- How to add holidays to the Exchange calendar with PowerShell - Wed, Apr 23 2014
- How to change the domain name in Exchange Server 2010 - Tue, Apr 8 2014
- How to enable Unsolicited Remote Assistance in Windows 7 / 8 - Tue, Oct 1 2013
When deploying VPN connections via Group Policy Preferences, we have two options. Firstly, we can deploy it to the computer which is same as selecting the ‘make this connection available to all users’ checkbox when manually creating the connection. The main benefit of doing this is that the VPN connection is available before the user has logged on, so we can use it to log on to our domain from a remote location. This is great when you have a user out in the field that needs to log onto a laptop without cached credentials.
Our second option is to deploy to the user – this route won’t allow us to use the connection to log into Windows, but non-admin users will have the ability to modify the connection if they wish. A common change my users make is toggling the ‘use default gateway on remote network’ setting. This allows them to access systems that only permit connections from the main office IP range.
In my example, I’ll be deploying the connection to the computer, and I will also show how we can use the VPN connection to log on to Windows. It’s a little less obvious in Windows 7 than it was in previous versions of Windows.
Firstly, we’ll need to start the Group Policy Management Console, and then select the Group Policy object that you wish to add the VPN connection to. Right click it and select ‘Edit’. Based on which of the two options (user/computer) you’ve chosen, select the appropriate section on the left, then navigate to Preferences/Control Panel Settings/Network Options. Right click network option, and select New > VPN connection.
New VPN connection
Fill in the details for our VPN connection, ensuring ‘all users connection’ is selected if you’re deploying to computers rather than the users. As we’re using a SSTP VPN, we will need to also tick the DNS name box, and enter the name that appears on our SSL certificate for the VPN server.
I then enable “Display progress while connecting” so that users get some feedback to what’s going on during the connection. Under she security tab I select the ‘Use windows logon name…’ option to avoid them having to enter their password again. Finally under the ‘networking’ tab, ensure that the VPN type is set to automatic, as there isn’t a way to force SSTP here.
Click ‘OK’ to save the VPN connection, and then close the GPO window that we’ve been editing. If you restart a computer that the Group Policy applies to, we should now see the VPN connection available in the connections list.
Connection list
As I’ve created the VPN connection with a computer policy, we can use the VPN connection to allow new users, or those without cached credentials on a system to log in.
Login button
At the Windows login screen, click the ‘switch’ user button. As computer-wide VPN connections are available, you’ll now see a network login button beside the power button in the bottom right corner of the screen. Once you click this, you’ll be presented with a VPN login window. For this to work you’ll obviously need an active network connection.
VPN Login
Hopefully, you’ve now got a SSTP VPN solution rolled out to your client systems.
Hello Geoff!
Thanks for the article! One question: Is there a way to create a GPO to deploy a L2TP VPN connection with a pre shared key? It looks like there’s no option to do this (I’m using WIN10 ADMX templates.
Thanks!
Jeff