Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Slightly scared Noob ?'s... Setting up admin/user account

R

rbswitch

macrumors newbie
Original poster
Feb 1, 2006
7
0
Been reading about the potenital issue with the "executable posing as a jpg" and find that I am one of the "dumb" noobies out there that set up the iMac Intel as default.

Please help...due to various reasons I am having to do a install(network constantly drops and apple tech want me to re install after erasing my hard drive).

So when I first set up the account the create user screen appears (floating cube - when you turn on machine for first time).

Prompts me for my aaple id(I gave it the one I have on the apple site), then prompts me for my .mac id.(gave it), then defaults a name for my home directory - which I changed and there you go...I have my iMac all set up.

It appears this must be the "admin" account I am reading about. I also set up all my mail accounts under Mail(consolidated my accounts to all route here) and set up my iTunes/iPod and everything is authorized...all under the account/user I set up at start up.

So...I am gonna go through this again..obviously....how exactly do I do this so that I have a seperate acocount that STILL has my correct apple id/.Mac id associated with it and is NOT an admin account.

You do not get these options at start up and in playing around if I set up a new user account I do not have my mail or .Mac or apple account attributes.

Please help as I do not want to run as an admin for the potential reasons that have been articulated in other threads - but also do not understand how I can create a user account that will associate correctly with my iTunes store account/apple account/iMac account and mail accounts?

I will do this from start up - so can someone PLEASE walk me through how to set this up - I do not have to worry about saving anything at this point - I will redo everything I have done.

Please help!!
Much Appreciated!!
Ron
 
frankblundt

frankblundt

macrumors 65816
Sep 19, 2005
1,271
0
South of the border
The easiest way is to set up the first account (the default one you start with) with everything you want to use on a daily basis (like mail etc) that uses already installed software. This account will be an Admin account.

When you've got it the way you want it, go into Prefs > Accounts and make a new account called Admin (or whatever) and give it a different password. Check the box on that account that says "allow this user to administer". This is now an Admin account too. It helps to "enable Fast User Switching" at this point also.

Log into the new account just to check it's working.

Go back to your original account and UN-check that same "allow this user.." box on your day to day account. This is now no longer an admin account.

That's it really.

Use the "managed" (non-admin account) for daily surfing, mail etc. and the admin account for troubleshooting, software update etc. and when installing applications (so that the admin account is the "owner" and they can't be tampered with without the admin password).

For the most part you don't even need to log in to do it, even from the managed account you can still change preferences and so on, but now it will ask you for the Admin account's password whenever you do anything potentially "dangerous"

It can actually be quite handy, because you can set up the docks differently for each account to reflect the different tools you need.
 
jsw

jsw

Moderator emeritus
Mar 16, 2004
22,910
44
Andover, MA
Great reply.

Note that if you call that second account 'admin', it is automatically made into an administrator account - you cannot have a non-administor 'admin' account.

So you won't need to check the box if you just call that account 'admin'.

Minor point....
 
frankblundt

frankblundt

macrumors 65816
Sep 19, 2005
1,271
0
South of the border
and this can be all be done retrospectively too (i did it last night on one of my macs that i'd never got around to :eek: )

it's just easier to do it right at the beginning because any software installed under an account's name keeps that account as the "owner", even if it's no longer an admin, and that software can then changed, moved, altered from the (now) non-admin account - so you need to go through it and change the ownership of it to the admin account, which is a bit of a pain manually, but dead easy with FileXaminer or BatChmod or Terminal (see below) or whatever.
 
R

rbswitch

macrumors newbie
Original poster
Feb 1, 2006
7
0
Thank You. Actually understood most of that.

Question...When I set up my mail account I downloaded several utilities that assited in the setup(AOL/G-Mail etc). Should I run those "downloaded programs" - as in did not come with the base system - as my admin acount and then demote it as suggested.

Or should I wait until after I have created the admin account and use the demoted user account to download the utilities and then set up the mail?

Thanks!!!!!!!!!
 
frankblundt

frankblundt

macrumors 65816
Sep 19, 2005
1,271
0
South of the border
Easiest to wait, then install them with the admin account, then set them up and configure them for use using your managed account. It's a bit tedious but otherwise leaves these apps open to abuse by trojans like yesterdays.
 
frankblundt

frankblundt

macrumors 65816
Sep 19, 2005
1,271
0
South of the border
Once you get the hang of managed accounts they can be extremely useful, especially if you have other people using the computer. You can set up managed, locked-down accounts for casual use (like a friend wants to "check" something on the net while he's over) or for tailored use (like for kids), each with their own dock layout, desktop and so on, and you can, as admin, control their use right down to what apps they're even allowed to run, whether they can alter Prefs, the Dock and so on.

