Is there a possibility to update the documentation to include information of how to deploy the VPN profile via Powershell to users without local admin?
It is possible to deploy the Always On VPN to non-admin users by setting the the target user's SID directly into the example script and running the script as the Local System user. I think it would be useful to include this information to people wanting to deploy it by these means, where SCCM or MDM are not options.
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
Hi,
If it helps, I made a step-by-step guide on how to achieve this on my blog:
https://fearthepanda.com/aovpn/2019/03/02/AOVPN-Using-Task-Scheduler-to-run-VPNProfile-script/
That guide worked a treat, is it possible to automatically detect the SID and username rather than typing it in?
Try something like this:
(Get-CimInstance -ClassName CIM_ComputerSystem).username | Split-Path -Leaf
as this should pull the logged in user name even if you run it as SYSTEM. You may need to add your domain to the output something like this:
"MyShortDomain\" + ((Get-CimInstance -ClassName CIM_ComputerSystem).username | Split-Path -Leaf)
That has worked for the username, it's the SID that seems to be causing me issues
Ah..sorry I missed that bit. You may need to use ADSI and feed it the username as a param to pull the SID. I have never tried it and not in a position to test until Monday. I could be completely wrong but may be worth a quick investigation.
I've managed to get this working in the end with the below:
$CurrentUser = ((Get-CimInstance -ClassName CIM_ComputerSystem).username | Split-Path -Leaf)
$SidValue = (New-Object System.Security.Principal.NTAccount($currentuser)).Translate([System.Security.Principal.SecurityIdentifier]).value
Most helpful comment
I've managed to get this working in the end with the below:
$CurrentUser = ((Get-CimInstance -ClassName CIM_ComputerSystem).username | Split-Path -Leaf)
$SidValue = (New-Object System.Security.Principal.NTAccount($currentuser)).Translate([System.Security.Principal.SecurityIdentifier]).value