Windows 2000 non-admin account issue

Hi all

I have an edimax EW-7128g Wireless 802.11b/gTurbo Mode 32-bit PCI
Adapter. My OS is windows 2000 service pack 4. I have WPA2 AES
encryption enabled.

The problem is that everytime I login to windows with a non-admin
account, I have to enter the passphrase for WPA2 through edimax
network utility (on the system tray) to connect to the network.

There are no options available in edimax utility and the manual has no
mention of this either. I also had a look at Wireless Configuration in
Services, where the startup type is set to automatic and Logon option
is set to Local System Account.

Does anyone know of this issue and how to resolve it?

Regards
Yousaf

<yousaf.hassan@gmail.com> wrote:

> Hi all
>
> I have an edimax EW-7128g Wireless 802.11b/gTurbo Mode 32-bit PCI
> Adapter. My OS is windows 2000 service pack 4. I have WPA2 AES
> encryption enabled.
>
> The problem is that everytime I login to windows with a non-admin
> account, I have to enter the passphrase for WPA2 through edimax
> network utility (on the system tray) to connect to the network.
>
> There are no options available in edimax utility and the manual has no
> mention of this either. I also had a look at Wireless Configuration in
> Services, where the startup type is set to automatic and Logon option
> is set to Local System Account.
>
> Does anyone know of this issue and how to resolve it?

I think it's a problem with permissions.

I had a similar issue on a W2K PC with the client software that comes
with my Philips SNN6500 802.11a/b/g PC Card. The client refused to
recognise that the PC Card was installed in the card slot and was not
able to configure the card when run under a non-admin account. The
solution I found was to run the client as admin under the non-admin
account. You can do that two ways:

1. using the W2K command "runas" in a terminal - in a batch file. You'll
be prompted for the admin password.

2. run the desk top icon as an other user - admin. Right click the icon
as choose run as another user or something like that in the dialog-menue
that appears. Again, you'll be prompted for the admin password.

I'm typing this from my Apple Powerbook and can't remember the exact
wording, but when you know what to look for you'll find it.

I think no 2 is the best way to do it.

On Fri, 4 May 2007 23:04:33 +0200, in alt.internet.wireless ,
hlexa@hotmail.com (Axel Hammerschmidt) wrote:

>> The problem is that everytime I login to windows with a non-admin
>> account, I have to enter the passphrase for WPA2 through edimax
>> network utility (on the system tray) to connect to the network.
>
>solution I found was to run the client as admin under the non-admin
>account. You can do that two ways:

There's a third - grant your nonadmin acct local admin rights
temporarily, configure the card and then remove the rights. Hopefully
it will now have all the details stored - with the additional benefit
that you can't screw them up.

There's also a fourth - figure out which registry keys the s/w needs
to write to, and grant your non-admin account write permissions to
that branch of the tree. Regmon from NTInternals is a handy tool for
monitoring what reg keys get fooled with.

>2. run the desk top icon as an other user - admin. Right click the icon
>as choose run as another user or something like that in the dialog-menue
>that appears. Again, you'll be prompted for the admin password.

There's a tool called "runasspc" which lets you store the required
commandline and password in an encrypted file. This avoids the
security hole of having to hand out the admin password. I use it to
get The Sims to work on my son's PC (no way in the galaxy he's getting
the admin pwd....)
--
Mark McIntyre

Mark McIntyre wrote...

[snip]

>There's a tool called "runasspc" which lets you store the required
>commandline and password in an encrypted file. This avoids the
>security hole of having to hand out the admin password. I use it to
>get The Sims to work on my son's PC (no way in the galaxy he's getting
>the admin pwd....)

Yet there is another tool "DreamPackPL" that allows anyone to
"log on into any local account without reset existing passwords."

By any local account ... of couse it includes admin account.

http://www.d--b.webpark.pl/dreampackpl_en.htm

Usually this tool is installed as a plugin into something
called BartPE (bootable CD) and its variants (like UBCD4Win).
Once you have created this bootable CD, you can hack into
any PC as a local admin, and do whatever you want :-)

> There's a third - grant your nonadmin acct local admin rights
> temporarily, configure the card and then remove the rights. Hopefully
> it will now have all the details stored - with the additional benefit
> that you can't screw them up.

I tried that but it didn't work. When the user account has admin
rights, the wireless client utility starts at bootup. When I remove
admin rights and make it a restricted user again, it loses the WPA2
passphrase.

> There's also a fourth - figure out which registry keys the s/w needs
> to write to, and grant your non-admin account write permissions to
> that branch of the tree. Regmon from NTInternals is a handy tool for
> monitoring what reg keys get fooled with.


This is something I am working on.

I also e-mailed edimax and they told me to use the zero configuration
instead. But since I use windows 2000, I don't have zero
configuration. I do have Wireless Configuration in Services, but it
doesn't give any options related to this problem.

<yousaf.hassan@gmail.com> wrote:

> > There's a third - grant your nonadmin acct local admin rights
> > temporarily, configure the card and then remove the rights. Hopefully
> > it will now have all the details stored - with the additional benefit
> > that you can't screw them up.
>
> I tried that but it didn't work. When the user account has admin
> rights, the wireless client utility starts at bootup. When I remove
> admin rights and make it a restricted user again, it loses the WPA2
> passphrase.

I think you're making a mistake wanting to associate during the boot
process. Wireless adapters are supposed to be able to (re-) associate
when the client computer moves between access point coverage. In that
way they work differently from cabled network adapters.

In my opinion, a wireless client should only associate with an access
point under the control of the client, which runs under the OS, due to
security issues (say with rogue access points).

On 5 May 2007 09:13:10 -0700, in alt.internet.wireless ,
yousaf.hassan@gmail.com wrote:

>
>> There's a third - grant your nonadmin acct local admin rights
>> temporarily, configure the card and then remove the rights. Hopefully
>> it will now have all the details stored - with the additional benefit
>> that you can't screw them up.
>
>I tried that but it didn't work. When the user account has admin
>rights, the wireless client utility starts at bootup.

Something wrong there - it should not start at boot, only when someone
logs in.

>> There's also a fourth - figure out which registry keys the s/w needs
>> to write to, and grant your non-admin account write permissions to
>> that branch of the tree. Regmon from NTInternals is a handy tool for
>> monitoring what reg keys get fooled with.
>
>
>This is something I am working on.

To answer your question sent by email:

>How do I assign write permissions to the non-admin account?

Look at the menu items in regedit/regedt32.

Its been a while I used W2K. Are you sure the drivers are fully W2K
compatible?
--
Mark McIntyre