Always On VPN: Support to disable UseRasCredential in AOVPN profil with Windows 11 24H2

I am happy to announce that Windows 11 24H2 finally supports that you can now directly disable UseRasCredentials in the Microsoft Intune Always On VPN Custom OMA-URI Settings profile.

What is the problem and what was the previous workaround?

As long as UseRasCredentials is not deactivated in the Always On VPN profile, no short names can be accessed on Entra joined only devices.

Example:

Network Folder Path	Status
\\filer.lab.gobislab.ch	Works
\\filer	Does not work

In the past, the Rasphone.pbk (%AppData%\Microsoft\Network\Connections\Pbk) Always On VPN profile had to be adjusted using a remediation script.

UseRasCredentials=1 had to be adjusted to UseRasCredentials=0.

To be able to deactivate UseRasCredentials directly in the Intune Always On VPN Custom OMA-URI Settings profile, only the following must be added:

<UseRasCredentials>false</UseRasCredentials>

This was not yet supported with Windows 11 23H2. Successfully tested with Windows 11 24H2 (26100.2033).

Gobisweb

News, practical experiences and solutions, with a focus on Microsoft technologies

Always On VPN: Support to disable UseRasCredential in AOVPN profil with Windows 11 24H2

What is the problem and what was the previous workaround?

Leave a comment Cancel reply

What is the problem and what was the previous workaround?

Share this:

Related

Leave a comment Cancel reply