Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Monday, February 1, 2010 11:10 AM
i want to prevent my domain users from changing IP address and the IP address must assign through DHCP, can NAP help me out to implement this scenario.
All replies (3)
Tuesday, February 2, 2010 9:53 AM âś…Answered
Hi,
Thanks for the post.
As far as I know, NAP may not help on this case. You can edit the registry to prevent users from modifying their IP addresses.
Navigate to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces registry subkey. Right click it abd select Security->Advanced-> Permissions. Clear the Allow inheritable permissions from parent to propagate to this object check box. In the Security dialog box that opens, click Remove to remove the inherited permissions. Then, click Add in the Permissions for Interfaces window. In the Select Users or Groups window that opens, select Everyone and click Add. Finally, click OK in the Permissions for Interfaces window. Now every user on the machine is prevented from modifying network settings.
In this case, you can use Group Policy to apply this registry subkey's permissions to all the machines on your network. Then, all the machines on your network will prevent users from modifying their network settings; however, it cannot prevent the users if they are the local administrators or power users on the client machines.
Hope this helps.
Thursday, February 4, 2010 8:46 AM
I can confirm that NAP will not perform this function for you.
Thursday, February 4, 2010 8:47 AM
Thanks.