Solved

Assign a Different Gateway based on windows login

Posted on 2008-10-16
6
567 Views
Last Modified: 2012-05-05
We have 2 DSL Lines and two firewalls/gateways.  I am running a Windows 2003 Domain with XP SP3 clients. I am running DHCP on the the 2003 server.
I would like to assign a different gateway to the computer based on user login. 1 gateway is used for most users and I would like to assign the second one to users needing special security settings.
I was thinking of running a script via GP on login to change it and a run a script on logoff to change it back to the default?
Or is there a way to do this directly throgh GP?
Also, Won't DHCP override any settings?
0
Comment
Question by:icsbudapest
  • 3
  • 3
6 Comments
 
LVL 13

Expert Comment

by:Brum07
Comment Utility
0
 

Author Comment

by:icsbudapest
Comment Utility
I would like to do this without using a static address. (I would like to assign it to a group.)
Could I maybe put something like:

netsh interface ip delete address "local area connection" gateway=all
netsh interface ip add address "local area connection" gateway=desired_gatewayIP

into a login script, then change it back with a logoff script? I'm not too familiar with how to put netsh into a vbs script. Any suggestions?

Just thinking out loud here.
0
 
LVL 13

Expert Comment

by:Brum07
Comment Utility
Try this


Set WshShell = Wscript.CreateObject("Wscript.Shell")

wshShell.run("netsh interface ip set address name=""Local Area Connection"" static 192.168.0.100 255.255.255.0 192.168.0.1 1""") 

Open in new window

0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:icsbudapest
Comment Utility
Thanks for the suggestion. As I stated before, I need to change ONLY the gateway. This is because I need to apply this to a group of people, and obviously they cannot all be assigned the same static address. I will try some variations on this.
0
 
LVL 13

Accepted Solution

by:
Brum07 earned 500 total points
Comment Utility
Try this (TESTED)
Set WshShell = Wscript.CreateObject("Wscript.Shell")

wshShell.run("netsh interface ip set address name=""Local Area Connection"" gateway=192.168.1.5 gwmetric=0") 

Open in new window

0
 

Author Comment

by:icsbudapest
Comment Utility
OK, I got it.
First, I needed to change some settings to the security group that I wanted to apply the new gateway settings to. I had to make the group a member of the "Network Configuration Operators" so they had the ability to change the gateway. I had to play with some of the network settings in the administrative template in the GPO to get it to work.

I then applied the following login script via a GPO:

Set WshShell = Wscript.CreateObject("Wscript.Shell")
wshShell.run("netsh interface ip add address ""local area connection"" gateway=10.0.0.2 gwmetric=1")

This puts the added gateway at a higher metric value then the default dhcp gateway. Then, just to make sure I don't mess up the other users, I made a logoff script  like this:

Set WshShell = Wscript.CreateObject("Wscript.Shell")
wshShell.run("netsh interface ip delete address name=""local area connection"" gateway=10.0.0.2")

I will need to test some more and make sure this works, and double check the computers in question to make sure they all have the LAN adapter as "local Area Connection", but I think this is going to work.

Thanks Brum07 for your input.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Ever wondered why you had to use DHCP options (dhcp opt 60, 66 or 67) in order to use PXE? Well, you don't!
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now