1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
# Registry Keys for Admins
These are advanced configuration knobs that admins can set to do unusual things
that are not recommended. There is no UI to enable these, and no such thing is
planned. These registry keys may also be removed at some point in the future.
The uninstaller will clean up the entirety of `HKLM\Software\WireGuard`. Use
at your own risk, and please make sure you know what you're doing.
#### `HKLM\Software\WireGuard\LimitedOperatorUI`
When this key is set to `DWORD(1)`, the UI will be launched on desktops of
users belonging to the Network Configuration Operators builtin group
(S-1-5-32-556), with the following limitations for members of that group:
- Configurations are stripped of all public, private, and pre-shared keys;
- No version update popup notifications are shown, and updates are not permitted, though a tab still indicates the availability;
- Adding, removing, editing, importing, or exporting configurations is forbidden; and
- Quitting the manager is forbidden.
However, basic functionality such as starting and stopping tunnels remains intact.
```
> reg add HKLM\Software\WireGuard /v LimitedOperatorUI /t REG_DWORD /d 1 /f
```
#### `HKLM\Software\WireGuard\DangerousScriptExecution`
When this key is set to `DWORD(1)`, the tunnel service will execute the commands
specified in the `PreUp`, `PostUp`, `PreDown`, and `PostDown` options of a
tunnel configuration. Note that this execution is done as the Local System user,
which runs with the highest permissions on the operating system, and is therefore
a real target of malware. Therefore, you should enable this option only with the
utmost trepidation. Rather than use `%i`, WireGuard for Windows instead sets the
environment variable `WIREGUARD_TUNNEL_NAME` to the name of the tunnel when
executing these scripts.
```
> reg add HKLM\Software\WireGuard /v DangerousScriptExecution /t REG_DWORD /d 1 /f
```
#### `HKLM\Software\WireGuard\UseUserspaceImplementation`
When this key is set to `DWORD(1)`, the legacy wireguard-go/Wintun implementation
is used instead of the newer, faster [WireGuardNT](https://git.zx2c4.com/wireguard-nt/about/)
implementation. This is an intended stop-gap solution in case there are early bugs
with WireGuardNT, and this option will be removed after a short period. If you use
this option, please send an email to team@wireguard.com explaining the issues you
had with WireGuardNT, so that they can be fixed before this option goes away. If
you are not having issues, do not use this option.
```
> reg add HKLM\Software\WireGuard /v UseUserspaceImplementation /t REG_DWORD /d 1 /f
```
|
