By default, the built-in Windows VPN client does not allow you to connect to the VPN server until the user logs in. This is inconvenient for Active Directory-joined computers connected to the domain network via VPN. Of course, users can sign in to their computer using cached domain credentials and then establish a VPN connection. However, access to shared folders and other domain resources will be a constant problem for these users (especially after changing or resetting the domain password).
Windows allows you to connect to the VPN server before the user logs in. In this case, once a VPN connection has been established, the user will perform a full authentication on the AD domain controller.
In previous versions of Windows, this could be achieved using the ‘Allow other people to use this connection’ in the VPN connection settings. However, this option is missing from current versions of Windows 10 and 11.
In new versions of Windows, you can create a shared VPN connection from the PowerShell console. For example, to create an L2TP VPN connection with a shared key, use the command:
Add-VpnConnection -Name WorkVPN_L2TP -ServerAddress "vpn.woshub.com" -TunnelType L2TP -L2tpPsk "My1pre-SharedKey2" -Force -EncryptionLevel "Required" -AuthenticationMethod MSChapv2 -RememberCredential -AllUserConnection $true –PassThru
How to fix L2TP/IPsec VPN connection error on Windows.
The -AllUserConnection $true option permits the creation of a shared VPN connection accessible to all Windows users, inclusive of the Windows login screen.
The shared VPN connection settings can be later modified via the Control Panel graphical interface (ncpa.cpl).
If there’s a VPN connection already set in your profile, you can publicize it by moving the rasphone.pbk file from %userprofile%AppDataRoamingMicrosoftNetworkConnectionsPBK to C:ProgramDataMicrosoftNetworkConnectionsPBK.
You can now connect to the VPN from the Windows login screen. Click on the network connection icon in the bottom right-hand corner.
Type in the user name and password for the VPN connection.
Your computer should establish a VPN connection to your company network, and you can sign in to Windows using your domain user account.
If the VPN is disconnected for any reason, the user can reconnect using the VPN icon in the system tray or in Settings (or you can configure an automatic reconnection to the VPN).