Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

NetSh and Admin rights

Posted on 2003-11-21
26
Medium Priority
?
3,604 Views
Last Modified: 2011-10-03
Hello
I have a few users who travel and visit different offices. We have a VPN setup for all offices. I have created batch files (using Netsh utility) for them to swtich between different network settings (that is IP address, gateway etc). I can run these batch files with adminstrative rights but not as users or even power users rights. We dont use DHCP.  I dont want to use any third party software utility for this purpose.  How can I use the Netsh command without giving local admin rights to the users?
0
Comment
Question by:nazirahmed
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 16
  • 9
26 Comments
 
LVL 11

Author Comment

by:nazirahmed
ID: 9797806
Extremely sorry, i was in hurry. I would be gratefull for you guys help. Thanks in advance
Naz
0
 
LVL 37

Expert Comment

by:bbao
ID: 9798362
hi, personally i think i have similar requirements as yours but i dont use netsh to change the setting for different IPs, gateways. as you mentioned, it needs adminstrator rights because it changes the network configuration and the procedures are complex.

my solution is simple. in a few words, that is multihome ip addresses for the host, which includes all the ip addressess need for all the offices. every time when you visit one of them, just change the default gateway for the office by using "route add" command. you know the route command can be issued by common users, without adminstrator rights.

ok, lets talk it in detail. for example if you have 3 offices with 3 ip assignments:
1: 1.1.1.1 default gateway 1.1.1.100
2: 2.2.2.2 default gateway 2.2.2.100
3: 3.3.3.3 default gateway 3.3.3.100

setup all the ip addresses on the notebook that, make the default gatway is that which office  he/she visit most often. ok, when you visit other office, just execute the following command by manually typing or batch file:

route add 0.0.0.0 mask 0.0.0.0 x.x.x.100

thats ok!

hope it helps,
bbao
0
 
LVL 11

Author Comment

by:nazirahmed
ID: 9801153
Hello there
thats my question....is there anyway to do that without giving admin rights....????? :) i will try the solution you gave.
take care

0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 11

Author Comment

by:nazirahmed
ID: 9801161
hello again
dont you think it will slow down the network communication for the machine having mulipal IPs and defualt gateways?
0
 
LVL 37

Expert Comment

by:bbao
ID: 9801185
1. it definitely does not need administrator rights.
2. it does not slow down the neteork communication, because the ip routing is based on local route table, the default gateway is the first iterm wich includes the ip address of next stop. so, take it easy.
3. i use it every day. :-)
0
 
LVL 11

Author Comment

by:nazirahmed
ID: 9802277
i m talking about the admin rights for Netsh utility, if there is anyway to run that command without admin rights, plz anyone let me know. thanks bbao
0
 
LVL 37

Accepted Solution

by:
bbao earned 750 total points
ID: 9802320
your purpose of using netsh is to switch ip addresses and gateway, which has been accomplished by my solution without netsh, also without the necessary of adminstrator rights.

you know, as a principle of network administration, use lower rights as possible as you can. network configuration is at system level, so changing ip address must need supervisor permissions, no way to pass around it, else window nt/2k/xp would not be a c2-level system.

what you want, should be, to switch ip, not to change ip, to pass around the permission issue.

anyway, if you still want to find a command to swtich to supervisor rights from a normal user rights, that is su.exe, a command of w2k resource kit, not a part of original w2k. again, i would not suggest it, for better security.

hope it helps,
bbao
0
 
LVL 11

Author Comment

by:nazirahmed
ID: 9802908
ok i will check on monday and will get back to u. take care
0
 
LVL 11

Author Comment

by:nazirahmed
ID: 9849543
Sorry for the delay, i did not had time to fully test it, but i have a feeling that i should work. thanks for the help, much appreciated.
0
 
LVL 37

Expert Comment

by:bbao
ID: 9849568
sure, thanks for your points, if you have any further problems, just let me know.
0
 
LVL 11

Author Comment

by:nazirahmed
ID: 10163591
bbao
sorry to tell you but today i had the chance to actually work on the solution and it didnt work!
0
 
LVL 37

Expert Comment

by:bbao
ID: 10164196
o? please post your "ipconfig /all" and "route print" results and tell me why you think it didnt work as what you wanted.
0
 
LVL 11

Author Comment

by:nazirahmed
ID: 10166753
ok i will do it tomorrow as the lap top wasnt with me..the user called me from 200 miles. so laptop will be back tomorrow.
0
 
LVL 11

Author Comment

by:nazirahmed
ID: 10382930
Bbao
i am sitting with lap top, i made changes for different iPs, here is the route print
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x1000003 ...00 06 5b d9 00 bc ...... 3Com EtherLink PCI
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0        10.67.0.1     10.67.2.136       1
        10.67.0.0    255.255.192.0      10.67.2.136     10.67.2.136       1
      10.67.2.136  255.255.255.255        127.0.0.1       127.0.0.1       1
      10.67.128.0    255.255.192.0    10.67.129.227     10.67.2.136       1
    10.67.129.227  255.255.255.255        127.0.0.1       127.0.0.1       1
   10.255.255.255  255.255.255.255      10.67.2.136     10.67.2.136       1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1       1
        224.0.0.0        224.0.0.0      10.67.2.136     10.67.2.136       1
  255.255.255.255  255.255.255.255      10.67.2.136     10.67.2.136       1
Default Gateway:         10.67.0.1
===========================================================================
Persistent Routes:
  None
as you can see, the network 10.67.129.227 netmask 255.255.255.255 is going to gatway 127.0.0.1 from itnerface 127.0.0.1
0
 
