Stay away from Speed Up Computer Programs that do more harm than good.
Try these tips instead.
Step by step instructions in trouble shooting Windows Performance issues.
Course Of The Month
9 days, 12 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Windows 7 + OpenVPN + Non Admin Users
Posted on 2010-09-08
Hi,
Just wondering if anyone has a solution to this problem.
The users where openvpn has to be installed, are not administrators in any way of their machines, not even local admins.
The users cannot be any kind of admin otherwise PCI + other compliance is compromised.
Is there any way for the user to be able to run the VPN, and have the routes added, without being an admin ?
Thanks,
Leon
Just wondering if anyone has a solution to this problem.
The users where openvpn has to be installed, are not administrators in any way of their machines, not even local admins.
The users cannot be any kind of admin otherwise PCI + other compliance is compromised.
Is there any way for the user to be able to run the VPN, and have the routes added, without being an admin ?
Thanks,
Leon
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
4-
4
8 Comments
Active today
If you can
* install OpenVPN as a service (requires admin privs once)
* install the TUN/TAP adapter (requires admin privs once)
* assign "start service" priv to the users
it should work, just by starting the OpenVPN service manually. If the latter isn't possible at all, the only way is to let OpenVPN Service run automatically all the time.
* install OpenVPN as a service (requires admin privs once)
* install the TUN/TAP adapter (requires admin privs once)
* assign "start service" priv to the users
it should work, just by starting the OpenVPN service manually. If the latter isn't possible at all, the only way is to let OpenVPN Service run automatically all the time.
Thanks - I'll give this a go.
Are you able to provide info on how to assign start service privileges to users ?
Thanks,
Leon
Are you able to provide info on how to assign start service privileges to users ?
Thanks,
Leon
Hi,
Also - running as a service does not appear to allow the user to enter there username/password that are required to connect.
Regards,
Leon
Also - running as a service does not appear to allow the user to enter there username/password that are required to connect.
Regards,
Leon
Active today
That's true, you can't provide username and password. Do you really need to do that interactively, or just for identification of the PC? Is it ok to put it into the config file? Else you would need to ask for user and password, and send that over to the OpenVPN process using the telnet management feature of OpenVPN. That again requires a batch command and an external tool called netcat (or a telnet connection which asks for the credentials - but I'm not positive about this option).
The requirement to enter the username/password on each connection is necessary and cannot be stored in a text file.
Security is a must unfortunately.
Regards,
Leon
Security is a must unfortunately.
Regards,
Leon
Active today
Ok, that is getting more complicated then.
-----------------
To be able to start a service, users need the privilege assigned by
Download subinacl (part of the Windows Resource kit)
Options for /SERVICE: http://www.eventlogblog.com/blog/2007/11/setting-service-permissions-wi.html.
-----------------
To ask for credentials, you need following settings in each config file:
As soon as OpenVPN is started with above config, you can do (in a batch file):
The management interface of OpenVPN can be used to provide data else given manually, to stop the connection, and many more.
If you want to start the service manually, begin the batch file above with
-----------------
To be able to start a service, users need the privilege assigned by
subinacl /SERVICE "OpenVPNService" /GRANT=MyUser=TO
TO is Start and StopDownload subinacl (part of the Windows Resource kit)
Options for /SERVICE: http://www.eventlogblog.com/blog/2007/11/setting-service-permissions-wi.html.
-----------------
To ask for credentials, you need following settings in each config file:
management 127.0.0.1 65500management-query-passwords
Then download netcat (best thru http://joncraton.org/files/nc111nt.zip, you will only need the nc.exe file from that zip).As soon as OpenVPN is started with above config, you can do (in a batch file):
@echo offset /P usr=Username: set /P pwd=Password: (echo username Auth "%usr%"& echo password Auth "%pwd%"& echo quit) | nc -i 1 127.0.0.1 65500
65500 is an arbitrary port number I chose by random. You can use other port numbers, of course, but you need to change them in both the config and the nc.exe command line.The management interface of OpenVPN can be used to provide data else given manually, to stop the connection, and many more.
If you want to start the service manually, begin the batch file above with
sc start OpenVPN
(before the set /P's). Since the user needs some time to enter the credentials, that should be sufficient for OpenVPN to do the necessary inits and start communicating with the OpenVPN server, and the management commands come just in time.
While your method would most likely work, it isn't really practical in my scenario.
Thanks for your help.
Thanks for your help.
Featured Post
ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.
One of a set of tools we're offering as a way to say thank you for being a part of the community.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Suggested Solutions
| Title | # Comments | Views | Activity |
|---|---|---|---|
| Clientless VPN Access | 23 | 55 | |
| How do I change the behavior of Network icon in "Turn system icons on or off," when it is greyed out? | 9 | 100 | |
| Windows 7 / bring an Excel sheet in front. | 11 | 52 | |
| Migrate all my users to Chrome instead of IE 11 | 1 | 28 |
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately.
This Article and the Links apply to…
When you try to extract and to view the contents of a Microsoft Update Standalone Package (MSU) for Windows Vista, you cannot extract the files from the MSU. Here we are going to explain how to extract those hotfix details without using any third pa…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
- Microsoft Legacy OS
- Windows 10
- Windows 8
- Windows OS
- Windows 7
- Windows Vista, *Windows Explorer, Windows XP, *Internet Explorer (IE), Windows 2000
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month9 days, 12 hours left to enroll
742 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.