Hi Jason and thanks for the reply! I will describe our current workflow below: * The WireGuard client is installed on the computer with our deployment solution * The user logs in with SSO in our web-front [0] where they can generate one or more configs (for example one for their Windows computer and one for their phone) * They download the config from the web-front * Start WireGuard and import the configuration file * Activates the tunnel when needed
Not sure if your suggested solution would allow for this? Maybe there could be different levels of permissions depending on the value you configure the registry key to or something. [0] https://github.com/EmbarkStudios/wg-ui /Best regards Patrik -----Original Message----- From: Jason A. Donenfeld <[email protected]> Sent: den 19 november 2020 17:56 To: Patrik Holmqvist <[email protected]> Cc: [email protected]; WireGuard mailing list <[email protected]> Subject: Re: Using WireGuard on Windows as non-admin - proper solution? Hi Patrik, Thanks for the patch. I think we'll probably take a route similar to that, with S-1-5-32-556, but will gate it behind a registry knob and and will allow only for starting/stopping/viewingstatus of tunnels, but not editing or extracting private keys. Would that be passable for you? Jason
