# Unable to lock down Network Connections settings with Group Policy



## mirrorsaw (Nov 13, 2008)

I'm running server 2003 and Vista workstations (except for a couple on XP), I've just recently started using group policy which so far seems to be working fine.

I wanted to prevent users from changing the DNS IP Addresses in their Network Connection settings, as I don't want them to bypass opendns.

This looked pretty straightforward, I went into GPMC.msc from my workstation and set the following in User Configuration / Admin Templates / Network / Network Connections:

Enable Windows 2000 Network Configuration Settings for Administrators
Prohibit access to properties of components of a LAN connection
Prohibit access to properties of a LAN connection

I know the last one isn't necessary, but for testing purposes I thought I'd enable it too.

Using a test account which IS a member of the local admin group on this workstation, I force a policy updated, rebooted several times, waited several days - but still I have full access to change all properties of the LAN connection.

I can't imagine what could be preventing this from working, any ideas?

Thanks


----------



## djaburg (May 15, 2008)

My guess is because the user is a local admin which would bypass the domain restriction.


----------



## mirrorsaw (Nov 13, 2008)

It seems strange that there's no way to prevent local admins from editing network connection properties, can anyone else confirm if this is so?

Thanks


----------

