Help On My Network Connections

Status
Not open for further replies.
A

apaullo

Posts: 80   +0
HI..i just want to ask for help on my Network COnnections..i want to refrain the users from accessing it...not neccesariyl the control panel but the Network folder only..the users usually change the IP Address on the PC...thus creating address conflict in other PC's..is there any way or tweak that could disable access on Network folder only??
 
But it's not a folder

Start Run %SystemRoot%\explorer.exe ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{21EC2020-3AEA-1069-A2DD-08002B30309D}\::{7007acc7-3202-11d1-aad2-00805fc1270e}

The Start menu folder, is just a shortcut, to the explorer network connections shortcut !
 
I think you can set a local security policy to disallow users access to the network connections control panel applet, but if your users are logged in as admins there is nothing to stop them from changing this. If you're unwilling/unable to set up proper permissions for whatever reason then just disable the network connections service. This will prevent your average joe from reconfiguring the network, unless they're familiar with starting and stopping services.
 
threaten them with moving their account to LUA status -- they will not be able to modify system settings.

btw: Power Users and Network Admin users are above LUA but below Admins in permissions.
 
i tried using the gpedit.msc..and enabling the prevent access to properties of LAn and i rebooted..but it still doesnt work...im the administrator of this pc and i cant prevent it in accessing the LAN properties :(
 
i cant limit them to limited account..also i need Control panel to be accessible..only the LAN network need not be accessible..
 
Click here --> How to Hide Control Panel Applets (Windows 95/98/Me/NT/2000/XP

Or as a policy restriction:
To Hide Network control panel applet is configured at:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
On the Edit menu, Add Value name DisallowCpl, as a REG_DWORD data type. Set the data value to 1.
On the Edit menu, Add Key name DisallowCpl. For each applet you wish to hide, add a REG_SZ value in the following format:
Sequence# REG_SZ ncpa.cpl
 
apaullo said:
i cant limit them to limited account.
Click to expand...
why not? There are relatively few programs that will not run on a limited user access(LUA) account.
 
i already tried hiding the Network Connections..and it works fien but my superior is asking it is possible to just disable access on Network connections alone..

and jobeard..we in the computers dept of our company already tried limiting thier account..but we recieved complaints from other offices saying they must have administrator accounts...so we have no choice but to obey..:(
 
i already tried hiding the Network Connections..and it works fien but my superior is asking it is possible to just disable access on Network connections alone..
Click to expand...

So the hiding applet works?
If so, then other than the Group policy setting, the hiding sounds like the best choice.

Be aware that this is not a file or folder (as mentioned earlier) and disabling this function is not ideal. ie The user will not be able to repair their network.
I suppose that's what you want, so again hiding is the easiest option.

By the way you are aware that under Limited account, that you can right click on any program and select run as Administrator (also using an Adimistrator password)

Please note, all users are allowed access to network connections (as an Administrator) in basically all industries from process worker to government staff.
It is strange to try to stop this on an Administor privlidged computer.
 
apaullo said:
and jobeard..we in the computers dept of our company already tried limiting their account..but we received complaints from other offices saying they must have administrator accounts...so we have no choice but to obey..:(
Click to expand...
This is always an emotional (and political) issue and the bottom line becomes who will maintain the systems,
the workers, with no formal training or certification, or the I.T. department with trained staff
and the knowledge to manage the systems in keeping with the company policies (both written and computer GPOs).
If Joe-Nerd must have Admin rights, then he also gets
to apply the updates, do the backups, and when it crashes -- get it running again.
He can't have it both ways.

Usually, there are only a few would-be nerds that think they need the keys to the
kingdom and moving them to Power Users will suffice. Call a meeting and get them
to try it out.

btw: they will still be able to change the network :(
 
kim..thats what our dept is trying to achieve..to limit the access on normal users from the network connections....we are still on manual configuration of ip address and we have no way in stopping them from changing thier IP's..thus making conflict with other users...i think they will complain when we tried to give them limited accounts but diabling the access on network is ok..

and jobeard..thats the problem...ther are so many joe-nerd in our company..and when the pc gets in trouble..we are the ones who must repair it..or if there are some who complains about not connected to the network we are the ones who must find a solution...

we had a meeting and my assignment is this..to look for ways to prevent the users from changing their assigned IP's
 
