Denied IP Change Permission to User

Hello Experts,
We have windows 7-64 bit systems in my office network with administrator user login, i need a batch file to install IP in systems (physically access) from a iplist.txt after install IP it should block IP change permission & protect with password.
LVL 1
Rajat SehgalFounder Enhance TechnologyAsked:
Who is Participating?
 
Andy MConnect With a Mentor Internal Systems ManagerCommented:
Best way I can think of is setup DHCP with your IP range and reserve each address on the computer using MAC Address. Then setup Group Policy to deny users access to the network connection options.

Or you could setup Group Policy to deny standard users access to the network options but allow admins access then you can manually change the IP accordingly on each machine by logging on with an admin account (though depending on how many computers you are doing the first option would be easier).
1
 
masnrockCommented:
netsh interface ipv4 set address name="YOUR INTERFACE NAME" static IP_ADDRESS SUBNET_MASK GATEWAY

Open in new window

Obviously, change "YOUR INTERFACE NAME", IP_ADDRESS, SUBNET_MASK, and GATEWAY to their appropriate values. That would be the command for changing the IP.

But I would think DHCP reservations would be a better approach.

I would recommend using GPO to prevent users from changing the IP settings. But this of course assumes that you have a domain. Even local admins would be denied access.
0
 
Rajat SehgalFounder Enhance TechnologyAuthor Commented:
Sir,
We can't implement DHCP in my network because every system have a program which is mapped with IP address to communicate with my remote location (Data Center) servers, without IP address program can't run that's why we have to go with this scenario.
    Batch file for changing IP address  & Block Permission with Password to change IP address
      iplist.txt or .csv for put IP Address/ Subnet Mask/ Default Gateway/ Preferred DNS Server/ Alternate DNS Server
      0
      Free Tool: IP Lookup

      Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

      One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

       
      Andy BartkiewiczNetwork AnalystCommented:
      I agree with Andy M. Use DHCP and setup reservations.
      0
       
      masnrockConnect With a Mentor Commented:
      We can't implement DHCP in my network because every system have a program which is mapped with IP address to communicate with my remote location (Data Center) servers, without IP address program can't run that's why we have to go with this scenario.
      DHCP reservations can work for this exact scenario. It accomplishes exactly what you want without having to even to use the batch files. You just need to know the MAC addresses of the NICs in the computers. You don't necessarily have to have a huge DHCP pool so that random systems can do things you don't want.
      0
       
      Rajat SehgalFounder Enhance TechnologyAuthor Commented:
      @ Masnrock Sir,
      My program does not work on DHCP scenario.
      0
       
      Andy MInternal Systems ManagerCommented:
      Is the IP address in the program setup in the program itself or is it picking up the mode in which WIndows gets it's IP address?

      If it's setup in the program itself (i.e. you specify that the machine is 192.168.0.50 and the application must be using 192.168.0.50) then in DHCP you just create a reservation for the MAC address of the PC with the IP 192.168.0.50 and the PC will always get that address at startup.

      If the application starts on boot and having DHCP on the PC is going to cause an issue because the application is trying to run before the PC has it's IP address then the only option you really have is:

      1. Statically set all PC's to their corresponding IP address (done manually on each machine).
      2. Lock down standard user access to the network connections via GPO (assuming you're on a domain).

      There are ways to set IP address via a batch file but you would need to update the batch file for every PC individually or they will all try to use the same IP address, it may be possible with some fancy VB scripting but each time the computer starts the script will need to run and check the spreadsheet to assign the IP address - which is pretty much what DHCP does anyway.

      There may be third party applications that can do this but I haven't come across any.
      0
       
      Seth SimmonsSr. Systems AdministratorCommented:
      No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

      I have recommended this question be closed as follows:

      Split:
      -- Andy M (https:#a42458095)
      -- masnrock (https:#a42459424)


      If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

      seth2740
      Experts-Exchange Cleanup Volunteer
      0
      Question has a verified solution.

      Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

      Have a better answer? Share it in a comment.

      All Courses

      From novice to tech pro — start learning today.