Has anyone figured out a way for certain personnel to update network adapter settings on Windows 11 without needing local admin rights? I'm trying to get around the limitations of the built-in Network Configuration Operators group, which seems less effective in Windows 11 compared to 10, especially for adjusting speed and duplex settings. I've heard suggestions about using Task Scheduler with scripts, but I'd prefer to skip that route. Any tips are greatly appreciated!
3 Answers
You might want to check out Just Enough Administration (JEA). It’s a native solution that uses PowerShell and works pretty well. You can create custom wrapper functions to restrict what settings users can modify. For example, I set it up to let engineers switch between static IP and DHCP only. Here are some resources that could help you get started:
- PSRC file: [pastebin.com/MSC92Msa](https://pastebin.com/MSC92Msa)
- PSSC file: [pastebin.com/RnWDzAMp](https://pastebin.com/RnWDzAMp)
Just make sure to change the GUIDs - you can generate new ones [here](https://www.uuidgenerator.net/guid). Follow this guide to register it: [learn.microsoft.com](https://learn.microsoft.com/en-us/powershell/scripting/security/remoting/jea/register-jea?view=powershell-7.5). Good luck!
You can add users to the "Network Configuration Operators" group, but note they might need to use the classic Control Panel applet instead of the new settings app. It's a bit of a hassle, but it gets the job done!
It does work in Windows 11, but users will definitely have to use the classic Control Panel—create a shortcut for them to make it easier. As for fiddling with speed and duplex settings, you might want to think twice about that. Why let just anyone mess with those parameters?
I totally agree! In my last job, we often had to hard code speed and duplex for building embedded systems. It was critical for ensuring compatibility with various vendor devices.
Some hardware engineers need to set specific values for legacy operational technology (OT) devices, so it’s sometimes necessary. Trust me, OT systems can be quite primitive and require specific configurations.