mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-27 08:13:39 +00:00
Add WindowsConnectionManager CSP
This commit is contained in:
Vinay Pamnani
@ -1,98 +1,106 @@
|
|||||||
---
|
---
|
||||||
title: Policy CSP - WindowsConnectionManager
|
title: WindowsConnectionManager Policy CSP
|
||||||
description: The Policy CSP - WindowsConnectionManager setting prevents computers from connecting to a domain-based network and a non-domain-based network simultaneously.
|
description: Learn more about the WindowsConnectionManager Area in Policy CSP
|
||||||
|
author: vinaypamnani-msft
|
||||||
|
manager: aaroncz
|
||||||
ms.author: vinpa
|
ms.author: vinpa
|
||||||
ms.topic: article
|
ms.date: 12/07/2022
|
||||||
|
ms.localizationpriority: medium
|
||||||
ms.prod: windows-client
|
ms.prod: windows-client
|
||||||
ms.technology: itpro-manage
|
ms.technology: itpro-manage
|
||||||
author: vinaypamnani-msft
|
ms.topic: reference
|
||||||
ms.localizationpriority: medium
|
|
||||||
ms.date: 09/27/2019
|
|
||||||
ms.reviewer:
|
|
||||||
manager: aaroncz
|
|
||||||
---
|
---
|
||||||
|
|
||||||
|
<!-- Auto-Generated CSP Document -->
|
||||||
|
|
||||||
|
<!-- WindowsConnectionManager-Begin -->
|
||||||
# Policy CSP - WindowsConnectionManager
|
# Policy CSP - WindowsConnectionManager
|
||||||
|
|
||||||
<hr/>
|
> [!TIP]
|
||||||
|
> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
|
||||||
|
>
|
||||||
|
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
|
||||||
|
>
|
||||||
|
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
|
||||||
|
|
||||||
<!--Policies-->
|
<!-- WindowsConnectionManager-Editable-Begin -->
|
||||||
## WindowsConnectionManager policies
|
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
|
||||||
|
<!-- WindowsConnectionManager-Editable-End -->
|
||||||
|
|
||||||
<dl>
|
<!-- ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork-Begin -->
|
||||||
<dd>
|
## ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork
|
||||||
<a href="#windowsconnectionmanager-prohitconnectiontonondomainnetworkswhenconnectedtodomainauthenticatednetwork">WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork</a>
|
|
||||||
</dd>
|
|
||||||
</dl>
|
|
||||||
|
|
||||||
|
<!-- ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork-Applicability-Begin -->
|
||||||
|
| Scope | Editions | Applicable OS |
|
||||||
|
|:--|:--|:--|
|
||||||
|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
|
||||||
|
<!-- ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork-Applicability-End -->
|
||||||
|
|
||||||
<hr/>
|
<!-- ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork-OmaUri-Begin -->
|
||||||
|
```Device
|
||||||
|
./Device/Vendor/MSFT/Policy/Config/WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork
|
||||||
|
```
|
||||||
|
<!-- ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork-OmaUri-End -->
|
||||||
|
|
||||||
<!--Policy-->
|
<!-- ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork-Description-Begin -->
|
||||||
<a href="" id="windowsconnectionmanager-prohitconnectiontonondomainnetworkswhenconnectedtodomainauthenticatednetwork"></a>**WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork**
|
<!-- Description-Source-ADMX -->
|
||||||
|
This policy setting prevents computers from connecting to both a domain based network and a non-domain based network at the same time.
|
||||||
<!--SupportedSKUs-->
|
|
||||||
The table below shows the applicability of Windows:
|
|
||||||
|
|
||||||
|Edition|Windows 10|Windows 11|
|
|
||||||
|--- |--- |--- |
|
|
||||||
|Home|No|No|
|
|
||||||
|Pro|Yes|Yes|
|
|
||||||
|Windows SE|No|Yes|
|
|
||||||
|Business|Yes|Yes|
|
|
||||||
|Enterprise|Yes|Yes|
|
|
||||||
|Education|Yes|Yes|
|
|
||||||
|
|
||||||
<!--/SupportedSKUs-->
|
|
||||||
<hr/>
|
|
||||||
|
|
||||||
<!--Scope-->
|
|
||||||
[Scope](./policy-configuration-service-provider.md#policy-scope):
|
|
||||||
|
|
||||||
> [!div class = "checklist"]
|
|
||||||
> * Device
|
|
||||||
|
|
||||||
<hr/>
|
|
||||||
|
|
||||||
<!--/Scope-->
|
|
||||||
<!--Description-->
|
|
||||||
This policy setting prevents computers from connecting to both a domain-based network and a non-domain-based network at the same time.
