By default, the in-built VPN client of Windows does not permit the connection to the VPN server until the user’s log in. This poses as a hurdle for computers joined to the Active Directory on the domain network via VPN. While users have the option to log into their computer using cached domain credentials prior to setting up a VPN connection, they might face constant issues while accessing shared folders and other domain resources (especially after altering or resetting the domain password).
Windows provides the feature to connect to the VPN server before the user’s login. In this scenario, the user will fully authenticate themselves on the AD domain controller once a VPN connection is set up.
In the earlier versions of Windows, this could be achieved using the ‘Allow other people to use this connection’ in the VPN connection settings. Although, this option is not available in the latest versions of Windows 10 and 11.
In new versions of Windows, you can create a shared VPN connection from the PowerShell console. For example, to create an L2TP VPN connection with a shared key, use the command:
Add-VpnConnection -Name WorkVPN_L2TP -ServerAddress "vpn.woshub.com" -TunnelType L2TP -L2tpPsk "My1pre-SharedKey2" -Force -EncryptionLevel "Required" -AuthenticationMethod MSChapv2 -RememberCredential -AllUserConnection $true –PassThru
How to fix L2TP/IPsec VPN connection error on Windows.
The -AllUserConnection $true option permits the creation of a shared VPN connection accessible to all Windows users, including those on the Windows login screen.
See examples of employing the Add-VpnConnection cmdlet for creating various types of VPN connections (PPTP, SSTP, IKEv2) in the post “Manage Windows VPN Connections with PowerShell“.
The settings for the shared VPN connection can be altered later from the Control Panel user interface (ncpa.cpl).
If a VPN connection is already present in your profile, you can make it public by copying the rasphone.pbk file from %userprofile%AppDataRoamingMicrosoftNetworkConnectionsPBK to C:ProgramDataMicrosoftNetworkConnectionsPBK.
You can now connect to the VPN from the Windows login screen. Click on the network connection icon in the bottom right-hand corner.
Type in the user name and password for the VPN connection.
Your computer should establish a VPN connection to your company network, and you can sign in to Windows using your domain user account.
If the VPN is disconnected for any reason, the user can reconnect using the VPN icon in the system tray or in Settings (or you can configure an automatic reconnection to the VPN).