Omada VPN without Admin rights?
Omada VPN without Admin rights?
After having some problems with the OpenVPN Connect and GUI clients (Cannot connect due to the older OpenVPN version in Omada and split tunneling not working) I noticed the Omada VPN client, Download voor ER707-M2 | TP-Link Nederland. I don't know if this client is just released or if it has been around for a while but it seems to be working without problems.
We would like to move our cliënts to this software but it requires admin rights to run. Since not all of our cliënts have local admin rights, is it possible to run the VPN client without admin rights?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @Niels-NL
Thanks for posting in our business forum.
Niels-NL wrote
After having some problems with the OpenVPN Connect and GUI clients (Cannot connect due to the older OpenVPN version in Omada and split tunneling not working) I noticed the Omada VPN client, Download voor ER707-M2 | TP-Link Nederland. I don't know if this client is just released or if it has been around for a while but it seems to be working without problems.
We would like to move our cliënts to this software but it requires admin rights to run. Since not all of our cliënts have local admin rights, is it possible to run the VPN client without admin rights?
I consulted and discussed this with the senior engineer. Hank also asked me if there is a workaround to bypass the admin privileges.
I was told by the dev team that this modifies the network parameters which require admin privileges.
There is a workaround to resolve this which turns off the LUA and it can allow access to launch the software. I found this after several minutes of research. I tested it with the lab computer and it worked. No more shield icons on the .exe.
Run this in CMD and reboot your computer: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableLUA /t REG_DWORD /d 0 /f
However, I am not sure if this will impact the whole security system. But this turns off UAC and allows you to launch it without a password. Use it at your own discretion. We are not responsible for any data loss or damage to your system. Always recommend you back up your registry when doing any modifications.
- Copy Link
- Report Inappropriate Content
Hi @Niels-NL
VPN client is a setting on the VPN page and it co-exists when VPN server is introduced.
For your second part, not really super positive about what you mean there. Are you referring to the controller admin level? You are not able to control or modify settings on the Controller?
On the controller, there are Main Administrator, Administrator, and Cloud Viewer. Can you be more specific? If you need to manage/modify your device, you should get Administrator privileges at least.
As the main admin, you can find this setting on Organization = Global View.
- Copy Link
- Report Inappropriate Content
@Clive_A I was talking about the VPN Client from Omada for Windows, not the settings in de controller.
Having to run the VPN client in Windows as an admin user is problematic because most of our cliënts don't have local admin rights.
- Copy Link
- Report Inappropriate Content
Do you mean the Windows users lusrmgr.msc?
Then it is not our product issue anymore.
The VPN connection itself is not a part of this. Only the VPN software when you launch it, you probably need admin permission. And this is not our concern.
We provide the most common VPN types and work fine on most operating systems. If your system is special, then contact your operating system support for further help.
- Copy Link
- Report Inappropriate Content
@Clive_A no I mean the TP-Link VPN client that can be downloaded from https://www.tp-link.com/nl/support/download/er707-m2/#VPN_Client
Since this software is created by TP-Link I was wondering why it needs local admin rights as most VPN clients don't need this to run.
- Copy Link
- Report Inappropriate Content
OK. Then this is developed by us. About your firewall level, I have no clue.
About the installation, you need to allow it to run. If it is killed by your anti-virus, then you should consider adding it to the allow list.
Most common apps don't have to run at admin level. Windows users without admin rights should be able to run most software installed on a PC.
- Copy Link
- Report Inappropriate Content
@Clive_A I have a feeling you are missing my point.
Is it possible to run the Omada VPN Client software without admin rights?
- Copy Link
- Report Inappropriate Content
@Niels-NL I am literally now researching the same issue. The only issue I can find with the TP Link Client is the fact it needs local admin to run. This is obviously not ideal as you wouldn't want users all having local admin. To install it maybe, but it should be able to run without elevated privileges. Needs a small tweak in the software. Would be interested to know when this gets fixed.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Hi @Niels-NL
Thanks for posting in our business forum.
Niels-NL wrote
After having some problems with the OpenVPN Connect and GUI clients (Cannot connect due to the older OpenVPN version in Omada and split tunneling not working) I noticed the Omada VPN client, Download voor ER707-M2 | TP-Link Nederland. I don't know if this client is just released or if it has been around for a while but it seems to be working without problems.
We would like to move our cliënts to this software but it requires admin rights to run. Since not all of our cliënts have local admin rights, is it possible to run the VPN client without admin rights?
I consulted and discussed this with the senior engineer. Hank also asked me if there is a workaround to bypass the admin privileges.
I was told by the dev team that this modifies the network parameters which require admin privileges.
There is a workaround to resolve this which turns off the LUA and it can allow access to launch the software. I found this after several minutes of research. I tested it with the lab computer and it worked. No more shield icons on the .exe.
Run this in CMD and reboot your computer: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableLUA /t REG_DWORD /d 0 /f
However, I am not sure if this will impact the whole security system. But this turns off UAC and allows you to launch it without a password. Use it at your own discretion. We are not responsible for any data loss or damage to your system. Always recommend you back up your registry when doing any modifications.
- Copy Link
- Report Inappropriate Content
Have you tried the line I mentioned above? That would disable UAC and allow modification to the network without admin confirmation.
That seems to fix the problem you are experiencing.
From what I researched, if the account privilege is Standard, when modifying any admin-level parameters, it'll request the password. Unless you disable the UAC. As long as the account is standard, it'll face a lot of issues when it comes to the parameters that are considered sensitive by WindowsOS.
I guess as long as our software changes the network parameters and makes new connections, it will pop up for confirmation. Seems this line would be the temporary fix.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 1570
Replies: 16
Voters 0
No one has voted for it yet.