Solved

how to change the remote computer gateway in local network

Posted on 2006-11-21
7
283 Views
Last Modified: 2012-06-27
Hi,

we are using the multiple internet connection in my office, some user change the default gateway using the restrcit website in office hours.

i required to change the local users system defalult gateway  from my system using regedit (connect network ragistry) or command line tool.

Regards,
Naresh
0
Comment
Question by:nareshver
7 Comments
 
LVL 5

Accepted Solution

by:
darrenakin earned 500 total points
Comment Utility
Are you running a DC? If you are implement a group policy
0
 

Author Comment

by:nareshver
Comment Utility
yes i am using the windows 2003 Domain Controller in my local office, but don't know how to create the group policy to block the user to change the default gateway only.

Any command line tool to change the remote computer gateway.
Naresh
0
 
LVL 4

Expert Comment

by:Drizzt420
Comment Utility
Are you in a domain based environment or peer-to-peer?

If you have a domain based environment, it would be pretty easy to use group policy to deny users the ability to change their network settings. Then configure DHCP to hand out the gateway address that you want the users to use, and assign it a metric of 1, then (assuming that you would want internet fault tolerance) have it hand out the address of the second gateway with a metric of 2.

In a peer-to-peer based network, you could got to start, run, type "mmc" press enter, then go to file, add remove snap in, click "add", and then choose "Local Group Policy" or "Group Policy Object" (not sure what it is named but it is close to one of those) Highlight the group policy snap-in and click "add", you will then be asked if you want to use the snap-in locally, or on another computer. Choose to run it for the computer in question by using the browse feature. I am not positive that you will be able to assign network info this way in Windows 2000, but I know you can prevent them from being able to change the settings in the future.

0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:nareshver
Comment Utility
Hi,

We are not using the DHCP in in our office.

I have enable the security "Prohibit TCP/IP advanced configuration" and restart the user system, but user still able to change the network setting.
note:- when i configure the user system with domain , I have given the administrator rights to every users.


Any command line tool to change the remote computer gateway.



Regards,
Naresh.
0
 
LVL 31

Expert Comment

by:Toni Uranjek
Comment Utility
You can change IP configuration of client with netsh:

netsh int ip set address L static 192.168.3.18 255.255.255.0 192.168.3.254

L = Local Area Conection <-- name of your NIC in control panel
1st IP is IP number of client
2nd is subnet mask
3rd is default gateway

If you need to execute this command remotely, you can use psexec from sysinternal.com

0
 
LVL 4

Expert Comment

by:Drizzt420
Comment Utility
Even if you made everyone a domain administrator in the network you can still lock them out of the network settings by using group policy

Try looking under User Configuration, Administrative Templates, Network, Network Connections - The previous location came from a Windows XP machine but I am pretty sure 2000 has the same if not similiar settings, if this is not the case, there are alot of places out there where you can download additional administrative templates that will add tons of more functionality to the GP console.

This setting should do what you want:

Determines whether users can change the properties of a LAN connection.

This setting determines whether the Properties menu item is enabled, and thus, whether the Local Area Connection Properties dialog box is available to users.

If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties menu items are disabled for all users, and users cannot open the Local Area Connection Properties dialog box.

Important: If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.

If you disable this setting or do not configure it, a Properties menu item appears when users right-click the icon representing a LAN connection. Also, when users select the connection, Properties is enabled on the File menu.

Note: This setting takes precedence over settings that manipulate the availability of features inside the Local Area Connection Properties dialog box. If this setting is enabled, nothing within the properties dialog box for a LAN connection is available to users.

Note: Nonadministrators have the right to view the properties dialog box for a connection but not to make changes, regardless of this setting.

0
 
LVL 95

Expert Comment

by:Lee W, MVP
Comment Utility
This is one of the MANY, MANY, MANY reasons NOT to give users Administrator rights.  Doing so grants them the ability to change many settings.  And Group Policy will work - to an extent.  Users may still be able to log on locally and add a persistant route or change the network settings that way.

The simple solution is to take away the admin rights - I know this will work - I just did it at one of my clients and was unable to add a route using the route command.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now