Hello Heiko, > If that works out, all that is needed is the service increasing the tokens > integrity > level before starting openvpn and the user will have limited access to the > running openvpn process.
a) this didn't work, you can lower the level and but not higher b) dll injection is ONE example of how a user can manipulate his own process. I'm no expert at hacking windows but you can trust me, it exists 1001 possibilities to do the same. You have no chance to block them. Please drop openvpn-service starts openvpn in the context of the user. It brings in much complexty for no benefit. greetings Carsten