It can seem a bit dictatorial but it's "for their own good" :p
 
R

rbswitch

macrumors newbie
Original poster
Feb 1, 2006
7
0
Great advice re the managed accounts. Wasn't too worried about it initially as each has their own computer. (All PC's so far except mine). But over the course of the last week, family members seem to want to use my iMac...

Groans......................So timing of this is helpful:) Now if I can just get it to work consistantly!
 
annk

annk

Administrator
Staff member
Apr 18, 2004
15,140
9,351
Somewhere over the rainbow
After creating a new admin account and changing my regular account so it no longer had admin privileges, I got help in another thread to change permissions on my regular user account, so that all my apps had the administrator as owner.

This can be done one by one, by opening the Get Information in the apps in the new admin account and changing ownership, or you can do them all at once in Terminal:

cd /Applications

sudo chown -R adminaccountname:admin *.app

Afterwards, you can type in

ls -la

to check that the permissions indeed have been changed.

Note: Another poster commented afterwards that he would not have changed permissions on all apps, only on those that were not owned by root.

You can see what these posters said here:

https://forums.macrumors.com/threads/180579/

...and here:

https://forums.macrumors.com/threads/180579/

Edit: Yet another poster offered another way to do it: https://forums.macrumors.com/showthread.php?p=2148349#post2148349
 
R

rbswitch

macrumors newbie
Original poster
Feb 1, 2006
7
0
annk said:
After creating a new admin account and changing my regular account so it no longer had admin privileges, I got help in another thread to change permissions on my regular user account, so that all my apps had the administrator as owner.

This can be done one by one, by opening the Get Information in the apps in the new admin account and changing ownership, or you can do them all at once in Terminal:

cd /Applications

sudo chown -R adminaccountname:admin *.app

Afterwards, you can type in

ls -la

to check that the permissions indeed have been changed.

Note: Another poster commented afterwards that he would not have changed permissions on all apps, only on those that were not owned by root.

You can see what these posters said here:

https://forums.macrumors.com/threads/180579/

...and here:

https://forums.macrumors.com/threads/180579/

Edit: Yet another poster offered another way to do it: https://forums.macrumors.com/showthread.php?p=2148349#post2148349
Click to expand...

Thanks. Although I must admit to getting a bit lost:eek:

I am gonna play around with this a bit before I do the (hopefully final erase/install) to see if I can get it working and my apps working the way I want. Have some concern on how MS Office will treat the "user" etc and quite frankly am just confused over the permissions stuff.(Verify/Fix permissions) Have seen unexplainable behaviors (for a non programmer type) in the system logs when running this.

The good new is since I have to do this again - I can play for a bit as I am going wipe it all away in a few hours. Which probably won't fix my network issue anyways...but apple tech support won't be satisifed until I do.

So treating this as a "learning" experience.

NOTE TO MODERATOR:
Would be very helpful if someone could create a guide for setting up the accounts properly from both a first time set-up (as in after re install or new Mac as well as after the fact).

I trapsed through the apple docs and support site for several hours today prior to posting and could not find anything that addressed these issues directly. Lots of stuff in servers - but what applied and didn't apply was beyond me.

Thanks again for the information and the quick responses.
 
frankblundt

frankblundt

macrumors 65816
Sep 19, 2005
1,271
0
South of the border
Permissions are reasonably straightforward. Anything you want to alter, use or look at you need permission to do so.

For apps, most people only need to use (execute) them, not alter them, which is why the owner and admin groups are generally set to read/write/execute and "others" to read/execute ( In "Get Info" it doesn't show "execute" - just set it to "Read only").

For documents and folders it will depend on how widely you want them to be editable as to whether you assign write permissions to just the owner or group or others. and whether you want them to be publicly visible will decide what to do with the "read" permissions.

If in doubt, "repair permissions" is actually pretty good at sorting it out after you've changed the ownership.

When it comes to MS, all bets are off!
 
M

moot

macrumors regular
Jun 30, 2004
170
0
in the great Asian wonderland
annk said:
After creating a new admin account and changing my regular account so it no longer had admin privileges, I got help in another thread to change permissions on my regular user account, so that all my apps had the administrator as owner.

This can be done one by one, by opening the Get Information in the apps in the new admin account and changing ownership, or you can do them all at once in Terminal:

cd /Applications

sudo chown -R adminaccountname:admin *.app

Afterwards, you can type in

ls -la

to check that the permissions indeed have been changed.[/url]
Click to expand...

Thanks for your help.

I did this process and then ran disk utilty to repair the permissions for Apple-made apps.

However some of my apps are in folders within the Application folder.

Can chown be run to change all the apps in folders lower down the hierarchy in the Application folder. It would be a pain to have to navigate into each folder and change them one by one.

Does anyone know of a solution to this?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom