People here can be insensitive for sure, but now the top comment is an easier way to accomplish the same thing (making some assumptions there). So OP deciding to post gave us 2+ documented, searchable solutions to a problem someone might run into now or in the future. Net gain, I suppose.
Having said that, I admittedly tend to only post in Moronic Monday or Thickheaded Thursday in an attempt to avoid the wrath of some of the top commenters around here. Sadly, that also limits the exposure my questions get.
There’s a Powershell cmdlet you can run to set the VPN connection available for all users, which also makes it available to connect to from the login screen. It’s something along the lines of set-vpnconnection -name “VPN Name” -alluserconnection $true.
You join the domain over VPN, reboot, then do what I posted.
If you have LAPS you can give them the local admin then change it through the LAPS software.
thats what remote control software is for
Works with most VPN clients. I understand there are some (like Meraki) that it will not work with.
Maybe if you cut it down to log in as local admin, connect to VPN, join domain
It would be 20x more helpful if he put Meraki VPN in the title. Making people read the magna carta to realize, oh, this doesn’t pertain to me at all, makes it anti-helpful.
Especially considering what everyone is going through right now, many people may be in the same predicament but very few people are going to be in this scenario and using a Meraki VPN.
When I’m in front of my PC, sure. It’s dead easy.
Fair, I prefer Run As as you can see it work or not before switching profiles which, in some cases, disconnects the VPN.
How you gonna log onto the machine to connect to the internet? (Assuming the user can’t log into the machine because they forgot their password as well)
That’s a fair point I had not considered.
Does Run-as pull and process group policy?
I haven’t run into any VPN clients that disconnect when doing switch user. I guess if you have one of those, then you may need to do something convoluted like the OP
If you didnt plan that far ahead before sending the device to a remote location, then thats your problem.
Just finished setting this up again. It’s actually laughably simple. Install the Win32 / Win64 OpenVPN Client from Community Downloads - Open Source VPN | OpenVPN
If your .ovpn file requires username and password auth, modify it slightly so the auth user-pass reads auth user-pass auth.txt and then create auth.txt. First line is username, then a line break, then the password.
Drop both of these files in to C:\Program Files\OpenVPN\Config. Enable and start the OpenVPN Service (either legacy or non-legacy works) and you’re done. The service looks in the config folder and brings up every .ovpn file in there.
Do bear in mind that without NTFS ACL changes this exposes the OpenVPN credentials to anyone who can log on to the box.
Nope, it’s the user that brought home their laptop that has never undocked it to take it home before that conveniently forgot their password. It happens more often than you want it to on a regular day.
Then they already have a cached login to get logged in.
Plus, if the laptop is from the office, wouldnt it already be on the domain?
If they didn’t just forget their password that is.
Your IT logic is no match to that of an end user!
You are correct, I cannot fix user stupidity, but I dont have to cater to it either. The user will have to bring their laptop back into the office and open a ticket for a password reset.
Sorry, that user is waaay more important than you and when they shit, it lands on you. You’re fired and to be replaced by someone that cares for their end users.
I hate “choose your own adventures” sometimes.