Windows 7 VPN connection problems as a power user

dFunked

New Member
Joined
Apr 25, 2012
Messages
2
Hi
I am having problems getting VPN connections to work for power users, details below:


- Client machines are domain computers (2003 domain funct lvl), running Win7 pro (64bit)
- Users are domain users, with power user, and network configuration, local machine membership.
- UAC has been turned off (as vpn connection dont even show with it on, for admins or PU's)
- This is using the windows builtin vpn software.
- The vpn server is linux running pptp (but that part works fine)

I can configure the vpn, either as admin or as power user. Making sure to select the allow all users option. And when logged in as admin I can make a successful connection.
I have eventually got the vpn connection showing to power users (initially it would not show on the "network" task bar icon). But when clicked it gives no response.
If I go to Network and sharing centre\Change adapter settings, I can see the vpn connection (even when it was not visible on the network icon (as above)), selecting and clicking connect from there, results in the following errors:
First: Network Connections: Your user account does not have permission to use this connection. Usaully, this is because you are logged in as a guest.
error 5: Access is denied


After "ok" that message, I get:

Error Connecting: You do not have sufficient privileges for configuring connection properties. Contact your administrator.


Obviously the machine is off the domain network when I try to make the connection, but the account is a domain account. I have looked through both local and domain policies but dont see anything obvious to either allow or block this.


Any help would be appreciated, as the last thing I want to do is have to give all our vpn users admin rights.
 
Solution
It seems like you are facing issues with VPN connections for power users on Win7 Pro machines within a 2003 domain environment. Here are some troubleshooting steps and suggestions to address the problems you are encountering:

Issues Identified:​

  • User Permissions: Power users are unable to establish VPN connections due to permission issues.
  • UAC: User Account Control (UAC) is causing problems when turned on, preventing VPN connections from showing.
  • VPN Connection Error: Users receive errors related to insufficient privileges and access denied messages.

Proposed Solutions:​

  1. Modify User Permissions:
    • Ensure that the power users have the necessary permissions to establish...
It seems like you are facing issues with VPN connections for power users on Win7 Pro machines within a 2003 domain environment. Here are some troubleshooting steps and suggestions to address the problems you are encountering:

Issues Identified:​

  • User Permissions: Power users are unable to establish VPN connections due to permission issues.
  • UAC: User Account Control (UAC) is causing problems when turned on, preventing VPN connections from showing.
  • VPN Connection Error: Users receive errors related to insufficient privileges and access denied messages.

Proposed Solutions:​

  1. Modify User Permissions:
    • Ensure that the power users have the necessary permissions to establish VPN connections. Check the user permissions, both locally on the machines and within the domain.
    []UAC Settings:
    • Since turning off UAC resolves the issue, consider keeping it off for now. However, this is not ideal for security reasons. You may need to find a way to make VPN connections work with UAC enabled.
    [
    ]VPN Connection Configuration:
    • Verify that the VPN connection is configured to allow all users, not just administrators.
    • Double-check that the "Allow other people to use this connection" option is selected during configuration.
    []Group Policy Review:
    • Check both local Group Policy and domain Group Policy settings that may impact VPN connections.
    • Look for any settings related to VPN access, user permissions, or network configurations that could be causing the issue.
    [
    ]Network Connection Permissions:
    • Review network connection permissions to ensure that power users have the necessary privileges to establish and manage network connections.
    []Domain Network Connectivity:
    • Ensure that users can connect to the domain network before attempting to establish the VPN connection, as user accounts need to be authenticated against the domain.
    [
    ]Testing Connectivity:
    • Test the VPN connection with an admin account to verify that the VPN server is functioning correctly. This will help differentiate if the issue lies with user permissions or the VPN server itself.
  2. Alternative VPN Protocols:
    • Consider using alternative VPN protocols or software that may be more compatible with the Win7 Pro machines and the domain environment.

      Additional Suggestions:​

      • Event Viewer: Check the Event Viewer logs for any relevant error messages that could provide more details on why the connection is failing.
      • Testing with a Different User: Try testing the VPN connection with a different user account (if available) to see if the issue is specific to certain accounts.
      By following these steps and suggestions, you should be able to troubleshoot and resolve the VPN connection issues for power users without having to grant them admin rights. If further assistance is needed, feel free to provide more details for a more targeted solution.
 
Solution