Solved

How can power users change IP address?

Posted on 2006-06-27
6
2,374 Views
Last Modified: 2013-12-23
My organization is running on Windows XP with users only having Power User rights. I want to know if there's a way that the user's can change their IP address (dhcp-static, vice-versa) without using admin rights?

I know that netsh command is able to do that but it only works for admin users.

It'll be great if it's do-able with scripts that users can run anytime.
0
Comment
Question by:terencesong
  • 3
  • 3
6 Comments
 
LVL 37

Accepted Solution

by:
Bing CISM / CISSP earned 500 total points
ID: 17029560
umm... switching between DHCP and static without admin rights is NOT possible. if it was possible, MS's security system on windows would be considered as rubbish, then you could use this trick to crack other systems.

anyway, some scenarios we do need this. since XP, MS provides a BACKUP IP for each system, which may partly solve the problem. to enable it, double-click your LAN connection icon, at click Properties/General/TCPIP/Properties/Alternate Configuration to input the backup one. so, as soon as DHCP is available, DHCP assigned IP will be used; otherwise, this one will be used instead.

hope it helps,
bbao
0
 
LVL 2

Expert Comment

by:battletech
ID: 17085260
This to be possible up to a few weeks ago.  We used to run a netsh script for some of our power users at boot up so they could change their IP address per their location.  Although I have not tested it yet, I believe the patch (Vulnerability in TCP/IP Could Allow Remote Code Execution (917953)) posted here:  http://www.microsoft.com/technet/security/Bulletin/MS06-032.mspx is the culprit.  I hope this helps…
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 17095961
> We used to run a netsh script for some of our power users at boot up so they could change their IP address per their location

really? i reckon that even your system haven't pacthed for this vulnerability, running a NETSH script at boot up still could NOT change the system's IP with non-admin's rights. because:

1. the vulnerability is caused by an unchecked buffer in the TCP/IP Protocol driver, it can be exploited by creating a specially crafted network PACKET and sending the packet to an affected system. NETSH can not send out such package or message.

2. you need a specialized attacking program to obtain admin rights, before running NETSH.

3. even you could obtain the admin rights by exploiting the vulnerability, it seemed that you still could not use NETSH to change system's IP because NETSH calls WIN32 APIs to switch networking settings, which is under security control.  you should write a program to call the TCP/IP Protocol driver directly.

anyway, using a vulnerability to implement a function is NOT recommended.

i just got another idea. is it possible to call netsh from an user-customized system service? you know, a system service can be executed with admin rights, even a non-admin user has logged in.

hope it helps,
bbao
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 2

Expert Comment

by:battletech
ID: 17100165
Really!!!  Our systems our continually patched and until recently we were using a batch file to execute selected netsh commands to change the ip address as a power user!!!  It is possible and as I explained, I haven’t figure out which patch has broken this; I simply suggested one that I thought might be the culprit.  Keep in mind the one small permissions change in the OS can keep something from working.  This script has been working on several laptops in our organization.  We aren’t exploiting any particular vulnerability; we are working within the confines of the OS.  It might not be the perfect way to do it, but it worked.  And when Microsoft doesn’t have options like this built into the OS, one must adapt and overcome…  I am confident that we will find a work around once again!  You are on the right track with the system service idea.  A member of our staff is working on something like that...
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 17100280
hehe. anyway, i still reckon that the above mentioned particular vulnerability seems not related to the issue we are discussing. :) anyway, exploiting a vulnerability seems not feasible here, doesn't it? :)
0
 
LVL 2

Expert Comment

by:battletech
ID: 17101607
Yes, you are correct.  The particular vulnerability may not be the culprit, however knowing microsoft and how things are fixed, you never know where, when and why some things are changed.  It does make sense that the vulnerability could have made them change certain permissions in certain areas.  Just food for thought... :-)
0

Featured Post

New My Cloud Pro Series - organize everything!

With space to keep virtually everything, the My Cloud Pro Series offers your team the network storage to edit, save and share production files from anywhere with an internet connection. Compatible with both Mac and PC, you're able to protect your content regardless of OS.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now