RE: Ooooopppps. Rights not right...

Hi Charles,

Do you mean you want to assign different gateway according to different
user account?

I understand you want to assign different gateway address for the students
and the Staff groups. However, according to my knowledge, we are unable to
assign different gateway for different user since network configuration is
for per machine rather than per user.

The client has already get the IP address configuration before you use the
account to logon to the machine; on other hand, the user should be a member
of local admin who can change the IP configuration. This is the reason why
you encounter "access denied" when running setclassid command in logon
script. In other words, the client machine will contact the DHCP to obtain
IP address and the gateway when starting up. For exmpale, client A has
obtain IP add 192.168.0.40 and the gateway is 192.168.0.1, however, you
describable gateway is 192.168.0.100.

I have tried two ways to test if we can change the gateway before the user
logon by using registry and netsh command. Below is my test result:

Method 1: registry
====================

The gateway in the registry is located at:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces
\{FBD72F8D-6334-4739-957A-7D324D9C27EF}

The interface number {FBD72F8D-6334-4739-957A-7D324D9C27EF} varies on
different machine, therefore, it is not convenient for you to change the
gateway via registry on many machines.

Method 2: netsh
=================
Netsh command can change the NIC gateway, however, you are unable only set
the gateway if you have enabled DHCP, which means you can change the
gateway if the NIC use static ip address. I have tried the following
command:

netsh interface ip set address name="local area connection" source=dhcp

the result is: Dhcp is already enabled on this interface.

Then issue the command:
netsh interface ip set address name="local area connection" gateway
192.168.0.1

The result is: gateway is not an acceptable value for source.

Therefore, I suggest you try to put "ipconfig /setupclassid "*" students"
in the startup script instead of the logon script, startup script use
system account to change the ip configuration. I will setup the environment
and test this scenario later, and post back if I have the result.

Any update, let us get in touch!

--------------------
>From: "charles kuchar" <charliekuchar@xxxxxxxxxxxxxx>
>References: <OMoFfB3aFHA.1312@xxxxxxxxxxxxxxxxxxxx>
<uJGs8g3aFHA.3280@xxxxxxxxxxxxxxxxxxxx>
<OjBWjp3aFHA.3240@xxxxxxxxxxxxxxxxxxxx>
<1EBAC519-46F4-4383-A9A2-1DF0C836E133@xxxxxxxxxxxxx>
>Subject: Ooooopppps. Rights not right...
>Date: Tue, 7 Jun 2005 15:10:05 -0500
>Lines: 83
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>X-RFC2646: Format=Flowed; Original
>Message-ID: <eiPJnz5aFHA.2440@xxxxxxxxxxxxxxxxxxxx>
>Newsgroups: microsoft.public.windows.server.general
>NNTP-Posting-Host: delaserver3.delasallecenter.org 66.136.154.253
>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.general:38741
>X-Tomcat-NG: microsoft.public.windows.server.general
>
>As a student i can log on the computer but i don't have the rights to run
>"ipconfig /setupclassid "*" students". I think it is a right in AD but
have
>experimented there and have had no success. I can sign on as an staff
>person and edit it ok... I will continue trying to find out what is the
>problem . I can even logon the computer and get the error message trying
to
>run the setclassid and get the error message 'An internal error occurred.
>Access is denied.' That should be a rights problem. charlie
>
>"Manny Borges" <MannyBorges@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>news:1EBAC519-46F4-4383-A9A2-1DF0C836E133@xxxxxxxxxxxxxxxx
>> Don't believe the hype. There are lots of ways to do what you want that
do
>> not involve stsaic IPs.
>>
>> With what you say you have running now, I would use class ids in dhcp.
>> You can use the log in script to set the class id on the client and se
>> your
>> 2000 or 2003 based dhcp to do what you need to do.
>>
>> I'll get ya started, ipconfig /?. See the option for setclassid? Now
>> explore
>> your dhcp servers properties.
>>
>> Or if thats too twisty, and you have the time to do statsic IPs , try
>> using
>> DHCP reservations and setting options that way.
>>
>> or even
>>
>> Don't give a gateway adress at all through DHCP, but use route add
>> commands
>> in the login script to add a new default route to the local routing
table
>> of
>> the PC.
>>
>>
>> Thats just what I can think of off the top of my head. I am sure there
are
>> more ways to do it.
>>
>> "charles kuchar" wrote:
>>
>>> So the only logical thing for me to do is have to eliminate DHCP? I
only
>>> have a hundred workstations for the students and 20 or so for staff. I
>>> can
>>> hard code a local IP address in each computer for the students and the
>>> staff. The only problem is when i change the DNS server or something
>>> like
>>> that... At least school is out and i have time to do that. Thank you,
>>> charlie
>>>
>>> "Daniel" <daniel@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message
>>> news:uJGs8g3aFHA.3280@xxxxxxxxxxxxxxxxxxxxxxx
>>> > charles kuchar wrote:
>>> >> When the students log on to the network a script runs to map the
>>> >> drives
>>> >> needed for their work. I need to set the Gateway for them. I have
>>> >> two
>>> >> gateways in the network and wish to separate them, staff from
>>> >> students.
>>> >> Can i do this in a logon script? Or what other method should i be
>>> >> pursuing? Thank you, charlie
>>> >
>>> > You can only set gateways via DHCP. You could set up reservations
for
>>> > the
>>> > MAC addresses of the computers so that they switch. However, this is
>>> > only
>>> > set on boot.
>>> >
>>> > If you are doing it for security, then specify what your concerns are
>>> > and
>>> > maybe someone can help you with them.
>>> >
>>> > --
>>> >
>>> > Daniel
>>> > MCSE, MCP+I, MCP in Windows 2000/NT
>>> >
>>> > --------------------------------------
>>> > remove the 2nd madrid from my mail address to contact me.
>>>
>>>
>>>
>
>
>

Best regards,

Rebecca Chen

MCSE2000 MCDBA CCNA


Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

.

Relevant Pages

  • Re: Setting Gateway by User Group
    ... With what you say you have running now, I would use class ids in dhcp. ... You can use the log in script to set the class id on the client and se your ... > have a hundred workstations for the students and 20 or so for staff. ... I need to set the Gateway for them. ...
    (microsoft.public.windows.server.general)
  • always_on.sh script in DD-WRT not working
    ... I have a odd problem with always_on.sh script. ... The problem is that when my modem disconnects, ... gateway address, yet I cant ping google. ... WAN Connection Type: Auto Config - DHCP ...
    (alt.internet.wireless)
  • Re: Unable to Ping Network from Outside
    ... Those clients should not have the router gateway in their gateway settings; ... Check DHCP, Scope options and make sure that 003, 006 and 044 are pointing ... >>Post the ipconfig/all from the server. ...
    (microsoft.public.windows.server.sbs)
  • Re: AD-DNS-DHCP
    ... If I do NOT remove the gateway configurationfrom my DHCP ... scope but add the following to my logon script, ... Internet Connection #1 ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD-DNS-DHCP
    ... If I do NOT remove the gateway configurationfrom my DHCP ... scope but add the following to my logon script, ... The -f switch doesn't remove the TCPIP config, it only cleans the route ...
    (microsoft.public.windows.server.active_directory)
Loading