Allow and Disallow Simultaneous Connection to Domain and Non-Domain network

Posted on Matthew By Matthew No Comments on Allow and Disallow Simultaneous Connection to Domain and Non-Domain network
Allow and Disallow Simultaneous Connection to Domain and Non-Domain network
Allow and Disallow Simultaneous Connection to Domain and Non-Domain network

When working within a networked environment, it may be necessary to control whether a device can connect to both a domain-based network and a non-domain-based network at the same time. Windows offers a policy setting that can prevent computers from connecting to both domain-based networks and non-domain-based networks simultaneously. Please see how to mitigate File Came From Another Computer And Might be Blocked Error, and how to “Prevent Local Administrators from managing BitLocker with the manage-bde command“.

This feature is particularly useful in ensuring that network policies and security measures are adhered to consistently. This guide will show you how to configure this setting on Windows 10 and 11, providing detailed steps for both the Local Group Policy Editor and the Registry Editor methods.

Please see these related guides: How to reset folder view settings on File Explorer for Windows 11 and 10Change the default start page for File Explorer on Windows 11Fix the application was unable to start correctly (0xc0000135) error, and Perform BitLocker Recovery Password Rotation in Active Directory.

Understanding the Group Policy Setting

The policy setting “Prohibit connection to non-domain networks when connected to domain authenticated network” helps manage the security and integrity of your network connections. With this, we would be able to allow/disallow simultaneous connection to Domain & Non-Domain environment. Here’s how it works:

  • Enabled:
    • Blocks automatic and manual connection attempts to non-domain networks if the computer is already connected to a domain network, and vice versa.
    • Manual connections to a new network over Ethernet will be blocked if another network connection exists.
  • Not Configured or Disabled:
    • Allows simultaneous connections to both domain and non-domain networks.

Using Local Group Policy Editor

The Local Group Policy Editor is available in Windows 10/11 Pro, Enterprise, and Education editions. If you’re using another edition, you can use the Registry Editor method.

Also, see “Understanding MBAM compliance state and error status“, How To Configure a Domain Password Policy, and How to search through the Windows registry.

Steps to Allow or Disallow Simultaneous Connections:

Press Windows Key + R, type gpedit.msc, and press Enter.

Domain and Non-Domain network: Run utility
Launch the Group Policy Editor

Navigate to the following path: 

Computer Configuration > Administrative Templates > Network > Windows Connection Manager

In the right pane, double-click Prohibit connection to non-domain networks when connected to domain authenticated network.

Domain and Non-Domain network: Windows Connection Manager
Windows Connection Manager

To Enable simultaneous connections, select Not Configured or Disabled.

Click OK for the policy to take effect.

Domain and Non-Domain network: Enable simultaneous connections
Enable simultaneous connections

To Disable simultaneous connections, select Enabled.

Click OK to apply the policy

Disable simultaneous connections
Disable simultaneous connections

Close the Local Group Policy Editor to apply the changes.

Using the Windows Registry

For those using editions that do not include the Local Group Policy Editor, the Windows Registry method is an alternative. Editing the Registry allows you to control this setting by adding or modifying a specific value.

Steps to Enable or Disable Simultaneous Connections:

Press the Windows button, search for Registry Editor, and then run it as an administrator.

Open registry editor as administrator
Open registry editor as administrator

Navigate to the Registry Key: 

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WcmSvc

Right-click on the “Policies” folder, select New > Key, and name it GroupPolicy.

Create GroupPolicy key
Create GroupPolicy key

Inside the “GroupPolicy” key, right-click on the right pane, select New > DWORD (32-bit) Value, and name it fBlockNonDomain.

Select DWORD (32 bit) value
Select DWORD (32 bit) value

Double-click on fBlockNonDomain and set its value to 0, to enable simultaneous connections.

Enable simultaneous connections in Registry
Enable simultaneous connections in Registry

To disable simultaneous connections, double-click on fBlockNonDomain and set its value to 2.

Disable simultaneous connections in Registry
Disable simultaneous connections in Registry

Close the registry editor to apply the changes.

Conclusion on Allowing/Disallowing simultaneous connection

By following this guide, you can effectively manage your network connections, ensuring that your system adheres to your organization’s network policies.

Whether you use the Local Group Policy Editor or the Windows Registry, these steps will help you control simultaneous connections to domain and non-domain networks, enhancing your network’s security and integrity.

I hope you found this article on how to Allow/Disallow simultaneous connection to Domain & Non-Domain network useful. Please feel free to leave a comment below.

5/5 - (1 vote)
Network | Monitoring, Windows Tags:, , ,

Related Posts

More Related Articles

Configure Multiple IP Addresses on a Single or Multiple Network Cards Configure Multiple IP Addresses on a Single or Multiple NICs Network | Monitoring
remote desktop connection tabs rdp tabs Guide to Remote Desktop Connection Properties for Secure Access Windows
printserver How to set up a Print Server on Windows Servers Windows
reset How to Reset a Snom Phone Network | Monitoring
Screenshot 2020 12 06 at 17.44.32 Windows cannot connect to the printer: Operation Failed with error 0x000004f8 Windows
Featured image DNS Server settings Do not use Public DNS in Prod: Change DNS Server in Windows Network | Monitoring

Leave a Reply