The Book

User Tools

Site Tools

Trace:
networking:misc:wireguard_01

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
networking:misc:wireguard_01 [2021/12/31 06:07] rpleckonetworking:misc:wireguard_01 [2025/03/17 16:37] (current) sysadmin
Line 5: Line 5:
 This allows you enable/disable (or choose if you have multiple) the VPN without needing to be a member of the Administrators group. You also need to add a line to the registry. This allows you enable/disable (or choose if you have multiple) the VPN without needing to be a member of the Administrators group. You also need to add a line to the registry.
  
-Here's the powershell code to do that:+Here's the powershell code to do that (run PowerShell as administrator):
  
 <code> <code>
Line 11: Line 11:
  
 </code> </code>
 +
 +Or you can do it from command prompt:
 +<code>
 +reg add HKLM\Software\WireGuard /v LimitedOperatorUI /t REG_DWORD /d 1 /f
 +</code>
 +
 When this key is set to DWORD(1), the UI will be launched on desktops of users belonging to the Network Configuration Operators builtin group (S-1-5-32-556), with the following limitations for members of that group: When this key is set to DWORD(1), the UI will be launched on desktops of users belonging to the Network Configuration Operators builtin group (S-1-5-32-556), with the following limitations for members of that group:
  
Line 18: Line 24:
   * Quitting the manager is forbidden.   * Quitting the manager is forbidden.
  
 +
 +Add user to the group (replace "$username" with real username) ... \\
 +Here's the powershell code to do that (run PowerShell as administrator):
 <code> <code>
 Add-LocalGroupMember -Group "Network Configuration Operators" -Member "$username" Add-LocalGroupMember -Group "Network Configuration Operators" -Member "$username"
  
 </code> </code>
 +
 +**HKLM\Software\WireGuard\DangerousScriptExecution**
 +
 +When this key is set to DWORD(1), the tunnel service will execute the commands specified in the //PreUp, PostUp, PreDown//, and //PostDown// options of a tunnel configuration. Note that this execution is done as the Local System user, which runs with the highest permissions on the operating system, and is therefore a real target of malware. Therefore, you should enable this option only with the utmost trepidation. Rather than use //%i//, WireGuard for Windows instead sets the environment variable **WIREGUARD_TUNNEL_NAME** to the name of the tunnel when executing these scripts.
 +
 +  reg add HKLM\Software\WireGuard /v DangerousScriptExecution /t REG_DWORD /d 1 /f
 +
 +
 +  * [[:networking:mikrotik:wireguard-_windows_client_to_mikrotik|Wireguard VPN - Windows client to Mikrotik]]
  
 https://git.zx2c4.com/wireguard-windows/about/docs/adminregistry.md https://git.zx2c4.com/wireguard-windows/about/docs/adminregistry.md
 +
  
networking/misc/wireguard_01.1640930868.txt.gz · Last modified: 2021/12/31 06:07 by rplecko