Sorry this is long but i have never seen anything like this before.
The solution would be pretty simple on a Domain but not so easy on a Work-group. The situation is this:
It is an office environment where 20 users all connect to the work-group with laptops that run Windows 7, Windows 8 and windows 8.1. I need a way to configure a network profile that, when chosen, would connect each system to prefigured settings that would have their static IP, sub-net, gateway and DNS for their IPV4 on the Hardwired connections locked in. In addition I need to completely disable all WiFi capability ( reason further down ) This would be akin to a WORK profile on a Domain. Having this would allow for them to change to a Home Profile when leaving and open up their WiFi for use outside the office
As the 2nd part, I would like a simple (Hah!) way to disable all HOME-GROUP options and capability and if possible permanently remove all capability for creating or joining one. These are all office systems which the users DO take home but they do not belong to them so disabling Home-groups should not be an issue.
WHY I want to do this: during a Recent network problems, I found today that one person had resorted to using her laptop's WiFi to connect to her I-phone Hot-spot to get on the Internet. As it was explained to me, she had also allowed some of her friends to also use her hot-spot. I do not have all the details as they do not seem to be eager to discuss the issue but one of the people she gave permission to is about 150 ft away from, her desk. I have seen (and used) the WiFi hot-spots that are built into a smartphone and I have yet to find one that would carry over 15 ft. Much less 100 ft!
After investigating I found that all of the users who did manage to connect are on the same network switch. That switch connects over 20 people and printers to a line coming from the Office router. In this case, the input to the router had been cut so there was no Internet but apparently the connection through the Switch enabled this one person to in some way use the switch in a "back-flow" manner with her Iphone providing Input to allow these other people 100+feet away to be able to piggy-back onto her I-phone. Most switches are now "smart" such that any port can be the "input" so the switch just took what it was given and distributed it
To make matters worse, when I started shutting them all down to try to reconnect the router into the network, several of the systems popped up messages saying that it I rebooted it would break their connection to the >>HOME-GROUP<< they were in!
This <<Home-group>> turned out to belong to yet another user who did not know she was connected to anyone through anything. Much less providing a Full Home-group connection to share ...??? i don't even know what. That mystery I am still trying to resolve. This same procedure also happened on two others systems and they were connected to even more Home-groups owned by people who also did not know they were connected to anyone by anything. No one remembers anything about any kind of questions about permissions or passwords
I have never seen this type of behavior before but I must find a way to put an end to it!
My Preference would be deleting all Home-Group capability on all systems! No one uses it and most people honestly did not even know what it was. But the possibility for serious problems provided by people being interconnected "in the background" as it were, looks to me like an open invitation to all kinds of bad things.
Since this is a Work-group and not a domain, I have no control over what, if any, security software each person uses or doesn't use. Viruses and Malware would have a field day in a setup like that where many systems are already on a "hidden in plain site" sub-group which neither the users nor the owners of had any idea they were connected to. They have no use for ir but Something! obviously did.
It could have been this way for months When they go home, most just shut down Windows and leave. I cannot believe it has been like this for very long or I would have seen it at least once. I found a total of 4 separate systems that were broadcasting invitations to join their Home-group. Yet I have never seen an "invitation" to join anything and no one else says they have either.
None of these people are very Tech-Savvy and none of them even knew what I meant or the risks involved. None of them even knew (or would admit to) having said YES to any kind of connection but I have seen what a Home-group Invite looks like and it is innocuous enough that i doubt anyone would say NO if invited even though they have NO idea what it is.
I have found a multitude of methods for disabling various parts of the Home-group thing but no single solution. Some of them involve changes in the Registry that involve elevating the permissions to the SHELL group so that a change can be made at all. It is EASY to turn off WORK-groups so why is it so hard to disable HOME-groups?
Sorry this was so long, I should have made it two questions but I have been at this all day and I have a bad feeling that if i don't find a solution soon, the problems are going to get worse. I have run multiple Malware and AV scans and actually did turn up several PUPs on one system but those are not the kind of thing I would send up a lot of red-flags over although they should not have ANY. Malwarebytes found and removed those very easily. If they are all back again tomorrow THEN I get worried!
In closing. The first and foremost I need is the Profile utility I have found a few on Source-Forge and I a trying to see if any can be configured from what I need.
I could do part of it with a script (disable all WiFi) and that would leave only the hard-wired NIC to deal with. Is there a net-use command to disable WiFi>? and re-enable it afterward?
Please excuse typos and other. It is late and I am totally distraught.
Thanks for anyone who took the time to read this.