This is because closing the WireGuard app from the system tray doesn't just get rid of the icon, or even disable the WireGuard tunnel services-it actually uninstalls those services entirely. Unprivileged users also cannot exit the WireGuard application itself-they can close the dialog just fine, but the "exit WireGuard" item is missing from the context menu in the system tray. They cannot see the public keys for the tunnels-and more importantly, they can neither add, remove, nor edit those tunnels. Otherwise-unprivileged users who've been allowed into the WireGuard club can see the tunnels available and start and stop those tunnels. (Don't be confused at the lack of HKLM\SOFTWARE\WireGuard itself-you'll need to create that, too.) There's one more step necessary to enable the limited UI-you need to open regedit, create the key HKLM\SOFTWARE\WireGuard, then create a DWORD at HKLM\SOFTWARE\WireGuard\LimitedOperatorUI and set it to 1. ![]() Unprivileged users may be added to the Windows Builtin group "Network Configuration Operators"-and, once members of that group, if and only if the requisite registry key was added and DWORD value set, they can manage their own tunnel into the corporate LAN. As of version 0.3.1, that limitation has finally been removed.
0 Comments
Leave a Reply. |