Prevent users from stopping NETransparentProxyProvider

Is there a way to prevent users from stopping a NETransparentProxyProvider?

No, not that I am aware of. You should also want to keep it this way and provide the users the option to stop the proxy when needed.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

As a follow on to what I said previously, I did some testing to see what was possible on the system with different users. Specifically, I created a user on Big Sur that was a standard, non-admin user. From there, I used the admin user to create a Development signed build of a NETransparentProxyProvider and started it. Verified that is was running and all was good. Now, I logged out with my admin user and logged in as my standard user but did not see the NETransparentProxyProvider running at all, not even the process running. I am suspecting that this was because I created a Development signed build of my proxy. It would be interesting to see what happens if you created a Developer ID signed and Notarized build and ran this same test. I suspect the standard user would see it then, but do they have the ability to disconnect or deactivate the configuration?

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

Thank you for your responses (to all of my threads) Matt. Unfortunately this is not an option as it requires us to restart the VPN as a privileged user after every reboot and I'm not sure how the installation story look like. Besides this would probably be an undocumented/unsupported configuration.

I have submitted Enhancement Requests 9657389, 9657399, and 9657405. I guess for the time being we should live with these issues while looking forward to a response with crossed fingers. Thanks again for your time.