Disable Network Properties Company Wide

Hello Experts,
I want to make network properties disappear on all the workstations in my company. Please post step by step guide. I have Server 2003 and most of my machines are Windows 7.

Thanks!
itcsproAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bbaoIT ConsultantCommented:
do you have a domain in place? if yes, you may simply disable the Network option in Control Panel at all.

to do that, deny the following GPO setting: at User Configuration\Administrative Templates\Control Panel\Hide specified Control Panel applets, add "ncpa.cpl".
0
Aaron TomoskySD-WAN SimplifiedCommented:
What's the goal here? This type of policy is usually less effective than stopping things at the network level.

For example,  If you want to block users from changing  DNS servers, block port 53 in your router.
0
itcsproAuthor Commented:
Yes, that's exactly the goal to stop users from changing DNS servers. I got a firewall Cisco and a L3 switch core switch.
0
Challenges in Government Cyber Security

Has cyber security been a challenge in your government organization? Are you looking to improve your government's network security? Learn more about how to improve your government organization's security by viewing our on-demand webinar!

Aaron TomoskySD-WAN SimplifiedCommented:
I don't know Cisco commands off the top of my head, but basically DNS is port 53. So block it from everything except your domain controllers (or whatever internal boxes are providing your DNS). That way all internal people use internal DNS, and those servers should be setup for root hints unless you need forwarders for some odd reason.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
itcsproAuthor Commented:
That sounds bit complicated.
0
Aaron TomoskySD-WAN SimplifiedCommented:
Blocking DNS at the router is not that complicated and is definitely the correct way to do this. If you need help doing this with your router, ask that in a separate question in the correct group and I'm sure it will be answered quickly. Blocking ports is a basic request of a router
0
kevinhsiehCommented:
Are you using Cisco ASA firewall, or firewall features built into a router?

You should be blocking ALL outbound traffic except the type that you explicitly allow. For my workstations, I allow http, https, and FTP. That is all. No DNS, POP3, TCP/8080; anything.

Post the configuration of your equipment, without passwords, public IP addresses, or any other sensitive information. We can help you out, or hire someone if you desire. It sounds like your network gear is probably in a  pretty sub-optimal configuration.
0
itcsproAuthor Commented:
I am Cisco ASA as a firewall. What configuration can I post where do I get it, I use GUI all the time.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Security

From novice to tech pro — start learning today.