Im looking for registry change to disable "tcp/ip properties" access to prevent users for changing ip address

I just want to disable tcp/ip properties access to my users, actually all the computers are in a workgroup (not a domain), so my toughs are that maybe i can do it through some registry change or changes, do some one have experience on this?


many thanks in advance

Victor
fizzerianoAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SLafferty1983Commented:
You can set it as a local group policy on each machine. I am not sure the registry settings to change but I know you can go to Start --> Run and type gpedit.msc. That will bring up the local group policy editor. You could remove it there.
0
fizzerianoAuthor Commented:

Yes i can change it  there, but i  dont know wich policies to enable, in order to prevent users, even if they have admin rights, to access ip properties, of course admins with gpedit knowledge can turn off-and-on the feature, thats the general idea of what i look for

thanks for your help
0
Andrej PirmanCommented:
Probably the most smart idea would be to give all users only limited privileges, like put them into Power Users group, instead of Administrators group. Since only administrator can change TCP/IP settings, this would do what you wish, and also disable users from doing system-wide damage to the computer. And not last, goint this way user's computers will be less vunerable to malicious code and infections.
The only disadvantage is that you will need to be present when installing new software, using simple "Run As..." technique to run installations under Administrator privileges.

If this is not an option for you, you can prohibit access to Network settings for ALL users, including Administrator, on particulat machine. Don't forget to setup TCP/IP properties BEFORE you lock you out.
Run gpedit.msc from "Run" prompt,
and navigate to /User configuration/Administrative Templates/Network/Netowrk Connections/
Here *I think* the needed changes are to ENABLE the following two or three settings:
- "Prohibit access to properties of components of a LAN configuration"
- "Prohibit TCP/IP advanced configuration"
- "Prohibit Access to properties of LAN connection"
I am not sure about minimum keys needed, because for changes to take effect you need to restart the computer, so I did not test too much.

Hope this helps.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

fizzerianoAuthor Commented:
Just want to ad the i must choose "disable access for admin also in gpedit"
0
jemiiiCommented:
Try using a security policy:

 - click start and run
 - type gpedit.msc, hit OK
 - go to:
     User Configuration\Administrative Templates\Network\Network and Dial-up Connections
 - look for these two objects:
     Enable Windows 2000 Network Connections settings for Administrators
     Prohibit access to properties of components of a LAN connection
 - double-click both objects and change to "Enabled"
 - click Apply and close the editor
 - I don't think you have to restart (but you might)

Good luck!
0
Andrej PirmanCommented:
Regarding Jemiii's advice, here is copy-paste from "Prohibit access to properties of compontents of a LAN connection" tab:
If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties button is disabled for Administrators. Network Configuration Operators are prohibited from accessing connection components, regardless of the "Enable Network Connections settings for Administrators" setting.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.