Windows 8 connect to VPN before logon
Last year I did an article entitled “Connect to a Windows VPN at logon”. Rather than duplicate, please refer to that article for details, but It has been pointed out the method outlined is not available in Windows 8. Actually it is but Win 8 by default alters the standard domain logon that was present since Win NT of pressing “Ctrl+Alt+Del”. Restore that and you will again have the option to connect to a VPN prior to logon so you authenticate to the domain, and have group policy and logon scripts applied.
To re-enable “Ctrl+Alt+Del” either open the Local Security Policy under Control Panel, Administrative Tools, or open the local Group Policy editor by entering in the “Run” box gpedit.msc. The location of the policy is in pretty much the same location in both, and setting in one will update the other.
- In the Local Security Policy editor (control panel) it is located under; Security Settings | Local Policies | Security Options | Interactive logon: Do not require CTRL+ALT+DEL
- In the local Group Policy editor (gpedit.msc) it is located under; Computer Configuration | Windows Settings | Security Settings | Local Policies | Security Options | Interactive logon: Do not require CTRL+ALT+DEL
The default state of the policy in Win 8 is “Not Defined” which on a domain joined computer effectively results in enabled. You need to set the policy to disabled which will force the use of “Ctrl+Alt+Del”. After doing so, I recommend running from an elevated command prompt gpupdate /force, though it should not be necessary when editing the local policy. On that note; you can enforce the use of “Ctrl+Alt+Del” domain wide by creating a GPO on your Domain Controller and editing the same policy.
Once you do so, and log off, you will see the familiar “Press Ctrl+Alt+Delete to sign in” message in the top left corner of the logon screen.
After pressing “Ctrl+Alt+Del” there will be a small network icon in the lower left corner
Click on the network icon and you will be presented with any VPN connection created on that computer. Note these VPN connections must have been created using the “Allow other people to use this connection” option. This discussion also applies only to domain joined computers.
Enter you domain credentials, the VPN will connect, authentication to the domain will be processed, and group polices and logon scripts, including your mapped drives, will be pushed to the client.
UPDATE: Should the PC not be domain joined and you wish to automate the VPN connection, please see: https://blog.lan-tech.ca/2013/06/08/rasdial-automate-vpn-connections/