If you're using server environment and a domain (instead or WorkGroup computers)
The user would not even be able to login without the domain Server running.
And the IP could be assigned through each computer's mac address or name. Therefore not allowing them to change just about anything!
ie if they did try to change the IP settings, the next login would put it right (let alone the fact that they would not be able to access the network or Internet anyway from changing their IP)

Domain Servers with all settings/files including My Documents and also the login is by far you best choice. Too much info to put here though, on configuring one.
 
apaullo said:
and jobeard..thats the problem...ther are so many joe-nerd in our company..and when the pc gets in trouble..we are the ones who must repair it..or if there are some who complains about not connected to the network we are the ones who must find a solution...
Click to expand...
obviously I've been there. Why in heck are they fussing with IPs?
There's nothing to gain and everything to loose!
we had a meeting and my assignment is this..to look for ways to prevent the users from changing their assigned IP's
Click to expand...
hum; you don't need assigned IPs; with a Domain Controller (i assume you're running one), your LDAP or DC
should be using DHCP for everything except servers.
Even w/o an LDAP or DC, you can still use DHCP addresses!

Anyone forcing a static will soon create an IP conflict and maybe halt the entire lan subnet -- goody --
just advertise that Joey-Nerdnic took you all down because he couldn't leave the
network alone. PEER PRESURE will do your job for you about the third time it occurs :)
 
Mr

apaullo said:
i tried using the gpedit.msc..and enabling the prevent access to properties of LAn and i rebooted..but it still doesnt work...im the administrator of this pc and i cant prevent it in accessing the LAN properties :(
Click to expand...
If you're using a post-Windows 2000 OS, then that could be the reason why it still doesn't work. In which case, have you tried enabling "Enable Windows 2000 Network Connections settings for Administrators," assuming you're an "admin?" I'm using WinXP myself and just tried those two steps w/o having to reboot and it worked like a charm. However, I haven't tested to see if that "restriction" is still applicable upon reboot. :)
 
we are still using static IP's hehehe...and yes i still dont have any solution...there are about 600 working pc with different OS from 98, 2000, and XP..and we can only cater 255 ip addresses...so there is a great possibility that they can change or add an IP..thus creating conflict...i have tweak manager with me but it doesnt seem to work..the prohibiting to access network properties tweak..:(
 
You will never stop such people fiddling around unless you set up correct user groups and permissions. Until then, there is no solution to your problem. With all of those users running with root access you're asking for trouble and wasting your time trying to "hide" the network config from them. Even if you disable the network connections service they will still be able to restart it and/or reconfigure the network through the command line.
 
Try this. Load up an RIS server or something similar and deploy one of those "key/mouse stroking monitoring programs" (i.e. UserMonitor) and discipline the ones that actually do the changing. Or you could threaten to fire them. :D
 
heheh or they can fire me for not finding any solution..i told my boss hiding the Network Connections can be sufficient in preventing conflicts since our users are not that familiar with pc troubleshooting..i just hope it will be sufficient :p
 
I think it's the only option on an Administrator account.
You've been asked to do the impossible, the only answer (as I have mentioned) is Server Domain and that's it.
 
The Network Connections icon in the Control Panel represents a Shell folder, and the ncpa.cpl just launches the shell folder. One way to hide the Network Connections folder is to add the GUID {7007ACC7-3202-11D1-AAD2-00805FC1270E} to the Non enumerate list (NonEnum) in the registry.

To do this:
Start REGEDIT.EXE and navigate to:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ NonEnum

-or-

HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Policies \ NonEnum

Select NonEnum, and in the right-pane, create a REG_DWORD value named {7007ACC7-3202-11D1-AAD2-00805FC1270E} and set it's data to 1

Close REGEDIT

Tell us it worked or not.
 
Actually just inserting the hide switch is easier.

But the original post member, has confirmed that he now is aware of the hide option, but is concerned it is not enough. He's right!
 
Status
Not open for further replies.

Similar threads

Daniel Sims
Google's Find My Device network could be rolling out very soon
Replies
2
Views
104
theotherdave
theotherdave
A
Google's IP Protection is a new experiment to fight IP-based tracking
Replies
8
Views
399
Darkmatter
Darkmatter
A
ExpressVPN disables security feature that was leaking DNS requests to third-party servers
Replies
2
Views
150
return
return

Latest posts

Back