Omada VPN without Admin rights?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

Omada VPN without Admin rights?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Omada VPN without Admin rights?
Omada VPN without Admin rights?
2023-07-12 08:54:27 - last edited 2023-09-15 06:38:55
Tags: #VPN
Model: ER707-M2  
Hardware Version:
Firmware Version:

After having some problems with the OpenVPN Connect and GUI clients (Cannot connect due to the older OpenVPN version in Omada and split tunneling not working) I noticed the Omada VPN client, Download voor ER707-M2 | TP-Link Nederland. I don't know if this client is just released or if it has been around for a while but it seems to be working without problems. 

 

We would like to move our cliënts to this software but it requires admin rights to run. Since not all of our cliënts have local admin rights, is it possible to run the VPN client without admin rights? 

  0      
  0      
#1
Options
1 Accepted Solution
Re:Omada VPN without Admin rights?-Solution
2023-09-14 07:44:07 - last edited 2023-09-15 06:38:55

Hi @Niels-NL 

Thanks for posting in our business forum.

Niels-NL wrote

After having some problems with the OpenVPN Connect and GUI clients (Cannot connect due to the older OpenVPN version in Omada and split tunneling not working) I noticed the Omada VPN client, Download voor ER707-M2 | TP-Link Nederland. I don't know if this client is just released or if it has been around for a while but it seems to be working without problems. 

 

We would like to move our cliënts to this software but it requires admin rights to run. Since not all of our cliënts have local admin rights, is it possible to run the VPN client without admin rights? 

I consulted and discussed this with the senior engineer. Hank also asked me if there is a workaround to bypass the admin privileges.

I  was told by the dev team that this modifies the network parameters which require admin privileges.

 

There is a workaround to resolve this which turns off the LUA and it can allow access to launch the software. I found this after several minutes of research. I tested it with the lab computer and it worked. No more shield icons on the .exe.

Run this in CMD and reboot your computer: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableLUA /t REG_DWORD /d 0 /f

 

However, I am not sure if this will impact the whole security system. But this turns off UAC and allows you to launch it without a password. Use it at your own discretion. We are not responsible for any data loss or damage to your system. Always recommend you back up your registry when doing any modifications.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  0  
  0  
#10
Options
16 Reply
Re:Omada VPN without Admin rights?
2023-07-13 02:07:24 - last edited 2023-07-13 02:11:30

Hi @Niels-NL 

VPN client is a setting on the VPN page and it co-exists when VPN server is introduced.

For your second part, not really super positive about what you mean there. Are you referring to the controller admin level? You are not able to control or modify settings on the Controller?

On the controller, there are Main Administrator, Administrator, and Cloud Viewer. Can you be more specific? If you need to manage/modify your device, you should get Administrator privileges at least.

As the main admin, you can find this setting on Organization = Global View.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#2
Options
Re:Omada VPN without Admin rights?
2023-07-19 09:17:04

  @Clive_A I was talking about the VPN Client from Omada for Windows, not the settings in de controller. 

 

Having to run the VPN client in Windows as an admin user is problematic because most of our cliënts don't have local admin rights. 

  0  
  0  
#3
Options
Re:Omada VPN without Admin rights?
2023-07-19 09:33:12

  @Niels-NL 

Do you mean the Windows users lusrmgr.msc?

Then it is not our product issue anymore.

The VPN connection itself is not a part of this. Only the VPN software when you launch it, you probably need admin permission. And this is not our concern.

We provide the most common VPN types and work fine on most operating systems. If your system is special, then contact your operating system support for further help.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#4
Options
Re:Omada VPN without Admin rights?
2023-07-19 09:36:13

  @Clive_A no I mean the TP-Link VPN client that can be downloaded from https://www.tp-link.com/nl/support/download/er707-m2/#VPN_Client

Since this software is created by TP-Link I was wondering why it needs local admin rights as most VPN clients don't need this to run. 

  0  
  0  
#5
Options
Re:Omada VPN without Admin rights?
2023-07-19 09:41:09

  @Niels-NL 

OK. Then this is developed by us. About your firewall level, I have no clue.

About the installation, you need to allow it to run. If it is killed by your anti-virus, then you should consider adding it to the allow list.

Most common apps don't have to run at admin level. Windows users without admin rights should be able to run most software installed on a PC.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#6
Options
Re:Omada VPN without Admin rights?
2023-07-19 09:42:38

  @Clive_A I have a feeling you are missing my point. 

Is it possible to run the Omada VPN Client software without admin rights? 

  0  
  0  
#7
Options
Re:Omada VPN without Admin rights?
2023-09-11 09:01:39

  @Niels-NL I am literally now researching the same issue. The only issue I can find with the TP Link Client is the fact it needs local admin to run. This is obviously not ideal as you wouldn't want users all having local admin. To install it maybe, but it should be able to run without elevated privileges. Needs a small tweak in the software. Would be interested to know when this gets fixed.

  0  
  0  
#8
Options
Re:Omada VPN without Admin rights?
2023-09-11 11:15:13
I'm hoping this is a small change in the software to make it possible. The client is so much better then the OpenVPN client but because of the need for local admin rights we cannot deploy it to our cliënts. Just hoping someone from the dev team is also reading this.
  0  
  0  
#9
Options
Re:Omada VPN without Admin rights?-Solution
2023-09-14 07:44:07 - last edited 2023-09-15 06:38:55

Hi @Niels-NL 

Thanks for posting in our business forum.

Niels-NL wrote

After having some problems with the OpenVPN Connect and GUI clients (Cannot connect due to the older OpenVPN version in Omada and split tunneling not working) I noticed the Omada VPN client, Download voor ER707-M2 | TP-Link Nederland. I don't know if this client is just released or if it has been around for a while but it seems to be working without problems. 

 

We would like to move our cliënts to this software but it requires admin rights to run. Since not all of our cliënts have local admin rights, is it possible to run the VPN client without admin rights? 

I consulted and discussed this with the senior engineer. Hank also asked me if there is a workaround to bypass the admin privileges.

I  was told by the dev team that this modifies the network parameters which require admin privileges.

 

There is a workaround to resolve this which turns off the LUA and it can allow access to launch the software. I found this after several minutes of research. I tested it with the lab computer and it worked. No more shield icons on the .exe.

Run this in CMD and reboot your computer: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableLUA /t REG_DWORD /d 0 /f

 

However, I am not sure if this will impact the whole security system. But this turns off UAC and allows you to launch it without a password. Use it at your own discretion. We are not responsible for any data loss or damage to your system. Always recommend you back up your registry when doing any modifications.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
  0  
  0  
#10
Options
Re:Omada VPN without Admin rights?
2023-09-18 06:28:22

Hi @Niels-NL @Bretagne 

Have you tried the line I mentioned above? That would disable UAC and allow modification to the network without admin confirmation.

That seems to fix the problem you are experiencing.

From what I researched, if the account privilege is Standard, when modifying any admin-level parameters, it'll request the password. Unless you disable the UAC. As long as the account is standard, it'll face a lot of issues when it comes to the parameters that are considered sensitive by WindowsOS.

I guess as long as our software changes the network parameters and makes new connections, it will pop up for confirmation. Seems this line would be the temporary fix.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#11
Options