Securing Your System: Guide to Connecting VPN Before Windows Logon

The built-in VPN client in Windows by default does not permit a connection to the VPN server until the user has logged in. This presents a problem for computers that have joined Active Directory and are linked to the domain network via VPN. Although users can use cached domain credentials to log into their computers, establishing a VPN connection afterwards, they will encounter continuous issues accessing shared folders and other domain resources (particularly following a change or reset of the domain password).

Windows provides the option to connect to the VPN server prior to user login. With this, the user can fully authenticate on the AD domain controller once the VPN connection is established.

In the past, this was made possible through the ‘Allow other people to use this connection’ feature in the VPN connection settings. However, this option is no longer available in the recent Windows 10 and 11 versions.

In newer versions of Windows, you can set up a shared VPN connection from the PowerShell console. As an illustration, to set up an L2TP VPN connection with a shared key, use the following command:

Add-VpnConnection -Name WorkVPN_L2TP -ServerAddress "" -TunnelType L2TP -L2tpPsk "My1pre-SharedKey2" -Force -EncryptionLevel "Required" -AuthenticationMethod MSChapv2 -RememberCredential -AllUserConnection $true –PassThru

If you encounter an L2TP/IPsec VPN connection error on Windows, here’s a guide on how to

fix it.

In this case, the -AllUserConnection $true option allows you to create a shared VPN connection that is available to all Windows users, including on the Windows login screen.

See the examples of using the Add-VpnConnection cmdlet to create other types of VPN connections (PPTP, SSTP, IKEv2) in the post “Manage Windows VPN Connections with PowerShell“.

You can later change the shared VPN connection settings from the Control Panel graphical interface (ncpa.cpl).

If you already have a VPN connection in your profile, you can make it public by copying rasphone.pbk file from the %userprofile%AppDataRoamingMicrosoftNetworkConnectionsPBK to C:ProgramDataMicrosoftNetworkConnectionsPBK.

You can now connect to the VPN from the Windows login screen. Click on the network connection icon in the bottom right-hand corner.

Type in the user name and password for the VPN connection.

Your computer should establish a VPN connection to your company network, and you can sign in to Windows using your domain user account.

If the VPN is disconnected for any reason, the user can reconnect using the VPN icon in the system tray or in Settings (or you can configure an automatic reconnection to the VPN).



, ,