Enable/disable Network from desktop without password
Sorry if this is the wrong forum. On my Windows 7 Pro, 64 bit, hard-wired LAN, I want to enable / disable the network as needed, from regular user accounts, without providing any password. I do this routinely on XP, but Win 7 pops-up a request for administrator password. How do I eliminate this step without compromising the permissions on other programs? If I need to turn off the network in a panic (I'm paranoid), having to type a password seems ludicrous. TIA
September 19th, 2010 4:53pm

Hi TIA, Please ensure you are using the account with Administrator permissions. If it is a low level account, this should be a normal behavior. As this feature is protected by User Account Control(UAC) by design, if the UAC level is high, we have to provide the administrator password when trying to enable or disable the network. In order to prevent the unauthorized changes to your computer, it is not recommended to disable the UAC. However, you may choose the “Notify me only when programs try to make changes to my computer (do not dim my desktop).” option to configure the UAC settings. For more information, please refer to the following link: Enable or disable a network adapter What are User Account Control settings? Best Regards, Sabrina TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
September 20th, 2010 2:46am

Thanks for your answer, Sabrina. > Please ensure you are using the account with Administrator permissions. If it is a low level account, this should be a normal behavior. Please note that I want to use a "low-level" account, without administrative rights, to access the Internet. I want to be able to control the network adapter from this account, _without_ having to enter a password each time. > As this feature is protected by User Account Control(UAC) by design, if the UAC level is high, we have to provide the administrator password when trying to enable or disable the network. If I leave the NIC enabled all the time, the worst case scenario is a successful attack past the UAC while I'm out for coffee. If I leave it closed, the worst case scenario is, that an infected internal app opens up the NIC to the above mentioned attack, which may or may not ocurr. This seems less of a threat, than staying exposed the entire time, as it requires two separate attacks, rather than the single attack of the first scenario. > In order to prevent the unauthorized changes to your computer, it is not recommended to disable the UAC. However, you may choose the “Notify me only when programs try to make changes to my computer (do not dim my desktop).” option to configure the UAC settings. My read of the UAC is, that its setting controlls everything. So if I relax the UAC, I relax it on the entire system for the given account. How do I relax security on ONLY the network adapter? Thanks, Eb (not TIA) alias errrrHmmm_shucks
September 20th, 2010 8:20am

Hi Eb, Thank you for correcting me and clarifying the detailed issue. From your description, I understand that you would like to not configure the UAC settings. And you are using the "low-level" account without administrative rights to access the Internet. You need to disable the network to protect the computer from being attacking when you are not using. First, please understand that we cannot configure the UAC settings to allow a special program or feature without the administrative permission by design. However, as there are the antivirus programs, firewall and UAC in the system, it is no need to disable the network when you are not using it to prevent the attacks. I suggest going to enable the real time protection for your antivirus program and the Windows Defender feature. You may also turn on the Automatic Update to ensure that all the updates are installed. Also, you may refer to the Microsoft Security site for some security information. Regards, Sabrina TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
September 21st, 2010 9:11am

Hi Eb, Thank you for correcting me and clarifying the detailed issue. From your description, I understand that you would like to not configure the UAC settings. And you are using the "low-level" account without administrative rights to access the Internet. You need to disable the network to protect the computer from being attacking when you are not using. First, please understand that we cannot configure the UAC settings to allow a special program or feature without the administrative permission by design. However, as there are the antivirus programs, firewall and UAC in the system, it is no need to disable the network when you are not using it to prevent the attacks. I suggest going to enable the real time protection for your antivirus program and the Windows Defender feature. You may also turn on the Automatic Update to ensure that all the updates are installed. Using Windows Defender:http://windows.microsoft.com/en-US/windows7/Using-Windows-Defender Turn automatic updating on or off:http://windows.microsoft.com/en-us/windows7/Turn-automatic-updating-on-or-off Also, you may refer to the Microsoft Security site for some security information. http://www.microsoft.com/security/default.aspx Regards, Sabrina TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
September 21st, 2010 9:11am

"If I leave the NIC enabled all the time, the worst case scenario is a successful attack past the UAC while I'm out for coffee." No, not quite. UAC is not actually a security boundary, it's really only a user level prompt for user level security elevation that previously didn't exist. UAC is there to be a red flag for when system level changes are being made that typically require using a admin level account. UAC has no real control of restricting attacks on a NIC. http://news.techworld.com/security/8031/microsoft-uac-not-a-security-feature/ With your paranoia and requirements, on a wired LAN no less, why not just pull the Cat5E/6 cabling from the jack as needed? =)
Free Windows Admin Tool Kit Click here and download it now
September 21st, 2010 11:22am