|
|
||||||
|
|
||||||
If this policy setting is enabled, the computer responds to automatic and manual network connection attempts based on the following circumstances:
|
If this policy setting is enabled, the computer responds to automatic and manual network connection attempts based on the following circumstances:
|
||||||
|
|
||||||
Automatic connection attempts:
|
Automatic connection attempts
|
||||||
|
- When the computer is already connected to a domain based network, all automatic connection attempts to non-domain networks are blocked.
|
||||||
|
- When the computer is already connected to a non-domain based network, automatic connection attempts to domain based networks are blocked.
|
||||||
|
|
||||||
- When the computer is already connected to a domain-based network, all automatic connection attempts to non-domain networks are blocked.
|
Manual connection attempts
|
||||||
- When the computer is already connected to a non-domain-based network, automatic connection attempts to domain-based networks are blocked.
|
- When the computer is already connected to either a non-domain based network or a domain based network over media other than Ethernet, and a user attempts to create a manual connection to an additional network in violation of this policy setting, the existing network connection is disconnected and the manual connection is allowed.
|
||||||
|
- When the computer is already connected to either a non-domain based network or a domain based network over Ethernet, and a user attempts to create a manual connection to an additional network in violation of this policy setting, the existing Ethernet connection is maintained and the manual connection attempt is blocked.
|
||||||
|
|
||||||
Manual connection attempts:
|
If this policy setting is not configured or is disabled, computers are allowed to connect simultaneously to both domain and non-domain networks.
|
||||||
|
<!-- ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork-Description-End -->
|
||||||
|
|
||||||
- When the computer is already connected to either a non-domain-based network or a domain-based network over media other than Ethernet, and a user attempts to create a manual connection to another network in violation of this policy setting, then an existing network connection is disconnected and the manual connection is allowed.
|
<!-- ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork-Editable-Begin -->
|
||||||
- When the computer is already connected to either a non-domain-based network or a domain-based network over Ethernet, and a user attempts to create a manual connection to another network in violation of this policy setting, then an existing Ethernet connection is maintained and the manual connection attempt is blocked.
|
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
|
||||||
|
<!-- ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork-Editable-End -->
|
||||||
|
|
||||||
If this policy setting isn't configured or is disabled, computers are allowed to connect simultaneously to both domain and non-domain networks.
|
<!-- ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork-DFProperties-Begin -->
|
||||||
|
**Description framework properties**:
|
||||||
|
|
||||||
<!--/Description-->
|
| Property name | Property value |
|
||||||
|
|:--|:--|
|
||||||
|
| Format | chr (string) |
|
||||||
|
| Access Type | Add, Delete, Get, Replace |
|
||||||
|
<!-- ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork-DFProperties-End -->
|
||||||
|
|
||||||
|
<!-- ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork-AdmxBacked-Begin -->
|
||||||
> [!TIP]
|
> [!TIP]
|
||||||
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
|
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
|
||||||
>
|
|
||||||
> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
|
|
||||||
>
|
|
||||||
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
|
|
||||||
|
|
||||||
<!--ADMXBacked-->
|
**ADMX mapping**:
|
||||||
ADMX Info:
|
|
||||||
- GP Friendly name: *Prohibit connection to non-domain networks when connected to domain authenticated network*
|
|
||||||
- GP name: *WCM_BlockNonDomain*
|
|
||||||
- GP path: *Network/Windows Connection Manager*
|
|
||||||
- GP ADMX file name: *WCM.admx*
|
|
||||||
|
|
||||||
<!--/ADMXBacked-->
|
| Name | Value |
|
||||||
<!--/Policy-->
|
|:--|:--|
|
||||||
<hr/>
|
| Name | WCM_BlockNonDomain |
|
||||||
|
| Friendly Name | Prohibit connection to non-domain networks when connected to domain authenticated network |
|
||||||
|
| Location | Computer Configuration |
|
||||||
|
| Path | Network > Windows Connection Manager |
|
||||||
|
| Registry Key Name | Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy |
|
||||||
|
| Registry Value Name | fBlockNonDomain |
|
||||||
|
| ADMX File Name | WCM.admx |
|
||||||
|
<!-- ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork-AdmxBacked-End -->
|
||||||
|
|
||||||
<!--/Policies-->
|
<!-- ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork-Examples-Begin -->
|
||||||
|
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
|
||||||
|
<!-- ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork-Examples-End -->
|
||||||
|
|
||||||
## Related topics
|
<!-- ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork-End -->
|
||||||
|
|
||||||
|
<!-- WindowsConnectionManager-CspMoreInfo-Begin -->
|
||||||
|
<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
|
||||||
|
<!-- WindowsConnectionManager-CspMoreInfo-End -->
|
||||||
|
|
||||||
|
<!-- WindowsConnectionManager-End -->
|
||||||
|
|
||||||
|
## Related articles
|
||||||
|
|
||||||
[Policy configuration service provider](policy-configuration-service-provider.md)
|
[Policy configuration service provider](policy-configuration-service-provider.md)
|
||||||
Reference in New Issue
Block a user