Prevent access to Wireless Network Setup Wizard

[Peter]

Domain = Windows 2K
Clients = Windows XP SP2

We are just about to introduce Wireless networking (802.11a) in our
organisation and I want to prevent "normal" users from running the
Wireless Network Setup Wizard on school notebooks. This is a facility
that only administrators should run

Usually if I just want to prevent access to a feature of Windows
(XP/SP2 clients) I run xcacls and give "students" "no rights" to the
appropriate executable or file. I also use Windows Policies to great
effect but some of the usage will involve "standalone" logins - not
authenticated against the domain.

However I can't seem to find the executable to block. Can anyone
enlighten me?

And in answer to the expected questions, yes we will be using other
forms of security on the WLAN. I just don't want students mucking
around with stuff on school notebooks

Thanks

Peter

 

[Steven Umbach]

I have not tried that myself but a couple things I would look at is using local
Group Policy via gpedit.msc and look at the possibilities under user
configuration/administrative templates/network/network connections with the
understanding that local Group Policy affects all users that logon to the
computer that have read access to the Windows\system32\group policy\user folder
which by default all users will. If that won't work for non domain computers
look at using the free Microsoft Shared Computer Tookit to lockdown certain user
accounts. Also to try and track down what files and registry keys are accessed
in such an operation use the free tools from SysInternals called filemon and
regmon as they log all file and registry activity.

Steve

http://www.microsoft.com/windowsxp/sharedaccess/default.mspx -- Shared Computer
Toolkit

 

[Peter]

Steve,

Yes, I suppose you're right. The students are already blocked from
changing network settings under group policies (as you stated).

Unfortunately staff members aren't as strongly controlled as students
(via policies). Either I create a policy for them or take up your
suggestion about Microsoft Shared Computer Tookit or see if the
Sysinternals utils utils show something

Thanks

Peter