From b42a08d9d5a9e51a6d123c3eae8f1b5921049860 Mon Sep 17 00:00:00 2001
From: Jack Ivanov <17044561+jackivanov@users.noreply.github.com>
Date: Mon, 28 Jan 2019 23:50:58 +0100
Subject: [PATCH] Allow windows users install VPN for all users in the system
 (#1310)

---
 docs/client-windows.md                    | 7 +++++++
 roles/vpn/templates/client_windows.ps1.j2 | 7 +++++++
 2 files changed, 14 insertions(+)

diff --git a/docs/client-windows.md b/docs/client-windows.md
index 53b62f22..323da8df 100644
--- a/docs/client-windows.md
+++ b/docs/client-windows.md
@@ -10,6 +10,13 @@ To install automatically, use the generated user Powershell script.
 ```powershell
 powershell -ExecutionPolicy ByPass -File C:\path\to\windows_USER.ps1 -Add
 ```
+
+If you have more than one account on your Windows 10 machine (e.g. one with administrator privileges and one without) and would like to have the VPN connection available to all users, pass the parameter `-AllUsers`
+
+```powershell
+powershell -ExecutionPolicy ByPass -File C:\path\to\windows_USER.ps1 -Add -AllUsers
+```
+
 4. The command has help information available. To view its full help, run this from Powershell:
 ```powershell
 Get-Help -Name .\windows_USER.ps1 -Full | more
diff --git a/roles/vpn/templates/client_windows.ps1.j2 b/roles/vpn/templates/client_windows.ps1.j2
index 4a846f35..e1021bbe 100644
--- a/roles/vpn/templates/client_windows.ps1.j2
+++ b/roles/vpn/templates/client_windows.ps1.j2
@@ -29,6 +29,9 @@ Note that this must be passed in as a SecureString, not a regular string.
 You can create a secure string with the `Read-Host -AsSecureString` cmdlet.
 See the examples for more information.
 
+.PARAMETER AllUsers
+Allow all users to use the VPN
+
 .EXAMPLE
 client_USER.ps1 -Add
 
@@ -63,6 +66,9 @@ Save the embedded CA cert and encrypted user PKCS12 file.
     [Parameter(ParameterSetName="Add")]
     [SecureString] $Pkcs12DecryptionPassword,
 
+    [Parameter(ParameterSetName="Add")]
+    [Switch] $AllUsers = $false,
+
     [Parameter(Mandatory, ParameterSetName="Remove")]
     [Switch] $Remove,
 
@@ -164,6 +170,7 @@ function Add-AlgoVPN {
         TunnelType = "IKEv2"
         AuthenticationMethod = "MachineCertificate"
         EncryptionLevel = "Required"
+        AllUserConnection = $AllUsers
     }
     Add-VpnConnection @addVpnParams