Windows 7 / Networking

Managing Connections Using Group Policy

In previous Windows platforms, you could use Group Policy to lock down or manage certain aspects of network connections on the computer. The Group Policy settings for doing this are located at:

User Configuration\Policies\Administrative Templates\Network\Network Connections

For example, by enabling the Prohibit Access To The Advanced Settings Item On The Advanced Menu policy setting, you could prevent users from opening Advanced Settings under the Advanced menu option in the Network Connections folder. If you also enable the Enable Windows 2000 Network Connections Settings For Administrators policy setting, even local administrators on the computer would not have access to Advanced Settings.

Beginning with Windows Vista, however, because of UAC and how it is implemented, some of these Group Policy settings are no longer supported. For example:

  • If a user is a local administrator on a computer running Windows Vista or later versions, none of the restrictions from these Group Policy settings found under User Configuration\Policies\Administrative Templates\Network\Network Connections applies. Also, the Enable Windows 2000 Network Connections Settings For Administrators policy setting is no longer supported. This policy was used in older Windows platforms to enable Group Policy restrictions for Network Connections to apply to administrators and not just ordinary users.
  • If a user is a standard user on a computer running Windows Vista or later versions, some but not all of the Group Policy settings found under User Configuration\Policies \Administrative Templates\Network\Network Connections still apply. The exception is policies for actions that now require administrative privileges to perform them. An example of this exception is accessing Advanced Settings under the Advanced menu option in the Network Connections folder, which in Windows Vista and later versions requires administrative privileges to perform. As a result, the Prohibit Access To The Advanced Settings Item On The Advanced Menu policy setting in Windows Vista and later versions does not apply to standard users, because they cannot perform this action anyway without administrator credentials; therefore, this Group Policy setting is superfluous. Another example is installing or removing network features for a connection, which requires administrative privileges. As a result, the Prohibit TCP/IP Advanced Configuration policy setting does not apply to standard users because this policy setting is superfluous for them.

Table below summarizes support for Network Connection user policy settings in Windows Vista and later versions.

Support for Group Policy User Settings for Network Connections for Standard Users in Windows Vista and Later Versions

Policy SettingSupported in Windows Vista and Later Versions
Prohibit Adding And Removing Components For A LAN Or Remote Access Connection
Prohibit Access To The Advanced Settings Item On The Advanced Menu
Prohibit TCP/IP Advanced Configuration
Prohibit Enabling/Disabling Components Of A LAN Connection
Ability To Delete All User Remote Access Connections
Prohibit Deletion Of Remote Access Connections
Prohibit Access To The Remote Access Preferences Item On The Advanced Menu
Enable Windows 2000 Network Connections Settings For Administrators
Turn Off Notifications When A Connection Has Only Limited Or No Connectivity
Prohibit Access To Properties Of Components Of A LAN Connection
Ability To Enable/Disable A LAN Connection
Prohibit Access To Properties Of A LAN Connection
Prohibit Access To The New Connection Wizard
Ability To Change Properties Of An All-User Remote Access Connection
Prohibit Access To Properties Of Components Of A Remote Access Connection
Prohibit Connecting And Disconnecting A Remote Access Connection
Prohibit Changing Properties Of A Private Remote Access Connection
Ability To Rename All User Remote Access Connections
Ability To Rename LAN Connections Or Remote Access Connections Available To All Users
Ability To Rename LAN Connections
Prohibit Renaming Private Remote Access Connections
Prohibit Viewing Of Status For An Active Connection
[Previous] [Contents] [Next]

In this tutorial:

  1. Connecting Remote Users and Networks
  2. Enhancements for Connecting Remote Users and Networks in Windows 7
  3. Understanding IKEv2
  4. Understanding MOBIKE
  5. Understanding VPN Reconnect
  6. Protocols and Features of VPN Reconnect
  7. How VPN Reconnect Works
  8. Understanding DirectAccess
  9. Benefits of DirectAccess
  10. How DirectAccess Works
  11. Windows 7 and Windows Server 2008 R2
  12. Ipv6
  13. IPsec
  14. Perimeter Firewall Exceptions
  15. Implementing DirectAccess
  16. Understanding BranchCache
  17. Benefits of BranchCache
  18. How BranchCache Works
  19. Protocols Supported by BranchCache
  20. Implementing BranchCache
  21. Supported Connection Types
  22. Outgoing Connection Types
  23. Incoming Connection Types
  24. Deprecated Connection Types
  25. Supported Tunneling Protocols
  26. Comparing the Different Tunneling Protocols
  27. Understanding Cryptographic Enhancements
  28. Support for AES
  29. Weak Cryptography Removal from PP TP/L2TP
  30. Supported Authentication Protocols
  31. Understanding the VPN Connection Negotiation Process
  32. Creating and Configuring VPN Connection
  33. Creating a VPN Connection
  34. Initiating a Connection
  35. Terminating a Connection
  36. Viewing Connection Details
  37. Configuring a VPN Connection
  38. Configuring Security Settings for a VPN Connection
  39. Configuring the Tunneling Protocol (s) Used
  40. Configuring Advanced Connection Settings
  41. Configuring the Data Encryption Level
  42. Configuring the Authentication Method Used
  43. Configuring Authentication for IKEv2 connections
  44. Configuring Mobility for IKEv2 Connections
  45. Configuring Dial-Up Connections
  46. Creating a Dial-Up Connection
  47. Advanced Connection Settings
  48. Configuring Incoming Connections
  49. Managing Connections Using Group Policy
  50. Using Remote Desktop
  51. Understanding Remote Desktop
  52. Versions of RDP
  53. RDP 6.1 Features and Enhancements
  54. RDP 7.0 new features and enhancements
  55. RemoteApp and Desktop Connection
  56. Understanding RDC
  57. Understanding Remote Desktop Services Terminology
  58. Configuring and Using Remote Desktop
  59. Enabling Remote Desktop and Authorizing Users on a Single Computer
  60. Enabling Remote Desktop Using Group Policy
  61. Configuring and Deploying Remote Desktop Connection
  62. Configuring Remote Desktop Connection from the Command Line
  63. Configuring Remote Desktop Connection Using Notepad
  64. Configuring Remote Desktop Using Group Policy
  65. Establishing a Remote Desktop Session
  66. Improving Remote Desktop Performance
  67. Troubleshooting Remote Desktop Sessions
  68. Configuring and Using RemoteApp and Desktop Connection