Solved

Assign a Different Gateway based on windows login

Posted on 2008-10-16
6
575 Views
Last Modified: 2012-05-05
We have 2 DSL Lines and two firewalls/gateways.  I am running a Windows 2003 Domain with XP SP3 clients. I am running DHCP on the the 2003 server.
I would like to assign a different gateway to the computer based on user login. 1 gateway is used for most users and I would like to assign the second one to users needing special security settings.
I was thinking of running a script via GP on login to change it and a run a script on logoff to change it back to the default?
Or is there a way to do this directly throgh GP?
Also, Won't DHCP override any settings?
0
Comment
Question by:icsbudapest
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 13

Expert Comment

by:Brum07
ID: 22729190
0
 

Author Comment

by:icsbudapest
ID: 22731118
I would like to do this without using a static address. (I would like to assign it to a group.)
Could I maybe put something like:

netsh interface ip delete address "local area connection" gateway=all
netsh interface ip add address "local area connection" gateway=desired_gatewayIP

into a login script, then change it back with a logoff script? I'm not too familiar with how to put netsh into a vbs script. Any suggestions?

Just thinking out loud here.
0
 
LVL 13

Expert Comment

by:Brum07
ID: 22731803
Try this


Set WshShell = Wscript.CreateObject("Wscript.Shell")
wshShell.run("netsh interface ip set address name=""Local Area Connection"" static 192.168.0.100 255.255.255.0 192.168.0.1 1""") 

Open in new window

0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 

Author Comment

by:icsbudapest
ID: 22738351
Thanks for the suggestion. As I stated before, I need to change ONLY the gateway. This is because I need to apply this to a group of people, and obviously they cannot all be assigned the same static address. I will try some variations on this.
0
 
LVL 13

Accepted Solution

by:
Brum07 earned 500 total points
ID: 22738489
Try this (TESTED)
Set WshShell = Wscript.CreateObject("Wscript.Shell")
wshShell.run("netsh interface ip set address name=""Local Area Connection"" gateway=192.168.1.5 gwmetric=0") 

Open in new window

0
 

Author Comment

by:icsbudapest
ID: 22738886
OK, I got it.
First, I needed to change some settings to the security group that I wanted to apply the new gateway settings to. I had to make the group a member of the "Network Configuration Operators" so they had the ability to change the gateway. I had to play with some of the network settings in the administrative template in the GPO to get it to work.

I then applied the following login script via a GPO:

Set WshShell = Wscript.CreateObject("Wscript.Shell")
wshShell.run("netsh interface ip add address ""local area connection"" gateway=10.0.0.2 gwmetric=1")

This puts the added gateway at a higher metric value then the default dhcp gateway. Then, just to make sure I don't mess up the other users, I made a logoff script  like this:

Set WshShell = Wscript.CreateObject("Wscript.Shell")
wshShell.run("netsh interface ip delete address name=""local area connection"" gateway=10.0.0.2")

I will need to test some more and make sure this works, and double check the computers in question to make sure they all have the LAN adapter as "local Area Connection", but I think this is going to work.

Thanks Brum07 for your input.
0

Featured Post

Turn Insights into Action

Communication across every corner of your business is essential to increase the velocity of your application delivery and support pipeline. Automate, standardize, and contextualize your communication processes with xMatters.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question