Sabrina, > there are the antivirus programs, firewall and UAC in the system, it is no need to disable the network when you are not using it to prevent the attacks. These products are only as effective as the last month's security patches. When was the last month WITHOUT such patches?! If one can rely on them why are these patches needed? Further, how reliable are the patches themselves? On my latest update, there was a patch marked importan, which failed to install, and the error message generated is unknown to anyone within Microsoft, that I've been able to contact. By the way, the security site you linked me to has me starting further back than I was before I posted here. Eb
September 22nd, 2010 10:03am

Thanks, > UAC is ... only a user level prompt for user level security elevation that previously didn't exist. I needed that explanation for it to register in the few gray cells left. > With your paranoia and requirements, on a wired LAN no less, why not just pull the Cat5E/6 cabling from the jack as needed? =) Yeah, Microsoft's answer to ZoneAlarm's "Panic Button" <grin>. Actually, that's more or less what I was doing a couple of years ago. Until I figured out how to assign the access rights to my network control in Windows XP. So I gather that Windows 7 has a built-in longing for the dark ages. Thanks for the tip about the UAC. Eb
Free Windows Admin Tool Kit Click here and download it now
September 22nd, 2010 10:17am

Shucks, "Yeah, Microsoft's answer to ZoneAlarm's "Panic Button" Ah yes, this sort of setting is possible in the native Windows Firewall whereby you can deny communications in either direction. I suppose a quick way of performing this would be to use the Home or Work Network or the Domain Network settings within the Firewall Settings as the profile for when you want connections enabled, and then swtich to the Public Networks Profile with all the connections closed off when your off away. I am not sure of why you're paranoid in this instance. Were it a Wireless Access Point in use, say with WEP, then perhaps I could understand as they're quite easily hacked. But a wired LAN is failry secure and if you're worried about ensuring that a person couldn't access your system for a short stint while you take a coffee break or what have you, if you're suspecting someone performing such on your internal LAN then it's just as likely they'd try to sniff the network for authentication credentials and then when you're off for your break with your NIC unplugged they could stop on by and start using your machine. If you're looking to disable the interface, I suspect disabling the network adapter would also shutdown the communication as needed, and then you could re-enable it as needed. So using something like run > cmd > ipconfig /release "adapter name" would disable it, and then ipconfig /renew "adapter name" would re-enable it. http://support.microsoft.com/default.aspx?scid=kb;en-us;311272
September 22nd, 2010 10:41am

Cschaar, Thanks for your suggestions, I'll give them a try just as soon as I've gotten W7 reinstalled. I've spent the last several days fighting a ridiculous battle against Windows 7 64-bit from a 32 bit XP platform. But that's another problem. > paranoid in this instance I'm paranoid all the time - it's a genetic thing. Plus there are the never-ending security updates by Microsoft. Eb
Free Windows Admin Tool Kit Click here and download it now
September 27th, 2010 4:06am

"Plus there are the never-ending security updates by Microsoft." Unbderstood, but this is unfortunatly the case with any Linux and Unix variant & Mac OS and even network devices, so it's certainly not unique to Microsoft or Windows. It's just the nature of the beast.
September 27th, 2010 10:17am

Hi Eb, Just want to say Hi, and I was wondering how everything is going. If anything is unclear, please let me know. It is my pleasure to be of assistance. Regards, Sabrina TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
September 29th, 2010 4:46am

I have tested the solutions offered above, and none of them solved the problem. The goal was to provide a single-step IMMEDIATE enable/disable of the internet access, requiring at most a double-click. The solutions offered still require administrator access. o Changing the firewall profile not only requires admin rights, it reequires more steps total, than just en/disabling the aapter. o Whitelisting required a Windows update, which is not available except by a full install of W7 ultimate. W7 Pro does not offer whiltelisting. o En/Disabling the adapter is still the quickest solution. I'm using a script to access the adapter properties, and paste the password. This is a CRUDE workaround, which should not be necessary. As long as security holes exist, regardless of who is to blame, and attackers exist to take advantage of them, there ought to be a way to quickly disconnect a PC from the internet. Eb
October 19th, 2010 9:51am

· Hi Eb, Thank you for your feedback. I will report this issue to our related department. Regards, Sabrina TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.comThis posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
October 26th, 2010 5:31pm

I have a real issue with this that has nothing to do with paranoia. I have an end user that is on a laptop with two interfaces. She routinely needs the wireless adapter to work out in the warehouse. We have a security camera system that has remote software that will not work if both interfaces are active. even if she switches the wireless off, it will still not make the connection to the software. Now, granted, this is obviously an issue with the software, but the simple solution is to temporarily disable the wireless interface which she cannot do as a member of the Users group. Is my only option to disable the UAC? thanks jason
May 16th, 2011 5:20pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics