When a user attempts to connect through 802.1x running on IAS, they cannot connect. IAS eventlog reports event ID 2, Reason Code = 65, permission for the user account was denied.
Once user has been confirmed to be member of proper AD group with permission in IAS' Remote Access Policies (RAP), check user's AD account to confirm their "Dial-In" setting to be "Control access through Remote Access Policy".
Thursday, February 3, 2011
Wednesday, September 22, 2010
Excel "File not Found" when running a Macro (*.tmp)
If a user receives an error in Excel while running a macro, and the error message is like
File Not Found c:\...\local~\temp\2\vb514.tmp
Check the user's My Documents permission. User must have modified permission for VBA to work properly.
Remove BlackBerry IT Policy
If you are decommissioning an corporate /BES based Blackberry to personal BIS use, you may need to remove the existing IT Policy. The easiest way to do this is:
- Ensure BB has OS 4.5 or newer.
- Connect BB computer
- in command prompt, goto
c:\program files\common files\research in motion\apploader
(64 bit OS should go to c:\program files (x64)\common files\...) - run "LOADER.exe /resettofactory"
Thursday, December 17, 2009
Windows 7 and KIX scripts
Logon Kix script that has worked for years stopped working under Windows 7. It goes through the routine like it worked, but in Explorer or CMD, the drive are not there. When the script is manually ran after login, the mapped drives shows up.
Turns out to be a UAC related issue. As explained in MS KB 937624, with UAC enabled, users with administrative membership are logged in with two access tokens, restricted and administrative. When the logon script runs, it runs with the administrative token. When the desktop starts, it starts with the restricted token. Because the two events were started with different access tokens, it's like two different users logged on. They can't see each others drives.
So, the fix is to enable "EnableLinkedConnections". In the registry, set it this way:
Turns out to be a UAC related issue. As explained in MS KB 937624, with UAC enabled, users with administrative membership are logged in with two access tokens, restricted and administrative. When the logon script runs, it runs with the administrative token. When the desktop starts, it starts with the restricted token. Because the two events were started with different access tokens, it's like two different users logged on. They can't see each others drives.
So, the fix is to enable "EnableLinkedConnections". In the registry, set it this way:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System -This "links" the connections made with one access token to another.
EnableLinkedConnections =(dword)1
Wednesday, July 1, 2009
Schlage LiNK remote lock Bridge
Schlage's LiNK product appears to be a great concept. However, they are not very clear about network setup. It appears that they assume you local network is wide open for outgoing traffic. Their website does not tell you which port must be opened for the LiNK Bridge to communicate with their web site.
It appears that the only port needed is Outgoing TCP/8879.
UPDATE:
Schlage's customer support just informed me that they also need TCP/8869, 8826, and 2345 opened, as well.
It appears that the only port needed is Outgoing TCP/8879.
UPDATE:
Schlage's customer support just informed me that they also need TCP/8869, 8826, and 2345 opened, as well.
Friday, June 5, 2009
Giving non-Administrators permission to change Power Settings
When you have users who would like to change their power settings to control standby and such, and they are not an administrator, you need to give them certain permissions in the Registry.
- Run Regedit.exe as an administrator
- Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\PowerCfg
- Right-click on the “GlobalPowerPolicy” key and choose “Permissions”.
- Click on the “Advanced” button.
- Click “Add”.
- Type INTERACTIVE and click “Check names”, then OK.
- Check the “Set value” and “Create Subkey” checkboxes in the “Allow” column, and click OK, then OK, then OK.
- Do the same thing with the “PowerPolicies” key.
Monday, April 27, 2009
AT&T Smartphone Mobile Phone GPRS settings
After acquiring a couple of GSM smartphones, I discovered that there's a lot of mis-information about how to properly configure these devices for internet access. This is especially troublesome for phones that has been unlocked, and is being used on a different network.
I've compile enough information to get my unlocked "T-Mobile" HTC Dash / S620 / Excalibur to work properly on the AT&T network.
The setting are as follows:
(WM 6.1)
1. Start / Settings / Connections
2. Goto "GPRS"
3. "New..."
1. Start / Settings / Connections
2. Goto "Proxy"
3. "New..."
I've compile enough information to get my unlocked "T-Mobile" HTC Dash / S620 / Excalibur to work properly on the AT&T network.
The setting are as follows:
(WM 6.1)
1. Start / Settings / Connections
2. Goto "GPRS"
3. "New..."
- Description: AT&T GPRS
- Connects to: "The Internet"
- Access point: wap.cingular
- Authentication type: "CHAP"
- Done
1. Start / Settings / Connections
2. Goto "Proxy"
3. "New..."
- Description: AT&T WAP
- Connects from: "The Internet"
- Connects to: "WAP Network"
- Proxy: wireless.cingular.com:80
- Type: "HTTP"
Subscribe to:
Posts (Atom)
