User rights assignment in Windows 2000 Professional

Hi friends !

I am running an internet café with 20 PCs in Workgroup environment. All are installed with Windows 2000 Professional. I am running two different internet lines from different ISPs for internet availability assurance.

Now, when I use only Administrator account and clients use that account for internet then sometimes they install software i.e. Orbit Downloader, Youtube Downloader and other utilities that I do NOT want.

YES&I made another account with limited rights and give them that account to use, so in that condition they can NOT install anything. BUT&

Sometimes when they are working with and internet is not ok, I want to change TCP/IP settings to use another network (as I told you that I am using two lines). For that I log off from Visitor account and log on from Administrator account and change settings and log off Administrator account and log on back with Visitor account.

All these stuff take time and clients are also annoyed.

I want to know how I can set rights through Group Membership or Group Policy (in Windows 2000 Professional) so that:

1.  Visitor account MUST have at least the rights to change TCP/IP settings, Disable/Enable Local Area Connection and to change System Date and Time BUT they must NOT have the right to install or uninstall any software.
JatinHemantAsked:
Who is Participating?
 
davetripp33Commented:
Have you tried putting in multiple gateway's in the TCP/IP settings? That should do the trick for you without having to change the settings manually each time something happens to one of the connections.
0
 
LordArokhCommented:
Hi

I agree with davetripp33. If you assign multiple gateways, if one fails the other one takes the relay.
In order to configure multiple gateways :

1.Open Up your Network Connections
2.Right Click on the Network Connection and choose Properties. You'll see image SS_1
3.From the the list find "Internet Protocol ( TCP/IP )". Click over then click Properties. Image SS_1
4.From the new window click on "Advanced" Image SS_2
5.Now under Default Gateway section click ADD to add your gateways SS_3

Cheers
TK

SS-1.JPG
SS-2.JPG
SS-3.JPG
0
 
Shift-3Commented:
To answer the last part of your question, the Change the system time permission setting can be found under the group policy node Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment.  Since you don't have a domain, this would have to be configured in each machine's local policy.
0
Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

 
JatinHemantAuthor Commented:
Thanks for your comment. Let me go through them and I will respond soon. Please hold on...
0
 
JatinHemantAuthor Commented:
@Shift-3 !

Well...the policy you suggested worked and now the "visitor" account has the right to change "System Date and Time". But as I had asked in question, I am asking again...

Is there any mean to allow "visitor" account to change TCP/IP settings via GPO, because I can NOT see any group in W2K as Network Operators / Network Administrator and even in GPO, I searched and found this policy (and others too):

User Configuration\Administrative Tools\Network\Network and Dial-up Connections\Prohibit TCP/IP Advance Configuration

But it seems it will just disable or enable "Advance Configuration" tab and will no suit my demand.

I hope you understand that:

I JUST WANT "Visitor" ACCOUNT TO BE ABLE TO CONFIGURE "TCP/IP Settings" and CHANGE "SYSTEM DATE AND TIME".

One is achieved, another is remaining.

0
 
JatinHemantAuthor Commented:
@davetripp33 !
@LordArokh !

Thanks for your suggestions. But I will need more explanation on this trick as I am not getting your saying very well. So let me give a brief idea of my network.

I have 20 PCs, all running W2K.

Two differnet networks are:

**********************************************
(1) Ist Network: 192.168.1.0 network (Router is used for Routing and NATTING)

TCP/IP settings of the PCs in this network are:
IP Address: 192.168.1.x (Number changes from 1 to 10)
SNM: 255.255.255.0
Gateway: 192.168.1.11 (It is internal interface of a TP-Link Hardware Router Device, WAN link is configured with ISP Public IP address)
Preferred DNS: xxx.yy.zz.ww1 (ISP DNS Server 1)
Preferred DNS: xxx.yy.zz.ww2 (ISP DNS Server 2)

So, in this network, TCP/IP settings are manual.
**********************************************

**********************************************
(2) IInd Network: 192.168.0.0 network (ICS Server computer is used and Internet Connection is shared)

In this network, all 10 PCs get TCP/IP settings automatically from ICS Server in this way:

IP Address: 192.168.0.xx (Number changes arbitrary)
SNM: 255.255.255.0
Gateway: 192.168.0.1
Preferred DNS: 192.168.0.1
DHCP Server: 192.168.0.1

So, in this network, TCP/IP settings are automatic.
**********************************************

And both the networks run simultaneously. Suppose, network 1 is down then I just go in Network Connection of PCs (belonging to network 1) and change to take TCP/IP settings automatically, so the PCs now come in network 2.

When network 2 is down then I go in Network Connection of PCs (belonging to network 2) and manually assign them TCP/IP settings of network 1 range and temporarily bring them to network 1.

I hope you understand this network and that is why I am not getting that...

HOW JUST GIVING A SECONDARY GATEWAY WILL WORK IN THIS NETWORK AND WILL WORK AS WHAT YOU SAY "RELAY" !!!

Regards.
0
 
LordArokhCommented:
As far as I can see from the picture up aboce, One thing took my attention. I think that, the point where you assign different IP subnets to both networks causes the problem.

Let me explain the point why our solution did not worked in your infrastructure :

Let assume that the client XP got IP address from Network 1, which may be :
   IP: 192.168.1.5
   SNM: 255.255.255.0
For this configuration your computer is in 192.168.1.0 network subnet.

Now that you configured your 2nd Network gateway as :
    SNM: 255.255.255.0
    Gateway: 192.168.0.1
which gives you 192.168.0.0 Network subnet.Which is different network subnet than the 1st network.

In resume 2nd gateway address is not reachable with the settings of 1st network.

