Using WireGuard on Windows as non-admin - proper solution?
Jason A. Donenfeld
Jason at zx2c4.com
Wed Nov 25 12:45:37 CET 2020
On Wed, Nov 25, 2020 at 11:30 AM Jason A. Donenfeld <Jason at zx2c4.com> wrote:
> On 11/25/20, Riccardo Paolo Bestetti <pbl at bestov.io> wrote:
> > On Wed Nov 25, 2020 at 2:08 AM CET, Jason A. Donenfeld wrote:
> >> Hi Riccardo,
> >> Interesting consideration. I didn't know that.
> > I didn't know that either until I tried to deploy WireGuard on a laptop
> > yesterday! It seems not to be documented anywhere.
> > The group has been around since Windows XP afaik, however I have no idea
> > whether the associated licesing chicanery has also been around that long.
> >> Can you not add that group manually need be?
> > I'm not an expert on Windows, but a quick lookup on the net suggests you
> > cannot create a local group with a specific SID.
> I'm not convinced this is the case. We're talking about a local group.
> Surely there's some on-disk representation of available groups and
> associations, no? This line of inquiry needs to be fully exhausted
> before we even consider alternatives.
> Has Microsoft documented this limitation?
Well, I made Network Configuration Operators work just fine on Windows
10 Home edition. Here are the steps I followed, which I'm sure I could
compress into a single powershell script or executable need be:
1. Download psexec from the sysinternals page:
2. Download nco.reg from the attachment in this email.
3. Open up an administrator console and type `psexec -i -s regedit`.
4. Choose File->Import and select the nco.reg file.
5. Add your user to the group like usual (e.g. `Add-LocalGroupMember
-Group "Network Configuration Operators" -Member MrDerp`).
I've confirmed that this works fine with the limited operator ui on
WireGuard for Windows 0.3.1.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 4226 bytes
Desc: not available
More information about the WireGuard