It’s frustrating that out of the box WireGuard only allows admin users to open the main WireGuard window. The error you receive says “WireGuard may only be used by users who are a member of the Builtin Administrators group”
Fortunately there is a way to fix this.
You need to create a registry key first, under HKEY_LOCAL_MACHINE/SOFTWARE/Wireguard
The Wireguard entry likely does not already exist under HKLM/Software (it’s not there by default) so you can create it in Regedit.
Under this key, create a new DWORD value called LimitedOperatorUI and set it to 1.
So, the full path is HKEY_LOCAL_MACHINE/SOFTWARE/Wireguard/LimitedOperatorUI = 1
Once this has been done, add the current user to the Network Configuration Operators group, reboot and you should be good to go. If it doesn’t work, you may need to launch the WireGuard app as an Administrator at least once, and then should be able to run it as a regular user.
If you want to do this in CMD, you can type in:
REG ADD HKLM\Software\WireGuard /V LimitedOperatorUI /T REG_DWORD /D 1 /F
NET LOCALGROUP "Network Configuration Operators" AD\username /ADDWhere AD\Username is the local username you want to run WireGuard as. If this machine is joined to Azure AD, then the username will be something like AzureAD\UserName (e.g. AzureAD\KaiHowells)
The “REG” command given here is incorrect.
The correct command is:
reg add HKLM\Software\WireGuard /v LimitedOperatorUI /t REG_DWORD /d 1 /fSource: https://git.zx2c4.com/wireguard-windows/about/docs/adminregistry.md
Thanks for this – I have updated the information above.
adding normal user to that group will give him several permission, is there a way to avoid this? my goal its just to hide the wireguard config for users.
No, I don’t think there’s any more fine-grained control than this.
How to create a Reg entry, if you don’t have admin rights for it ^^
You need to ask someone with admin rights to create it for you.