Local Area Connection properties access for Users

Greetings...I have laptop users who travel to different offices.  Currently, their local user accounts give them administrator rights to their laptops, because they need to change their static IP addresses every time they are working at a different office.  Is there a way I can give them the appropriate access without them being administrators?

I need my users to be able to configure static IP addresses without them being administrators on their systems.

(I know, I know, DHCP is the way to go and we are slowly migrating there...but I need a solution in the interim)
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

It is their machine. Let them keep the administrative rights. This can benefit you for other occasions, such as when you perform an upgrade for them, but the upgrade steals your rights of administrator, so basic users cannot use it. Letting them retain administrative rights to standalone unit can cut back on some of that grief. Besides, from security standpoint, once they have possession of the box, they essentially have ability to do as they will. While they are administrators, it is easier to make this clear to all parties, and it may help to encourage some of them to develop better safe habits.

But some OS permit people other than administrators to change their address, and this is among the reasons.
you could try using poledit to lock em out of what you dont want
i agree with drcspy. i think the equvalent for windows 2000 is the local security policy.
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

but if they have admin right, they can unedit it back rite ?
yes, most likely. but you can audit the changes to the security policy so that you have proof of those changes that they made and should not have.

To enable auditing of Security Policy Changes, follow the steps below appropriate for your platform.

For Windows NT:

Open User Manager. (From the Windows NT Start menu, select Programs, Administrative Tools (Common), and User Manager.)
Select the account from the list.
From the Policies menu, select Audit to display the Audit Policy dialog box.
Enable Security Policy Changes auditing on Success and Failure.

For a Windows 2000 domain:

Start Microsoft Management Console (MMC).
Add Group Policy Snap-in.
Browse Group Policy Objects.
Select the Domain Policy of interest.
Traverse the following path:
Computer Configuration, Windows Settings, Security Settings, Local Policies, Audit Policy, and Audit Policy Change.
Enable the option, and select auditing for success and failure attempts.

For a stand-alone Windows 2000 computer:

On the computer of interest, start gpedit.msc. The focus is local computer by default.
Traverse the following path:
Computer Configuration, Windows Settings, Security Settings, Local Policies, Audit Policy, and Audit Policy Change.
Enable the option, and select auditing for success and failure attempts.

Microsoft Knowledge Base Article Q174074, "Security Event Descriptions" at http://support.microsoft.com/support/kb/articles/q174/0/74.asp


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Maybe from another view point.  On that pc (localy) run C:\WINNT\system32\regedt32.exe.  Expand to HKLM\System\Services\TCPIP\Parameters\Interfaces
From there you will see an entry for each network interface installed.  Choose the one you wish to allow them to modify.  Then from the menu bar "Secutiry"/permissions.  Add that users account then click advanced.  From here select the users account from the list and click edit.  Place a check in the "Set Value" allow box click ok all the way back out.  Now this is where it may or may not get ugly.  This will allow there standard user account to change ONLY the ip configuration for that interface, wihtout admin rights.  But changing it may be a bit of a hang.  At this point the user will need to change the IP in one of 3 ways, a reg file created for them for each location that they can merge for changes, teach them to change those values manually using regedit, get or create a seperate vb app which will allow them to just type in the info.  I realize this is a nasty back door suggestion, but it is the only way that I know for you to allow a user to change there IP without having admin rights.  I would  be happy to explain more if you think this may work for you.  And I would be happy to create an example reg file.  Maybe not the solution you where looking for but certianly a direction to consider.

No comment has been added lately (210 days), so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question

to be PAQ'd, with points forfeited.

Please leave any comments here within the next SEVEN days.


EE Cleanup Volunteer
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Operating Systems

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.