# How to block internet protocol tcp ip properties



## vinay

Now days we're going with new and some latest technology of computer Hardware and Networking peripherals and some system setting.

But today i have one question for your guys?

I have 100 users desktop in my Network , but sometime some user change the IP address own hand only.

So, my question is i want to block my internet protocol tcp ip properties.

Can u tell me guys how can i block this Properties for IPv4.


----------



## Cromewell

You want to use group policy:
User Configuration\Administrator Templates\Network\Network Connections
- Prohibit TCP/IP advanced configuration
- Prohibit access to properties of a LAN connection

And you'll also want to remove them from the local administrator group.


----------



## vinay

Hello Thanks for your help sir,

This troubleshooting i am doing in my own desktop only but still Local area connection status is accessible for me.

Exactly which option i have to select I already disable - Prohibit TCP/IP advanced configuration & - Prohibit access to properties of a LAN connection but still Local area connection status is accessible for me.

And one more thing : Microsoft Windows Server 2003, Windows XP, and Windows 2000 Service Pack 1 operating systems only 

This is only supportable for this OS.

*Note : See in my office i am following normal Topology *

Ex : 1. I have 6 D-link 24 port switches 
      2. 8 ADSL Router for Internet connection 
      3. and all switches and routers are connected with each other (Looping System)

One more thing sir in my office there is no administrator rights in my office all users can easily edit and modify all things Like (Downloads,IP chages, More ....)

So, Now please tell me how can i fix this issue..!

Thanks 
Waiting for your reply..!


----------



## Cromewell

True, my previous response assumed you were running active directory and XP era OSes.

If you are running Vista of Windows 7 the only option is to not let people be local "Administrators" or "Network Configuration Operators". An administrator has to be able to change these settings.

Why do your users feel the need to change their IP address? Is there a problem with your network or internet service that they are trying to get around?


----------



## vinay

*Reply to Cromewell*

Yes, I completely agree with you. Because of if some users want to download something without my permission then they will try this option.

Ex: *My ADSL Internet routers* : 192.168.0.1 | 192.168.0.31 | 192.168.0.61 | 192.168.0.91
Ex: * 192.168.0.1 (Routers)
     * 192.168.0.2 (User IP Address)
     * 192.168.0.3 (User IP Address) To * 192.168.0.254

They can choose any IP from this. But now my question is they will select any IP from this range, bt they don't know selected IP address is already assign to someone else.

So, That's why IP conflict message appear on screen to some users.and i want to fix this issue.


----------



## Vipernitrox

If users have administrator rights you can't block them from changing those settings. That's the whole point of being an administrator.

An alternative option would be to setup a proxy server. And just block all traffic going outside except through the proxy. That way the ip of the user won't matter for downloading stuff. So changing ip's will do nothing for them. They can only access the internet through the proxy. And you can control what they can access on the internet by properly configuring the proxy.


----------



## vinay

Ok Thank you very much for help sir.


----------

