Denied IP Change Permission to User

Hello Experts,
We have windows 7-64 bit systems in my office network with administrator user login, i need a batch file to install IP in systems (physically access) from a iplist.txt after install IP it should block IP change permission & protect with password.
Rajat SehgalFounder Enhance TechnologyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Andy MIT Systems ManagerCommented:
Best way I can think of is setup DHCP with your IP range and reserve each address on the computer using MAC Address. Then setup Group Policy to deny users access to the network connection options.

Or you could setup Group Policy to deny standard users access to the network options but allow admins access then you can manually change the IP accordingly on each machine by logging on with an admin account (though depending on how many computers you are doing the first option would be easier).

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
netsh interface ipv4 set address name="YOUR INTERFACE NAME" static IP_ADDRESS SUBNET_MASK GATEWAY

Open in new window

Obviously, change "YOUR INTERFACE NAME", IP_ADDRESS, SUBNET_MASK, and GATEWAY to their appropriate values. That would be the command for changing the IP.

But I would think DHCP reservations would be a better approach.

I would recommend using GPO to prevent users from changing the IP settings. But this of course assumes that you have a domain. Even local admins would be denied access.
Rajat SehgalFounder Enhance TechnologyAuthor Commented:
We can't implement DHCP in my network because every system have a program which is mapped with IP address to communicate with my remote location (Data Center) servers, without IP address program can't run that's why we have to go with this scenario.
    Batch file for changing IP address  & Block Permission with Password to change IP address
      iplist.txt or .csv for put IP Address/ Subnet Mask/ Default Gateway/ Preferred DNS Server/ Alternate DNS Server
      Big Business Goals? Which KPIs Will Help You

      The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

      Andy BartkiewiczNetwork AnalystCommented:
      I agree with Andy M. Use DHCP and setup reservations.
      We can't implement DHCP in my network because every system have a program which is mapped with IP address to communicate with my remote location (Data Center) servers, without IP address program can't run that's why we have to go with this scenario.
      DHCP reservations can work for this exact scenario. It accomplishes exactly what you want without having to even to use the batch files. You just need to know the MAC addresses of the NICs in the computers. You don't necessarily have to have a huge DHCP pool so that random systems can do things you don't want.
      Rajat SehgalFounder Enhance TechnologyAuthor Commented:
      @ Masnrock Sir,
      My program does not work on DHCP scenario.
      Andy MIT Systems ManagerCommented:
      Is the IP address in the program setup in the program itself or is it picking up the mode in which WIndows gets it's IP address?

      If it's setup in the program itself (i.e. you specify that the machine is and the application must be using then in DHCP you just create a reservation for the MAC address of the PC with the IP and the PC will always get that address at startup.

      If the application starts on boot and having DHCP on the PC is going to cause an issue because the application is trying to run before the PC has it's IP address then the only option you really have is:

      1. Statically set all PC's to their corresponding IP address (done manually on each machine).
      2. Lock down standard user access to the network connections via GPO (assuming you're on a domain).

      There are ways to set IP address via a batch file but you would need to update the batch file for every PC individually or they will all try to use the same IP address, it may be possible with some fancy VB scripting but each time the computer starts the script will need to run and check the spreadsheet to assign the IP address - which is pretty much what DHCP does anyway.

      There may be third party applications that can do this but I haven't come across any.
      Seth SimmonsSr. Systems AdministratorCommented:
      No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

      I have recommended this question be closed as follows:

      -- Andy M (https:#a42458095)
      -- masnrock (https:#a42459424)

      If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

      Experts-Exchange Cleanup Volunteer
      It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
      Windows Batch

      From novice to tech pro — start learning today.