It’s possible to connect to a WireGuard VPN without administrator privileges on Windows.
But by design, the process for doing so is documented poorly.
First, install the WireGuard quick configuration file as an administrator. (The user won’t be able to create or delete new tunnels, just start or stop existing ones.)
Then, you’ll need to run RegEdit as an administrator (type in regedit.msc into the Run window, right click, and select Run as administrator), and then create a DWORD key in the HKLM\Software\WireGuard\LimitedOperatorUI
registry key. Set that DWORD to 1.
Then, you’ll need to provide new permissions to the user who you want to be able to connect and disconnect from your VPN.
To do this, run Local Users and Groups as an administrator (type in lusrmgr.msc into the Run window, right click, and select Run as administrator), select the Users folder, right click the user you want to give permissions to, and then click Properties.
Select the Member Of tab.
Then, click Add… at the bottom of the screen.
In the “Enter the object names to select” text box, type in Network Configuration Operators
and click Check Names.
You’ll have the option to select the Network Configuration Operators group. Do so and click OK.
Click OK on the Select Groups window, and click OK on the Properties window.
Now, your non-administrative user can connect to, or disconnect from, any existing WireGuard tunnel, without being able to add or delete existing tunnels.
You’ll still need to add or delete new WireGuard connections as an administrator, but using this technique, a non-administrator can turn on or off VPN connections on Windows.