Allow and Disallow Simultaneous Connection to Domain and Non-Domain network

Posted on Matthew By Matthew No Comments on Allow and Disallow Simultaneous Connection to Domain and Non-Domain network
Allow and Disallow Simultaneous Connection to Domain and Non-Domain network
Allow and Disallow Simultaneous Connection to Domain and Non-Domain network

When working within a networked environment, it may be necessary to control whether a device can connect to both a domain-based network and a non-domain-based network at the same time. Windows offers a policy setting that can prevent computers from connecting to both domain-based networks and non-domain-based networks simultaneously. Please see how to mitigate File Came From Another Computer And Might be Blocked Error, and how to “Prevent Local Administrators from managing BitLocker with the manage-bde command“.

This feature is particularly useful in ensuring that network policies and security measures are adhered to consistently. This guide will show you how to configure this setting on Windows 10 and 11, providing detailed steps for both the Local Group Policy Editor and the Registry Editor methods.

Please see these related guides: How to reset folder view settings on File Explorer for Windows 11 and 10Change the default start page for File Explorer on Windows 11Fix the application was unable to start correctly (0xc0000135) error, and Perform BitLocker Recovery Password Rotation in Active Directory.

Understanding the Group Policy Setting

The policy setting “Prohibit connection to non-domain networks when connected to domain authenticated network” helps manage the security and integrity of your network connections. With this, we would be able to allow/disallow simultaneous connection to Domain & Non-Domain environment. Here’s how it works:

  • Enabled:
    • Blocks automatic and manual connection attempts to non-domain networks if the computer is already connected to a domain network, and vice versa.
    • Manual connections to a new network over Ethernet will be blocked if another network connection exists.
  • Not Configured or Disabled:
    • Allows simultaneous connections to both domain and non-domain networks.

Using Local Group Policy Editor

The Local Group Policy Editor is available in Windows 10/11 Pro, Enterprise, and Education editions. If you’re using another edition, you can use the Registry Editor method.

Also, see “Understanding MBAM compliance state and error status“, How To Configure a Domain Password Policy, and How to search through the Windows registry.

Steps to Allow or Disallow Simultaneous Connections:

Press Windows Key + R, type gpedit.msc, and press Enter.

Domain and Non-Domain network: Run utility
Launch the Group Policy Editor

Navigate to the following path: 

Computer Configuration > Administrative Templates > Network > Windows Connection Manager

In the right pane, double-click Prohibit connection to non-domain networks when connected to domain authenticated network.

Domain and Non-Domain network: Windows Connection Manager
Windows Connection Manager

To Enable simultaneous connections, select Not Configured or Disabled.

Click OK for the policy to take effect.

Domain and Non-Domain network: Enable simultaneous connections
Enable simultaneous connections

To Disable simultaneous connections, select Enabled.

Click OK to apply the policy

Disable simultaneous connections
Disable simultaneous connections

Close the Local Group Policy Editor to apply the changes.

Using the Windows Registry

For those using editions that do not include the Local Group Policy Editor, the Windows Registry method is an alternative. Editing the Registry allows you to control this setting by adding or modifying a specific value.

Steps to Enable or Disable Simultaneous Connections:

Press the Windows button, search for Registry Editor, and then run it as an administrator.

Open registry editor as administrator
Open registry editor as administrator

Navigate to the Registry Key: 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WcmSvc

Right-click on the “Policies” folder, select New > Key, and name it GroupPolicy.

Create GroupPolicy key
Create GroupPolicy key

Inside the “GroupPolicy” key, right-click on the right pane, select New > DWORD (32-bit) Value, and name it fBlockNonDomain.

Select DWORD (32 bit) value
Select DWORD (32 bit) value

Double-click on fBlockNonDomain and set its value to 0, to enable simultaneous connections.

Enable simultaneous connections in Registry
Enable simultaneous connections in Registry

To disable simultaneous connections, double-click on fBlockNonDomain and set its value to 2.

Disable simultaneous connections in Registry
Disable simultaneous connections in Registry

Close the registry editor to apply the changes.

Conclusion on Allowing/Disallowing simultaneous connection

By following this guide, you can effectively manage your network connections, ensuring that your system adheres to your organization’s network policies.

Whether you use the Local Group Policy Editor or the Windows Registry, these steps will help you control simultaneous connections to domain and non-domain networks, enhancing your network’s security and integrity.

I hope you found this article on how to Allow/Disallow simultaneous connection to Domain & Non-Domain network useful. Please feel free to leave a comment below.

5/5 - (1 vote)
Network | Monitoring, Windows Tags:, , ,

Related Posts

More Related Articles

web application architecture main Request timed out and Destination Host Unreachable, Transit Failed, General Failure Windows
get computer specific model information How to get Windows PC specific Model information Windows
Spell Check Not Working in Microsoft Word How to Fix Spell Check Not Working in Microsoft Word Microsoft Exchange/Office/365
xcdbfg Folder Access Denied, you require permission from SYSTEM: Unable to delete old Windows folder Windows
Banner Enabling and Configuring WinRM via GPO Windows
Screenshot 2020 07 23 at 18.29.00 Universal, Global, and Domain Local Group Scopes Differences Windows

Leave a Reply