Ah. I first configured DirectAccess with 2008R2 and UAG 2010, and have
since migrated to 2012 R2. That name change didn't catch up with me...

And I resemble that remark - We're no more than 10 miles from the
campus of the Evil Empire, on the border between Redmond and
Krkland...

Kurt

On Tue, Oct 18, 2016 at 9:24 AM, Melvin Backus <melvin.bac...@byers.com> wrote:
> URA = Universal Remote Access = DirectAccess 2012
>
> You know how our friends in the great NW like to rename things. :)
>
>
> --
> There are 10 kinds of people in the world...
>          those who understand binary and those who don't.
>
>
> -----Original Message-----
> From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] 
> On Behalf Of Kurt Buff
> Sent: Thursday, October 13, 2016 7:00 PM
> To: ntsysadm <ntsysadm@lists.myitforum.com>
> Subject: Re: [NTSysADM] RE: CMAK profiles without admin rights
>
> URA? I do not know this term.
>
> However, it looks like it might be related to DirectAccess, and I was going 
> to make a snarky comment about you needing to implement that.
> It's so beautifully transparent, and just works.
>
> Kurt
>
> On Thu, Oct 13, 2016 at 12:00 PM, Melvin Backus <melvin.bac...@byers.com> 
> wrote:
>> I just confirmed that this doesn't work, at least on my W10 box.  UAC is 
>> off, when you try to run either a route add to manually add a route or when 
>> cmroute.dll runs to automatically update the routes you're prompted for 
>> elevation and since the user isn't in the administrator group they can't 
>> elevate.
>>
>> I've been working on getting URA in place anyway. Maybe this will
>> finally be the push to make it happen. :)
>>
>> --
>> There are 10 kinds of people in the world...
>>          those who understand binary and those who don't.
>>
>>
>> -----Original Message-----
>> From: listsad...@lists.myitforum.com
>> [mailto:listsad...@lists.myitforum.com] On Behalf Of James M. Pulver
>> Sent: Thursday, October 13, 2016 9:00 AM
>> To: ntsysadm@lists.myitforum.com
>> Subject: Re: [NTSysADM] RE: CMAK profiles without admin rights
>>
>> If the problem is the routes don't get published, you can put Users in 
>> Network Configurator Operators group, and turn off UAC, and then normal 
>> users can update their route maps.
>>
>> James Pulver
>> CLASSE Computer Group
>> Cornell University
>>
>> On 10/13/2016 07:46 AM, Melvin Backus wrote:
>>> Budget for this is nil but I'll have a look and see.  The
>>> installation of the connectoid isn't the issue, it's all runtime when
>>> the user tries to connect to the VPN.
>>>
>>>
>>>
>>> --
>>> There are 10 kinds of people in the world...
>>>          those who understand binary and those who don't.
>>>
>>>
>>>
>>> *From:* listsad...@lists.myitforum.com
>>> [mailto:listsad...@lists.myitforum.com] *On Behalf Of *James Rankin
>>> *Sent:* Thursday, October 13, 2016 7:15 AM
>>> *To:* ntsysadm@lists.myitforum.com
>>> *Subject:* [NTSysADM] RE: CMAK profiles without admin rights
>>>
>>>
>>>
>>> You can use privilege management tools like AppSense Application
>>> Manager, RES, Scense and the like to configure specific files that
>>> can run with elevated rights.
>>>
>>>
>>>
>>> There's also tools like CPAU from JoeWare which can run scripts with
>>> elevated privileges so that you can get the profile build to complete maybe?
>>>
>>>
>>>
>>> *From:* listsad...@lists.myitforum.com
>>> <mailto:listsad...@lists.myitforum.com>
>>> [mailto:listsad...@lists.myitforum.com] *On Behalf Of *Melvin Backus
>>> *Sent:* 13 October 2016 12:05
>>> *To:* ntsysadm@lists.myitforum.com
>>> <mailto:ntsysadm@lists.myitforum.com>
>>> *Subject:* [NTSysADM] CMAK profiles without admin rights
>>>
>>>
>>>
>>> Hello folks,
>>>
>>>
>>>
>>> We've been working on removing admin rights for users in our
>>> environment. One snag we've run into is related to our RAS VPN
>>> connections and CMAK profiles.  In order to make everything work
>>> we're using CMAK to build the profile which includes routing, etc.
>>> We can't seem to find a way to get those to work without admin rights
>>> because cmroute.dll won't run without elevation.  Any recommendations
>>> on how to get around this or possibly push the routes once during
>>> initial install and not have to run them at connect time?
>>>
>>>
>>>
>>> Thanks
>>>
>>>
>>>
>>> --------------------
>>> Melvin Backus | Sr. Systems Engineer | Byers Engineering Company |
>>> 404.497.1565
>>>
>>> Service Desk | 404-497-1599 | https://servicedesk.byers.com
>>>
>>> --
>>> There are 10 kinds of people in the world...
>>>          those who understand binary and those who don't.
>>>
>>>
>>>
>>
>>
>>
>>
>
>


Reply via email to