From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: Riccardo Paolo Bestetti <pbl@bestov.io>
Cc: WireGuard mailing list <wireguard@lists.zx2c4.com>
Subject: Re: Using WireGuard on Windows as non-admin - proper solution?
Date: Wed, 25 Nov 2020 12:45:37 +0100 [thread overview]
Message-ID: <CAHmME9oMFQtePYt37+4eyOn23mwHwP2UGxQi=SaJk9J3p1zCpw@mail.gmail.com> (raw)
In-Reply-To: <CAHmME9rp_nDjP6d_yki4LPP2pr1BejWcD7FQ5-A9MXZ9ORxZvg@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1787 bytes --]
On Wed, Nov 25, 2020 at 11:30 AM Jason A. Donenfeld <Jason@zx2c4.com> wrote:
>
> On 11/25/20, Riccardo Paolo Bestetti <pbl@bestov.io> wrote:
> > On Wed Nov 25, 2020 at 2:08 AM CET, Jason A. Donenfeld wrote:
> >> Hi Riccardo,
> >>
> >> Interesting consideration. I didn't know that.
> > I didn't know that either until I tried to deploy WireGuard on a laptop
> > yesterday! It seems not to be documented anywhere.
> >
> > The group has been around since Windows XP afaik, however I have no idea
> > whether the associated licesing chicanery has also been around that long.
> >
> >>
> >> Can you not add that group manually need be?
> > I'm not an expert on Windows, but a quick lookup on the net suggests you
> > cannot create a local group with a specific SID.
>
> I'm not convinced this is the case. We're talking about a local group.
> Surely there's some on-disk representation of available groups and
> associations, no? This line of inquiry needs to be fully exhausted
> before we even consider alternatives.
>
> Has Microsoft documented this limitation?
Well, I made Network Configuration Operators work just fine on Windows
10 Home edition. Here are the steps I followed, which I'm sure I could
compress into a single powershell script or executable need be:
1. Download psexec from the sysinternals page:
https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
2. Download nco.reg from the attachment in this email.
3. Open up an administrator console and type `psexec -i -s regedit`.
4. Choose File->Import and select the nco.reg file.
5. Add your user to the group like usual (e.g. `Add-LocalGroupMember
-Group "Network Configuration Operators" -Member MrDerp`).
I've confirmed that this works fine with the limited operator ui on
WireGuard for Windows 0.3.1.
Jason
[-- Attachment #2: nco.reg --]
[-- Type: text/x-ms-regedit, Size: 4226 bytes --]
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Builtin\Aliases\0000022C]
"C"=hex:2c,02,00,00,00,00,00,00,e8,00,00,00,03,00,01,00,e8,00,00,00,3e,00,00,\
00,00,00,00,00,28,01,00,00,d8,00,00,00,00,00,00,00,00,02,00,00,1c,00,00,00,\
01,00,00,00,01,00,14,80,c8,00,00,00,d8,00,00,00,14,00,00,00,44,00,00,00,02,\
00,30,00,02,00,00,00,02,c0,14,00,13,00,05,01,01,01,00,00,00,00,00,01,00,00,\
00,00,02,c0,14,00,ff,ff,1f,00,01,01,00,00,00,00,00,05,07,00,00,00,02,00,84,\
00,04,00,00,00,00,00,14,00,0c,00,02,00,01,01,00,00,00,00,00,01,00,00,00,00,\
00,00,18,00,1f,00,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,\
00,18,00,1f,00,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,24,02,00,00,00,00,\
38,00,0c,00,02,00,01,0a,00,00,00,00,00,0f,03,00,00,00,00,04,00,00,de,a2,28,\
