Hi everyone I have a little conundrum. I want to change the DNS server settings to all our roaming computers in the company so that they point to a cloud based security service. There are 2 accounts on these machines, one is the general administrator account and the second is the user account. The user account unfortunately has local administrator priviledge because many of the enterprise apps require it. My question is....Is there any way that I can lock down modifying local area connection TCP/IP properties for EVERYONE in Group Policy editor or some other way to prevent savvy users from simply changing DNS server entries?
Edit: These are WORKGROUP type computers running mostly Windows 7 Pro and a few XP Pro instances.