Enable or disable Network Bridge with Group Policy
Updated: October 14, 2010
Applies To: Windows Server 2008, Windows Server 2008 R2, Windows Server 7
You can use this procedure to enable or disable the user's ability to install and configure a network bridge.
The Network Bridge setting, if enabled, allows users to create a Layer 2 Media Access Control (MAC) bridge, enabling them to connect two or more physical network segments together. A network bridge thus allows a computer that has connections to two different networks to share data between those networks.
In an enterprise environment, where there is a need to control network traffic to only authorized paths, you can disable the Network Bridge setting on a computer. If you disable Network Bridge on a computer, users cannot create or configure a network bridge. By default, this setting is not configured.
Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.
Start Group Policy Management Console (GPMC). To do so, click Start, and then in the Start Search box, type
In the navigation pane, open the following folders: Local Computer Policy, Computer Configuration, Administrative Templates, Network, and Network Connections.
This setting is location-aware. It only applies when a computer is connected to the same Domain Name System (DNS) domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed, this setting does not apply
In the details pane, double-click Prohibit installation and configuration of Network Bridge on your DNS domain network.
Do one of the following:
To enable the Group Policy setting, and disable the Network Bridge setting, click Enabled.
To disable the Group Policy setting, and enable the Network Bridge setting, click Disabled.
- To enable the Group Policy setting, and disable the Network Bridge setting, click Enabled.
Click OK to save your changes.
If you move the computer to a different DNS domain after applying or refreshing the Group Policy setting, the change will not take effect until the Group Policy setting is refreshed again.
Enabling this setting to prohibit installation and configuration of a network bridge on your DNS domain network, will neither disable nor remove an existing network bridge from the user's computer.
If you edit policy settings locally on a computer, you will affect the settings on only that one computer. If you configure the settings in a Group Policy object (GPO) hosted in an Active Directory domain, then the settings apply to all computers that are subject to that GPO. For more information about Group Policy in an Active Directory domain, see Group Policy (http://go.microsoft.com/fwlink/?LinkId=55625).