Sample AlwaysOn VPN Device Tunnel Scripts Using PowerShell


Scripts & Tools

OK. Here is how I deployed the AlwaysOn VPN in device tunnel (rather than user tunnel) using PowerShell. Continue on for the steps...

Note: Device tunnel can only be configured on domain-joined devices running Windows 10 Enterprise or Education version 1709 or later.

Using Group Policy Preferences

  1. Copy “Install AlwaysOn VPN (Run as Admin).cmd”

    • Destination: C:\Windows\System32\Install AlwaysOn VPN (Run as Admin).cmd

    • Check Apply once and do not reapply

  2. Copy “PsExec64.exe”

    • Destination: C:\Windows\System32\PsExec64.exe

    • Check Apply once and do not reapply

  3. Copy “VPN_Profile_DeviceTunnel.ps1”

    • Destination: C:\Windows\System32\VPN_Profile_DeviceTunnel.ps1

    • Do NOT check Apply once and do not reapply

Using Group Policy, create a startup script

  1. Create a Startup Script that runs the following command: C:\Windows\System32\Install AlwaysOn VPN (Run as Admin).cmd

Sample files

  1. PsExec64.exe > https://docs.microsoft.com/en-us/sysinternals/downloads/psexec

  2. Install AlwaysOn VPN (Run as Admin).cmd > https://pastebin.com/XkeZ9g1y

  3. VPN_Profile_DeviceTunnel.ps1 > https://pastebin.com/8k469YDw

    • This has versioning built-in. If you update the version it will uninstall the VPN and then re-install it using the updated configuration.

Tag: microsoft vpn alwayson vpn powershell device tunnel

Share It!

Be the first to comment