Policy CSP - WindowsConnectionManager

Tip

This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see Understanding ADMX-backed policies.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork

Scope Editions Applicable OS
✅ Device
❌ User
✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC
✅ Windows 10, version 1803 [10.0.17134] and later
./Device/Vendor/MSFT/Policy/Config/WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork

This policy setting prevents computers from connecting to both a domain based network and a non-domain based network at the same time.

  • If this policy setting is enabled, the computer responds to automatic and manual network connection attempts based on the following circumstances:

Automatic connection attempts

  • When the computer is already connected to a domain based network, all automatic connection attempts to non-domain networks are blocked.

  • When the computer is already connected to a non-domain based network, automatic connection attempts to domain based networks are blocked.

Manual connection attempts

  • When the computer is already connected to either a non-domain based network or a domain based network over media other than Ethernet, and a user attempts to create a manual connection to an additional network in violation of this policy setting, the existing network connection is disconnected and the manual connection is allowed.

  • When the computer is already connected to either a non-domain based network or a domain based network over Ethernet, and a user attempts to create a manual connection to an additional network in violation of this policy setting, the existing Ethernet connection is maintained and the manual connection attempt is blocked.

  • If this policy setting isn't configured or is disabled, computers are allowed to connect simultaneously to both domain and non-domain networks.

Description framework properties:

Property name Property value
Format chr (string)
Access Type Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name Value
Name WCM_BlockNonDomain
Friendly Name Prohibit connection to non-domain networks when connected to domain authenticated network
Location Computer Configuration
Path Network > Windows Connection Manager
Registry Key Name Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy
Registry Value Name fBlockNonDomain
ADMX File Name WCM.admx

Policy configuration service provider