Solved

How can i use an app that changes IP or grant a user rights to change their IP when the user has no admin rights?

Posted on 2008-06-20
12
199 Views
Last Modified: 2010-04-02
Hi there
I'm currently looking for a way to give users the capability to change their IP address when their PC is locked down and the user has no administration rights. I either want an application they can use that can change their IP to what ever they specify it as or some how grant them rights to change their IP in network connection properties. Does anyone have suggestions of the best way to do this? I've tried some methods but neither of these work in lock down..
Your help would be much appreciated.
Many thanks
Adam
0
Comment
Question by:AD_83
  • 5
  • 5
  • 2
12 Comments
 
LVL 14

Expert Comment

by:agriesser
Comment Utility
Does this app need to have a GUI where the user can enter the desired IP address or is a configuration file or the like good enough?
0
 
LVL 82

Expert Comment

by:oBdA
Comment Utility
You need to add the user(s) in question to the local group "Network Configuration Operators" on the machine in question; this will give them the permissions to change the IP address.
The command
rundll32 shell32.dll,Control_RunDLL ncpa.cpl
will open the network properties.
0
 

Author Comment

by:AD_83
Comment Utility
agriesser - It's not essential that its a GUI but i think it'd make things easier for the user. But a config file like you mention may be good because it doesnt breech any licensing laws. Also, it needs to be fairly flexible because they may need change it to certain static IPs. Can you explain a further about the configuration file you mention?

oBdA - Would the "Network Configuration Operators" group and command 'rundll32 shell32.dll,Control_RunDLL ncpa.cpl' Work in a locked down machine? I tried adding the user to Network Configuration Operators group within Active Directory and this unfortunately didn't work.
0
 
LVL 82

Expert Comment

by:oBdA
Comment Utility
That depends on what exactly is locked down; I can't tell what you did to your clients ...
And as I said: he users need to be added to the *local* "Network Configuration Operators" group on "their" machines.
0
 

Author Comment

by:AD_83
Comment Utility
The earliest i can try adding a user to the "Network Configuration Operators" group is Monday. I'll let you know how i get on.
Thanks oBdA
0
 
LVL 14

Expert Comment

by:agriesser
Comment Utility
Did adding the user to this local group work?
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Author Comment

by:AD_83
Comment Utility
Hi Agriesser

Unfortunatly no this doesnt work when the PC is in lockdown. The Properties of Local Area Connection is not available to the user,
0
 
LVL 14

Expert Comment

by:agriesser
Comment Utility
You need to do this as administrator.
No matter what solution you gonna choose: You need to prepare this system prior to letting users change the IP address.

And now I think this is your real question. You have a computer where you don't have administrative access and need to chamge the IP address, is that right?
0
 

Author Comment

by:AD_83
Comment Utility
i am a domain administrator.

I logged in as local admin, added the user in the network configuration operators group as suggested then logged in as the user but unfortunatly the lock down policy over rights this access. If i remove the PC out of the lockdown OU and then login as the user it works but the PC needs to remain in lockdown.  
0
 
LVL 14

Expert Comment

by:agriesser
Comment Utility
I assume that there's a GPO attached to the lockdown OU, right?
If so, you need to create a new OU and apply a different policy object to it which puts the desired users in the local group as mentioned above.

Local changes will always get overwritten by the domain policy.
0
 
LVL 14

Accepted Solution

by:
agriesser earned 250 total points
Comment Utility
0
 

Author Comment

by:AD_83
Comment Utility
That makes sense agrisser. To get another OU created with a new GPO allowing the Network Config group is going to be a long process here. It requires a number of different processing, approvers etc quite annoying really. I'm going to put this forward but as i said its long process so dont expect a update reagrding this for a while.
The idea you suggested makes sense and the most logical solution.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

A Cisco router can be configured as a DHCP Server. There are advantages and disadvantages in making your Cisco router work as DHCP Server. Almost all the features for windows DHCP can be configured on Cisco-based DHCP server. Some of the features me…
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now