| Author | Messages | |
robertsingers
Posts:140
 | | 07/16/2008 5:40 PM |
| Hi Anthony. Does the version of Jinit you are using also create
"C:\Documents and Settings\%username%\Oracle Jar Cache"? That's where
I'd expect it to do the caching. If you're also using roaming profiles
you probably want to exclude this directory from roaming.
-----Original Message-----
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Anthony Kimmons
Sent: Saturday, 17 May 2008 4:53 a.m.
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Local Admin Rights Question
Hello again everyone.
Here is a follow up with what I found to be the problem.
Thank you very much to all those that responded with suggestions to help
troubleshoot my problem.
The most helpful suggestion was to run process monitor and see what
error messages were generated. It really documented what steps were
being taken by IE7 and Jinitiator to launch the web session.
The second most helpful suggestion was to be sure that the domain user
was granted explicit full rights to the Jinitiator program directory
tree.
I granted those rights, but still had the failed session problems.
I launched a successful session as the default machine admin, and
recorded the results with process monitor.
I then launched a failed session as the desired domain user, and
recorded those results as well.
Both cases generated a plethora of messages that appeared to be errors.
Most of them were not what was causing my grief. I finally found a
single error on the failed session that was not present on the
successful one.
Jinitiator was trying to create a file with a particular name every time
in the jcache sub-directory of the program directory tree. (The same
file name was specified regardless of the user running the app.) That
file already existed due to previous successful attempts as a local
admin. It is not cleared out and deleted at the end of the session.
When running as a local admin, it apparently deleted the file and
recreated it. When running as a domain user with rights to the
directory, it failed at that point. Evidently, the Jinitiator logic
would not delete the file that was created by another user with the same
identical filename, even though the user had the rights to do so.
I deleted the file in question, and now the domain user can run the
session. Jinitiator can create the file and the session works.
This solved the issue.
I have some questions remaining about why the symptoms appeared, can the
situation be duplicated again, what are all the other plethora of error
messages about, etc. But, quite frankly I do not have the time to
investigate further just for the sake of curiosity. I am on to other
tasks.
Thanks again for all of your advice that helped to solve this problem.
Anthony
Anthony Kimmons
Technology Coordinator
Mississippi School of the Arts
P O Box 229
Brookhaven, MS 39601
601-823-1354
>>> "Anthony Kimmons" <akimmons@mde.k12.ms.us> 05/08/08 2:04 PM >>>
Hello Gurus,
I have a question concerning local administrator rights.
Here is my setup:
Server/Network
Server 2003 Active Directory, single domain controller, Exchange 2003
member server, (both fully patched as of April) small network with Cisco
6509 core, and all Cisco Wiring Closet switches.
Workstation
Gateway units with XP Pro, IE7, fully patched as of April, joined to the
domain.
No group Policies in effect (I am still a newbie and doing things the
hard way  .
We use a Web based software application that requires a java plug in
(Jinitiator).
If I run the application logged in as the default local system
administrator, it works.
If I run the app logged in as a domain user, it won't work.
If I run the app logged in as a domain administrator, it won't work.
If I run the app logged in as a local administrator created on the
local machine with no domain rights, it won't work.
If I run the app as any other type user I can think of except the
default local administrator, then use the "run as" option and choose
the default local administrator, it won't work. (I have used this
option for a couple of other apps such as a web based mainframe
terminal emulation, and it did work. For this one, it will not.)
I do not want this secretary to run as a local admin for everything she
does.
Here is the question:
What rights does a default local administrator have that are missing
from a local user granted local machine administrator rights by adding
them to the "Machine Administrators Group"?
Can those rights be granted to a "created local administrator"? If so,
how?
Is there some way to grant "more rights" to the "run as option"?
Any guidance or pointing me in the right direction will be greatly
appreciated.
Anthony
Anthony Kimmons
Technology Coordinator
Mississippi School of the Arts
P O Box 229
Brookhaven, MS 39601
601-823-1354
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
########################################################################
#####################
This e-mail message has been scanned for Viruses and cleared by NetIQ
MailMarshal.
########################################################################
######################
############################################################
PLEASE NOTE:
The information contained in this email message and any
attached files may be confidential and subject to privilege.
Any opinions expressed in this message are not necessarily
those of the Department of Building and Housing. All technical
opinions are offered on a ?no-liability? basis. This message
and any files transmitted with it are confidential and solely
for the use of the intended recipient. If you are not the
intended recipient, you are notified that any use, disclosure
or copying of this email is unauthorised. If you have received
this email in error, please notify us immediately by reply email
and delete the original and any attachment(s). Thank you.
############################################################
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ma/default.aspx
| | | |
|
|