What are options that can be done to prevent an authorized user on the network from using Internet Sharing on their laptop to wireless share our network to unauthorized people or devices?
We have a guest wireless network that gives Internet access via a preshared key and an "internal" wireless network where that uses domain credentials to connect.
We could enable a group policy to prevent our domain users from enabling Internet Connection Sharing, but that would do nothing to prevent non-domain computers of authorized business partners and contractors that are permitted to use the internal network as well as any rogue personal devices people may connect.
What about getting the internal wireless and having everyone use the external Internet wireless and require VPN to access the internal network? (One concern with this is that sometimes people need to access both our internal network and another remote site at the same time and if they are connected to our VPN, a other VPN connection would not work at the same time. )
Also, can a VPN connection to the internal network be shared via ICS?
Other solutions?