Questions

UAC/logon scripts/con2prt with Windows Vista

+
0 Votes
Locked

UAC/logon scripts/con2prt with Windows Vista

CyberGar
We aquired our first Vista machine (for compatibility testing) recently and it's failing miserably in many areas!

We are using Windows Vista Business...

The first problem was with mapping network drives. Nothing would map correctly except the Home Folder option. I found that turning off UAC allows our drive mapping (NET USE) commands to function as intended. Great! Not a problem.

Hold the phone! I don't have my printers? Hmmmmm...

I have used the con2prt utility to connect users to printers for years. Seems that there is a known issue with connecting to printers when UAC is turned off:
http://support.microsoft.com/kb/937697/en-us

Ok... so what's an Admin to do? I have to have UAC off to map drives, but have to have it on to connect printers...

Any ideas on how this can be accomplished?
  • +
    0 Votes

    UAC

    Sue T

    Have you tried turning on UAC, connect your printers and then turn UAC off again? Just a thought but it may work. Good Luck.

    +
    0 Votes
    CyberGar

    This is how I connected to the printers (finally) on the test machine, but how does one do that automatically on a few hundred workstations? Is there another utility that can replace the aging con2prt that works within a login script with UAC off?

    Oh... free is best... :)

    +
    0 Votes
    Bestware

    I am not familiar with con2prt, but I can run the net use command to map drives and printers here on Vista with UAC on. The machine does have the elevate prompt for administrators turned off, but all I do is run a command prompt as administrator and enter the net use command. Just did it here fine a few minutes ago.

    +
    0 Votes
    CyberGar

    This is all happening during the Group Policy Logon script. Is there, a new option that can be set in Group Policy that will run the logon scripts as Admin for the Vista machine(s)?
    I can do all of this manually, once the machine is logged in, but this is all issues with scripts on startup BEFORE the user is logged in. In this case, me... Vista doesn't care one iota if the user is a domain admin or not... Sure, it's more secure, but VERY inhibiting to the process!

    +
    0 Votes
    ?/\/\?|???\/???

    http://support.microsoft.com/kb/937624
    After you turn on User Account Control in Windows Vista, programs may be unable to access some network locations

    +
    0 Votes
    Ralph S.

    But needs to be done on EACH workstation. Not fun for an IT person in a larger company.

    +
    0 Votes
    Alexxxxx

    when you use are trying to map or do anything within VISTA it is trying to auth with the account username you are logged in as. If you want to use net use you will need to use it with the username/ password parameters. Obviously include domain before username if you are on a domain

    +
    0 Votes

    RE

    Fil0403

    "We aquired our first Vista machine (for compatibility testing) recently and it's failing miserably in many areas!"

    Maybe it's not necessarily Vista that's "failing miserably in many areas", but the people who configure the machine, ever thought about that?

    +
    0 Votes
    CyberGar

    Dear Troll...

    Did you actually have anything constructive to contribute or are you only capable of insulting others when you have no idea what you are reading.

    I have acutally learned a great deal from the posts of those that have actually taken the time to read and consider the problem. I'm even understanding the "why" of things better thanks to the link by ?/\/\?|???\/??? (didn't think I could type that!)

    The Security policy change described would be difficult to deploy company-wide unless the change could be made through Group Policy on the domain. I'm looking into that now.

    Back to the "failed miserably" comment. Yes, it was an extreme comment considering I've only had a Vista machine on site for a couple of months. I am a big supporter of MS and everything they have done for not just the computer industry, but for the World in general. Without them, I wouldn't have the job I have now (and love BTW).
    I just find it very difficult to believe that after 5 years of developement, MS would have this UAC set up the way it is. Seems incredibly difficult to impliment the OS with the default settings. Considering 90% of all security problem begin with the user, I understand the "lockdown" approach, but too much of a good thing can be bad, too...

    Cheers!

    +
    0 Votes

    ...

    CyberGar

    ,,, nevermind... copy of other post...

  • +
    0 Votes

    UAC

    Sue T

    Have you tried turning on UAC, connect your printers and then turn UAC off again? Just a thought but it may work. Good Luck.

    +
    0 Votes
    CyberGar

    This is how I connected to the printers (finally) on the test machine, but how does one do that automatically on a few hundred workstations? Is there another utility that can replace the aging con2prt that works within a login script with UAC off?

    Oh... free is best... :)

    +
    0 Votes
    Bestware

    I am not familiar with con2prt, but I can run the net use command to map drives and printers here on Vista with UAC on. The machine does have the elevate prompt for administrators turned off, but all I do is run a command prompt as administrator and enter the net use command. Just did it here fine a few minutes ago.

    +
    0 Votes
    CyberGar

    This is all happening during the Group Policy Logon script. Is there, a new option that can be set in Group Policy that will run the logon scripts as Admin for the Vista machine(s)?
    I can do all of this manually, once the machine is logged in, but this is all issues with scripts on startup BEFORE the user is logged in. In this case, me... Vista doesn't care one iota if the user is a domain admin or not... Sure, it's more secure, but VERY inhibiting to the process!

    +
    0 Votes
    ?/\/\?|???\/???

    http://support.microsoft.com/kb/937624
    After you turn on User Account Control in Windows Vista, programs may be unable to access some network locations

    +
    0 Votes
    Ralph S.

    But needs to be done on EACH workstation. Not fun for an IT person in a larger company.

    +
    0 Votes
    Alexxxxx

    when you use are trying to map or do anything within VISTA it is trying to auth with the account username you are logged in as. If you want to use net use you will need to use it with the username/ password parameters. Obviously include domain before username if you are on a domain

    +
    0 Votes

    RE

    Fil0403

    "We aquired our first Vista machine (for compatibility testing) recently and it's failing miserably in many areas!"

    Maybe it's not necessarily Vista that's "failing miserably in many areas", but the people who configure the machine, ever thought about that?

    +
    0 Votes
    CyberGar

    Dear Troll...

    Did you actually have anything constructive to contribute or are you only capable of insulting others when you have no idea what you are reading.

    I have acutally learned a great deal from the posts of those that have actually taken the time to read and consider the problem. I'm even understanding the "why" of things better thanks to the link by ?/\/\?|???\/??? (didn't think I could type that!)

    The Security policy change described would be difficult to deploy company-wide unless the change could be made through Group Policy on the domain. I'm looking into that now.

    Back to the "failed miserably" comment. Yes, it was an extreme comment considering I've only had a Vista machine on site for a couple of months. I am a big supporter of MS and everything they have done for not just the computer industry, but for the World in general. Without them, I wouldn't have the job I have now (and love BTW).
    I just find it very difficult to believe that after 5 years of developement, MS would have this UAC set up the way it is. Seems incredibly difficult to impliment the OS with the default settings. Considering 90% of all security problem begin with the user, I understand the "lockdown" approach, but too much of a good thing can be bad, too...

    Cheers!

    +
    0 Votes

    ...

    CyberGar

    ,,, nevermind... copy of other post...