Prohibit use of Internet Connection Sharing on your DNS domain network

Information

Determines whether administrators can enable and configure the Internet Connection Sharing (ICS) feature of an Internet connection and if the ICS service can run on the computer.
ICS lets administrators configure their system as an Internet gateway for a small network and provides network services, such as name resolution and addressing through DHCP, to the local private network.
If you enable this setting, ICS cannot be enabled or configured by administrators, and the ICS service cannot run on the computer. The Advanced tab in the Properties dialog box for a LAN or remote access connection is removed. The Internet Connection Sharing page is removed from the New Connection Wizard. The Network Setup Wizard is disabled.
If you disable this setting or do not configure it and have two or more connections, administrators can enable ICS. The Advanced tab in the properties dialog box for a LAN or remote access connection is available. In addition, the user is presented with the option to enable Internet Connection Sharing in the Network Setup Wizard and Make New Connection Wizard. (The Network Setup Wizard is available only in Windows XP Professional.)
By default, ICS is disabled when you create a remote access connection, but administrators can use the Advanced tab to enable it. When running the New Connection Wizard or Network Setup Wizard, administrators can choose to enable ICS.
Note: Internet Connection Sharing is only available when two or more network connections are present.
Note: When the 'Prohibit access to properties of a LAN connection,' 'Ability to change properties of an all user remote access connection,' or 'Prohibit changing properties of a private remote access connection' settings are set to deny access to the Connection Properties dialog box, the Advanced tab for the connection is blocked.
Note: Nonadministrators are already prohibited from configuring Internet Connection Sharing, regardless of this setting.
Note: Disabling this setting does not prevent Wireless Hosted Networking from using the ICS service for DHCP services. To prevent the ICS service from running, on the Network Permissions tab in the network's policy properties, select the 'Don't use hosted networks' check box.

Solution

Policy Path: Network\Network Connections
Policy Setting Name: Prohibit use of Internet Connection Sharing on your DNS domain network

See Also

https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-version-21h1/ba-p/2362353

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b.

Plugin: Windows

Control ID: b30a601795e28805ed5e1c159a59da1078cce938bd60a2ac5a7cdf7e1393d723