Admin Rights on Laptops: Difference between revisions

From CCMDB Wiki
Jump to navigation Jump to search
← Older edit
Bcloutier (talk | contribs)
admin
149 edits
m Text replacement - "[[Category: " to "[[Category:"
 
(12 intermediate revisions by 2 users not shown)
Line 1: Line 1:
''see [[User groups and rights on the wiki]] for the wiki related article
''see [[User groups and rights on the wiki]] for the wiki related article


Data collectors need admin rights on the laptops. Usually collectors are part of user group DAT_REGION_ICU_DATA_COLLECTION which is in turn in a group that gives it admin rights.  
Data collectors have some special rights to their laptops. They used to have admin rights (see [[#Legacy]]).  


== Adding admin rights ==
Usually collectors are part of user group DAT_REGION_ICU_DATA_COLLECTION, this used to be used to define some special rights, not sure if it is still.  
Anyone who is already an admin can set up another collector as an admin.  


# Click on start menu -> settings -> control panel -> user accounts '''OR''' Press [[file:windowsKey.jpeg|location=none|20px]] + R and enter 'control'
One above-normal right still set up as part of the [[Laptop Setup]] is full rights to c:\ccmdb_data and c:\ccmdb_program. This is to address "when the database exits irregularly when one collector is logged in, and then a second collector who is ''not'' an admin logs in and tries to use the software they get an error that ''the database is read-only''".
#* if you are not an admin you will get a message telling you so; get another collector at your site to log in and set you up
# click the ''Add'' button
# click the ''Browse'' button
# type the user id of the non-admin collector into the "enter the object name..." box and click "check names"
#* the name should be resolved, if it does, click ''OK''
# click ''Next >''
# click the radio button for "Other:" and make sure the dropdown says ''Administrators''
# click ''Finish''


== Why collectors need admin rights ==
Also they have rights to add to the all-users / public desktop, e.g. via [[Desktop install.bat]]
* admin rights are required to view and make changes to many settings; to avoid having collectors off-line while we make our way out to sites we need to be able to walk collectors through these over the phone since we don't have remote control access to the laptops
* when the database exits irregularly when one collector is logged in, and then a second collector who is ''not'' an admin logs in and tries to use the software they get an error that ''the database is read-only''; making the second collector an admin fixes this.
* during testing to run without admin rights with Brandon Deamel 2013-05 we found that [[TrueCrypt]] won't run without admin rights; we were going to see if we can change setup to not require admin rights but will put that on hold for now.


==Notes==
== Legacy ==
Ian explained: Admin rights are set based on group policies; workstations at HSC are added to a group that sets them up as Power users. Workstations in the Health_WPG tree (e.g. Vic) are added to a group that sets them up as administrators. If a PC already runs as administrator then it will ignore if you furhter set things to admin.
Data Collectors used to have admin rights on the laptops but have not had them since 2015-02.
I think there is a hole in his reasoning. He tested this theory and found it true for HSC Power users, however, that test would have had the same outcome if the group policies in all cases were set up to first strip out local rights. Anyway, I doubt we will get anywhere on this, and OAG is changing this, and chances are Mishael will try to get it changed further, so I will treat this topic as one-off for now. This means: if a laptop is moved to a location, confirm that admin rights are present and if not contact local desktop about it.


[[Category: IT Instructions]]
They used to be required to
[[Category: New Hire]]
* run TrueCrypt, which is no longer used.
* view and make changes to many settings; to avoid having collectors off-line while we make our way out to sites we need to be able to walk collectors through these over the phone since we don't have remote control access to the laptops; this was no longer an acceptable reason
 
== Related articles ==
{{Related Articles}}
 
 
[[Category:IT Instructions]]
[[Category:New Hire]]

Latest revision as of 11:29, 30 July 2025

see User groups and rights on the wiki for the wiki related article

Data collectors have some special rights to their laptops. They used to have admin rights (see #Legacy).

Usually collectors are part of user group DAT_REGION_ICU_DATA_COLLECTION, this used to be used to define some special rights, not sure if it is still.

One above-normal right still set up as part of the Laptop Setup is full rights to c:\ccmdb_data and c:\ccmdb_program. This is to address "when the database exits irregularly when one collector is logged in, and then a second collector who is not an admin logs in and tries to use the software they get an error that the database is read-only".

Also they have rights to add to the all-users / public desktop, e.g. via Desktop install.bat

Legacy

Data Collectors used to have admin rights on the laptops but have not had them since 2015-02.

They used to be required to

  • run TrueCrypt, which is no longer used.
  • view and make changes to many settings; to avoid having collectors off-line while we make our way out to sites we need to be able to walk collectors through these over the phone since we don't have remote control access to the laptops; this was no longer an acceptable reason

Related articles

Related articles:
Retrieved from "https://ccmdb.kuality.ca/index.php?title=Admin_Rights_on_Laptops&oldid=165747"