@Waqkas-Ahmed ,
Here is what I have so far...
# Get name of remote computer
$hostname = Read-Host -Prompt "Enter Remote Hostname"
# Get credentials for remote computer
$cred = Get-Credential
# Create a PSSession to the remote computer
$s = New-PSSession -ComputerName $hostname -Credential $cred
# Execute commands on remote computer
Invoke-Command -Session $s -ScriptBlock {
# Store path to registry key
$basePath = "HKLM:\SYSTEM\CurrentControlSet\Services\PolicyAgent\"
# Check if property exists
if (-not(Get-ItemProperty -Name 'AssumeUDPEncapsulationContextOnSendRule' -Path $basePath -ErrorAction SilentlyContinue)){
# If it doesn't exist, create it and set the value to 00000002
New-ItemProperty -Name AssumeUDPEncapsulationContextOnSendRule -PropertyType dword -Value 00000002 -Path $basePath
} else {
# If it does exist, set the value to 00000002
Set-ItemProperty -Name AssumeUDPEncapsulationContextOnSendRule -Value 00000002 -Path $basePath
}
# Set the VPN properties
Set-VpnConnection -Name 'test' -AuthenticationMethod Pap -EncryptionLevel NoEncryption
}
# Remove the PSSession when done
Remove-PSSession $s
This will prompt for the remote computer info and credentials, you can hard code this instead.
It will check to see if the registry key exists and then create it, or update it to the appropriate value. Not sure if that's what you want it to do if the key already exists. If not, just remove the 'else' block
It will update a VPN connection named 'test' to use PAP for authentication. We can add checks to see if the VPN connection exists, and create it if necessary. Let me know.
You cannot choose 'require encryption' or 'maximum encryption' on a VPN connection that is using PAP for authentication. Only 'no encryption' or 'optional encryption' because PAP is plaintext, no support for encryption. You cannot send credentials in plaintext and then encrypt the data.