Hi people,
Today i found i way to run the SSL-VPN client as non admin on Vista/win7 using the builtin NetworkConfigurationOperators Group.
The only drawback is that the user has to enter its own password once in a UAC Popup when starting the VPN-GUI but thats still much better than giving them full admin access.
After some searching i turned up this news-list post : Gmane -- Mail To News And Back Again which describes how one can use the networkconfigurationsoperators group with vista and openvpn.exe.
This worked quite well but the modified executable no longer works with the vpn gui and all my users are used to it allready.
So i took it one step further and applied the relevant changes to the openvpn-gui.exe.manifest that is installed with the ssl vpn installation package.
Then i used mt.exe to embed this new modified manifest into the openvpn-gui.exe file.
Now a user of the Networkconfigurationoperators Group can use the openvpn-gui.exe to successfully initiate and stop vpn sessions with a astaro appliance or other openvpnserver.
It will display a UAC popup on start in which the user can authenticate using its own password and username, the openvpngui starts afterwards and is fully functional as non admin user.
I tested this procedure on Vista and Windows 7.
Feel free to contact me if you need more details on howto do that.
Hope this i usefull to someone.
kind regards
Michael Golisch
This thread was automatically locked due to age.
