Disable Network Properties Company Wide

Hello Experts,
I want to make network properties disappear on all the workstations in my company. Please post step by step guide. I have Server 2003 and most of my machines are Windows 7.

Thanks!
itcsproAsked:
Who is Participating?
 
Aaron TomoskySD-WAN SimplifiedCommented:
I don't know Cisco commands off the top of my head, but basically DNS is port 53. So block it from everything except your domain controllers (or whatever internal boxes are providing your DNS). That way all internal people use internal DNS, and those servers should be setup for root hints unless you need forwarders for some odd reason.
0
 
bbaoIT ConsultantCommented:
do you have a domain in place? if yes, you may simply disable the Network option in Control Panel at all.

to do that, deny the following GPO setting: at User Configuration\Administrative Templates\Control Panel\Hide specified Control Panel applets, add "ncpa.cpl".
0
 
Aaron TomoskySD-WAN SimplifiedCommented:
What's the goal here? This type of policy is usually less effective than stopping things at the network level.

For example,  If you want to block users from changing  DNS servers, block port 53 in your router.
0
On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

 
itcsproAuthor Commented:
Yes, that's exactly the goal to stop users from changing DNS servers. I got a firewall Cisco and a L3 switch core switch.
0
 
itcsproAuthor Commented:
That sounds bit complicated.
0
 
Aaron TomoskySD-WAN SimplifiedCommented:
Blocking DNS at the router is not that complicated and is definitely the correct way to do this. If you need help doing this with your router, ask that in a separate question in the correct group and I'm sure it will be answered quickly. Blocking ports is a basic request of a router
0
 
kevinhsiehCommented:
Are you using Cisco ASA firewall, or firewall features built into a router?

You should be blocking ALL outbound traffic except the type that you explicitly allow. For my workstations, I allow http, https, and FTP. That is all. No DNS, POP3, TCP/8080; anything.

Post the configuration of your equipment, without passwords, public IP addresses, or any other sensitive information. We can help you out, or hire someone if you desire. It sounds like your network gear is probably in a  pretty sub-optimal configuration.
0
 
itcsproAuthor Commented:
I am Cisco ASA as a firewall. What configuration can I post where do I get it, I use GUI all the time.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.