Tuesday, February 07, 2006

Permission of "Network Configuration Operators" group

The permission for the "Network Configuration Operators" group is documented in Microsoft's knowledge base 297938.
But, there is no language specifically about wireless network configuration
in the KB. So I set out to do a little test. It turns out "Network Configuration Operators" can:

  • Disable, enable wireless adapter and configure wireless connection properties.

  • Change IP filter setting of TCP/IP protocol.


But, can NOT: change firewall settings.


For the sake of completeness, I include Microsoft's list below.


  • Modify the Transmission Control Protocol/Internet Protocol (TCP/IP) properties
    for a local area network (LAN) connection, which includes the IP address,
    the subnet mask, the default gateway, and the name servers.

  • Rename the LAN connections or remote access connections that are available
    to all of the users.

  • Enable or disable a LAN connection.

  • Modify the properties of all of the remote access connections of the user.

  • Delete all of the remote access connections of the user.

  • Rename all of the remote access connections of the user.

  • Issue ipconfig, release, or renew commands.