Differences

This shows you the differences between two versions of the page.

--- networking:misc:wireguard_01 [2021/12/31 06:27] – rplecko
+++ networking:misc:wireguard_01 [2025/03/17 16:37] (current) – sysadmin
@@ Line 5: / Line 5: @@
 This allows you enable/disable (or choose if you have multiple) the VPN without needing to be a member of the Administrators group. You also need to add a line to the registry.
-Here's the powershell code to do that:
+Here's the powershell code to do that (run PowerShell as administrator):
 <code>
@@ Line 14: / Line 14: @@
 Or you can do it from command prompt:
 <code>
-> reg add HKLM\Software\WireGuard /v LimitedOperatorUI /t REG_DWORD /d 1 /f
+reg add HKLM\Software\WireGuard /v LimitedOperatorUI /t REG_DWORD /d 1 /f
 </code>
@@ Line 24: / Line 24: @@
   * Quitting the manager is forbidden.
+Add user to the group (replace "$username" with real username) ... \\
+Here's the powershell code to do that (run PowerShell as administrator):
 <code>
 Add-LocalGroupMember -Group "Network Configuration Operators" -Member "$username"
 </code>
+**HKLM\Software\WireGuard\DangerousScriptExecution**
+When this key is set to DWORD(1), the tunnel service will execute the commands specified in the //PreUp, PostUp, PreDown//, and //PostDown// options of a tunnel configuration. Note that this execution is done as the Local System user, which runs with the highest permissions on the operating system, and is therefore a real target of malware. Therefore, you should enable this option only with the utmost trepidation. Rather than use //%i//, WireGuard for Windows instead sets the environment variable **WIREGUARD_TUNNEL_NAME** to the name of the tunnel when executing these scripts.
+  reg add HKLM\Software\WireGuard /v DangerousScriptExecution /t REG_DWORD /d 1 /f
+  * [[:networking:mikrotik:wireguard-_windows_client_to_mikrotik|Wireguard VPN - Windows client to Mikrotik]]
 https://git.zx2c4.com/wireguard-windows/about/docs/adminregistry.md