Ah. I first configured DirectAccess with 2008R2 and UAG 2010, and have since migrated to 2012 R2. That name change didn't catch up with me...
And I resemble that remark - We're no more than 10 miles from the campus of the Evil Empire, on the border between Redmond and Krkland... Kurt On Tue, Oct 18, 2016 at 9:24 AM, Melvin Backus <[email protected]> wrote: > URA = Universal Remote Access = DirectAccess 2012 > > You know how our friends in the great NW like to rename things. :) > > > -- > There are 10 kinds of people in the world... > those who understand binary and those who don't. > > > -----Original Message----- > From: [email protected] [mailto:[email protected]] > On Behalf Of Kurt Buff > Sent: Thursday, October 13, 2016 7:00 PM > To: ntsysadm <[email protected]> > Subject: Re: [NTSysADM] RE: CMAK profiles without admin rights > > URA? I do not know this term. > > However, it looks like it might be related to DirectAccess, and I was going > to make a snarky comment about you needing to implement that. > It's so beautifully transparent, and just works. > > Kurt > > On Thu, Oct 13, 2016 at 12:00 PM, Melvin Backus <[email protected]> > wrote: >> I just confirmed that this doesn't work, at least on my W10 box. UAC is >> off, when you try to run either a route add to manually add a route or when >> cmroute.dll runs to automatically update the routes you're prompted for >> elevation and since the user isn't in the administrator group they can't >> elevate. >> >> I've been working on getting URA in place anyway. Maybe this will >> finally be the push to make it happen. :) >> >> -- >> There are 10 kinds of people in the world... >> those who understand binary and those who don't. >> >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of James M. Pulver >> Sent: Thursday, October 13, 2016 9:00 AM >> To: [email protected] >> Subject: Re: [NTSysADM] RE: CMAK profiles without admin rights >> >> If the problem is the routes don't get published, you can put Users in >> Network Configurator Operators group, and turn off UAC, and then normal >> users can update their route maps. >> >> James Pulver >> CLASSE Computer Group >> Cornell University >> >> On 10/13/2016 07:46 AM, Melvin Backus wrote: >>> Budget for this is nil but I'll have a look and see. The >>> installation of the connectoid isn't the issue, it's all runtime when >>> the user tries to connect to the VPN. >>> >>> >>> >>> -- >>> There are 10 kinds of people in the world... >>> those who understand binary and those who don't. >>> >>> >>> >>> *From:* [email protected] >>> [mailto:[email protected]] *On Behalf Of *James Rankin >>> *Sent:* Thursday, October 13, 2016 7:15 AM >>> *To:* [email protected] >>> *Subject:* [NTSysADM] RE: CMAK profiles without admin rights >>> >>> >>> >>> You can use privilege management tools like AppSense Application >>> Manager, RES, Scense and the like to configure specific files that >>> can run with elevated rights. >>> >>> >>> >>> There's also tools like CPAU from JoeWare which can run scripts with >>> elevated privileges so that you can get the profile build to complete maybe? >>> >>> >>> >>> *From:* [email protected] >>> <mailto:[email protected]> >>> [mailto:[email protected]] *On Behalf Of *Melvin Backus >>> *Sent:* 13 October 2016 12:05 >>> *To:* [email protected] >>> <mailto:[email protected]> >>> *Subject:* [NTSysADM] CMAK profiles without admin rights >>> >>> >>> >>> Hello folks, >>> >>> >>> >>> We've been working on removing admin rights for users in our >>> environment. One snag we've run into is related to our RAS VPN >>> connections and CMAK profiles. In order to make everything work >>> we're using CMAK to build the profile which includes routing, etc. >>> We can't seem to find a way to get those to work without admin rights >>> because cmroute.dll won't run without elevation. Any recommendations >>> on how to get around this or possibly push the routes once during >>> initial install and not have to run them at connect time? >>> >>> >>> >>> Thanks >>> >>> >>> >>> -------------------- >>> Melvin Backus | Sr. Systems Engineer | Byers Engineering Company | >>> 404.497.1565 >>> >>> Service Desk | 404-497-1599 | https://servicedesk.byers.com >>> >>> -- >>> There are 10 kinds of people in the world... >>> those who understand binary and those who don't. >>> >>> >>> >> >> >> >> > >
