There are two ways to configure NDC so that users cannot make changes. They can be used individually or in combination, and should be used in conjunction with Windows Policies.


1. Use the Require Console Password setting to configure a password in order to use the console. To turn this feature on or off, the console must be run as an administrator  (right click and select Run as administrator). Once a console password is set, anyone on the machine is required to enter that password in order to run the console, regardless of whether their account has user, power user or administrator privileges. This allows an administrator control whether users are allowed to configure how their accounts use NDC.


2. Simply delete the console module (Network Drive Console.exe) from the machine. This does have the drawback that, depending on policies on the PC, a user with sufficient privileges may be able to obtain a copy of Network Drive Console.exe from elsewhere and put it back on the PC.


If you first do 1 above, then 2, then even if someone (including another administrator) replaced Network Drive Console.exe v1.26 or higher, it still would not run unless they had the console password. If someone has sufficient privileges to install Network Drive Console.exe v1.25 or earlier, it would run but would see the drive mapping database as corrupted. Depending on the version, it could still be used to delete the "corrupted" drive mappings and create new ones. For that reason, if preventing users from making drive mapping changes is really important to you, you need to use Windows Group Policies to limit what your users can install & execute.