No announcement yet.

The difference between 'Power-users' and 'network configuration operators'.

  • Filter
  • Time
  • Show
Clear All
new posts

  • The difference between 'Power-users' and 'network configuration operators'.

    I just have some small constraints, which I thought I could solve by creating a user on a PC whose sole right / or at least 'most administrative' right is to change LAN TCP-IP settings....change a PCs IP address, as in I want to have a user-account on a desktop, and such an account could have authority to change the IP address of the PC - and nothing more.

    so i created a user with membership in groups 'power-users', and 'network-configuration-operators', and the only administrative priviledge i found that this user has to to enable/disable the LAN. This 'power-user' can't change the PC's ip address.

    if i were to remove such this user from the 'network-configuration-operators' group, with membership still in the 'power-users' group, the only difference was that such a user would get the 'you do not have sufficient priviledges to ......." prompt before finding out that the 'properties' button of the IP(TCP/IP) LAN property is disabled(greyed out).

    Group policy > user configuration > administrative templates > network connections >'prohibit access to properties of components of a LAN connection'....states thus:

    description: Determines whether Administrators and Network Configuration Operators can change the properties of components used by a LAN connection.
    This setting determines whether the Properties button for components of a LAN connection is enabled.

    these last 3-notes seem contradictory, considering my user is a power-user and a Network- Configuration-Operators:
    Note1: When the "Prohibit access to properties of a LAN connection" setting is enabled, users are blocked from accessing the Properties button for LAN connection components- network connections > right-click LAN, properties

    Note2: Network Configuration Operators only have permission to change TCP/IP properties. Properties for all other components are unavailable to these users.

    Note3: Nonadministrators are already prohibited from accessing properties of components for a LAN connection, regardless of this setting.

    --as per Note2, if Network configuration operators have the permission to change the TCP/IP properties(which I believe is to edit the IP settings on the LAN), why is the TCP/IP 'properties' button disabled for a user-account in membership groups power-user and NCO.

    MS local users and groups descriptions:
    "Power Users possess most administrative powers with some restrictions. Thus, Power Users can run legacy applications in addition to certified applications"

    Members in this group can have some administrative privileges to manage configuration of networking features

    -- or have I done it can I achieve my aim? is such possible with a user-account?