In this post, we’ll look at two scenarios that involve establishing a VPN connection before logging in to Windows. In the first case, we need to authenticate to a domain to login. In the second case, the connection needs to be established automatically without a user.
NOTE: This article pertains to the built-in VPN client in Windows. There is however some discussion of Cisco clients in the comments below.
Scenario 1: Authenticating to A Domain At Login
Windows XP
At the Log On to Windows dialogue box, fill in the User name and Password fields. Select your domain from the Log on to drop down. Then check the Log on using dial-up connection checkbox. (Click Options >> to reveal the Log on to drop down and dial-up checkbox if they are hidden.) Click OK.
The Network Connections dialog box will appear. Select your VPN connection from the drop down. Click Connect. The standard VPN Connect box will appear. Connect as normal. Once the VPN connection is established, the original Log On to Windows user name and password will be applied and you’ll be logged in.
Note: In the process above, you may receive a dialogue box asking for area code and other dialing options. Just humor Windows and fill it out. It won’t matter.
IMPORTANT: The “Anyone who uses this computer” radio button must have been checked when the VPN connection was created. Otherwise the VPN will not be present in the Network Connectionsdrop down. If this is the case, just log on as a local administrator and recreate the connection.
Windows 7
At the login screen, click the Switch User button. A Network logon button will appear in the lower right corner next to the power button. Click this button and you will be presented with buttons for available network connections. Click on the button for your VPN. Enter your Username and Password, and click the arrow button (or press Enter).
IMPORTANT: The “Allow other people to use this connection” checkbox must have been checked when the VPN connection was created. Otherwise the VPN will not be present among the available network connections. If this is the case, just log on as a local administrator and recreate the connection.
Scenario 2: VPN Connection Without User Interaction
Credit where credit is due: The process in this scenario 2 section is drawn from this blog entry, which I stumbled upon early in my research of this topic.
Windows XP
What we’re going to do is install a system service that is started at boot and calls a batch file. The batch file will invoke a command that will start the VPN.
You will need three files available from Windows Server 2003 Resource Kit Tools. At the time of this writing, the download is available from Microsoft here. Run the executable to unpack and install the tools. Note the directory where the installer puts the tools.
1. Put the commandrasdial connection-name username password into a batch file and name itautoexnt.bat.
- Connection-name is the name you gave the VPN connection when you created it.
- The “Anyone who uses this computer” radio button must have been checked when the VPN connection was created.
- Documentation on the rasdial command can be found here.
2. In the directory created by the Resource Kit Tools installer, locate autoexnt.exe, instexnt.exe, andservmess.dll. Move those files and autoexnt.bat to %SystemRoot%\System32\.
3. From a command prompt, run instexnt.exe install to install the service.
- Documentation on the AutoExNT service can be found here.
You’re done. Next time the machine boots, it will automatically establish the given VPN connection.
Windows 7 (64-bit)
Follow the process outlined above, but in step 2, transfer the files to %SystemRoot%\SysWOW64\.
- The files must be transferred to this directory because they are 32-bit. 32-bit executables go in the SysWOW64 directory, and 64-bit executables go in the System32 directory. A discussion of why it works like that can be found here.
Windows 7 (32-bit) and Vista (32 & 64-bit)
I have not tested this on Windows 7 32-bit or on any version of Vista, though I imagine it would work just the same.