How can I disable network access for specific user?

windows permissions windows-10 user-accounts
29,219

If you have a domain you can create a Group Policy for that user. Create one OU for that user and add a new GPO for that OU.

On that GPO go to "User Configuration\Administrative Templates\Network\Network Connections" and enable/disable whatever you want for that user.

To disable explorer to show remote computers you need to Enable in "User Configuration\Administrative Templates\Windows Components\File Explorer" the elements "No Computers Near Me" and "No Entire Network".

If you don't have a domain and you have a non Windows Home version you can edit the local Group Policy for that user. So you should log in with it's user and run gpedit.msc.

Go to User Configuration\Administrative Templates\Network\Network Connections and enable/disable what you want.

To disable explorer to show remote computers you need to Enable in "User Configuration\Administrative Templates\Windows Components\File Explorer" the elements "No Computers Near Me" and "No Entire Network".

The only problem if you don't have a domain it's if the user knows how to enter gpedit.msc he could remove your restrictions.

The restrictions about not to show the computers of the network it's easy bypassed if the user writes on explorer or in the run window the direct UNC path to the resource.

If you don't have a domain and you have a Windows Home version the only way it's to use some application for Parental Control, but that's not free.

More info: https://technet.microsoft.com/en-us/library/cc732613%28v=ws.10%29.aspx

Share:
29,219

Related videos on Youtube

Matt
Author by

Matt

Updated on September 18, 2022

Comments

  • Matt
    Matt over 1 year

    I use Windows 10 and want to restrict a specific user from accessing any of the network resources. I only want him/her to access the local physical drives but no other network resources such as other computers in the same network. I do not even want the user to see the network resources available.

    Is that possible?

  • Matt
    Matt over 8 years
    what do you mean with "if I have a domain"?
  • Matt
    Matt over 8 years
    Also, the statement "The only problem if you don't have a domain it's if the user knows how to enter gpedit.msc he could remove your restrictions." does not seem to be correct. My "standard user" does not have permission to access the local group policy editor.
  • A1985
    A1985 over 8 years
    If you don't know what domain means, you won't have one ;) Still there is a way to install the local group policy to the home version of windows. youtube.com/watch?v=oqk3vtTYfzY (haven't seen the video though, but I know that it works ;))
  • Matt
    Matt over 8 years
    I have Windows 10 Pro, and can manage local group policies. Also the local group policy access can be blocked for non admin users. Thanks, I will take a look what I can disable within Network Connections...
  • Matt
    Matt over 8 years
    I checked but there is no Setting that lets me disable network resources...?!? And also I do not see how those settings pertain to specific users or user groups???
  • NetVicious
    NetVicious over 8 years
    Check if that user it's member of administrators or network configuration operator groups. It can be necesary to change the rights of the user to do the configuration if you don't have a domain. You can remove that membership after the configuration.
  • Matt
    Matt over 8 years
    @NetVicious, I already have full admin rights, and there is no setting to restrict or block local network resources or local network access for specific users.
  • NetVicious
    NetVicious over 8 years
    @MattWolf Look at the left tree of this image: technet.microsoft.com/en-us/library/…
  • Matt
    Matt over 8 years
    @NetVicious, what you point to is a restriction to access settings and properties. My question is about blocking any sort of inbound and outbound net traffic to a specific IP address and that should pertain to a specific user or user group.
  • NetVicious
    NetVicious over 8 years
    @Matt Wolf I Edited my answer and I added a new path on the GPO MMC to disable some explorer things and not allow it to show the near computers and the link for the entire network. Mind that this kind of block only don't shows it on the File Explorer, if the user knows the direct UNC path he can access to it if he has the rights to do it. For do more restrictions you should block more and more options in explorer (run option on start menu as example), but mind me 100% security it's near impossible. Secure your remote network shares to disable access of that user should be the only way.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to create a very restricted user account into windows 10?
Windows 7 user account suddenly changed to a guest account
Access denied when modifing value of registry key [run as admin & owner of key]
Solve "you don't have permission to save to this location"
Adding ALL RESTRICTED APPLICATION PACKAGES to folder permissions
Find all permissions associated with a local group
Access To the Path is Denied (PowerShell Rename-Item Script)
Automate UAC to not prompt for admin user/pass when app needs "run as administrator"
Cannot Create Any Account on Windows 7 - User Profile Service failed the logon. User profile cannot be loaded
How do I copy/move files WITHOUT retaining/preserving the security/sharing permissions?