I would advise you configure your 2nd network IP configuration from the network subnet 192.168.1.0 also.
And your both gateways address in the way that we showed you up above. As both gateways will be in the same subnet, If one gateway is not reachable, client will go for 2nd gateway.

Cheers,
TK,

0
 
davetripp33Commented:
To accomplish this on these two networks, you will have to change the SNM to 255.255.0.0. If that is not possible, then there willl have to be another solution. However if you can:

In network 1 set 2 gateways: 192.168.1.11 (as the primary) and 192.168.0.1 (as the secondary).
In network 2 set 2 gateways: 192.168.0.1 (as the primary) and 192.168.1.11 (as the secondary), and give it another DNS besides 192.168.0.1.

In network 1 it will attempt to go through 192.168.1.11 until it becomes unavailable, then it will attempt to go through the secondary gateway 192.168.0.1. When 192.168.1.11 comes back online, it will just resume going through that gateway.
0
 
LordArokhCommented:
I agree with Davetripp33,

The best way is to change SNM to 255.255.0.0 which will give you common network subnet 192.168.0.0.

Cheers,
TK
0
 
JatinHemantAuthor Commented:
Thanks to both of you for your suggestions.

But you see, I am using Internet Connection Sharing for Network 2 and it becomes DHCP and automatically gives IP addresses in network range 192.168.0.0/24.

Do you think that changing network to 192.168.0.0/16 will work ?

As far as I know...

IF we use "ICS" then the PCs that will share internet through ICS will have to be set to use "IP Address Automatically" and the ICS will become mini-DHCP and will lease IP address in 192.168.0.0/24 range. AND NO OTHER RANGE WILL WORK.

Am I right or wrong. Please clarify.

Well...it is possible that for Ist network I use manual IPs in range "192.168.0.0/24". For example, for a PC1, I give IP adderss: 192.168.0.125 but then sometimes ICS Server may also give the same IP to other PC. And it may give conflicts.
0
 
LordArokhCommented:
You're right about the ICS stuff. You can change neither Ip range nor  SNM.

What about this solution : (My idea towards solution is to keep Router-Gateway in the same ip subnet as ICS.)
 
If we can't configure ICS like the way we want, then lets configure Router side.Get rid of 2 network infrastructure, but keep 2 gateways.Which means :

As ICS works only with 192.168.0.0/24, change your routers IP address also to 192.168.0.0/24 subnet. and configure clients to with static Ip addresses from 192.168.0.0/24. and also configure them to use both gateways.(ICS and Router).As PC's are configured with static address there will be no delivery by ICS DHCP. So no conflict can occur.

If you want your clients to access to internet primarily from Router ,then configure your gateways with Routers IP first then ICS address.

Cheers,
TK
0
 
JatinHemantAuthor Commented:
Thanks LordArokh !

You are right. Let me do it practically and I will let you know. It may take sometime so please hold on. I will be back as soon as possible.

Regards.
0
 
JatinHemantAuthor Commented:
Sorry for the delay in reply due to some fever. I could test your tips today and responding just after testing and troubleshooting.

Well...I tried using secondary gateway for both networks but it is not working. In the scenario, I changed things according to your suggestions.

(1) I have given manual IPs for all PCs (Ist and IInd network) in range: 192.168.0.0 /24

(2) The router's internal interface is changed to 192.168.0.2 (It was 192.168.1.11 before)

(3) For PCs that have to be in Ist network (Router preferred) are set with Gateway and DNS in this order:
Gateway: 192.168.0.2
                 192.168.0.1
DNS: xxx.yy.zz.ww1 (ISP DNS)
         xxx.yy.zz.ww2 (ISP DNS)
         192.168.0.1 (ICS Server as DNS forwarder)

(4) For PCs that have to be in IInd network (ICS preferred) are set with Gateway and DNS in this order:
Gateway: 192.168.0.1
                 192.168.0.2
DNS: 192.168.0.1 (ICS Server as DNS forwarder)
         xxx.yy.zz.ww1 (ISP DNS)
         xxx.yy.zz.ww2 (ISP DNS)
         
I have attached snapshot for a PC in network 2 (Router preferred). I was expecting the same as you suggested that if Router based network is down then PC will look for the gateway 192.168.0.1 and use the ICS based internet.

But it is not working. Can you find out where I am wrong !

Regards.

tcpip.JPG
0
 
davetripp33Commented:
you will need to change the metric on the gateways so the machine knows which one to use first (priorities). http://technet.microsoft.com/en-us/library/cc779696%28WS.10%29.aspx
0
 
JatinHemantAuthor Commented:
Thanks for your reply.

It means if I want to use 192.168.0.2 as primary gateway, then I must use--->1 and 192.168.0.1 as secondary gateway, then I must use---2 for that.

Am I right !
0
 
LordArokhCommented:
if you take a look at the link below, microsoft advices that the fastest network should have smallest metric.

http://support.microsoft.com/kb/299540

So If you want 192.168.0.2 as primary gateway then the metric for it should be 10 and metric 20 for the other. ( regarding the example given by ms )

Hope this will arrange your problem.

Cheers,
TK
0
 
JatinHemantAuthor Commented:
Thanks LordArokh !

I read the link you mentioned and also the link mentioned by "davetripp33".

By the way...the link describes all about Windows XP. I had mentioned in my previous posts that I am running "Windows 2000 Professional" on PCs. So please tell me if this link has anything with Windows 2000 !

Regards.
0
 
davetripp33Commented:
It is the same concept for XP and 2000.
0
 
JatinHemantAuthor Commented:
Still struggling. Not working Metric values 1 and 2. Please hold on.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.