I have a small network (250 users) of users who assign their own domain and workgroup names to their equipment. This is in violation of our local security practice so I have been trying to determine if I can restrict the domain and workgroup names allowed on the network.
We have a series of servers/services that all users connect to (like print, collaboration, Internet etc.) and most are hosted within a single Active Directory Forest. (User must authenticate to AD before proceeding to the service).
In Active Directory, you can restrict access to various components of the Network Connections GUI. Look at the available settings in User ConfigurationAdministrative TemplatesNetworkNetwork Connections, as well as User ConfigurationAdministrative TemplatesControl Panel. Group Policy Objects can be configured so that they apply to any user on a machine, even those with administrative access.
This was first published in May 2004