09-16-2008 02:18 AM
02-05-2010 03:46 AM
We came up with a final solution eventually, a combination of providing a default profile package to the users and then allowing them to create new locations using Group Policy.
A standard profile package was created using the Enabler tool (AdmEnblr.exe) and a standard password set on it - this <name>.loa file is created in C:\Program Files\Thinkpad\ConnectUtilities\LOA together with the file ___.sig
Copies of these were taken and stored on a network share for distribution to clients via a batch script that runs on logon - this allows the profile package to be updated if necessary and copied back to the location above on each machine.
In Group Policy a generic Laptop group has "Administrative Templates" for "Lenovo ThinkVantage Components/Access Connections" - within this there are a number of policies set:
|Allow Windows users without administrator privileges to create and apply WLAN location profiles usin...||Enabled|
|Disable automatic location profile switching feature.||Disabled|
|Disable check for updates feature.||Enabled|
|Disable File and printer sharing during new profile creation||Enabled|
|Disable Find Wireless Network function.||Disabled|
|Disable internet connection sharing during new profile creation||Enabled|
|Do not allow clients to become an Access Connections administrator.||Disabled|
|Do not allow clients to change automatic location switching settings during new profile creation||Disabled|
|Do not allow clients to change global settings.||Enabled|
|Do not allow clients to create location profiles.||Disabled|
|Do not allow clients to export location profiles.||Disabled|
|Do not allow clients to import location profiles unless included in a distribution package.||Disabled|
|Do not automatically include new wired/wireless profile in the roaming list||Disabled|
|Do not automatically include wireless profile with no security in the roaming list during new profil...||Enabled|
|Do not show Services menu during new profile creation||Enabled|
|Do not show warning message when connecting to an unencrypted network||Disabled|
|Enable VPN connection during new profile creation||Disabled|
|Enable windows firewall during new profile creation||Enabled|
|Network security during new profile creation||Enabled|
|Override home page during new profile creation||Disabled|
|Override proxy configuration during new profile creation||Disabled|
|Override TCP/IP and DNS defaults during new profile creation||Enabled|
|Set default printer during new profile creation||Disabled|
|Start applications automatically during new profile creation||Disabled|
This seems to be doing what we wanted it to - users get defaults that allow them to connect to known locations and then can add new locations on an adhoc basis without being able to edit the default ones.
I hope this helps explain things, if it's unclear please let me know - this might not be the best way to do this but it's working for us at the moment. If anyone else has any input on improvements please let me know.
02-05-2010 03:53 AM
the steps, that you performed are correct.
However I would not do the last step:
HKEY_LOCAL_MACHINE\SOFTWARE\Lenovo\Access Connections\Install\AllowPrfCreationThruFWN 1
This might cause confusiong.
I have just tested it in here and it's working fine with the 5.x version of AC