Using WireGuard on Windows as non-admin - proper solution?
patrik.holmqvist at su.se
Fri Nov 20 12:49:27 CET 2020
Hi Jason and thanks for the reply!
I will describe our current workflow below:
* The WireGuard client is installed on the computer with our deployment solution
* The user logs in with SSO in our web-front  where they can generate one or more configs (for example one for their Windows computer and one for their phone)
* They download the config from the web-front
* Start WireGuard and import the configuration file
* Activates the tunnel when needed
Not sure if your suggested solution would allow for this? Maybe there could be different levels of permissions depending on the value you configure the registry key to or something.
From: Jason A. Donenfeld <Jason at zx2c4.com>
Sent: den 19 november 2020 17:56
To: Patrik Holmqvist <patrik.holmqvist at su.se>
Cc: vh217 at werehub.org; WireGuard mailing list <wireguard at lists.zx2c4.com>
Subject: Re: Using WireGuard on Windows as non-admin - proper solution?
Thanks for the patch. I think we'll probably take a route similar to that, with S-1-5-32-556, but will gate it behind a registry knob and and will allow only for starting/stopping/viewingstatus of tunnels, but not editing or extracting private keys.
Would that be passable for you?
More information about the WireGuard