question

AspallIT-8476 avatar image
0 Votes"
AspallIT-8476 asked AspallIT-8476 answered

Is there any way to deploy an AllUsers VPN connection via group policy

Hi,


We have previously deployed per user VPN connections to users either manually, or by using a login powershell script to deploy a VPN connection in a users context.

I would like to remove these per user connections, and deploy a global VPN connection using the -AllUsersConnection switch for Add-VpnConnection. This switch requires admin privileges, so amending the existing login script with this switch isn't going to work.


Is there any way I can push this connection via group policy any way, to save me having to do this manually?


Many thanks
James

windows-serverwindows-10-network
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

This is a quick note to let you know that I am currently performing research on this issue and will get back to you as soon as possible. I appreciate your patience.
If you have any updates during this process, please feel free to let me know.

0 Votes 0 ·
AspallIT-8476 avatar image
0 Votes"
AspallIT-8476 answered

We have decided to go with an approach I came across on Spiceworks, whereby it was suggested to setup the VPN as required, then copy the "rasphone.pbk" to the target machines via Group Policy Preferences.

This seems to work well, and can be deployed to %ProgramData%\Microsoft\Network\Connections\Pbk to deploy and All Users connection successfully.

The only downside to this approach (which does not affect us in our use case), is it will overwrite any VPN connections not contained within the new PBK.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SunnyQi-MSFT avatar image
1 Vote"
SunnyQi-MSFT answered SunnyQi-MSFT commented

Hi,

Thanks for posting in Q&A platform.

Kindly check if methods in the following article was helpful:

DEPLOY WINDOWS VPN USING GP PREFERENCES
Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

Best Regards,
Sunny


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for this.

Sadly, we are using SSTP VPNs, which this states is explicitly not possible using that method.

0 Votes 0 ·

Hi,

Thanks for your update. Yes, this method is only apply for PPTP VPN and L2TP IPsec VPN. For other type VPN, there is no group policy for deploying an All users VPN and I didn't found an official article talking about this. Thank you for your understanding.

Best Regards,
Sunny


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 Votes 0 ·

What about creating the connection, and then manually copying the PBK file from ProgramData to the target machine?
Would that work?

0 Votes 0 ·

Hi,

As per another thread where I had asked questions about deploying VPN settings etc. I have tested deploying the "rasphone.pbk" file to ProgramData via group policy, which seems to be working well in our scenario.

Many thanks.
James

0 Votes 0 ·
Show more comments