Disable NIC in Group Policy

[Molenski]

Hi there,

We have clients running old 2000 pro in a domain at 2k3 domain functional level. The operators of these systems must have admin rights on the machines. The machines are dual boot and boot into either one domain or the other (two nics in the machine attached to the two networks). The problem is, because the operators are admins they can enable the nics which we don't want. Is there a way using GP maybe of stopping the second nic (attached to the second network) from being enabled when booted into one OS on the first network. There may even be a simpler way?

Cheers.

 

[baddos]

I don't think you can disable the nic prior to booting with GPO. Even with a script, it would most likely be enabled before you want it enabled.

It would be best management wise to only use 1 nic, and connect those two networks with a router or layer3 switch. You could then put a firewall or access-list to limit the traffic if you wish. It's probably also a bad idea to have Windows 2000 workstations running on your network as they have no support from microsoft so no windows update, etc.

 

[Molenski]

Hi, thanks for getting back. Unfortunately we have no choice on the 2k thing...that comes from way above! Can you explain a little more in detail what you mean with your network based solution? I have a good understanding of networking and devices etc. but it's not clear what you mean. Thanks.

 

[baddos]

Usually before Windows 2000 applies group policies, it will wait for the network to become available (NIC driver loads, gets IP address, etc). So if you put a script in a GPO to disable the nic card, it would probably happen after the login process. You could try it out though.