I'm afraid not. We use the 2012R2 DirectAccess, and it's a champ (with one caveat - I've had a fair amount of problems with Win10 1607, it loses connections with regularity, and I don't know if there's an update for either client or server that helps.)
For a backup (and those without company laptops to take home) we use an Aventail/Dell EX6000 for SSL VPN, and it Just Works. Kurt On Tue, Oct 18, 2016 at 10:55 AM, Melvin Backus <melvin.bac...@byers.com> wrote: > My apologies if I stepped too closely to those extremities. :) > > I'd really love to get this in place as it would solve more than one nagging > problem. Any words of wisdom to ease that journey? > > -- > There are 10 kinds of people in the world... > those who understand binary and those who don't. > > > -----Original Message----- > From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] > On Behalf Of Kurt Buff > Sent: Tuesday, October 18, 2016 1:20 PM > To: ntsysadm <ntsysadm@lists.myitforum.com> > Subject: Re: [NTSysADM] RE: CMAK profiles without admin rights > > Ah. I first configured DirectAccess with 2008R2 and UAG 2010, and have since > migrated to 2012 R2. That name change didn't catch up with me... > > And I resemble that remark - We're no more than 10 miles from the campus of > the Evil Empire, on the border between Redmond and Krkland... > > Kurt > > On Tue, Oct 18, 2016 at 9:24 AM, Melvin Backus <melvin.bac...@byers.com> > wrote: >> URA = Universal Remote Access = DirectAccess 2012 >> >> You know how our friends in the great NW like to rename things. :) >> >> >> -- >> There are 10 kinds of people in the world... >> those who understand binary and those who don't. >> >> >> -----Original Message----- >> From: listsad...@lists.myitforum.com >> [mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff >> Sent: Thursday, October 13, 2016 7:00 PM >> To: ntsysadm <ntsysadm@lists.myitforum.com> >> Subject: Re: [NTSysADM] RE: CMAK profiles without admin rights >> >> URA? I do not know this term. >> >> However, it looks like it might be related to DirectAccess, and I was going >> to make a snarky comment about you needing to implement that. >> It's so beautifully transparent, and just works. >> >> Kurt >> >> On Thu, Oct 13, 2016 at 12:00 PM, Melvin Backus <melvin.bac...@byers.com> >> wrote: >>> I just confirmed that this doesn't work, at least on my W10 box. UAC is >>> off, when you try to run either a route add to manually add a route or when >>> cmroute.dll runs to automatically update the routes you're prompted for >>> elevation and since the user isn't in the administrator group they can't >>> elevate. >>> >>> I've been working on getting URA in place anyway. Maybe this will >>> finally be the push to make it happen. :) >>> >>> -- >>> There are 10 kinds of people in the world... >>> those who understand binary and those who don't. >>> >>> >>> -----Original Message----- >>> From: listsad...@lists.myitforum.com >>> [mailto:listsad...@lists.myitforum.com] On Behalf Of James M. Pulver >>> Sent: Thursday, October 13, 2016 9:00 AM >>> To: ntsysadm@lists.myitforum.com >>> Subject: Re: [NTSysADM] RE: CMAK profiles without admin rights >>> >>> If the problem is the routes don't get published, you can put Users in >>> Network Configurator Operators group, and turn off UAC, and then normal >>> users can update their route maps. >>> >>> James Pulver >>> CLASSE Computer Group >>> Cornell University >>> >>> On 10/13/2016 07:46 AM, Melvin Backus wrote: >>>> Budget for this is nil but I'll have a look and see. The >>>> installation of the connectoid isn't the issue, it's all runtime >>>> when the user tries to connect to the VPN. >>>> >>>> >>>> >>>> -- >>>> There are 10 kinds of people in the world... >>>> those who understand binary and those who don't. >>>> >>>> >>>> >>>> *From:* listsad...@lists.myitforum.com >>>> [mailto:listsad...@lists.myitforum.com] *On Behalf Of *James Rankin >>>> *Sent:* Thursday, October 13, 2016 7:15 AM >>>> *To:* ntsysadm@lists.myitforum.com >>>> *Subject:* [NTSysADM] RE: CMAK profiles without admin rights >>>> >>>> >>>> >>>> You can use privilege management tools like AppSense Application >>>> Manager, RES, Scense and the like to configure specific files that >>>> can run with elevated rights. >>>> >>>> >>>> >>>> There's also tools like CPAU from JoeWare which can run scripts with >>>> elevated privileges so that you can get the profile build to complete >>>> maybe? >>>> >>>> >>>> >>>> *From:* listsad...@lists.myitforum.com >>>> <mailto:listsad...@lists.myitforum.com> >>>> [mailto:listsad...@lists.myitforum.com] *On Behalf Of *Melvin Backus >>>> *Sent:* 13 October 2016 12:05 >>>> *To:* ntsysadm@lists.myitforum.com >>>> <mailto:ntsysadm@lists.myitforum.com> >>>> *Subject:* [NTSysADM] CMAK profiles without admin rights >>>> >>>> >>>> >>>> Hello folks, >>>> >>>> >>>> >>>> We've been working on removing admin rights for users in our >>>> environment. One snag we've run into is related to our RAS VPN >>>> connections and CMAK profiles. In order to make everything work >>>> we're using CMAK to build the profile which includes routing, etc. >>>> We can't seem to find a way to get those to work without admin >>>> rights because cmroute.dll won't run without elevation. Any >>>> recommendations on how to get around this or possibly push the >>>> routes once during initial install and not have to run them at connect >>>> time? >>>> >>>> >>>> >>>> Thanks >>>> >>>> >>>> >>>> -------------------- >>>> Melvin Backus | Sr. Systems Engineer | Byers Engineering Company | >>>> 404.497.1565 >>>> >>>> Service Desk | 404-497-1599 | https://servicedesk.byers.com >>>> >>>> -- >>>> There are 10 kinds of people in the world... >>>> those who understand binary and those who don't. >>>> >>>> >>>> >>> >>> >>> >>> >> >> > >
