Skip to main content

A service-based installation without giving a user elevated privileges

Steps
  1. Download and install the installation file using https://download.wireguard.com/windows-client/
  2. Install the application using an Administrator account
  3. Go to dashboard.meter.com -> Client VPN
  4. Configure a new client VPN client
026f81f6 5443 4d40 9cd8 E592a9b8c83c Pn
  1. Download the WireGuard configuration file to the user’s computer
1c2ab548 4379 4eb6 9423 6bdaab65489c Pn
  1. Open the Wireguard Application using the Administrator account and upload the new config file to configure the tunnel and upload the downloaded file
870ba222 16e0 4d85 B4db E411d6133818 Pn 9343b07f 30f9 4c95 B6c7 38412e749d96 Pn
  1. Press Activate to activate the tunnel
  2. Once the tunnel is confirmed working with the data transfer usage incrementing for received and sent traffic.
9954d226 87bb 47c4 804e 46868784ed18 Pn
  1. If the tunnel is up we can now proceed to configure this task to be run automatically in the background when the user logs on.
  2. Create a local service Administrator service account for your preference. Lets use an example user called “wg_service_account”
9954d226 87bb 47c4 804e 46868784ed18 Pn Bfa0940c B58e 479a Ab6b 77b4a42e780d Pn D4b94d44 F8f5 4aa0 8feb 2c5bc321d64f Pn 537b6a4b 3df3 411f 811a 4e839e8527a0 Pn
  1. After creating the account, change the Account type to Administrator. This account will only be used for the Wireguard service and only an Administrator would have access to this or if there are other Service Accounts in your Active directory environment feel free to use that instead. 34610548 5731 494f A3c3 1b1e2cbacdc8 Pn
  2. Configuring the Wireguard Application to run in the background using “Task Scheduler”
34610548 5731 494f A3c3 1b1e2cbacdc8 Pn If you want the tunnel to auto-connect as soon as the WireGuard app is launched, regardless of user login:
  1. Press Win + R, type taskschd.msc, and hit Enter.
  2. In Task Scheduler, click Create Basic Task.
  3. Name it something like WireGuard AutoConnect.
 In the Security options section, select the Service Account previously created called “wg_service_account” to use when running the task. 8230a368 D122 449c B988 1260b0b9f4da Pn
  1. Create a new Trigger: Choose “When I log on” or “When the application is launched” (advanced step below).
3361fcf0 Ff02 43fc 86a6 D758a30ed936 Pn 8fe41482 3196 439c 8d94 Ef74a7a74451 Pn F487d5a4 0054 411c A8e2 2f4874f817df Pn
  1. Action: Choose Start a program.
Browse to :C:\Program Files\WireGuard\wireguard.exe E2d9f59f Fa38 4ae0 8be3 0a16d3063995 Pn In the Add arguments box, type: /installtunnelservice <tunnel-name>.conf Replace <tunnel-name> with the name of your .conf file (do not include the full path unless needed). In this case we used hq_office.conf This uses the WireGuard service mode to activate the tunnel as a service. You’ll need admin rights.For the other Tabs Conditions and Settings please configure as you see fit for your organisation. 15. Log off the Administrator and login with the standard user that has basic user privileges on the computer.Once logged in with a regular user open the command prompt to check if the tunnel is created in the background, using “ipconfig” 2ac236d9 35ef 419c 82a8 406bfc07d4cc Pn
  1. Validate the connection via pinging or accessing the resources you need to access via the VPN
I