• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 299
  • Last Modified:

how to change the remote computer gateway in local network

Hi,

we are using the multiple internet connection in my office, some user change the default gateway using the restrcit website in office hours.

i required to change the local users system defalult gateway  from my system using regedit (connect network ragistry) or command line tool.

Regards,
Naresh
0
nareshver
Asked:
nareshver
1 Solution
 
darrenakinCommented:
Are you running a DC? If you are implement a group policy
0
 
nareshverAuthor Commented:
yes i am using the windows 2003 Domain Controller in my local office, but don't know how to create the group policy to block the user to change the default gateway only.

Any command line tool to change the remote computer gateway.
Naresh
0
 
Drizzt420Commented:
Are you in a domain based environment or peer-to-peer?

If you have a domain based environment, it would be pretty easy to use group policy to deny users the ability to change their network settings. Then configure DHCP to hand out the gateway address that you want the users to use, and assign it a metric of 1, then (assuming that you would want internet fault tolerance) have it hand out the address of the second gateway with a metric of 2.

In a peer-to-peer based network, you could got to start, run, type "mmc" press enter, then go to file, add remove snap in, click "add", and then choose "Local Group Policy" or "Group Policy Object" (not sure what it is named but it is close to one of those) Highlight the group policy snap-in and click "add", you will then be asked if you want to use the snap-in locally, or on another computer. Choose to run it for the computer in question by using the browse feature. I am not positive that you will be able to assign network info this way in Windows 2000, but I know you can prevent them from being able to change the settings in the future.

0
Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

 
nareshverAuthor Commented:
Hi,

We are not using the DHCP in in our office.

I have enable the security "Prohibit TCP/IP advanced configuration" and restart the user system, but user still able to change the network setting.
note:- when i configure the user system with domain , I have given the administrator rights to every users.


Any command line tool to change the remote computer gateway.



Regards,
Naresh.
0
 
Toni UranjekConsultant/TrainerCommented:
You can change IP configuration of client with netsh:

netsh int ip set address L static 192.168.3.18 255.255.255.0 192.168.3.254

L = Local Area Conection <-- name of your NIC in control panel
1st IP is IP number of client
2nd is subnet mask
3rd is default gateway

If you need to execute this command remotely, you can use psexec from sysinternal.com

0
 
Drizzt420Commented:
Even if you made everyone a domain administrator in the network you can still lock them out of the network settings by using group policy

Try looking under User Configuration, Administrative Templates, Network, Network Connections - The previous location came from a Windows XP machine but I am pretty sure 2000 has the same if not similiar settings, if this is not the case, there are alot of places out there where you can download additional administrative templates that will add tons of more functionality to the GP console.

This setting should do what you want:

Determines whether users can change the properties of a LAN connection.

This setting determines whether the Properties menu item is enabled, and thus, whether the Local Area Connection Properties dialog box is available to users.

If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties menu items are disabled for all users, and users cannot open the Local Area Connection Properties dialog box.

Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.

If you disable this setting or do not configure it, a Properties menu item appears when users right-click the icon representing a LAN connection. Also, when users select the connection, Properties is enabled on the File menu.

Note: This setting takes precedence over settings that manipulate the availability of features inside the Local Area Connection Properties dialog box. If this setting is enabled, nothing within the properties dialog box for a LAN connection is available to users.

Note: Nonadministrators have the right to view the properties dialog box for a connection but not to make changes, regardless of this setting.

0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
This is one of the MANY, MANY, MANY reasons NOT to give users Administrator rights.  Doing so grants them the ability to change many settings.  And Group Policy will work - to an extent.  Users may still be able to log on locally and add a persistant route or change the network settings that way.

The simple solution is to take away the admin rights - I know this will work - I just did it at one of my clients and was unable to add a route using the route command.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now