"Blackberry" <info@NoSpamIt.com> wrote in message
news:OGcbeXQ$HHA.700@TK2MSFTNGP05.phx.gbl...
> Hi All
>
> I have a Win2k3 server setup at a school using AD/GPO to administer
> things.
>
> I have two sets of users, pupils and teachers, and I've tried to lock
> things
> down as much as possible really on both accounts where practical.
>
> The problem I have is that the teachers want to use their laptops on their
> networks (wireless and wired) at home and I therefore need to let them
> have
> access to the network connections/configurations so that they can change
> their ips, subnets, ssids, etc.
>
> As a test I added network administrators to the staff's account (ie they
> were network admins and domain users) and although they could get to the
> network properties main window it wouldn't let them into the tcp/ip config
> part to change stuff.
>
> I don't want to make them domain admins as I believe this will allow them
> to
> install and uninstall software (they always try and do this!!!) so is
> there
> anyway round this?
>
> I would have thought that assigning them as network admins would do the
> trick, what else does a network admin need to do???, but is it possible
> that
> another GPO param is stopping them from doing the job?
>
> Thanks
>
>

"Blackberry" <info@NoSpamIt.com> wrote in message
news:OGcbeXQ$HHA.700@TK2MSFTNGP05.phx.gbl...
> Hi All
>
> I have a Win2k3 server setup at a school using AD/GPO to administer
> things.
>
> I have two sets of users, pupils and teachers, and I've tried to lock
> things
> down as much as possible really on both accounts where practical.
>
> The problem I have is that the teachers want to use their laptops on their
> networks (wireless and wired) at home and I therefore need to let them
> have
> access to the network connections/configurations so that they can change
> their ips, subnets, ssids, etc.
>
> As a test I added network administrators to the staff's account (ie they
> were network admins and domain users) and although they could get to the
> network properties main window it wouldn't let them into the tcp/ip config
> part to change stuff.
>
> I don't want to make them domain admins as I believe this will allow them
> to
> install and uninstall software (they always try and do this!!!) so is
> there
> anyway round this?
>
> I would have thought that assigning them as network admins would do the
> trick, what else does a network admin need to do???, but is it possible
> that
> another GPO param is stopping them from doing the job?
>
> Thanks
>
>

"Blackberry" <info@NoSpamIt.com> wrote in message
news:ejvYL6Q$HHA.3400@TK2MSFTNGP03.phx.gbl...
> Hi Mathieu
>
> Many thanks for the prompt and detailed reply.
>
> We use DHCP in school and I believe they use DHCP at home, so I think
> their
> main issue is setting the Wireless stuff up, ie SSID, etc.
>
> It looks like the settings you have suggested would cover that - correct?
>
> Thanks
>
>
> "Mathieu CHATEAU" <gollum***@free.fr> wrote in message
> news:%23Og51eQ$HHA.5980@TK2MSFTNGP04.phx.gbl...
> Hello,
>
> the good way is to have DHCP on your network.
>
> Else:
> USER
> Administrative Templates\
> Network\
> Network Connections
>
> Prohibit access to properties of a LAN connection
> Prohibit TCP/IP advanced configuration
> Prohibit access to properties of components of a LAN connection
>
> Determines whether users can change the properties of a LAN connection.
> This setting determines whether the Properties menu item is enabled, and
> thus, whether the Local Area Connection Properties dialog box is available
> to users.  If you enable this setting (and enable the Enable Network
> Connections settings for Administrators setting), the Properties menu
> items
> are disabled for all users, and users cannot open the Local Area
> Connection
> Properties dialog box.  Important: If the Enable Network Connections
> settings for Administrators is disabled or not configured, this setting
> will
> not apply to administrators on post-Windows 2000 computers.  If you
> disable
> this setting or do not configure it, a Properties menu item appears when
> users right-click the icon representing a LAN connection. Also, when users
> select the connection, Properties is enabled on the File menu.  Note: This
> setting takes precedence over settings that manipulate the availability of
> features inside the Local Area Connection Properties dialog box. If this
> setting is enabled, nothing within the properties dialog box for a LAN
> connection is available to users.  Note: Nonadministrators have the right
> to
> view the properties dialog box for a connection but not to make changes,
> regardless of this setting.
>
>
> --
> Cordialement,
> Mathieu CHATEAU
> http://lordoftheping.blogspot.com
>
>
> "Blackberry" <info@NoSpamIt.com> wrote in message
> news:OGcbeXQ$HHA.700@TK2MSFTNGP05.phx.gbl...
>> Hi All
>>
>> I have a Win2k3 server setup at a school using AD/GPO to administer
>> things.
>>
>> I have two sets of users, pupils and teachers, and I've tried to lock
>> things
>> down as much as possible really on both accounts where practical.
>>
>> The problem I have is that the teachers want to use their laptops on
>> their
>> networks (wireless and wired) at home and I therefore need to let them
>> have
>> access to the network connections/configurations so that they can change
>> their ips, subnets, ssids, etc.
>>
>> As a test I added network administrators to the staff's account (ie they
>> were network admins and domain users) and although they could get to the
>> network properties main window it wouldn't let them into the tcp/ip
>> config
>> part to change stuff.
>>
>> I don't want to make them domain admins as I believe this will allow them
>> to
>> install and uninstall software (they always try and do this!!!) so is
>> there
>> anyway round this?
>>
>> I would have thought that assigning them as network admins would do the
>> trick, what else does a network admin need to do???, but is it possible
>> that
>> another GPO param is stopping them from doing the job?
>>
>> Thanks
>>
>>
>
>