Posted: Wed Jul 07, 2010 1:00 am
Thanks, but it's already documented in the Wiki link given up-thread.
Community Discussion of Church Technology
https://tech.churchofjesuschrist.org/forum/
https://tech.churchofjesuschrist.org/forum/viewtopic.php?t=5288
That's essentially the technique that RussellHltn referred to above. In case you missed it, the direct link to the documentation in the wiki is under Preventionhttps://tech.lds.org/wiki/index.php?title=System_Date#Prevention.scgallafent wrote:It should be possible to create a separate account with administrator privileges and then modify the local security policy to remove the administrators group from the "Change system time" rights group and add just the specific user.
Missed that. That's what I get for thinking aloud late at night!RussellHltn wrote:Thanks, but it's already documented in the Wiki link given up-thread.
Not a bad idea. It seems a week or two (for General Conference) would be reasonable. Feedback and suggestions can be provided in the Wiki here.oregonmatt wrote:Since this problem seems to be a common theme, I think it would be a great idea for the software to check and see if the elapsed time from the current login date is reasonable (two weeks or less, maybe) and throw up a warning before allowing someone to completely log in. It always asks me the date when I start a tithing batch (but that is perhaps to allow backdating on 31 Dec...).
"Warning: Is is really August 4th? If it is, the clerks have really been slacking..."
Now to figure out where to give this feedback...
It's possible without having to create a separate administrator account. It's already been discussed here. RussellHltn also provided a link to this Wiki article in this thread. The problem, of course, is if the account is still an administrator account, then anyone can change it back.scgallafent wrote: It should be possible to create a separate account with administrator privileges and then modify the local security policy to remove the administrators group from the "Change system time" rights group and add just the specific user.
RussellHltn wrote:We would love to, but the MLS instructions specifically states that we're to use a common Administrator account for all MLS users. A few people have tried using a more limited account, but I don't know what their long-term success with upgrades are. There really is no way to do thorough testing given that we have no idea what the upgrades might be doing or when they'll arrive.
Doesn't a limited-user account stop send-and-receive as well? No receive, no updates.RussellHltn wrote:A few people have tried using a more limited account, but I don't know what their long-term success with upgrades are. There really is no way to do thorough testing given that we have no idea what the upgrades might be doing or when they'll arrive.
I suppose you could set rights such that a s/r would bomb when using a limited use account. You'd have to make sure that it fails gracefully. But there's still the issue that SLC wants us to use just one account for all MLS use. Having seen various JAR files in the user area, I'm not sure what would happen if you try and use different accounts for MLS.bbdd wrote:Doesn't a limited-user account stop send-and-receive as well? No receive, no updates.
Can't edit this wiki page. Mods, can we add this suggestion to the wiki? Thanks.crislapi wrote:Not a bad idea. It seems a week or two (for General Conference) would be reasonable. Feedback and suggestions can be provided in the Wiki here.
bbdd wrote:Why don't we use limited-rights user accounts on Windows for anyone who needs less than a clerk-level access? I don't understand why we run with admin-level accounts.
Done. It is now in the General section of that page.oregonmatt wrote:Can't edit this wiki page. Mods, can we add this suggestion to the wiki? Thanks.