67,21,3e,d2,af,19,ad,5d,79,b0,c1,07,29,27,56,fc,20,d8,ad,66,f6,10,f2,68,fa,\
df,2a,f8,0f,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,\
00,00,05,20,00,00,00,20,02,00,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,\
20,00,43,00,6f,00,6e,00,66,00,69,00,67,00,75,00,72,00,61,00,74,00,69,00,6f,\
00,6e,00,20,00,4f,00,70,00,65,00,72,00,61,00,74,00,6f,00,72,00,73,00,00,00,\
4d,00,65,00,6d,00,62,00,65,00,72,00,73,00,20,00,69,00,6e,00,20,00,74,00,68,\
00,69,00,73,00,20,00,67,00,72,00,6f,00,75,00,70,00,20,00,63,00,61,00,6e,00,\
20,00,68,00,61,00,76,00,65,00,20,00,73,00,6f,00,6d,00,65,00,20,00,61,00,64,\
00,6d,00,69,00,6e,00,69,00,73,00,74,00,72,00,61,00,74,00,69,00,76,00,65,00,\
20,00,70,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,73,00,20,00,74,\
00,6f,00,20,00,6d,00,61,00,6e,00,61,00,67,00,65,00,20,00,63,00,6f,00,6e,00,\
66,00,69,00,67,00,75,00,72,00,61,00,74,00,69,00,6f,00,6e,00,20,00,6f,00,66,\
00,20,00,6e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,69,00,6e,00,67,00,20,00,\
66,00,65,00,61,00,74,00,75,00,72,00,65,00,73,00,01,05,00,00,00,00,00,05,15,\
00,00,00,a8,93,d1,46,16,fe,89,a7,56,ec,96,97,ed,03,00,00
[HKEY_LOCAL_MACHINE\SAM\SAM\Domains\Builtin\Aliases\Names\Network Configuration Operators]
@=hex(22c):
next prev parent reply other threads:[~2020-11-25 11:46 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-11-12 15:18 vh217
2020-11-13 2:16 ` Jason A. Donenfeld
2020-11-13 12:03 ` Der PCFreak
2020-11-15 15:28 ` Patrik Holmqvist
2020-11-19 16:56 ` Jason A. Donenfeld
2020-11-20 11:49 ` Patrik Holmqvist
2020-11-20 12:52 ` Jason A. Donenfeld
2020-11-20 13:10 ` Patrick Fogarty
2020-11-20 13:14 ` Patrik Holmqvist
2020-11-17 10:18 ` Viktor H
2020-11-26 7:09 ` Chris Bennett
2020-11-21 10:05 ` Jason A. Donenfeld
2020-11-22 12:55 ` Jason A. Donenfeld
2020-11-23 14:57 ` Fatih USTA
2020-11-24 23:42 ` Riccardo Paolo Bestetti
2020-11-25 1:08 ` Jason A. Donenfeld
2020-11-25 7:49 ` Riccardo Paolo Bestetti
2020-11-25 10:30 ` Jason A. Donenfeld
2020-11-25 11:45 ` Jason A. Donenfeld [this message]
2020-11-25 14:08 ` Riccardo Paolo Bestetti
[not found] ` <8bf9e364f87bd0018dabca03dcc8c19b@mail.gmail.com>
2020-11-25 20:10 ` Riccardo Paolo Bestetti
2020-11-25 21:42 ` Jason A. Donenfeld
2020-11-26 8:53 ` Adrian Larsen
2020-11-28 14:28 ` Jason A. Donenfeld
2020-11-29 9:30 ` Adrian Larsen
2020-11-29 10:52 ` Jason A. Donenfeld
2020-11-29 12:09 ` Phillip McMahon
2020-11-29 12:50 ` Jason A. Donenfeld
2020-11-29 13:40 ` Phillip McMahon
2020-11-29 17:52 ` Jason A. Donenfeld
2020-11-29 19:44 ` Phillip McMahon
2020-11-29 20:59 ` Jason A. Donenfeld
2020-11-30 18:34 ` Riccardo Paolo Bestetti
2022-04-22 20:21 ` zer0flash
2020-11-30 12:47 ` Probable Heresy ;-) Peter Whisker
2020-12-02 13:40 ` Jason A. Donenfeld
2021-01-03 11:08 ` Christopher Ng
2020-11-25 12:40 ` AW: Using WireGuard on Windows as non-admin - proper solution? Joachim Lindenberg
2020-11-25 13:08 ` Jason A. Donenfeld
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHmME9oMFQtePYt37+4eyOn23mwHwP2UGxQi=SaJk9J3p1zCpw@mail.gmail.com' \
--to=jason@zx2c4.com \
--cc=pbl@bestov.io \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).