Ensure 'Prohibit installation and configuration of Network Bridge on your DNS domain network' is set to 'Enabled'


You can use this procedure to controls user's ability to install and configure a Network Bridge.

The recommended state for this setting is: Enabled.


The Network Bridge setting, if enabled, allows users to create a Layer 2 Media Access Control (MAC) bridge, enabling them to connect two or more physical network segments together. A Network Bridge thus allows a computer that has connections to two different networks to share data between those networks.

In an enterprise managed environment, where there is a need to control network traffic to only authorized paths, allowing users to create a Network Bridge increases the risk and attack surface from the bridged network.


To establish the recommended configuration via GP, set the following UI path to Enabled:

Computer Configuration\Policies\Administrative Templates\Network\Network Connections\Prohibit installation and configuration of Network Bridge on your DNS domain network

Note: This Group Policy path is provided by the Group Policy template NetworkConnections.admx/adml that is included with all versions of the Microsoft Windows Administrative Templates.


Users cannot create or configure a Network Bridge.

Default Value:

Disabled. (Users are able create and modify the configuration of Network Bridges. Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure.)

See Also


Item Details


References: 800-53|AC-4, CSCv6|5.1

Plugin: Windows

Control ID: 28762c073327dc0e45cf08e2bb98a480196cbd78d026631b772bece5e4730c80