When installing a OpenVPN virtual connection (TAP-Win32 Adapter V8) is created in the Windows Network Connections. This virtual connection is a kind of intermediary between the machine and the physical network adapter and to use it normally requires administrator rights. In business it is likely that these users do not have admin rights and they can not connect to the VPN connection.
OpenVPN connection
In this post we will see how to override the rights issue by using OpenVPN service is also installed by default.
After the default installation of OpenVPN made in a session manager, you must first use the subinacl tool available on the website of Microsoft . This tool will allow us to give a user rights to start and stop the OpenVPN service. Rather than run the. Msi on every machine I advise you after initial installation to copy the file C: \ Program Files \ Windows Resource Kits \ Tools \ subinacl.exe on a USB key. Then type the following command:
K:\subinacl.exe /SERVICE "OpenVPNService" /GRANT=DOMAINE\UTILISATEUR=TO
changing course DOMAIN \ USER to suit your needs.
You get the following messages:
OpenVPNService: new ace for DOMAIN \ USER
OpenVPNService: 1 change (s)
Elapsed Time: 00 00:00:00
Done: 1, Modified 1, Failed 0, Syntax errors 0
Last Done: OpenVPNService
It should now change two keys in the registry to change the behavior of OpenVPN GUI so that the actions Connect / Disconnect act on the OpenVPN service instead of running or leave openvpn.exe:
HKEY_LOCAL_MACHINE \ SOFTWARE \ OpenVPN-GUI \ allow_service = 1
HKEY_LOCAL_MACHINE \ SOFTWARE \ OpenVPN-GUI \ service_only = 1
The user defined with the subinacl tool can now connect to the VPN connection without having administrator rights by double-clicking on the OpenVPN GUI icon located in the system tray.
Tags: OpenVPN
