Windowsserverdocs: Deploying Always On VPN Profile to non-admin accounts

Created on 29 Oct 2018  Â·  6Comments  Â·  Source: MicrosoftDocs/windowsserverdocs

Is there a possibility to update the documentation to include information of how to deploy the VPN profile via Powershell to users without local admin?

It is possible to deploy the Always On VPN to non-admin users by setting the the target user's SID directly into the example script and running the script as the Local System user. I think it would be useful to include this information to people wanting to deploy it by these means, where SCCM or MDM are not options.


Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

Pri2 assigned-to-author needs-more-info remote-access windows-server-thresholprod

Most helpful comment

I've managed to get this working in the end with the below:
$CurrentUser = ((Get-CimInstance -ClassName CIM_ComputerSystem).username | Split-Path -Leaf)
$SidValue = (New-Object System.Security.Principal.NTAccount($currentuser)).Translate([System.Security.Principal.SecurityIdentifier]).value

All 6 comments

Hi,

If it helps, I made a step-by-step guide on how to achieve this on my blog:
https://fearthepanda.com/aovpn/2019/03/02/AOVPN-Using-Task-Scheduler-to-run-VPNProfile-script/

That guide worked a treat, is it possible to automatically detect the SID and username rather than typing it in?

Try something like this:

(Get-CimInstance -ClassName CIM_ComputerSystem).username | Split-Path -Leaf

as this should pull the logged in user name even if you run it as SYSTEM. You may need to add your domain to the output something like this:

"MyShortDomain\" + ((Get-CimInstance -ClassName CIM_ComputerSystem).username | Split-Path -Leaf)

That has worked for the username, it's the SID that seems to be causing me issues

Ah..sorry I missed that bit. You may need to use ADSI and feed it the username as a param to pull the SID. I have never tried it and not in a position to test until Monday. I could be completely wrong but may be worth a quick investigation.

I've managed to get this working in the end with the below:
$CurrentUser = ((Get-CimInstance -ClassName CIM_ComputerSystem).username | Split-Path -Leaf)
$SidValue = (New-Object System.Security.Principal.NTAccount($currentuser)).Translate([System.Security.Principal.SecurityIdentifier]).value

Was this page helpful?
0 / 5 - 0 ratings

Related issues

bryhall picture bryhall  Â·  3Comments

janis-veinbergs picture janis-veinbergs  Â·  5Comments

carlosmayol picture carlosmayol  Â·  4Comments

SimonWaters picture SimonWaters  Â·  5Comments

skyflyer picture skyflyer  Â·  3Comments