How do I use Group Policy to block VMWare NAT service on my domain desktops?

My switches are capable of blocking VMware workstation using bridging, now unpatched vm's can still connect if they NAT. So i would like to disable the NAT service using a group policy.And before anyone says you need NAC, ACE etc i know i just want a quickish fix til i get budget for NAC and ACE
Who is Participating?
LauraEHunterMVPConnect With a Mentor Commented:
Is the VMWare NAT service an actual Windows service that shows up in the Services MMC?

If so, you can mandate the service be set to Disabled using GPO.

Create and link a GPO to the OU containing the workstation objects, and define the Startup type of the NAT service to "Disabled". Caveat - you need to create and edit the GPO from a machine that -has the relevant service installed-, otherwise it won't show up in the UI.
As far as i know there is no way to do it without the tools you mention.
You may try to build an administrative template to set the values you need.

For this try to look to:

and google around with words: write administrative template

This is not a super elegant solution, but it will work just fine....Use the following GPO:
User Configuration, Administrative Templates, System, Don't run specified Windows applications

Enable the policy and add the following executable with no path...just like you see it below.

brianogormanAuthor Commented:
excellent that worked a treat many thanks.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.