Define Network Permissions
Updated: October 4, 2010
Applies To: Windows 7, Windows Server 2008 R2, Windows Vista, Windows XP
You can configure settings on the Network Permissions tab for your domain members running Windows 7 and Windows Vista to which Wireless Network (IEEE 802.11) Policies apply. The settings apply only to networks that are not configured on the General tab in Vista Wireless Network Policy Properties:
Allow or deny connections to specific networks, specified by network type and Service Set Identifier (SSID)
Allow or deny connections to ad hoc networks
Allow or deny connections to infrastructure networks
Allow or deny users to view network types (ad hoc or infrastructure) to which they are denied access
Allow or deny users to create a profile that applies to all users
Users can only connect to allowed networks by using Group Policy profiles
Membership in Domain Admins, or equivalent, is the minimum required to complete these procedures.
To allow or deny connections to specific wireless networks
On your domain controller running Windows Server 2008 R2, open Vista Wireless Network (IEEE 802.11) Policy Properties, and then click Network Permissions.
On the Network Permissions tab, click Add. The New Permissions Entry dialog box opens.
In the New Permission Entry dialog box, in Network Name (SSID), type the network SSID of the network for which you want to define permissions.
In Network Type, select Infrastructure or Ad hoc.
Note
If you are uncertain whether the broadcasting network is an infrastructure or ad hoc network, you can configure two network permission entries, one for each network type.
In Permission, select Allow or Deny.
Click OK, to return to the Network Permissions tab.
To specify additional network permissions
On the Network Permissions tab, configure any or all of the following:
To deny your domain members running Windows 7 and Windows Vista access to ad hoc networks, select Prevent connections to ad-hoc networks.
To deny your domain members running Windows 7 and Windows Vista access to infrastructure networks, select Prevent connections to infrastructure networks.
To allow your domain members running Windows 7 and Windows Vista to view network types (ad hoc or infrastructure) to which they are denied access, select Allow user to view denied networks.
To allow users of computers that are running Windows 7 or Windows Vista to create profiles that apply to all users, select Allow everyone to create all user profiles.
To specify that your users can only connect to allowed networks by using Group Policy profiles, select Only use Group Policy profiles for allowed networks.
Windows 7-specific settings
- To block users from hosting a wireless network on computers running Windows 7 that are equipped with wireless network adapters that support the Soft Access Point and Virtual Wi-Fi capability, select Disallow Hosted Network.
Note
Computers running Windows Vista are not affected by these Windows 7 settings.
- To deny users with computers running Windows 7 to enter and store their domain credentials (username and password) which the computer can then use to authenticate to the network (even though the user is not actively logged on), in Windows 7 Policy Settings, select Don’t allow shared user credentials for network authentication.
Note
Shared user credentials can be allowed to enable the computer to reconnect to the network after the computer is restarted. This enables the computer to continue to receive updates, such as those made through Group Policy and Windows Updates, during extended periods when a user is not actively logged on to the computer.
- To specify the duration for which computers running Windows 7 are prohibited from making auto connection attempts to the network, select Enable Block Period, and in Block Period (minutes), specify the number of minutes for which you want the block period to apply. The valid range of minutes is 1-60.
Note
For more information about the settings on any tab, press F1 while viewing that tab.
- Click OK to save the settings, and close the Network Permissions tab.