Thursday, February 7, 2008

Disable Network Control Panel (Win9x/Win2K/WinXP)


Having control over the changes that users can make to their computing environment is an important part of network administration. Usually in "Intranet" environments where static IP allocation is being used, it become a nightmare for network administrators to manage IP address space available to them. Especially when administrator plans to implement IP based service access restrictions in a LAN, it will become a tedious job.

For example an administrator wants to give Internet access to some of the users in the network using proxy or Internet connection sharing restricted by IP address, users tend to change their IP address and new problems like IP conflicts will arise. To prevent users from changing the IP address, administrator can disable the 'Properties' page of 'Network Neighbourhood' or 'Local Area Connection'.

Windows 98:

1. Click 'Start' and click 'Run'


2. Enter 'regedit' in open box and click 'OK' button.



3. In regedit tool browse through the following key.
HKCU -> Software -> Microsoft -> Windows -> CurrentVersion -> Policies -> Network

Note: If 'NetWork' key is not present, then create it by right clicking on 'Policies' and select 'New -> Key' in menu and name the newly created key as 'Network'.


4. Create a new DWORD value named 'NoNetSetup' in key 'Network' and modify its value to '1'



Now its over for Windows 98.! If any user tries to change IP address by right clicking on 'Network Neighbourhood' will be surprised by a meesage like 'The service is disabled by administrator'.
Windows 2000:

1. Click 'Start' and click 'Run'

2. Enter 'GPEdit.msc' in open box and click 'OK' button.

3. In gpedit tool browse through the following key.

User Configuration -> Administrative Templates -> Network -> Network and Dial-up Connections

Select the key and go through the policies displayed right side panel once.
4. Double click on the policy 'Prohibit access to properties of a LAN connection'
Determines whether administrators can view and change the properties of a local area connection. This policy determines whether the Properties menu item is enabled, and thus, whether the Local Area Connection Properties dialog box is available to administrators. If you enable this policy, the Properties menu items are disabled, and administrators cannot open the Local Area Connection Properties dialog box. If you disable this policy, a Properties menu item appears when administrators right-click the icon representing a local area connection. Also, when administrators select the connection, Properties is enabled on the File menu.

In the newly displayed window select 'enabled' and click on 'OK' button.
That's enough to get the required result in Win 2K.
Windows XP:
1. Do steps 1, 2, 3, and 4 as mentioned above for windows 2000.
2. In addition to the steps of Win2K you have to enable another policy in 'User Configuration -> Administrative Templates -> Network -> Network and Dial-up Connections'
i.e 'Enable Windows 2000 NetworkConnections settings for Administrators'
Determines whether settings that existed in Windows 2000 Server family will apply to Administrators. The set of Network Connections group settings that existed in Windows 2000 Professional also exists in Windows XP Professional. In Windows 2000 Professional, all of these settings had the ability to prohibit the use of certain features from Administrators. By default, Network Connections group settings in Windows XP Professional do not have the ability to prohibit the use of features from Administrators.
Double click on the policy to enable it.
Conclusion: By this tweak administrators can prevent can prevent ordinary users from changing IP address from 'Network' properties window. But there are many doors open for experienced windows user to change IP address.


Anime forum