Join Log in
Score:-1
Paw Pedersen avatar Server

Always on VPN profile with Group policy

kp flag
Paw Pedersen

I am trying to deploy the always on VPN profile via GPO, with a powershell script from Richard hicks. the script works when i run local, but i can't figure out how to run it with a startup script in group policy.

have anyone figured this out ? Intune or SCCM is not a possibility

Edit: Solved Thanks to Richard I got it to work now, i used you suggestion and remote signed the script, then it worked.

131
1 + 0
vpn
Score:0
Richard M. Hicks avatar Server
il flag
Richard M. Hicks

I've done this more than a few times. :) It should work as long as you place the script and XML files somewhere reachable on the network (I usually put them in SYSVOL) and you use the -AllUserConnection switch when you run the script.

Here's an example from my lab:

Script Name: \\lab.example.net\SysVol\lab.example.net\scripts\New-AovpnConnection.ps1

Script Parameters: -xmlFilePath \\lab.example.net\SYSVOL\lab.example.net\scripts\ProfileXML.xml -AllUserConnection

Let me know if that helps!

+ 6
Paw Pedersen avatar
kp flag
Paw Pedersen
That is also what i am trying, do you run it in computer context in the GPO setting. our users are not local admins. Can it be the execution policy that makes it not run ?
0
Reply
Paw Pedersen avatar
kp flag
Paw Pedersen
Computer Configuration (Enabled) Policies Windows Settings Scripts Startup For this GPO, Script order: Not configuredName Parameters \\example.local\NETLOGON\New-AovpnConnection.ps1 -xmlFilePath \\example.local\NETLOGON\ProfileXML.xml -AllUserConnection
0
Reply
Paw Pedersen avatar
kp flag
Paw Pedersen
I get Errorcode 1 - Incorrect function when i look in the event viewer of my test machine.
0
Reply
cn flag
Greg Askew
You're probably better off using Group Policy to copy those files locally, and execute the startup script using the local file.
0
Reply
Richard M. Hicks avatar
il flag
Richard M. Hicks
@PawPedersen Yes, assign the startup script to the computer. It will run in the SYSTEM context which requires the -AllUserConnection parameter for my script. And yes, you may also need to add -ExecutionPolicy Byass to the Script Name example above if you haven't enabled RemoteSigned or something else via GPO previously.
0
Reply
Richard M. Hicks avatar
il flag
Richard M. Hicks
@GregAskew I've had no issues running the script from SYSVOL as my example shows, but copying locally would work as well.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.