If you’re deploying a VPN connection via PowerShell or GPO, you may have noticed there’s no way to configure the more advanced settings, such as “Always negotiate multi-link” and “example here”.

Neither PowerShell nor the options provided when deploying a VPN via GPO allow you to specify the advanced options you can modify using this method.

When researching, I discovered that there is actually a way to set the “Negotiate multi-link for single-link connections” and every other advanced VPN setting through Group Policy Preferences.

Here’s the trick: When opening the .pbk file in notepad, you’ll see that this is actually an ini-structured file, Group Policy Preferences can update ini files!

When opening the .pbk file in Notepad, you will notice your VPN connections listed under different sections, example: “[My VPN]“. The property we want to change, “NegotiateMultilinkAlways” would be displayed below the section name, this property would be the option to force “Negotiate multi-link for single-link connections”.

Using this method, you’re able to change flags without touching any other settings, or other VPN connections. (All VPN connections are stored in the same .pbk file.)

So, in Group Policy Management Editor, go to Preferences / Windows Settings / Ini Files.
Create a new object with Action = Update, and File Path = %ProgramData%\Microsoft\Network\Connections\Pbk\rasphone.pbk
(Make sure this is where where your file is located, this is the default location for VPN connections shared with all users.)
Section Name should be the display name of your VPN connection, without the brackets.
Property Name = NegotiateMultilinkAlways
Property Value = 1

There are no comments.

Leave a Reply