Question about User accounts

D

dmzambon

Registered
HI,

I need advice. I work in a creative dept at a company that is 98% PC and 2% MAC. We just got in 3 new Power PC G5 Quads with 512MB RAM. Our IT dept set up the computers this way.

Under accounts:
---------------
My account
(my name)
NETWORK USER
----------------------
Other accounts
(company name)
ADMIN

(help desk)
ADMIN

------------------------

OK. SO...I sign in with my network user password but I have no administrative rights which gives me limited control. I can't make a new folder on the hard drive without putting an admin password in, which I don't have, etc... I can't call IT everytime I want to add a font to Suitcase or make a new folder. I can save to my desktop. I realize this is because I'm saving to the home account I am logged in under.

How should this computer be set up? If My account is a network user account, do I still need a local account with admin rights? Do they just have to give me admin rights through my network user account in order to function?

The reason they want it set up this way is to have control and ownership of all computer equipment as they do on the PC side. Is there a way for them to have ownership and also allow me to have as much functionality and freedom as possible?

They did set up a local account for me on Friday with admin rights that, obviously is fine. I came in this morning and they deleted the account because they didn't want me to have a local admin account and now I have no access to anything I created and stored on the hard drive (no permissions) or to my local admin account because they deleted it.

Just an FYI... the only reason for us to be connected to their network is for them to have ownership. We don't save, work off of or copy files to that network. We have our own MAC server (Xserve) we save our files to.

I hope this makes sense. Is there an easy solution that I'm not aware of to make everyone happy?

Thank you,
DMZ
 
When you say that you cannot make a folder where are you trying to do this. You should basically won everything in your user directory on down. Can you make a folder there?
 
Yes I can make a folder in my user directory and save files to it. I am the only person that will be accessing this computer as an employee so I want to be able to save files to the hard drive too. ESPECIALLY, if I come in and IT DELETES my account/user directory with all my files in it. They did that on Friday. They don't understand for some reason that deleting my account, they delete everything in it....settings, files, etc...
 
Well, you'd have to really talk to the IT department about that. If they don't want to give you admin rights (understandable), the home folder _is_ where all your stuff goes. Just make sure they don't erase your home folder again. You'd lose all your settings and files again if they do that, regardless whether you "saved" something in a different place (only those files would be safe then).
 
'I can't call IT everytime I want to add a font to Suitcase or make a new folder.' - under the current configuration ... you (will) have to.

'How should this computer be set up?' - is a 'from whose perspective?' question. It has been set up - from the administrator's perspective; which you even state - 'The reason they want it set up this way ... as they do on the PC side.'

'Is there a way for them to have ownership and also allow me to have as much functionality and freedom as possible?' - yes, for them to identify you as an 'administrator' of that Mac.

'Is there an easy solution that I'm not aware of to make everyone happy?' - no. The IT personal have configured your account - to make them happy; and, (apparently) will not (re-)configure your account - to make you happy.

'They don't understand for some reason that deleting my account, they delete everything in it....settings, files, etc...' - ehj, yes they do.
 
Thank you for your response.

I wrote:

'If My account is a network user account, do I still need a local account with admin rights? Do they just have to give me admin rights through my network user account in order to function?'

Do I still need a local account under "other accounts" in order to be an admin or can they do that through the "Network User" account?
 
You need, at least, a local regular user account on the actual computer(s)

An admin account would be better, but a regular user account should suffice.

Depending upon how much authority you have in your position with
the company, you could always go to your immediate supervisor and
state your case as to needing admin access to the G5's.

If you do actually need admin access to do your job, your supervisor or
manager hopefully will realize this and tell IT to get their shit together
and quit screwing you around.
 
Here is the other side of the coin. I am an systems admin on the same type of network as you describe and I can say you definitely do NOT need an admin account. No user here has an admin account that they use to login on the network on either a Mac or PC, myself included.

The reason you cannot create a folder on your hard drive is that standard security prevents non admin accounts writing to anywhere other than their home folders, this should be the same for a Windows machine if it has been configured correctly. You say that your IT people didn't realise that removing your account removed your account, all I can say to that is they should not be doing the job if they were unaware of something as basic as that.

The Macs I am responsible for have the hard drives partitioned in two, one for the system and one for data to which anyone has read/write access. This set up works fine for all users. This will also help prevent data loss in anything other than a physical hard drive failure. If you or your IT people would like more detailed information about how I configure our systems please let me know.
 
Tommo said:
Here is the other side of the coin. I am an systems admin on the same type of network as you describe and I can say you definitely do NOT need an admin account. No user here has an admin account that they use to login on the network on either a Mac or PC, myself included.

The reason you cannot create a folder on your hard drive is that standard security prevents non admin accounts writing to anywhere other than their home folders, this should be the same for a Windows machine if it has been configured correctly. You say that your IT people didn't realise that removing your account removed your account, all I can say to that is they should not be doing the job if they were unaware of something as basic as that.

The Macs I am responsible for have the hard drives partitioned in two, one for the system and one for data to which anyone has read/write access. This set up works fine for all users. This will also help prevent data loss in anything other than a physical hard drive failure. If you or your IT people would like more detailed information about how I configure our systems please let me know.
Click to expand...

So, on your network, do you have it set up like this?:

Under accounts:
---------------
My account

My account
(my name)
NETWORK USER
----------------------
Other accounts

(nothing here or other
ADMIN ACCTS that the
IT guys have access to)

------------------------

Another problem we are having now is an employee with an exisiting ADMIN account under "MY ACCOUNT" is about to be changed to a NETWORK USER ACCT...

CURRENT SET UP:

---------------
My account

jsmith
ADMIN
----------------------

WHAT THEY ARE GOING TO SET IT UP AS:

---------------
My account

jsmith
NETWORK USER
----------------------

What is going to happen to everything in the "jsmith admin" account? Should we back up the whole home folder and any files and folders that reside on the hard drive created by that account? If we change permissions to all the files on the hard drive to "everyone can read & write" BEFORE they delete the "jsmith admin" account, will that make everything accessible?
 
Yes that is it, all users have a network account and there is one admin account on each machine for us to use for administrative tasks, usually done via ARD.

When they delete this users admin account they will get the option to delete immediately or backup the profile. If they take the second option it will create a disc image in a folder called deleted users which should contain everything from that profile. This can then be made available to the new network account or IT can copy the relevant files into the new network profile.

You would not want to change permissions on the system drive. Am I corrext in assuming your Macs only have one partition ? If so you could try connecting an external drive and have the user copy all their data to that which should then have read/write permissions on it.

Let me know how you get on.
 
Thank you for the information. I will pass it on. Yes, you are correct that our Macs only have 1 partition. I already had the user back up everything in their home folder and anything else they want to an external.

Thanks again for your help :-)
 
You must log in or register to reply here.
Back
Top