Step-by-Step Guide on Connecting VPN Before Logging into Windows

The inbuilt VPN client of Windows does not facilitate connection to the VPN server until user login. This becomes a disadvantage for Active Directory-joined computerswhich are hooked up to the VPN via domain network. Although users hold the ability to login to their systems using cached domain credentialsfollowing which a VPN connection can be set, however, gaining access to shared folders and additional domain resources will pose as a recurrent issue, especially post domain password modification or reset.

The Windows platform provides means for users to connect to the VPN server prior to logging in. In such a situation, after a VPN connection is enabled, full authentication is required on the AD domain controller by the user.

In the preceding Windows versions, this could be accomplished by the ‘Allow other people to use this connection’ in the VPN connection settings. However, Windows 10 and 11 no longer have this feature.

In the newer releases of Windows, it is possible to set up a shared VPN connection utilizing the PowerShell console. To illustrate, if you want to establish an L2TP VPN connection alongside a shared key, execute the following command:

Add-VpnConnection -Name WorkVPN_L2TP -ServerAddress "" -TunnelType L2TP -L2tpPsk "My1pre-SharedKey2" -Force -EncryptionLevel "Required" -AuthenticationMethod MSChapv2 -RememberCredential -AllUserConnection $true –PassThru

Are you encountering an L2TP/IPsec VPN connection error on your Windows? Learn how to fix this issue.

The -AllUserConnection $true option permits the creation of a shared VPN connection that can be accessed by all Windows users, including those on the Windows login screen.

To see the examples of how the Add-VpnConnection cmdlet can be used to construct different types of VPN connections (PPTP, SSTP, IKEv2), visit “Managing Windows VPN Connections with PowerShell

You can adjust the shared VPN connection settings later through the Control Panel’s graphical interface by using ncpa.cpl.

If a VPN connection is currently in your profile, you can make it public by duplicating the rasphone.pbk file from %userprofile%AppDataRoamingMicrosoftNetworkConnectionsPBK to C:ProgramDataMicrosoftNetworkConnectionsPBK.

You can now connect to the VPN from the Windows login screen. Click on the network connection icon in the bottom right-hand corner.

Type in the user name and password for the VPN connection.

Your computer should establish a VPN connection to your company network, and you can sign in to Windows using your domain user account.

If the VPN is disconnected for any reason, the user can reconnect using the VPN icon in the system tray or in Settings (or you can configure an automatic reconnection to the VPN).



, ,