Set-NetIpInterface and netsh interface require administrative permissions

Mountain Pond 1,391 Reputation points
2021-09-02T02:37:09.407+00:00

Hi,

I need to setup meric for VPN interface. I`m using CMAK and I need to automate installation process with a scripts. But I have problem with metric option.

As you can know there is no problem to change metric for manual created VPN connection. If user create new connection by him self, he/she can change metric for this interface without administrative permission.

But if user will use not GUI way to change it and is trying to do this for example:
powershell - Set-NetIPInterface 'VPN interface' -InterfaceMetric 10 -Confirm:$false -Verbose
or
netsh interface ipv4 set interface 'VPN interface' metric=5

In this case user will get an error "Access Deny" event VPN connection was setup for current user only.

How can I avoid this error? I can`t add user to network administrators, if user can change metric manualy, why it does not work in powershell or netsh?

Thank you.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,449 questions
Windows 10 Network
Windows 10 Network
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Network: A group of devices that communicate either wirelessly or via a physical connection.
2,293 questions
Windows Network
Windows Network
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.Network: A group of devices that communicate either wirelessly or via a physical connection.
686 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,434 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 39,466 Reputation points
    2021-09-02T11:54:45.5+00:00

    Hello @DenisPasternak

    My first choice will be also the user added to "Network Configuration Operators" group. Further than that the user "should" be able to change the NIC settings, if there is no other block to it.

    I would check the GPOs applying to this user in the path:
    User configuration - Administrative Templates Network - Network connections

    and in respect to the command line, besides the profile have the rights, it may be needed to select "Open as Administrator" (it may prompt for authentication) to verify the permissions.

    Additionally there could be UAC blocking the command as Powershell or CMD are not "GUI" sensible and wouldn't always prompt for UAC validation. Try the next:
    In the registry of the machine:
    path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
    Key: ConsentPromptBehaviorUser
    Set the value to: 3
    Reboot and test again.

    Hope this works for you!
    Best regards,