Domain user is required to provide domain admin password to connect to Azure Point-to-Site VPN

0
votes

I have a main DC which is put in Azure Vnet and an on-premise DC2. All the staff computers and laptops are joined into the domain.

My colleagues would like to access the resources on Azure when they are offsite. Therefore, they have to establish the point-to-site VPN to the Vnet. The computer prompts to provide the domain administrator right in order to do Point-to-Site VPN connection.

enter image description here

I did research and people suggest to give the domain user the local administrator right which I think it's not suitable. In this case, we won't have control over the company laptop.

Is there any way I can fix this issue to allow them to do Point-to-Site VPN connection without providing domain administrator right ? Thanks.

1
azureazure-virtual-networkdomaincontrollerazure-vpnwindowsdomainaccount

1 Answers

0
votes

When you try to establish the VPN connection with the VPN client downloaded from the Azure, UAC may pop up and ask for the credential of admin account.

enter image description here

Then you have two options to overcome it:

  1. Give local admin privilege to the user.

  2. Create the VPN configuration manually.

Since option 1 is not acceptable. The only solution for you is creating the VPN profile manually. Here is a good article about how to create the VPN profile for Azure point to site VPN.

I've tested it in my lab. It works for me.