Monday, February 2, 2009

Prohibit a user from changing LAN settings using the registry

To provide restrictions even for administrator accounts merge the following in the registry:

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Network Connections]
"NC_EnableAdminProhibits"=dword:00000001

To prohibit access to properties of a LAN connection:

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Network Connections]
"NC_LanProperties"=dword:00000000

To disable the Ability to enable/disable a LAN connection:

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Network Connections]
"NC_LanConnect"=dword:00000000

To prohibit TCP/IP advanced configuration:

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Network Connections]
"NC_AllowAdvancedTCPIPConfig"=dword:00000000

To Prohibit access to the advanced settings item on the advanced menu:

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Network Connections]
"NC_AdvancedSettings"=dword:00000000

To Prohibit access to the new connection wizard:

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Network Connections]
"NC_NewConnectionWizard"=dword:00000000

Posted by at 3 comments:
Labels: ,

Prohibit a user from changing LAN settings using Group Policies

One way is to give a limited account to the user. But what about accounts that need other administrative privileges? Well here how you can restrict network settings for the administrative user account:

Run GPEdit.msc

Go to User Configuration> Administrative Templates > Network > Network Connections.

Here you’ll find many network restrictions.

GPNetwork

The ones I find useful are:
Prohibit access to properties of a LAN connection
Ability to enable/disable a LAN connection
Prohibit TCP/IP advanced configuration
Prohibit access to the advanced settings item on the advanced menu
Prohibit access to the new connection wizard

None of the above seemed to be working for an administrative account. Later on I learned that for it all to work in an administrative account I had to enable this:

Enable Windows 2000 Network Connections settings for Administrators.

Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)