I want to disable "Internet Protocol (TCP/IP)"

[Guest]

hi my friend
I hope you can help me.
I am a network administrator. in my network everyone have Local
Administrator Permision. Somebody chanege their's IP addresses and make
problems in my network. I want to hide or disable "Internet Protocol
(TCP/IP)" in client computers for all users exept my domain admin user.
I want when an user take "properties" from his "network connection", can't
view "Internet Protocol (TCP/IP)" or can't take "properties" from this
protocol.
please help mt
thanks

 

[Lanwench [MVP - Exchange]]

In

hi my friend
I hope you can help me.
I am a network administrator. in my network everyone have Local
Administrator Permision. Somebody chanege their's IP addresses and
make problems in my network. I want to hide or disable "Internet
Protocol (TCP/IP)" in client computers for all users exept my domain
admin user.
I want when an user take "properties" from his "network connection",
can't view "Internet Protocol (TCP/IP)" or can't take "properties"
from this protocol.
please help mt
thanks

The best way to resolve this is to take people's admin rights away. Users
should be users.....and should not have admin rights to their machines. You
will be fighting a losing battle if you try to lock down specific things
from administrators, I'm afraid. If you have software that will not run
properly without admin rights, find out where in the file system & registry
the software is trying to write, and modify the permissions accordingly.
Check out FileMon and RegMon (download from MS) to help out with this.

 

[Guest]

The best way to resolve this is to take people's admin rights away.

Yes, although if that's not workable then a good alternative is to make it
amply clear that you are aware of everything they're doing, as the system
logs their actions. That - and barring server-access for those who
transgress until they provide you with a written account of themselves - is a
very good deterrent.

 

[Lanwench [MVP - Exchange]]

In

Yes, although if that's not workable then a good alternative is to
make it amply clear that you are aware of everything they're doing,
as the system logs their actions. That - and barring server-access
for those who transgress until they provide you with a written
account of themselves - is a very good deterrent.

True, and a written computer use policy is a good thing to have anyway. But
it's very rare that it isn't workable to take away excessive permissions.