Using WireGuard on Windows as non-admin - proper solution?

Jason A. Donenfeld Jason at zx2c4.com
Sun Nov 29 18:52:38 CET 2020


Hi Phillip,

On Sun, Nov 29, 2020 at 2:40 PM Phillip McMahon
<phillip.mcmahon at gmail.com> wrote:
> I have been following the wider thread and maybe I misunderstood but
> believe the solution requires some registry tweaks and membership to
> the Network Operators Group, along with Windows Home requiring the
> creation of a group not officially supported on that platform. Correct
> or not?
>
> It was with all the in mind that I wrote the two points.

I must admit I misunderstood your first message. Sorry for that. I
understand you now to be questioning two things:

- That this is gated behind a registry key;
- That it works by using the network operators group.

The first point is something I could imagine changing down the line as
we learn more about the NCO group's usage. To start, and for now, I
prefer to put "risky" settings behind a flag.

But the latter point I'm much more hesitant to change. You recalled
that I was initially entirely wary of this feature all together. This
is true. It was only upon hearing the excellent idea of the NCO group
that it became tenable for me. The reason is that the NCO group is a
preexisting designation as part of the operating system that confers
these privileges. And there's an easy argument to be made that adding
the ability to stop/start tunnels does not add anything extra beyond
what NCO can already do (like changing IP addresses or disabling
adapters). Therefore, the brilliance of the NCO suggestion, in my
mind, was that we're not adding any additional holes to the Windows
security model. That makes it very compelling to me.

It seems like you want to go back to challenge the initial hesitation
again: maybe we _should_ add additional caveats to the existing
Windows model, you suggest. Maybe. But if we can avoid doing so, I
really would prefer that, and it seems like NCO group strikes a good
balance.

What's the situation you have in mind in which an administrator would
permit a user to enable and disable tunnels but would not permit the
other privileges conferred by NCO? What is the impedance mismatch that
you are thinking about?

Jason


More information about the WireGuard mailing list