When installing OpenVPN virtual connection (TAP-Win32 Adapter V8) is created in the Windows Network Connections. This virtual connection is a kind of intermediary between the machine and the physical network adapter to use it and it should normally have administrator rights. In business it is likely that users do not have these rights directors and they can not connect to the VPN.
OpenVPN Connection
In this post we will see how to bypass this problem by using the rights OpenVPN service which is also installed by default.
Once the default installation of OpenVPN performed in a session administrator must first use the subinacl tool available on the website of Microsoft . This tool will allow us to give a user rights to start and stop the OpenVPN service. Rather than execute. Msi file on each machine I suggest you after an initial installation copy the file C: \ Program Files \ Windows Resources Kits \ Tools \ Subinacl.exe on a USB key. Then type the following command:
K:\subinacl.exe /SERVICE "OpenVPNService" /GRANT=DOMAINE\UTILISATEUR=TO
changing course DOMAIN \ USER to suit your needs.
You get the following messages:
OpenVPNService: new ace for DOMAIN \ USER
OpenVPNService: 1 change (s)
Elapsed Time: 00 0:00:00
Done: 1, Modified 1, Failed 0, Syntax errors 0
Last Done: OpenVPNService
It should now change two keys in the registry to change the behavior of OpenVPN GUI so that shares Connect / Disconnect act on the OpenVPN service instead of launching or quitting openvpn.exe:
HKEY_LOCAL_MACHINE \ SOFTWARE \ OpenVPN-GUI \ allow_service = 1
HKEY_LOCAL_MACHINE \ SOFTWARE \ OpenVPN-GUI \ service_only = 1
The user defined with the tool subinacl can now connect to the VPN without administrator rights double-clicking on the OpenVPN GUI icon located in the tray.
Tags: OpenVPN
