To provide restrictions even for administrator accounts merge the following in the registry:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Network Connections]
"NC_EnableAdminProhibits"=dword:00000001
To prohibit access to properties of a LAN connection:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Network Connections]
"NC_LanProperties"=dword:00000000
To disable the Ability to enable/disable a LAN connection:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Network Connections]
"NC_LanConnect"=dword:00000000
To prohibit TCP/IP advanced configuration:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Network Connections]
"NC_AllowAdvancedTCPIPConfig"=dword:00000000
To Prohibit access to the advanced settings item on the advanced menu:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Network Connections]
"NC_AdvancedSettings"=dword:00000000
To Prohibit access to the new connection wizard:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Network Connections]
"NC_NewConnectionWizard"=dword:00000000
Posts
But what do you have to do to get these reg keys to make a difference with Vista SP1?
ReplyDeleteHave tried local and domain accounts, added user to (local) 'power users' group, AND 'Network Configuration operators' group. I have also set local policies, either per user or the entire machine using gpedit.msc ==> User Configuration ==>Administrative templates==Network
I tried six of the items in the GPedit.msc section above, and only 2 had any effect. For instance if I set 'Prohibit viewing status of an active connection' then logon as a plain user one can still 'view the status of an active connection'. However Blocking access to the properties of a network connection greys it out as it should.
Are there any hotfixes in the works? I've found many posts around the 'net about this issue, but no solutions. The conclusion is that MS broke many if not most of these policies.
sorry for taking so long to reply.
ReplyDeleteI tried to make the above work in vista but failed in my attempts too. Maybe I have a poor experience of vista. It works in XP though. If I find the solution I'll post it.
No worries :)
ReplyDeleteWe use these policies under XP and they work well
But, some of our users have laptops with Vista and in order to enable them to connect to a wireless network we had to make them local administrators, this is not a very good solution, but its the only way we can get Vista to do what we need.