how to change the remote computer gateway in local network

Posted on 2006-11-21
Last Modified: 2012-06-27

we are using the multiple internet connection in my office, some user change the default gateway using the restrcit website in office hours.

i required to change the local users system defalult gateway  from my system using regedit (connect network ragistry) or command line tool.

Question by:nareshver
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Accepted Solution

darrenakin earned 500 total points
ID: 17993486
Are you running a DC? If you are implement a group policy

Author Comment

ID: 17993524
yes i am using the windows 2003 Domain Controller in my local office, but don't know how to create the group policy to block the user to change the default gateway only.

Any command line tool to change the remote computer gateway.

Expert Comment

ID: 17993532
Are you in a domain based environment or peer-to-peer?

If you have a domain based environment, it would be pretty easy to use group policy to deny users the ability to change their network settings. Then configure DHCP to hand out the gateway address that you want the users to use, and assign it a metric of 1, then (assuming that you would want internet fault tolerance) have it hand out the address of the second gateway with a metric of 2.

In a peer-to-peer based network, you could got to start, run, type "mmc" press enter, then go to file, add remove snap in, click "add", and then choose "Local Group Policy" or "Group Policy Object" (not sure what it is named but it is close to one of those) Highlight the group policy snap-in and click "add", you will then be asked if you want to use the snap-in locally, or on another computer. Choose to run it for the computer in question by using the browse feature. I am not positive that you will be able to assign network info this way in Windows 2000, but I know you can prevent them from being able to change the settings in the future.

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!


Author Comment

ID: 17993723

We are not using the DHCP in in our office.

I have enable the security "Prohibit TCP/IP advanced configuration" and restart the user system, but user still able to change the network setting.
note:- when i configure the user system with domain , I have given the administrator rights to every users.

Any command line tool to change the remote computer gateway.

LVL 31

Expert Comment

by:Toni Uranjek
ID: 17993858
You can change IP configuration of client with netsh:

netsh int ip set address L static

L = Local Area Conection <-- name of your NIC in control panel
1st IP is IP number of client
2nd is subnet mask
3rd is default gateway

If you need to execute this command remotely, you can use psexec from


Expert Comment

ID: 17994163
Even if you made everyone a domain administrator in the network you can still lock them out of the network settings by using group policy

Try looking under User Configuration, Administrative Templates, Network, Network Connections - The previous location came from a Windows XP machine but I am pretty sure 2000 has the same if not similiar settings, if this is not the case, there are alot of places out there where you can download additional administrative templates that will add tons of more functionality to the GP console.

This setting should do what you want:

Determines whether users can change the properties of a LAN connection.

This setting determines whether the Properties menu item is enabled, and thus, whether the Local Area Connection Properties dialog box is available to users.

If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties menu items are disabled for all users, and users cannot open the Local Area Connection Properties dialog box.

Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.

If you disable this setting or do not configure it, a Properties menu item appears when users right-click the icon representing a LAN connection. Also, when users select the connection, Properties is enabled on the File menu.

Note: This setting takes precedence over settings that manipulate the availability of features inside the Local Area Connection Properties dialog box. If this setting is enabled, nothing within the properties dialog box for a LAN connection is available to users.

Note: Nonadministrators have the right to view the properties dialog box for a connection but not to make changes, regardless of this setting.

LVL 96

Expert Comment

by:Lee W, MVP
ID: 17999917
This is one of the MANY, MANY, MANY reasons NOT to give users Administrator rights.  Doing so grants them the ability to change many settings.  And Group Policy will work - to an extent.  Users may still be able to log on locally and add a persistant route or change the network settings that way.

The simple solution is to take away the admin rights - I know this will work - I just did it at one of my clients and was unable to add a route using the route command.

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
A big percent of today’s marketing activity is performed through the online environment. The marketing strategies that have existed a decade ago no longer relate to what’s happening today. We’re currently facing a revolutionary era, called the digit…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question