Configure Wireguard on Windows for non admins

Leave a reply

Allow non admins to stop / start the VPN

Install wireguard

From admin cmd.exe (Use your .conf file and check the service name before running sc.exe)
wireguard.exe /installtunnelservice vpnConfigurationFile.conf
sc.exe sdshow WireGuardTunnel$SERVICENAME

This produces something like:

D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

Using
https://woshub.com/set-permissions-on-windows-service/

Add RPWP to the IU (stop / start service to Interactive Users) and run

sc.exe sdset WireGuardTunnel$SERVICENAME D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWLOCRRCRPWP;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

Restart the service
Then you can start / stop with

sc start WireGuardTunnel$SERVICENAME
sc stop WireGuardTunnel$SERVICENAME

Leave a Reply

Your email address will not be published. Required fields are marked *