By default, the built-in Windows VPN client does not allow you to connect to the VPN server until the user logs in. This is inconvenient for Active Directory-joined computers connected to the domain network via VPN. Of course, users can sign in to their computer using cached domain credentials and then establish a VPN connection. However, access to shared folders and other domain resources will be a constant problem for these users (especially after changing or resetting the domain password).
Windows allows you to connect to the VPN server before the user logs in. In this case, once a VPN connection has been established, the user will perform a full authentication on the AD domain controller.
In previous versions of Windows, this could be achieved using the ‘Allow other people to use this connection‘ in the VPN connection settings. However, this option is missing from current versions of Windows 10 and 11.
In new versions of Windows, you can create a shared VPN connection from the PowerShell console. For example, to create an L2TP VPN connection with a shared key, use the command:
Add-VpnConnection -Name WorkVPN_L2TP -ServerAddress "vpn.woshub.com" -TunnelType L2TP -L2tpPsk "My1pre-SharedKey2" -Force -EncryptionLevel "Required" -AuthenticationMethod MSChapv2 -RememberCredential -AllUserConnection $true –PassThru
In this case, the -AllUserConnection $true option allows you to create a shared VPN connection that is available to all Windows users, including on the Windows login screen.
You can later change the shared VPN connection settings from the Control Panel graphical interface (ncpa.cpl).
If you already have a VPN connection in your profile, you can make it public by copying rasphone.pbk file from the %userprofile%\AppData\Roaming\Microsoft\Network\Connections\PBK to C:\ProgramData\Microsoft\Network\Connections\PBK.
You can now connect to the VPN from the Windows login screen. Click on the network connection icon in the bottom right-hand corner.
Type in the user name and password for the VPN connection.
Your computer should establish a VPN connection to your company network, and you can sign in to Windows using your domain user account.
1 comment
Very helpful thanks