Support in other languages: 
Reply
Blue Screen Again
mcanny
Posts: 3
Registered: ‎09-16-2008
Location: United Kingdom
0

Access Connections v4.52 - user rights in locked down environment

I'm currently working on a small project to deploy various Lenovo wireless drivers, Access Connections v4.52, Hotkey and Power Management drivers via SMS but have come across a slight issue with Access Connections that I can't seem to resolve.

I'm hoping to provide my locked down users with a selection of standard profiles that are copied to their machines on logon but would also like to give them the ability to create and modify new ones too - this is where I'm having problems.

Through Group Policy I have set:

Allow Windows users without administrator privileges to create and apply WLAN location profiles using Find Wireless Network function
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Lenovo\AccessConnection\EnableCreateProfilewithFWN 1

Allow Windows users without administrator privileges to create and apply location profiles
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Lenovo\AccessConnection\EnableUserMode 1


I have also manually set the following:

HKEY_LOCAL_MACHINE\SOFTWARE\Lenovo\Access Connections\Install\AllowPrfCreationThruFWN 1

I couldn't find a key for the 'EnableUserMode' option


Unfortunately, none of these give standard users access to create or modify profiles.

Have any of you come across this in your environment and if so did you manage to come up with a suitable solution?

Thanks in advance.
tah
Paper Tape
tah
Posts: 5
Registered: ‎02-02-2010
Location: Norway
0

Re: Access Connections v4.52 - user rights in locked down environment

Did you find a solution for this?

Blue Screen Again
mcanny
Posts: 3
Registered: ‎09-16-2008
Location: United Kingdom
0

Re: Access Connections v4.52 - user rights in locked down environment

Hi tah,

We came up with a final solution eventually, a combination of providing a default profile package to the users and then allowing them to create new locations using Group Policy.

A standard profile package was created using the Enabler tool (AdmEnblr.exe) and a standard password set on it - this <name>.loa file is created in C:\Program Files\Thinkpad\ConnectUtilities\LOA together with the file ___.sig

Copies of these were taken and stored on a network share for distribution to clients via a batch script that runs on logon - this allows the profile package to be updated if necessary and copied back to the location above on each machine.

In Group Policy a generic Laptop group has "Administrative Templates" for "Lenovo ThinkVantage Components/Access Connections" - within this there are a number of policies set:

--------------------

Allow Windows users without administrator privileges to create and apply WLAN location profiles usin...Enabled
Disable automatic location profile switching feature.Disabled
Disable check for updates feature.Enabled
Disable File and printer sharing during new profile creationEnabled
Disable Find Wireless Network function.Disabled
Disable internet connection sharing during new profile creationEnabled
Do not allow clients to become an Access Connections administrator.Disabled
Do not allow clients to change automatic location switching settings during new profile creationDisabled
Do not allow clients to change global settings.Enabled
Do not allow clients to create location profiles.Disabled
Do not allow clients to export location profiles.Disabled
Do not allow clients to import location profiles unless included in a distribution package.Disabled
Do not automatically include new wired/wireless profile in the roaming listDisabled
Do not automatically include wireless profile with no security in the roaming list during new profil...Enabled
Do not show Services menu during new profile creationEnabled
Do not show warning message when connecting to an unencrypted networkDisabled
Enable VPN connection during new profile creationDisabled
Enable windows firewall during new profile creationEnabled
Network security during new profile creationEnabled
Override home page during new profile creationDisabled
Override proxy configuration during new profile creationDisabled
Override TCP/IP and DNS defaults during new profile creationEnabled
Set default printer during new profile creationDisabled
Start applications automatically during new profile creationDisabled

--------------

 

This seems to be doing what we wanted it to - users get defaults that allow them to connect to known locations and then can add new locations on an adhoc basis without being able to edit the default ones.

I hope this helps explain things, if it's unclear please let me know - this might not be the best way to do this but it's working for us at the moment. If anyone else has any input on improvements please let me know.

 

Lenovo Staff
Herik
Posts: 1,591
Registered: ‎07-17-2009
Location: Slovakia

Re: Access Connections v4.52 - user rights in locked down environment

Hi,

the steps, that you performed are correct.
However I would not do the last step:

HKEY_LOCAL_MACHINE\SOFTWARE\Lenovo\Access Connections\Install\AllowPrfCreationThruFWN 1

 

This might cause confusiong.

 

I have just tested it in here and it's working fine with the 5.x version of AC

 

Cheers

Lenovo Staff
Herik
Posts: 1,591
Registered: ‎07-17-2009
Location: Slovakia
0

Re: Access Connections v4.52 - user rights in locked down environment

You are quicker them me :smileywink:

 

Cheers

tah
Paper Tape
tah
Posts: 5
Registered: ‎02-02-2010
Location: Norway
0

Re: Access Connections v4.52 - user rights in locked down environment

Thanks for informative post mcanny :smileyhappy: 

Blue Screen Again
mcanny
Posts: 3
Registered: ‎09-16-2008
Location: United Kingdom
0

Re: Access Connections v4.52 - user rights in locked down environment

 

Glad to be able to offer some help :smileyhappy: