WLANPolicy, distribuited to Windows11 Client on Microsoft Active Directory (WPA2 + AES) - windows

I have an on premise AD with around 70 clients, we distribuite a wifi policy that has the pre-configuration to join the local Private Wireless Network (the one that has access to printers and network drive).
There is a computer (there was another one but was formatted) that works perfectly, join the domain, etc but when I download the wlan policy ( C:\Windows\wlansvc\Policies ) doesn't work at all.
Checking the file inside the policies, seems to work perfectl, i compared it with a compare plugin to the same configuration file that has been downloaded to my computer and still it always results in "Cannot connect to Wifi Private".
Both of the computers are Windows 11, both in domain, both under the same OU, both with policies applied.. but when I apply the certificate to the second one, there is no way.
Tried to remove it from domain, rejoin, but the only way that I have to make it work is to literally cancel manually the Wlansvc policy file, restart the WLAN network service and then I can join with user and password.
Tried also to reset network services, nothing..
Anyone who had the same issue? Anyone that knows what else I could check?
Thanks

Related

How to restore access to a windows shared folder after host password change?

I have a shared folder on a windows 10 host machine. I could access it from a windows 10 client machine, where I had set "remember credentials" when first accessing the share. I changed the password on the host. Now the client cannot access the shared folder. That was expected. But I could not find a way on the client to allow the user to re-establish access to the shared folder.
I expected it would ask for credentials again. However I got a network error saying that windows cannot access the host machine.
Based on a number of entries on various forums, I tried a few things. The credentials manager on the client does not show the host. I stopped and restarted file and printer sharing on the client, without any change in the result. Network diagnosis and the windows troubleshooter gave no help.
The problem was due to some previous connections remaining in the network table, even though disconnected, as presented by the "net use" command from the command prompt.
>net use
Status Local Remote Network
--------------------------------------------------------------------------
Disconnected \\192.168.1.71\IPC$ Microsoft Windows Network
Disconnected \\HOST\IPC$ Microsoft Windows Network
After deleting them (via "net use /delete") the next attempt to access the host asked for credentials. Yay!
I began the path to the solution when I tried
net use z: \\host\shared /user:admin password
which gave system error 1219 stating multiple connections to a server are not allowed. Disconnect all previous connections and try again. Obviously, even though known to be disconnected, the entries prevented reconnection.

Update the VPN for all VPN users in specific security group and laptop OU

I am wondering if this is even possible to be done. I need to update at login the VPN settings of all Security group VPN users who are signing on via their laptop in the approved laptop OU. I am concerned if this is even possible since the update would have to occur after login and the remove the old VPN settings at logoff so they only have the one VPN setting for access to work.
I haven't been able to get both the security group and OU so wondering how to do this.

How do I get a windows service to have access to a shared network folder?

I have a windows service that will be running on a client server. This service needs to access 2 folders that are located in different shared folders (Y:\ and Z:\ ) which are both on separate computers (3 computers total).
Currently the service is only able to see files located on the same machine. When I do a IO.Directory.Exists() on the shared folders, it returns false.
Here are things I have tried:
Running as a Network Service
Running as a Local System
Running as a Local Service
testing existence with \\192.168.1.xx\path\to\folder
testing existence with Y:\ and Z:\
Creating a user on the other computers with the same Username and Password
Verifying the folders gave full access to everyone
Nothing yet has worked, any help is much appreciated.
In an Active Directory environment, Network Service and Local System both have network access to other machines in the domain; the server just needs to be configured to grant access to the client's computer account in the domain, i.e., the COMPUTERNAME$ account. If you use a UNC path the connection will be established automatically. You still can't use drive letters established in another logon session, but in most circumstances the UNC path will do.
In a stand-alone environment it's a bit trickier. The only reliable approach is to establish the network connection explicitly, which you can do using WNetAddConnection2 or any of the various alternatives. (Or if you can't call the Win32 API, you can shell out to the net use command.) In either case, once the connection is established you can use a UNC path. There is typically no need to map a drive letter.
If you must have a drive letter for some reason, it is usually best to use the WNetUseConnection function instead of WNetAddConnection2. That can be configured to select a drive letter automatically, so you don't have to try to figure out which letters are already in use.
Note that depending on the circumstances, it may be necessary to use the long form of the username for the account on the server, i.e., SERVERNAME\USERNAME or DOMAINNAME\USERNAME if it is a domain account. Windows 10 clients seem particularly fussy about this for some reason.

Browsing UNC Paths with a Mobile Emulator/Device

What would cause an emulator unable to view the network UNC shares? When attempting to open any computer on the network via 'Open Path' or Internet Explorer, I am tossed "The network path was not found." followed by "Network resource cannot be found or you do not have permission to access the network." Things to note:
Connecting to the IP address does not work.
I am able to browse the internet via the emulator.
ActiveSync has been configured appropriately and I have installed the needed drivers for the adapter, and the emulator is cradled.
Firewall disabled/setup with correct forwardings.
Network folder permissions are setup properly.
What strikes me as odd is I have also attempted to browse UNC shares on a physical Windows Mobile 5 device, with the same issue. This leads me to believe something within our network settings is causing this but I'm not sure where to start. People have recommended checking ActiveDirectory security policies, but what policies affect UNC shares? This has turned into a rather serious issue because until I am able to resolve this, I am unable to go through with setting up merge replication. Has anyone experienced this and successfully resolved this issue?
Your network is looking for authentication.
I get that here at my work place, too.
As long as your network key is entered correctly, you should be able to try browsing to that same path 2 or 3 more times, still getting those same obnoxious ("The network path was not found." followed by "Network resource cannot be found or you do not have permission to access the network.") messages.
At one of those times, a login box should appear where you type in a Username, Password, and Domain.
You will also have the ability at this point to save your password so you are not prompted for it every time you attempt to access something across your network.
Now here's the real crapper: After you save your Username/Password combination, there does not appear to be any mechanism within the Windows Mobile device to change that password after it expires on your network. You will never be prompted again to change that password, either. You will only get one of those silly messages above because your password is incorrect.
The only solution to this seems to be to reset the device. I have had a question open with Microsoft for about 3 years now, and it has been passed from one forum to another. I've finally just decided that it must not be able to be done, but Microsoft has never written back to tell me that.

How to use AD credentials for corporate wifi so that an iPad can see everything in a corporate network

Corporate networks use AD mostly to authenticate users - in that desktop machines require signing in to a Windows domain - which is centrally managed/universal.
Now, if I had an iPad and I brought it into work, I wanted to be able to sign in to my AD so that if I type http://internal.link into my iPad browser, it would resolve just like it would on a Windows desktop machine inside that corporate network.
To do this, I presume that the iPad will discover the company wifi network, and I would like to sign in to that wifi using my corporate AD credentials. This leads me to my questions:
How can a wifi network tie itself to Active Directory, granting sessions only to properly authenticated AD users? Do I need to purchase particular wifi routers or do anything specific on the AD side?
If I was to sign in successfully somehow using my AD credentials, I will then have use of the company wifi - with accompanying access privileges to resolve internal-only URL's. What would it then take to get my iPad browser to enjoy features that are available to corporate IE users such as SSO (seamless sign on)? At worst, would an application at http://internal.link simply prompt me to sign in again with my AD credentials?
You're talking about two different technologies here:
AD is used to identify individual users on the network. It's for authentication and authorization.
DNS is used to resolve the hostnames of internal applications. I.E.: http://internal.link resolves to 10.0.0.5
With that said, your work probably has some sort of wireless authentication mechanism. I've never heard of them using AD for that, but I suppose it's possible. You need to get on the work's wifi. Once there, your IPad will either pick up it's DNS server settings from the network via DHCP, or you will have to manually configure them (most wifi networks use DHCP these days).
Assuming you are successful in getting on the Wi-Fi, and assuming that your DNS servers are established (via DHCP or otherwise), you should be able to hit any internal site from the iPad as long as the wifi network has access to those internal sites. There are various reasons that it wouldn't (i.e. firewalls, etc.). The internal site, if it's using AD/NTLM will ask you for credentials when you first visit it. You can usually just supply your AD username and password, and it will work fine.
I would ask your sys admin, he/she will tell you in a second. Even though it is set up with AD and that is rather common their are many possibilities for set up and it is most likely not set up over wireless.

Resources