Restrict Local Administrators from change Network property


  • In my office Environment we are using Development machines on which every developer has Local Administrator rights on there system. We are using 2 Internet lines in which one line is fast speed and another one is slow one, due to slow internet speed on second line some peoples manually change the Gateway IP and switch from slow to Fast one, to stop this we need to restrict those users from changing IP on windows 7. Only domain Administrator can able to change that Setting. we are using Window Server 2008 R2 as ADDS. is there any way to stop this using domain group Policy? or Local security policy?
    Tuesday, January 7, 2014 9:37 AM


All replies

  • there is a user policy for that may can consider

    user config>administrative template>network>network connection>prohibit access to properties of a lan

    Darshana Jayathilake

    Tuesday, January 7, 2014 12:39 PM
  • Darshana,

    I have already checked and try this solution but no helped. After applying this policy still local Admin can able to change its property

    Tuesday, January 7, 2014 1:25 PM
  • Siddheshrsawant,

    The local admin cannot be restricted to change the network setting on the computer. Could you please elaborate on the Local Admin Right? We are talking about users who are connected on the same domain and they shouldn't have administrator access.Try this:Go to User Configuration\Administrator Templates\Network\Network Connections and configure the options below,Prohibit TCP/IP advanced configuration and Prohibit access to properties of a LAN connectionIf that doesn't help, Make sure that you remove them from "Network Configuration Operators" & Local Administrators.

    Hope that helps.

    Tuesday, January 7, 2014 1:56 PM
  • Dear Techbuddy,

    Thanks for replaying. But In my office Environment every developer used domain user account and we needs to be add those accounts in Local Administrator Group to Use Visual Studio for development purpose..... hence its not possible to remove those users from local Administrator Group. If your talking about remove user account from "Network Configuration Operators" & Local Administrators Group, To restrict them why do we need any type of Group Policy?  cause in domain environment by default no Normal User can change any System Property. also I have tried above solution  but no help......

    Wednesday, January 8, 2014 6:32 AM
  • Hi Siddheshrsawant,

    Sorry, we can’t restrict local administrators from changing network property via Group Policy, and this is by design.

    For confirmation, the following thread also focused on the similar issue and can be referred to for information.

    Unable to lock down Network Connections settings with Group Policy

    Best regards,

    Frank Shen

    Wednesday, January 8, 2014 2:13 PM