Jump to content
Sign in to follow this  
Doppio

Protect Wireless Profile

Recommended Posts

Doppio

Good Morning,

I manage a school network with over 500 laptops (XP SP3, not joined to a domain). The major problem I have is that every week I have to go around recreating the wireless profiles that the kids delete, or change settings.

The students have limitted accounts but for some reason windows allows them to delte or change their profiles, look at the screenshot to see what I mean.

Is there a way to prevent this? (registry tweak, script, patch, etc) any sugestion will be greatly appreciated.

Thanks in advance.

post-9605-1233591283_thumb.jpg

Share this post


Link to post
Share on other sites
PsaltyDS

Good Morning,

I manage a school network with over 500 laptops (XP SP3, not joined to a domain). The major problem I have is that every week I have to go around recreating the wireless profiles that the kids delete, or change settings.

The students have limitted accounts but for some reason windows allows them to delte or change their profiles, look at the screenshot to see what I mean.

Is there a way to prevent this? (registry tweak, script, patch, etc) any sugestion will be greatly appreciated.

Thanks in advance.

Change the name of the NTUser.DAT file to NTUser.MAN and it becomes a MANDATORY profile. The user can make changes to their environment while logged in, but they will not be saved on logout.

The problem with this is that it is global to everything in the user's hive. They won't be able to save changes to wireless, but also won't be able to save changes to their default printer.

:)


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites
Doppio

This machines are not part of a Domain, and as I understand you can't use mandatory profiles on standalone PC's

Any other Ideas?

Share this post


Link to post
Share on other sites
99ojo

This machines are not part of a Domain, and as I understand you can't use mandatory profiles on standalone PC's

Any other Ideas?

Hi,

1) U can use mandatory profiles in workgroup environment. The profile has to be stored on a file server.

1st idea:

It seems, that the users are in the locally group poweruser. U may change the groupmembership to user.

2nd idea:

How do the kids login? With there names or with a special account for every laptop. If the username is like laptop1 you should have a look at the Microsoft Tool Steady State. But if you have to control 500 accounts or more for every laptop without domain, you are in serious trouble.

;-))

Stefan

Edited by 99ojo

Share this post


Link to post
Share on other sites
Doppio

Good Morning,

Let me explain.

There are 3 accounts on every machine: Admin (full administrator), Teacher (Power User), Student (User). I can't put these pc's on a domain because of school policies (Some School board BS!!) anyway... I hope you guys get a clearer picture of my problem.

I think the best solution would be to find a way to protect the "wireless network connection properties" window, or tweak the Wireless Network tab to prevent regular users from deleting or changing wireless settings.

Thank you.

Share this post


Link to post
Share on other sites
99ojo

Have a look at Microsoft Steady State....

;--))

Stefan

Share this post


Link to post
Share on other sites
Doppio

I know I know, believe me I had meeting after meeting with the school board trying to explain why these F%$#ing machines are not working half of the time.... but hey with this tought economy I don't mind the overtime.

Anyway, I think I found the solution let me know what you think.

Gpedit.msc

User Configuration

Administrative templates

Network

Network Connection

Prohibit access to properties of a LAN connection (ENABLED)

Prohibit access to the advanced settings item on the advanced menu (ENABLED)

Prohibit access to properties of a LAN connection (ENABLED)

Share this post


Link to post
Share on other sites
PsaltyDS

I know I know, believe me I had meeting after meeting with the school board trying to explain why these F%$#ing machines are not working half of the time.... but hey with this tought economy I don't mind the overtime.

Anyway, I think I found the solution let me know what you think.

Gpedit.msc

User Configuration

Administrative templates

Network

Network Connection

Prohibit access to properties of a LAN connection (ENABLED)

Prohibit access to the advanced settings item on the advanced menu (ENABLED)

Prohibit access to properties of a LAN connection (ENABLED)

Much better solution. As I've had to local policy changes for USB ports and removable media, I feel kind of dense for not thinking of that before...

:)


Valuater's AutoIt 1-2-3, Class... Is now in Session!For those who want somebody to write the script for them: RentACoder"Any technology distinguishable from magic is insufficiently advanced." -- Geek's corollary to Clarke's law

Share this post


Link to post
Share on other sites
Doppio

Much better solution. As I've had to local policy changes for USB ports and removable media, I feel kind of dense for not thinking of that before...

:)

fixed:

Prohibit access to properties of components of a LAN connection (ENABLED)

Prohibit access to the advanced settings item on the advanced menu (ENABLED)

Prohibit access to properties of a LAN connection (ENABLED)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×