Solved

How can i use an app that changes IP or grant a user rights to change their IP when the user has no admin rights?

Posted on 2008-06-20
12
204 Views
Last Modified: 2010-04-02
Hi there
I'm currently looking for a way to give users the capability to change their IP address when their PC is locked down and the user has no administration rights. I either want an application they can use that can change their IP to what ever they specify it as or some how grant them rights to change their IP in network connection properties. Does anyone have suggestions of the best way to do this? I've tried some methods but neither of these work in lock down..
Your help would be much appreciated.
Many thanks
Adam
0
Comment
Question by:AD_83
  • 5
  • 5
  • 2
12 Comments
 
LVL 14

Expert Comment

by:agriesser
ID: 21832502
Does this app need to have a GUI where the user can enter the desired IP address or is a configuration file or the like good enough?
0
 
LVL 84

Expert Comment

by:oBdA
ID: 21833436
You need to add the user(s) in question to the local group "Network Configuration Operators" on the machine in question; this will give them the permissions to change the IP address.
The command
rundll32 shell32.dll,Control_RunDLL ncpa.cpl
will open the network properties.
0
 

Author Comment

by:AD_83
ID: 21833900
agriesser - It's not essential that its a GUI but i think it'd make things easier for the user. But a config file like you mention may be good because it doesnt breech any licensing laws. Also, it needs to be fairly flexible because they may need change it to certain static IPs. Can you explain a further about the configuration file you mention?

oBdA - Would the "Network Configuration Operators" group and command 'rundll32 shell32.dll,Control_RunDLL ncpa.cpl' Work in a locked down machine? I tried adding the user to Network Configuration Operators group within Active Directory and this unfortunately didn't work.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 84

Expert Comment

by:oBdA
ID: 21833931
That depends on what exactly is locked down; I can't tell what you did to your clients ...
And as I said: he users need to be added to the *local* "Network Configuration Operators" group on "their" machines.
0
 

Author Comment

by:AD_83
ID: 21834002
The earliest i can try adding a user to the "Network Configuration Operators" group is Monday. I'll let you know how i get on.
Thanks oBdA
0
 
LVL 14

Expert Comment

by:agriesser
ID: 21865181
Did adding the user to this local group work?
0
 

Author Comment

by:AD_83
ID: 21875312
Hi Agriesser

Unfortunatly no this doesnt work when the PC is in lockdown. The Properties of Local Area Connection is not available to the user,
0
 
LVL 14

Expert Comment

by:agriesser
ID: 21875627
You need to do this as administrator.
No matter what solution you gonna choose: You need to prepare this system prior to letting users change the IP address.

And now I think this is your real question. You have a computer where you don't have administrative access and need to chamge the IP address, is that right?
0
 

Author Comment

by:AD_83
ID: 21876243
i am a domain administrator.

I logged in as local admin, added the user in the network configuration operators group as suggested then logged in as the user but unfortunatly the lock down policy over rights this access. If i remove the PC out of the lockdown OU and then login as the user it works but the PC needs to remain in lockdown.  
0
 
LVL 14

Expert Comment

by:agriesser
ID: 21876436
I assume that there's a GPO attached to the lockdown OU, right?
If so, you need to create a new OU and apply a different policy object to it which puts the desired users in the local group as mentioned above.

Local changes will always get overwritten by the domain policy.
0
 
LVL 14

Accepted Solution

by:
agriesser earned 250 total points
ID: 21876467
0
 

Author Comment

by:AD_83
ID: 21883093
That makes sense agrisser. To get another OU created with a new GPO allowing the Network Config group is going to be a long process here. It requires a number of different processing, approvers etc quite annoying really. I'm going to put this forward but as i said its long process so dont expect a update reagrding this for a while.
The idea you suggested makes sense and the most logical solution.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Losing network connectivity 8 116
Public IP Address Amazon Servers 2 62
Looking for open port with Telnet 5 95
Windows 10 ISO build version 3 53
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question