Forum Discussion
Peter Holland
Apr 28, 2021Iron Contributor
Prevent users from disconnecting AOVPN user tunnel
Hi, Is there any client configuration I can apply, registry entries or other policies, to remove the 'disconnect' button from the AOVPN user tunnel? It's not very 'always on' if users can dec...
- Mar 06, 2023Microsoft have implemented the required change (just needs to filter into Windows 10 and the intune management profiles)
https://learn.microsoft.com/en-us/windows/client-management/mdm/vpnv2-csp#deviceprofilenamedisabledisconnectbutton
posted for anyone else seeking this info in the future
also see the blog post by the incomparable Richard Hicks https://directaccess.richardhicks.com/2023/03/06/always-on-vpn-csp-updates/
Mousefluff
Feb 24, 2023Iron Contributor
Peter HollandIf you learn how a network stack works, how to harden operating system services, how network services work, how to use PowerShell, etc, various Systems Administration tasks as described in the above posts, it won't look like nonsense. The only problem is that you can't entirely lock it down as you imagine ( with a custom image, maybe, if it's company-owned. At that point, it's probably going to be a guest profile that is deleted after 12-72 hours or something else, or something that relies on STIG Viewer and OpenSCAP, both of which are publicly available. ) I did give you most examples, both hardware, and software configuration examples, albeit in a very generic cut-down fashion, given it's a platform-agnostic solution:
"this is entirely unrelated to the on-premises infrastructure and services. it is not related to any of the information you have posted in this thread. I am wondering if you are testing a techcommunity reply using chatgpt or something as it is also good at providing completely irrelevant nonsense."
Peter Holland
Feb 24, 2023Iron Contributor
Ok, it seems you really don't know AOVPN and how it works client side. the reason i posted this is because the standard approaches to overriding settings do not exist.