cat-users AT lists.geant.org

Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

List archive

Re: [[cat-users]] Windows 10 - eduroamCAT utility fails due to "createalluserprofile" flag set to disabled

From: Tomasz Wolniewicz <twoln AT umk.pl>
To: "Johnson, Christopher" <cbjohns AT ilstu.edu>, "cat-users AT lists.geant.org" <cat-users AT lists.geant.org>
Subject: Re: [[cat-users]] Windows 10 - eduroamCAT utility fails due to "createalluserprofile" flag set to disabled
Date: Thu, 10 Jan 2019 21:35:13 +0100
Autocrypt: addr=twoln AT umk.pl; prefer-encrypt=mutual; keydata= mQENBEvhYBEBCADIlSk8hnUtSfZ1hLbuqiUxTiBtm65lM6OlxjYnWEsH/boOsVS/WdFZebwK 53eg280UcX9VDjFjy5rimsknCvxabnxk13AF//t9mN9tq5MmIkIcRIpLrtqc8Q0s0E84cNzB bDMtRzAd7JUTmKyAnkKE9i2R9FJKzeR9TTeKtBdgXHtUKPHPGOdxUUv8UWKxsj9AYi2CgN98 jiWLx6lTIpaWegWxIyih7WUKSf43Bpi6wFxhfOxteLyQUpIlGg4CasTVGpFsha8KzlupXOLG Tl3hXtQFWvE0tl1GidvTyuQlOzsZ1vjTNEzI25VTkOIgP4IYcWSkP74p/a239ZcTOHhZABEB AAG0IFRvbWFzeiBXb2xuaWV3aWN6IDx0d29sbkB1bWsucGw+iQE4BBMBAgAiBQJL4WARAhsD BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRA8PEwxkb+lPgkeB/9NAGlmopLel6EEDFz2 ra3KLBx8kXT3G1K/YYyrjDwNjCkAmm0evzQx8g9vPX2OzvE6Ai2Xi9hPd2K/ShPFPcgJzzjr h9H1XYfBb2N/tRwN9tb4XO5i9Tsa4jP+SG8h2yQY57QOeFy16joDmIZiZrAEIGpqqSV24PrX FSo2d1E4dMswqDXlEYk9hwbdW9H4zOQrnDZeRlRx/RW/cmWTd8r5C12dKhlT/D/fBkL3eYT7 rnjHtS+ArnMUsxu2Z/q6bmxqRyv4Vn4pR0n699iLa0ol2hWeQJFaZyTA7JksW8zWu/Zasd9K Dw3jM59vs/SXVdG8pMexAzH5jmEEAgwYwUbVuQENBEvhYBEBCACgAz/z7VTnCsPSBUrjCLyS j+eRtr2tQzSU48Qa5hOcIxAKQJQNgOOqs0Mq9fT9lV+OttaYyKtijt1+G2dVMETVFkdZmM0c g8pVJp398993v89U/iwjfvNoqCM/9z312Poha/oL/EOk+gWYxZbyQ18SY69va2WHr6Pl3bzR 6BQpb86W85MreQ2lxd76b6BgjOXA/b39YyU/fMeFQd+wDpT3K1fUr89dYRnyzQIxTBSPOMLQ ShHKc/S8dStbNlLNcnaiyBOsH4A7b6IizQGqyVHBeL7u05X0/ZVdEIgsO3NmQouqY0/WjBdV qg4EsI1VvvgwXKWafP1MryLy4ZcnNjQZABEBAAGJAR8EGAECAAkFAkvhYBECGwwACgkQPDxM MZG/pT6lUQf8DC3i15okq3VycbpTYuH6f1lQkqanMS0z4z8F6xtCeXq0DBFk0ZzAU/mCwc3V PdUVGtRKGjouSAB1HDeTvAth1vY0oOJG3kXBwkcui3QxM3sxksNCRLLwcZVnsK9rt6UVp5aG qBwKf44BSApGyHNuKDhCfMCQHueqlfhJYfXocw6KDObvTkwygHLmw93ohV66v26yNvGo6+q2 qTDykGyuicACPDTyJTWFh2IwwZFAdzcc7St8aKkXFk0zWvoriWHeTLUnuFw7HN640IJkG74a 4NGco2yPc7Cz6q59rgE9xydOOXRdmnfiuJu0kQvQocD1rVLjW3qXdnxPd2/FhO4vWg==
Openpgp: preference=signencrypt

Hi,

What you suggest makes a lot of sense. eduroam credentials are personal therefore should be restricted to the current user. Besides the installed root CA will be limited to the the current user anyway, so the profile should not work for others. It would seem that adding user=current to netsh should be safe for everyone, but surely we should run quite a bit of testing before making this change.

On the other hand, we imagined that in a managed Windows environment the network provisioning would be done centrally anyway, this is probably why we never got this request before.

Tomasz Wolniewicz

W dniu 10.01.2019 o 20:10, Johnson, Christopher pisze:

Good Afternoon,

We’re just starting to make use of the eduroamCAT utility and ran into an issue. Wasn’t sure if this was right place to report problem/request?

I wanted to inquire if additional logic could be built into the CAT utility to create the eduroam profile as a “User” profile instead of “All User Profiles”? This is to help end-users in Windows 10 that have managed machines where the “createalluserprofile” flag is globally set to disabled via group policy (default in GPO apparently after consulting with GPO admin). When the utility is ran with this flag set to disabled, the profile installation will fail when “netsh wlan add profile **** xml” is ran.

Looking at the switches/format the “netsh wlan add profile commands”, if “user=current” was added – this would get around the issue.

Netsh wlan show createalluserprofile – shows current state of this flag.

Administrator Privileges - netsh wlan set profile createalluserprofile enabled=yes/no – can be used to reproduce this problem on a home/personal machine.

Screen shot with example below: createalluserprofile is set to “disabled”. By attempting to perform a “netsh wlan add profile wlan_prof-0.xml” – errors out due to “You do not have the permission to add profile “eduroam” for all users”. If I append “user=current” to the netsh command – the profile is installed successfully.

Output of inst_cat.cmd when eduroamCAT is ran:

Christopher Johnson

Wireless Network Engineer

AT Infrastructure Operations & Networking (ION)

Illinois State University

(309) 438-8444

Stay connected with ISU IT news and tips with @ISU IT Help on Facebook and Twitter

To unsubscribe, send this message: mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
Or use the following link: https://lists.geant.org/sympa/sigrequest/cat-users

-- 
Tomasz Wolniewicz    
          twoln AT umk.pl        http://www.home.umk.pl/~twoln

Uczelniane Centrum Informatyczne   Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika     Nicolaus Copernicus University,
pl. Rapackiego 1, Torun               pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750     fax: +48-56-622-1850       tel kom.: +48-693-032-576

[[cat-users]] Windows 10 - eduroamCAT utility fails due to "createalluserprofile" flag set to disabled, Johnson, Christopher, 01/10/2019
- Re: [[cat-users]] Windows 10 - eduroamCAT utility fails due to "createalluserprofile" flag set to disabled, Tomasz Wolniewicz, 01/10/2019
  - RE: [[cat-users]] Windows 10 - eduroamCAT utility fails due to "createalluserprofile" flag set to disabled, Johnson, Christopher, 01/10/2019
    - Re: [[cat-users]] Windows 10 - eduroamCAT utility fails due to "createalluserprofile" flag set to disabled, Johnson, Christopher, 01/11/2019
      - Re: [[cat-users]] Windows 10 - eduroamCAT utility fails due to "createalluserprofile" flag set to disabled, Tomasz Wolniewicz, 01/11/2019