cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Enable 'Require domain users to elevate when setting a network's location'

JimmyWork
Iron Contributor

‎Sep 01 2021 05:07 AM

‎Sep 01 2021 05:07 AM

Enable 'Require domain users to elevate when setting a network's location'

Hi

 

From the security recommendations on my test machine I can see that it recommends me to

"Enable 'Require domain users to elevate when setting a network's location'"

 

First I tried creating a device configuration using settings catalog and administrative templates

2021-09-01 14_02_11-Windows-Defender-ATP-Security-Recommendations - Microsoft Endpoint Manager admin.png

Then I got an error: Error type 2: Error code: 65000

2021-09-01 14_03_24-Setting Details​ - Microsoft Endpoint Manager admin center.png

 

So I checked the device and saw that the registry key was missing and created a proactive remediation script that creates the missing registry key on the device.

 

But I still have the same error, and the security recommendations still shows me to activate it. Not sure what I can do as none of the recommended solution actually make the security recommendation go away and they Administrative templates always errors out.

 

Option 1 - Set the following Group Policy:
Computer Configuration\Policies\Administrative Templates\Network\Network Connections\Require domain users to elevate when setting a network's location
To the following value: Enabled

Option 2 - Set the following registry value:
HKLM\SOFTWARE\Policies\Microsoft\Windows\Network Connections\NC_StdDomainUserSetLocation
To the following REG_DWORD value: 1

 

 

Labels:
11.9K Views
0 Likes
4 Replies
Reply
4 Replies
pvanberlo

‎Sep 01 2021 05:32 AM

‎Sep 01 2021 05:32 AM

Re: Enable 'Require domain users to elevate when setting a network's location'

@JimmyWork There was a similar post on Tech Community last month, does this offer any help?

1 Like
Reply
JimmyWork

‎Sep 01 2021 06:34 AM - edited ‎Sep 01 2021 07:55 AM

‎Sep 01 2021 06:34 AM - edited ‎Sep 01 2021 07:55 AM

Re: Enable 'Require domain users to elevate when setting a network's location'

Thank you for answering.
The error code is the same but this is an old registry file and it is available in the Feeds.admx on the computer.

Running Windows 10 Enterprise 21H1.

If I create this as a single administrative template instead of a catalog settings I get Not Applicable.

Creating the registry file also does not correspond to the security recommendations as they still report the settings is not turned on after multiple days.

When checking the logs on the computer I can see the following.

MDM ConfigurationManager: Command failure status. Configuration Source ID: (XXXXXXXXXXXXXXXXXXX), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (Policy), Command Type: (Add: from Replace or Add), CSP URI: (./Device/Vendor/MSFT/Policy/Config/ADMX_NetworkConnections/NC_StdDomainUserSetLocation), Result: (The system cannot find the file specified.).

0 Likes
Reply
JimmyWork

‎Sep 02 2021 11:57 PM

‎Sep 02 2021 11:57 PM

Re: Enable 'Require domain users to elevate when setting a network's location'

Short update

 

If I manually activate the GPO on the local computer then everything works.
When activating the GPO locally it creates the same registry file I create manually but it will still give the same error when using settings catalog device configuration or admin templates device configuration.

 

I have made a ticket with Microsoft regarding this because something is of, the file is there I can enable it manually but it's still errors out in device configuration etc.

0 Likes
Reply
best response confirmed by JimmyWork (Iron Contributor)
JimmyWork

‎Sep 07 2021 01:49 AM

‎Sep 07 2021 01:49 AM

Solution

Re: Enable 'Require domain users to elevate when setting a network's location'

This is now solved.

The device needs to be in the Windows 10 insider channel for this settings to be applied.

 

JimmyWork_0-1631004410683.png

https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-admx-networkconnections#ad...

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by JimmyWork (Iron Contributor)
JimmyWork

‎Sep 07 2021 01:49 AM

‎Sep 07 2021 01:49 AM

Solution

Re: Enable 'Require domain users to elevate when setting a network's location'

This is now solved.

The device needs to be in the Windows 10 insider channel for this settings to be applied.

 

JimmyWork_0-1631004410683.png

https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-admx-networkconnections#ad...

View solution in original post

0 Likes
Reply