Share via


Configure network connection restrictions with Group Policy

Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 7

You can use this procedure to configure some restrictions on network connections by using Group Policy. These settings are all found in the Group Policy Management Console (GPMC) at the following location:

User Configuration\Administrative Templates\Network\Network Connections

The following Group Policy settings can be edited and applied to users that are members of the Group Policy object (GPO) in which the Group Policy setting is included. By default, the Group Policy settings are not configured.

  • Prohibit deletion of remote access connections. If you enable this Group Policy setting, then affected users cannot delete any remote access connections, including those they create themselves.

  • Prohibit access to the Remote Access Preferences item on the Advanced menu. If you enable this Group Policy setting, then affected users cannot access the Remote Access Preferences setting on the Advanced menu of the Network Connections folder. The top menu bar, including the Advanced menu, appears when you press the ALT key.

  • Prohibit access to properties of a LAN connection. If you enable this Group Policy setting, then affected users cannot change any of the properties of a LAN connection.

  • Ability to change properties of an all user remote access connection. If you enable this Group Policy setting, then affected users can modify the properties of a remote access connection that is shared with the other users on the computer. By default, standard users can only modify properties for a connection that is not shared.

  • Prohibit connecting and disconnecting a remote access connection. If you enable this Group Policy setting, then affected users cannot connect by using any remote access connection, or disconnect any that are currently connected.

  • Prohibit changing properties of a private remote access connection. If you enable this Group Policy setting, then affected users cannot change the remote access connection properties that are not shared. By default, standard users can modify connections that are not shared.

  • Prohibit renaming private remote access connections. If you enable this Group Policy setting, then affected users cannot rename remote access connections that are not shared. By default, standard users can modify connections that are not shared.

Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.

To open the Group Policy Management Console as an administrator

  1. Click Start, then in the Start Search box, type gpmc.msc, but do not press ENTER.

  2. When the icon for GPMC.msc appears on the Programs list at the top of the Start menu, right-click it, and then click Run as administrator.

    If the User Account Control dialog box appears, ensure it is for the action you requested, and then enter your administrator credentials.

    If you edit policy settings locally on a computer, you will affect the settings on only that one computer. If you configure the settings in a Group Policy object (GPO) hosted in an Active Directory domain, then the settings apply to all computers that are subject to that GPO. For more information about Group Policy in an Active Directory domain, see Group Policy (https://go.microsoft.com/fwlink/?LinkId=55625).

To enable or disable a Network Connections restriction policy for the current user

  1. Log on as the user for which you want to apply these Group Policy settings.

  2. Open Group Policy Management Console as an administrator.

  3. In the navigation pane, open User Configuration\Administrative Templates\Network\Network Connections.

  4. In the details pane, double-click one of the Group Policy settings described above.

  5. Do one of the following:

    • To enforce the Group Policy setting on the currently logged on user, select Enabled, click Apply, and then click OK.

    • To not enforce the Group Policy setting on the currently logged on user, select Disabled, click Apply, and then click OK.

  6. After you have modified all of the Group Policy settings you want, close Group Policy Management Console.

  7. Log off and log back on as the user to enforce the changes you made.

See Also

Concepts

Configure Network and Sharing Center for a Managed Network Administer Network and Sharing Center