0

I have a main DC which is put in Azure Vnet and an on-premise DC2. All the staff computers and laptops are joined into the domain.

My colleagues would like to access the resources on Azure when they are offsite. Therefore, they have to establish the point-to-site VPN to the Vnet. The computer prompts to provide the domain administrator right in order to do Point-to-Site VPN connection.

enter image description here

I did research and people suggest to give the domain user the local administrator right which I think it's not suitable. In this case, we won't have control over the company laptop.

Is there any way I can fix this issue to allow them to do Point-to-Site VPN connection without providing domain administrator right ? Thanks.

CK Tan
  • 596
  • 2
  • 10
  • 25

1 Answers1

0

When you try to establish the VPN connection with the VPN client downloaded from the Azure, UAC may pop up and ask for the credential of admin account.

enter image description here

Then you have two options to overcome it:

  1. Give local admin privilege to the user.

  2. Create the VPN configuration manually.

Since option 1 is not acceptable. The only solution for you is creating the VPN profile manually. Here is a good article about how to create the VPN profile for Azure point to site VPN.

I've tested it in my lab. It works for me.

Steven Lee - MSFT
  • 800
  • 4
  • 9
  • 1
    Hi, Steven. It was the case but until last Thursday, thing seems to be changed. I was able to connect to the Vnet without providing credential of Administrator. On last Thursday, it keeps prompt me for that when I click connect. – CK Tan Aug 08 '16 at 03:49
  • @C.k. Could you please upload the screenshot? I would doubt if this credential is required by VPN client. Normally, the credential is required by UAC. If it is true, you have two options. I'll update my answer. – Steven Lee - MSFT Aug 08 '16 at 06:18
  • Hi, @Steven Lee, option 2 seems to be the right solution for us but the computer doesn't have Internet access once it is connected to the VNet by manual VPN configuration. Any idea if this can be fixed ? – CK Tan Aug 09 '16 at 01:31
  • @C.k. Disable the UAC is not a good idea. I only get an access deny when I disable the UAC on my client. I've edited my Answer to remove the misleading information. – Steven Lee - MSFT Aug 09 '16 at 03:19
  • @C.k. It's a known issue. You may post a New question, so that I can't explain it more clearly for you. I can't post a picture on comment. – Steven Lee - MSFT Aug 09 '16 at 03:21