URA = Universal Remote Access = DirectAccess 2012
You know how our friends in the great NW like to rename things. :)
--
There are 10 kinds of people in the world...
those who understand binary and those who don't.
-----Original Message-----
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Kurt Buff
Sent: Thursday, October 13, 2016 7:00 PM
To: ntsysadm <ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] RE: CMAK profiles without admin rights
URA? I do not know this term.
However, it looks like it might be related to DirectAccess, and I was going to
make a snarky comment about you needing to implement that.
It's so beautifully transparent, and just works.
Kurt
On Thu, Oct 13, 2016 at 12:00 PM, Melvin Backus <melvin.bac...@byers.com> wrote:
> I just confirmed that this doesn't work, at least on my W10 box. UAC is off,
> when you try to run either a route add to manually add a route or when
> cmroute.dll runs to automatically update the routes you're prompted for
> elevation and since the user isn't in the administrator group they can't
> elevate.
>
> I've been working on getting URA in place anyway. Maybe this will
> finally be the push to make it happen. :)
>
> --
> There are 10 kinds of people in the world...
> those who understand binary and those who don't.
>
>
> -----Original Message-----
> From: listsad...@lists.myitforum.com
> [mailto:listsad...@lists.myitforum.com] On Behalf Of James M. Pulver
> Sent: Thursday, October 13, 2016 9:00 AM
> To: ntsysadm@lists.myitforum.com
> Subject: Re: [NTSysADM] RE: CMAK profiles without admin rights
>
> If the problem is the routes don't get published, you can put Users in
> Network Configurator Operators group, and turn off UAC, and then normal users
> can update their route maps.
>
> James Pulver
> CLASSE Computer Group
> Cornell University
>
> On 10/13/2016 07:46 AM, Melvin Backus wrote:
>> Budget for this is nil but I'll have a look and see. The
>> installation of the connectoid isn't the issue, it's all runtime when
>> the user tries to connect to the VPN.
>>
>>
>>
>> --
>> There are 10 kinds of people in the world...
>> those who understand binary and those who don't.
>>
>>
>>
>> *From:* listsad...@lists.myitforum.com
>> [mailto:listsad...@lists.myitforum.com] *On Behalf Of *James Rankin
>> *Sent:* Thursday, October 13, 2016 7:15 AM
>> *To:* ntsysadm@lists.myitforum.com
>> *Subject:* [NTSysADM] RE: CMAK profiles without admin rights
>>
>>
>>
>> You can use privilege management tools like AppSense Application
>> Manager, RES, Scense and the like to configure specific files that
>> can run with elevated rights.
>>
>>
>>
>> There's also tools like CPAU from JoeWare which can run scripts with
>> elevated privileges so that you can get the profile build to complete maybe?
>>
>>
>>
>> *From:* listsad...@lists.myitforum.com
>> <mailto:listsad...@lists.myitforum.com>
>> [mailto:listsad...@lists.myitforum.com] *On Behalf Of *Melvin Backus
>> *Sent:* 13 October 2016 12:05
>> *To:* ntsysadm@lists.myitforum.com
>> <mailto:ntsysadm@lists.myitforum.com>
>> *Subject:* [NTSysADM] CMAK profiles without admin rights
>>
>>
>>
>> Hello folks,
>>
>>
>>
>> We've been working on removing admin rights for users in our
>> environment. One snag we've run into is related to our RAS VPN
>> connections and CMAK profiles. In order to make everything work
>> we're using CMAK to build the profile which includes routing, etc.
>> We can't seem to find a way to get those to work without admin rights
>> because cmroute.dll won't run without elevation. Any recommendations
>> on how to get around this or possibly push the routes once during
>> initial install and not have to run them at connect time?
>>
>>
>>
>> Thanks
>>
>>
>>
>> --------------------
>> Melvin Backus | Sr. Systems Engineer | Byers Engineering Company |
>> 404.497.1565
>>
>> Service Desk | 404-497-1599 | https://servicedesk.byers.com
>>
>> --
>> There are 10 kinds of people in the world...
>> those who understand binary and those who don't.
>>
>>
>>
>
>
>
>
