Set-NetIpInterface and netsh interface require administrative permissions

Question

Hi,

I need to setup meric for VPN interface. I`m using CMAK and I need to automate installation process with a scripts. But I have problem with metric option.

As you can know there is no problem to change metric for manual created VPN connection. If user create new connection by him self, he/she can change metric for this interface without administrative permission.

But if user will use not GUI way to change it and is trying to do this for example:
powershell - Set-NetIPInterface 'VPN interface' -InterfaceMetric 10 -Confirm:$false -Verbose
or
netsh interface ipv4 set interface 'VPN interface' metric=5

In this case user will get an error "Access Deny" event VPN connection was setup for current user only.

How can I avoid this error? I can`t add user to network administrators, if user can change metric manualy, why it does not work in powershell or netsh?

Thank you.

Answer 1

Hello @DenisPasternak

My first choice will be also the user added to "Network Configuration Operators" group. Further than that the user "should" be able to change the NIC settings, if there is no other block to it.

I would check the GPOs applying to this user in the path:
User configuration - Administrative Templates Network - Network connections

and in respect to the command line, besides the profile have the rights, it may be needed to select "Open as Administrator" (it may prompt for authentication) to verify the permissions.

Additionally there could be UAC blocking the command as Powershell or CMD are not "GUI" sensible and wouldn't always prompt for UAC validation. Try the next:
In the registry of the machine:
path: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\
Key: ConsentPromptBehaviorUser
Set the value to: 3
Reboot and test again.

Hope this works for you!
Best regards,