URA = Universal Remote Access = DirectAccess 2012 You know how our friends in the great NW like to rename things. :)
-- There are 10 kinds of people in the world... those who understand binary and those who don't. -----Original Message----- From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff Sent: Thursday, October 13, 2016 7:00 PM To: ntsysadm <ntsysadm@lists.myitforum.com> Subject: Re: [NTSysADM] RE: CMAK profiles without admin rights URA? I do not know this term. However, it looks like it might be related to DirectAccess, and I was going to make a snarky comment about you needing to implement that. It's so beautifully transparent, and just works. Kurt On Thu, Oct 13, 2016 at 12:00 PM, Melvin Backus <melvin.bac...@byers.com> wrote: > I just confirmed that this doesn't work, at least on my W10 box. UAC is off, > when you try to run either a route add to manually add a route or when > cmroute.dll runs to automatically update the routes you're prompted for > elevation and since the user isn't in the administrator group they can't > elevate. > > I've been working on getting URA in place anyway. Maybe this will > finally be the push to make it happen. :) > > -- > There are 10 kinds of people in the world... > those who understand binary and those who don't. > > > -----Original Message----- > From: listsad...@lists.myitforum.com > [mailto:listsad...@lists.myitforum.com] On Behalf Of James M. Pulver > Sent: Thursday, October 13, 2016 9:00 AM > To: ntsysadm@lists.myitforum.com > Subject: Re: [NTSysADM] RE: CMAK profiles without admin rights > > If the problem is the routes don't get published, you can put Users in > Network Configurator Operators group, and turn off UAC, and then normal users > can update their route maps. > > James Pulver > CLASSE Computer Group > Cornell University > > On 10/13/2016 07:46 AM, Melvin Backus wrote: >> Budget for this is nil but I'll have a look and see. The >> installation of the connectoid isn't the issue, it's all runtime when >> the user tries to connect to the VPN. >> >> >> >> -- >> There are 10 kinds of people in the world... >> those who understand binary and those who don't. >> >> >> >> *From:* listsad...@lists.myitforum.com >> [mailto:listsad...@lists.myitforum.com] *On Behalf Of *James Rankin >> *Sent:* Thursday, October 13, 2016 7:15 AM >> *To:* ntsysadm@lists.myitforum.com >> *Subject:* [NTSysADM] RE: CMAK profiles without admin rights >> >> >> >> You can use privilege management tools like AppSense Application >> Manager, RES, Scense and the like to configure specific files that >> can run with elevated rights. >> >> >> >> There's also tools like CPAU from JoeWare which can run scripts with >> elevated privileges so that you can get the profile build to complete maybe? >> >> >> >> *From:* listsad...@lists.myitforum.com >> <mailto:listsad...@lists.myitforum.com> >> [mailto:listsad...@lists.myitforum.com] *On Behalf Of *Melvin Backus >> *Sent:* 13 October 2016 12:05 >> *To:* ntsysadm@lists.myitforum.com >> <mailto:ntsysadm@lists.myitforum.com> >> *Subject:* [NTSysADM] CMAK profiles without admin rights >> >> >> >> Hello folks, >> >> >> >> We've been working on removing admin rights for users in our >> environment. One snag we've run into is related to our RAS VPN >> connections and CMAK profiles. In order to make everything work >> we're using CMAK to build the profile which includes routing, etc. >> We can't seem to find a way to get those to work without admin rights >> because cmroute.dll won't run without elevation. Any recommendations >> on how to get around this or possibly push the routes once during >> initial install and not have to run them at connect time? >> >> >> >> Thanks >> >> >> >> -------------------- >> Melvin Backus | Sr. Systems Engineer | Byers Engineering Company | >> 404.497.1565 >> >> Service Desk | 404-497-1599 | https://servicedesk.byers.com >> >> -- >> There are 10 kinds of people in the world... >> those who understand binary and those who don't. >> >> >> > > > >