non-Administrators enable/disable network components

G

Guest

Guest
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I have a shared XP workstation that is used, among other things, to access
two different VPNs -- one is a Cisco client and one is a Checkpoint client.
There are conflicts between the two, so that we can only have one or the
other connection going.

Before switching from one to the other, I go into the LAN connection
properties and check or uncheck 'Check Point SecuRemote' and 'Deterministic
Network Enhancer' from the list of components appropriately.

The problem is that I can only do this with a user account that is in the
Administrators group. I don't really want others who use this computer to
belong to the Administrators group, but they'll need to be able to change the
network component settings.

Is there a way to create a group and set a group policy so that they'll be
able to enable/disable network components? The 'Network Configuration
Operators' group can't do it, and in fact, according to policy explanations
I've seen in the group policy editor "nonadministrators are already
prohibited from enabling or disabling components for a LAN connection..."

Any help is appreciated. Thanks... ab

[or is there a way to get both VPN clients to play nicely together?]
 

Juan

Distinguished
May 5, 2003
168
0
18,680
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi:

This should work; Assuming you are using XP Pro with NTFS file system:
In Windows Explorer, go to Tools, Folder Options View, uncheck
"Simple file sharing (recommended)" next still in the Explorer, go to
Network Connections\Properties\Security\Add the Network
Configuration group and apply the necesary permissions.
In case this doesn't do it, it may be necessary to configure
Advanced Options\Permissions\Modify for a more detailed
permission configuration, or chech all permissions in the main security tab
including full control and in advanced options\permissions, uncheck
Inherit from the main object those permission entries relative to secundary
objects, etc... for full permissions to apply to Network Connections only.

Hope this helps.

---------------------------------------
"XPtyro" <XPtyro@discussions.microsoft.com> escribió en el mensaje
news:BC9D4540-C2E0-454C-9124-22D4435ED336@microsoft.com...
> I have a shared XP workstation that is used, among other things, to
access
> two different VPNs -- one is a Cisco client and one is a Checkpoint
client.
> There are conflicts between the two, so that we can only have one or the
> other connection going.
>
> Before switching from one to the other, I go into the LAN connection
> properties and check or uncheck 'Check Point SecuRemote' and
'Deterministic
> Network Enhancer' from the list of components appropriately.
>
> The problem is that I can only do this with a user account that is in the
> Administrators group. I don't really want others who use this computer to
> belong to the Administrators group, but they'll need to be able to change
the
> network component settings.
>
> Is there a way to create a group and set a group policy so that they'll be
> able to enable/disable network components? The 'Network Configuration
> Operators' group can't do it, and in fact, according to policy
explanations
> I've seen in the group policy editor "nonadministrators are already
> prohibited from enabling or disabling components for a LAN connection..."
>
> Any help is appreciated. Thanks... ab
>
> [or is there a way to get both VPN clients to play nicely together?]
>
 

Juan

Distinguished
May 5, 2003
168
0
18,680
Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi:

This should work; Assuming you are using XP Pro with NTFS file system:
In Windows Explorer, go to Tools, Folder Options View, uncheck
"Simple file sharing (recommended)" next still in the Explorer, go to
Network Connections\Properties\Security\Add the Network
Configuration group and apply the necesary permissions.
In case this doesn't do it, it may be necessary to configure
Advanced Options\Permissions\Modify for a more detailed
permission configuration, or chech all permissions in the main security tab
including full control and in advanced options\permissions, uncheck
Inherit from the main object those permission entries relative to secundary
objects, etc... for full permissions to apply to Network Connections only.

Hope this helps.

---------------------------------------
"XPtyro" <XPtyro@discussions.microsoft.com> escribió en el mensaje
news:BC9D4540-C2E0-454C-9124-22D4435ED336@microsoft.com...
> I have a shared XP workstation that is used, among other things, to
access
> two different VPNs -- one is a Cisco client and one is a Checkpoint
client.
> There are conflicts between the two, so that we can only have one or the
> other connection going.
>
> Before switching from one to the other, I go into the LAN connection
> properties and check or uncheck 'Check Point SecuRemote' and
'Deterministic
> Network Enhancer' from the list of components appropriately.
>
> The problem is that I can only do this with a user account that is in the
> Administrators group. I don't really want others who use this computer to
> belong to the Administrators group, but they'll need to be able to change
the
> network component settings.
>
> Is there a way to create a group and set a group policy so that they'll be
> able to enable/disable network components? The 'Network Configuration
> Operators' group can't do it, and in fact, according to policy
explanations
> I've seen in the group policy editor "nonadministrators are already
> prohibited from enabling or disabling components for a LAN connection..."
>
> Any help is appreciated. Thanks... ab
>
> [or is there a way to get both VPN clients to play nicely together?]
>
 

TRENDING THREADS