Export (0) Print
Expand All
3 out of 9 rated this helpful - Rate this topic

Network and Sharing Center Group Policy Settings

Updated: February 7, 2008

Applies To: Windows Server 2008

The following tables list and describe the Group Policy settings that are associated with the Network and Sharing Center and its components.

noteNote
Depending on the .adm or .admx files you use, you might find other settings that are not documented here. Those settings are for earlier versions of Windows and do not apply to Windows Vista® or Windows Server® 2008. For information about those settings, see the documentation for that version of Windows.

Settings discussed can be found in one of two containers in the Group Policy Management Console (GPMC):

  • Computer Configuration. Settings found here affect all users who log on to a computer that is subject to the Group Policy object (GPO).

  • User Configuration. Settings found here apply only to those users who are subject to the GPO.

Group Policy settings associated with the Network Map

Group Policy setting Purpose

Turn on Mapper I/O (LLTDIO) driver

Determines the network location types on which the LLTD Mapper component can query the network for topology information.

If you do not configure this setting, the LLTD Mapper runs only when the computer is attached to a private network.

If you enable the setting, you can choose whether to run the LLTD Mapper on domain, private, or public networks, or any combination of the three.

If you disable the setting, the LLTD Mapper will not run.

Turn on Responder (RSPNDR) driver

Determines the network location types on which the LLTD Responder component can operate and respond to queries from computers running the LLTD Mapper component. The behavior of this setting depends on whether you are running Windows XP or a later operating system.

  • Windows Vista and Windows Server 2008.

    If you do not configure this setting, the LLTD Responder runs only when the computer is attached to a private network.

    If you enable this setting, you can choose whether the LLTD Responder runs on any combination of domain, private, or public networks.

    If you disable this setting, the LLTD Responder does not run.

  • Windows XP.

    If you do not configure this setting on a computer running Windows XP, the LLTD Responder runs only when the computer is not joined to a domain.

    If you enable this setting, the Allow operation in a domain option determines if the LLTD Responder works when the computer is joined to a domain. The settings for private and public networks do not apply to a computer running Windows XP.

If you disable this setting, the Responder does not run.

Group Policy settings associated with Internet Connection Sharing (ICS)

Group Policy setting Purpose

Prohibit use of Internet Connection Sharing on your DNS domain network

Determines whether administrators can enable and configure the ICS feature of an Internet connection and if the ICS service can run on the computer. Users who are not administrators cannot enable or configure ICS.

This setting is location-aware. It applies only when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed, this setting does not apply.

If you enable this setting, ICS cannot be enabled or configured by administrators, and the ICS service cannot run on the computer. The Sharing tab (Windows Vista or Windows Server 2008) or the Advanced tab (older versions of Windows) in the Properties dialog box for a local area network (LAN) or remote access connection is removed. The Internet Connection Sharing page is removed from the connection wizards.

If you disable this setting or do not configure it and have two or more connections, then administrators can enable ICS. The Sharing tab (Windows Vista or Windows Server 2008) or Advanced tab (earlier versions of Windows) in the Properties dialog box for a LAN or remote access connection is available. In addition, the user is presented with the option to enable ICS in the network wizards.

By default, ICS is disabled when you create a remote access connection, but administrators can use the Advanced tab to enable it. When running the New Connection Wizard or Network Setup Wizard, administrators can choose to enable ICS.

ICS is available only when two or more network connections are present.

Group Policy settings associated with Network Bridge

Group Policy setting Purpose

Prohibit installation and configuration of Network Bridge on your DNS domain network

Determines whether users can enable or configure Network Bridge.

If you enable this setting, users with administrator permissions cannot enable or configure Network Bridge. The Bridge Connections command is removed from the menu on network connection icons, and the related wizard options are blocked.

If you disable or do not configure this setting, then users with administrator permissions can enable and configure Network Bridge.

This setting is location-aware. It applies only when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed, this setting does not apply. If Network Bridge is already enabled on a computer, and you then apply this policy setting, or if the policy setting for Network Bridge is set on your network, and then a computer on which Network Bridge is enabled joins your network, Network Bridge continues to exist in the Network Connections folder and to use system resources, but the functionality of Network Bridge changes. In these cases, Network Bridge continues to receive and send data over the network connections that are included in the bridge but, for security reasons, no longer forwards traffic from one network connection to another. This change is immediate; it does not require that you restart the computer or log off of the network and then log on again.

Group Policy settings associated with file sharing

Group Policy setting Purpose

Prevent users from sharing files within their profile

Determines whether users are allowed to share files within their profile to other users on their network. Sharing of any kind is enabled only when an administrator has turned on file sharing on that computer.

If you enable this policy, users will not be able to share files within their profile using the sharing wizard. Also, the sharing wizard will not create a share at %SystemRoot%\users and can only be used to create SMB shares on folders.

If you disable or do not configure this policy, then users will be able to share files out of their user profile after an administrator has turned on file sharing on that computer.

Group Policy settings associated with Network Connections

Group Policy setting Purpose

Prohibit deletion of remote access connections

Determines whether users can delete any remote access connections created in the Network Connections folder.

If you enable this setting, then users (including administrators) cannot delete any remote access connections, including those they created.

If you disable or do not configure this setting, then users can delete any remote access connections they created. Only administrators can delete remote access connections that are available to more than one user or that were created by other users.

Prohibit access to the Remote Access Preferences item the Advanced menu

Determines whether the Remote Access Preferences item on the Advanced menu in the Network Connections folder is enabled.

If you enable this setting, then the item does not appear for any user affected by this policy setting, including administrators.

If you disable or do not configure this setting, then the item appears on the Advanced menu.

Prohibit access to properties of a LAN connection

Determines whether users can change the properties of a LAN connection.

If you enable this setting, the Properties menu item on LAN connections is disabled, and users cannot open the Properties dialog box.

If you disable or do not configure this setting, then the Properties menu item on LAN connections is enabled, and users can open the Properties dialog box.

Ability to change properties of an all user remote access connection

Determines whether a user can view and change the properties of remote access connections that are available to all users of the computer.

If you enable this setting, a Properties menu item appears when a user right-clicks the icon for a remote access connection. Also, when a user selects the connection, Properties appears on the File menu.

If you disable this setting, the Properties menu items are disabled, and users (including administrators) cannot open the remote access connection Properties dialog box.

If you do not configure this setting, only Administrators and Network Configuration Operators can change properties of all-user remote access connections.

Prohibit connecting and disconnecting a remote access connection

Determines whether users can connect and disconnect remote access connections.

If you enable this setting, double-clicking the icon has no effect, and the Connect and Disconnect menu items are disabled for all users (including administrators).

If you disable this setting or do not configure it, the Connect and Disconnect options for remote access connections are available to all users. Users can connect or disconnect a remote access connection by double-clicking or right-clicking the icon representing the connection, or by using the File menu.

Prohibit changing properties of a private remote access connection

Determines whether users can view and change the properties of their private remote access connections.

If you enable this setting, the Properties menu items are disabled, and no users (including administrators) can open the Remote Access Connection Properties dialog box for a private connection.

If you disable this setting or do not configure it, a Properties menu item appears when any user right-clicks the icon representing a private remote access connection. Also, when any user selects the connection, Properties appears on the File menu.

Prohibit renaming private remote access connections

Determines whether users can rename their private remote access connections.

If you enable this setting, the Rename option is disabled for all users (including administrators).

If you disable this setting or do not configure it, the Rename option is enabled for users' private remote access connections. Users can rename their private connection by clicking an icon representing the connection or by using the File menu.

For more information about Group Policy, see http://go.microsoft.com/fwlink/?LinkId=55625.

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.