Friday, February 12, 2010

Configure Network Connection Restrictions by Using Group Policy

For Domain Network:

You can use this procedure to configure some restrictions on network connections by using Group Policy. These settings are all found in the Group Policy Management Console (GPMC) under:

User Configuration\Administrative Templates\Network\Network Connections

Most of the Group Policy settings in this section of the Group Policy Management Console are only applicable to users using computers running previous versions of Windows, and do not have any effect on users using computers running Microsoft™ Windows Vista® or Windows Server® 2008. However, the following Group Policy settings can be edited and applied to users that are members of the Group Policy object (GPO) in which the Group Policy setting is included. By default, the Group Policy settings are not configured.

The Group Policy settings that affect users of Windows Vista and Windows Server 2008 include:

  • Prohibit deletion of remote access connections. If you enable this Group Policy setting, then affected users cannot delete any remote access connections, including those they create themselves.
  • Prohibit access to the Remote Access Preferences item on the Advanced menu. If you enable this Group Policy setting, then affected users cannot access the Remote Access Preferences setting on the Advanced menu of the Network Connections folder. The top menu bar, including the Advanced menu, appears when you press the ALT key.
  • Prohibit access to properties of a LAN connection. If you enable this Group Policy setting, then affected users cannot change any of the properties of a LAN connection.
  • Ability to change properties of an all user remote access connection. If you enable this Group Policy setting, then affected users can modify the properties of a remote access connection that is shared with the other users on the computer. By default, standard users can only modify properties for a connection that is not shared.
  • Prohibit connecting and disconnecting a remote access connection. If you enable this Group Policy setting, then affected users cannot connect by using any remote access connection, or disconnect any that are currently connected.
  • Prohibit changing properties of a private remote access connection. If you enable this Group Policy setting, then affected users cannot change the remote access connection properties that are not shared. By default, standard users can modify connections that are not shared.
  • Prohibit renaming private remote access connections. If you enable this Group Policy setting, then affected users cannot rename remote access connections that are not shared. By default, standard users can modify connections that are not shared.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To open the Group Policy Management Console as an administrator
  1. Click Start, then in the Start Search box, type gpmc.msc, but do not press ENTER.

  2. When the icon for GPMC.msc appears on the Programs list at the top of the Start menu, right-click it, and then click Run as administrator.

    If the User Account Control dialog box appears, ensure it is for the action you requested, and then enter your administrator credentials.

    If you edit policy settings locally on a computer, you will affect the settings on only that one computer. If you configure the settings in a Group Policy object (GPO) hosted in an Active Directory domain, then the settings apply to all computers that are subject to that GPO. For more information about Group Policy in an Active Directory domain, see Group Policy (http://go.microsoft.com/fwlink/?LinkId=55625).

To enable or disable a Network Connections restriction policy for the current user
  1. Log on as the user for which you want to apply these Group Policy settings.

  2. Open Group Policy Management Console as an administrator.

  3. In the navigation pane, open User Configuration\Administrative Templates\Network\Network Connections.

  4. In the details pane, double-click one of the Group Policy settings described above.

  5. Do one of the following:

    • To enforce the Group Policy setting on the currently logged on user, select Enabled, click Apply, and then click OK.
    • To not enforce the Group Policy setting on the currently logged on user, select Disabled, click Apply, and then click OK.
  6. After you have modified all of the Group Policy settings you want, close Group Policy Management Console.

  7. Log off and log back on as the user to enforce the changes you made.


    For stand alone computer:

    At command prompt, type gpedit.msc, then follow the same procedures above.

No comments:

Post a Comment