LVL 11

Author Comment

by:nazirahmed
ID: 10382952
sorry mistakenly pressed enter.
10.67.128.0    255.255.192.0    10.67.129.227     10.67.2.136       1
that one is the remote network user wen to few weeks ago and couldnt connect to it.
any ideas plz
cheers
0
 
LVL 37

Expert Comment

by:bbao
ID: 10388599
nazirahmed, please post the "ipconfig /all" result to here. you know, my solution is based on multihome, you should configure more one ip addresses, each of them for one office of yours.
0
 
LVL 11

Author Comment

by:nazirahmed
ID: 10390278
yes i did added atleast 10 ip addesses to the list, but ipconfig/all is after her visit to the first remote location where it didnt work even she ran a batch file on desktop with rout add command for that specific network.
similarly i created batch files for other offices as well but she hasnt been to other offices yet.

0
 
LVL 11

Author Comment

by:nazirahmed
ID: 10403272
ok bbao here is the ipconfig/all of the same machine whos route print i posted above.
C:\Documents and Settings\Jenny Yeates.WWREGION>ipconfig/all

Windows 2000 IP Configuration

        Host Name . . . . . . . . . . . . : ww01251
        Primary DNS Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : 3Com 3C920 Integrated Fast Ethernet
Controller (3C905C-TX Compatible)
        Physical Address. . . . . . . . . : 00-06-5B-D9-00-BC
        DHCP Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 10.67.129.227
        Subnet Mask . . . . . . . . . . . : 255.255.192.0
        IP Address. . . . . . . . . . . . : 10.67.2.136
        Subnet Mask . . . . . . . . . . . : 255.255.192.0
        Default Gateway . . . . . . . . . : 10.67.0.1
        DNS Servers . . . . . . . . . . . : 10.0.128.138
                                            10.0.128.142
        Primary WINS Server . . . . . . . : 10.67.0.114
help......
0
 
LVL 11

Author Comment

by:nazirahmed
ID: 10403288
the user went to a different location yesterday and she tried the route add command, thats why you can see
IP Address. . . . . . . . . . . . : 10.67.129.227
Subnet Mask . . . . . . . . . . . : 255.255.192.0

the ip address for HQ(where we all based) is
IP Address. . . . . . . . . . . . : 10.67.2.136
Subnet Mask . . . . . . . . . . . : 255.255.192.0

0
 
LVL 37

Expert Comment

by:bbao
ID: 10403824
suppose your ip settings are: (note: the metric numbers are 2)

IP Address 1: 10.67.129.227 mask 255.255.192.0
IP Address 2: 10.67.2.136 mask 255.255.192.0
Gateway 1: 10.67.0.1 metric 2
Gateway 2: 10.67.128.1 metric 2

then use "route add 0.0.0.0 mask 0.0.0.0 10.67.0.1 metric 1" to swith to 10.67.0.0 network,
use "route add 0.0.0.0 mask 0.0.0.0 10.67.128.1 metric 1" to swith to 10.67.128.0 network

to be brief: this solution is based on concept of "multihome + switching routing"
0
 
LVL 11

Author Comment

by:nazirahmed
ID: 10404937
you mean i should first set them to metric 2 and then use route add 0.0.0.0 mask 0.0.0.0 10.67.0.1 metric 1" to swith to 10.67.0.0 network,
use "route add 0.0.0.0 mask 0.0.0.0 10.67.128.1 metric 1" to swith to 10.67.128.0 network
what difference it will make??
0
 
LVL 37

Expert Comment

by:bbao
ID: 10408056
otherwise, there will be two default routing exisiting with same metric, may lead confusion. by applying different metric, the prior route selected.
0
 
LVL 11

Author Comment

by:nazirahmed
ID: 10411090
ok i will try that. thanks
0
 

Expert Comment

by:craryg
ID: 11661894
I have a question for you both...I have several mobile users and we have 15 different locations.  Has this theory been tested and does it work without slow down?
0
 
LVL 11

Author Comment

by:nazirahmed
ID: 11664422
Sorry to say but it didnt work for me. i have to use Netsh while users have admin rights for local machines.
0
 
LVL 37

Expert Comment

by:bbao
ID: 11697778
nazirahmed, sorry, just noticed that "route add" command can NOT work with the rights of a common domain user, the account i used was the member of administrators but i didnt notice this. why did you say "it didnt work for me"? because of the permission issue? please let me know if i can provide further help for the question. cheers, bbao
0

Featured Post

Moving data to the cloud? Find out if you’re ready

Before moving to the cloud, it is important to carefully define your db needs, plan for the migration & understand prod. environment. This wp explains how to define what you need from a cloud provider, plan for the migration & what putting a cloud solution into practice entails.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question