
Apparently, there is some risk of damaging a user's profile if it is already loaded by another process when the user logs in. In that case, the system will try to create a new subdirectory for the user.