Help
FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
fatihseyligli
Staff
Staff

Created on ‎08-20-2024 03:31 AM Edited on ‎01-14-2025 06:12 AM By Moderator

Article Id 334707

Technical Tip: 'Users must enter a user name and password to use this computer' option not visible to enable VPN Before Logon for the user

Description This article describes how to resolve the issue where the option 'Users must enter a password to use this computer' is not visible when running 'netplwiz' on Windows users.
Scope FortiClient Windows.
Solution

FortiClient's 'VPN Before Logon' feature allows users to establish a VPN connection to the corporate network before logging into Windows.

 

This is particularly useful in scenarios where the user's credentials are validated through a domain controller or when access to network resources is required during the login process.

 

How it works:

 

  • Before the user logs into Windows, the FortiClient endpoint prompts for VPN credentials. This allows the system to establish a secure connection to the corporate network.
  • Once the VPN connection is established, the user's login credentials are authenticated against the domain controller over the VPN, ensuring that domain policies are applied.
  • The VPN connection remains active throughout the logon process, allowing uninterrupted access to network resources.
  • This is critical for users who need access to network drives, internal applications, or other resources that are only available once connected to the corporate network.

 

How to activate VPN before Windows logon:

 

  • In FortiClient, create a VPN tunnel of interest or receive the VPN tunnel from FortiClient EMS.
  • On the Windows system, start an elevated command line prompt.
  • Enter 'control userpasswords2' and press Enter. Alternatively, it is possible to type enter 'netplwiz'.
  • Check the checkbox for 'Users must enter a user name and password to use this computer.'
  • Select OK to save the setting.
     

1.png

 

In some cases, specifically on Windows 11 machines, the option 'Users must enter a user name and password to use this computer' might not be visible in the User Accounts interface.

 

To resolve this issue, follow the steps:

 

  • Open the Registry Editor (regedit).
  • Navigate to 'Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\PasswordLess\Device'.
  • Change the value for DevicePasswordLessBuildVersion to 0.
 

image.png

 

  • Restart the computer.
  • After making this change, the option will be visible the next time the User Accounts window is opened.

After completing this process, it is possible to see the FortiClient VPN icon in the Windows login phase below:

 

9.jpeg

 

Resources about VPN before logon and VPN pre-logon:

  1. Activating VPN before Windows logon

  2. FortiClient SSL-VPN Pre-Logon Overview VIDEO

  3. FortiClient SSL-VPN Pre-Logon: Part 1 VIDEO

  4. FortiClient SSL-VPN Pre-Logon: Part 2 VIDEO

  5. FortiClient IPsec VPN Pre-Logon Overview VIDEO

  6. FortiClient IPsec VPN Pre-Logon Configuration and Demo VIDEO

  7. Troubleshooting the pre-logon SSL VPN connection

  8. Per-machine pre-logon VPN connection without user interaction

  9. Configuring autoconnect with username and password authentication 

  10. Configuring autoconnect with certificate authentication
3314
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.