Menu
▾
▴
Re: [Openvpn-users] Allowing all OpenVPN 2.4.x Windows users to run OpenVPN by default?
|
From: Németh T. N. <nem...@ny...> - 2016-03-05 10:51:45
|
>> Hi, >> >> On Thu, Mar 03, 2016 at 02:06:30PM +0200, Samuli Seppänen wrote: >>> Do we want let any non-admin user on a system launch OpenVPN connections >>> by default? Or do we want the administrator of the system to >>> specifically grant permissions to OpenVPN to each non-admin user? >> >> I think this needs to be a question the installer asks. > >Sounds reasonable. Any other opinions? Well, what if there would be a checkbox in the installer labeled with something like "Only members of this group are allowed to use OpenVPN:" and then a dropdown list of local(?) Windows groups. One of the listed groups migh be "OpenVPN Users - TO BE CREATED" or something like this (assuming that this group hadn't been created before installation) and if chosen, the installer should create this group. Indirect group membership should be checked and anyone running OpenVPN GUI but not allowed to connect should be constantly warned about his/her insufficient permissions. In addition to this OpenVPN should handle both "systemwide" and "personal" VPN profiles. Systemwide profiles should only be created and edited by system admins, but everyone should be able to create and edit his/her own profiles stored somewhere in her/his own user profile, even despite not being able to instruct OpenVPN to connect using these profiles. With respect, Tamás Németh IT sysadmin University of West Hungary, Sopron |
