Re: Ooooopppps. Rights not right...

Hi Charlie,

After my further research and long time test, I have confirmed that we are
unable to specify different gateway according to the user group. This is
because the classid is for per machine instead of per user. For example, if
you have create two user classes, one is called student; the other is
staff. There is a client machine called TEST1, if you set the classid for
TEST1 to student, when whoever account you logged will get student IP and
gateway. It is a same on the opposite, if a machine called TEST2 and its
classid is staff, a student logon to this machine and will get staff IP and
gateway. Actually, the machine gets the IP address and the gateway before
the user logon dialog box prompt. It is necessary for you manually to
specify which machines the students can use, and other for the staff in
management level.

After you manually specify the machines, you then can use classid to assign
different gateway to the clients. This is can be done through my test. I
understand your concern is that the student account cannot perform
"ipconfig /setclassid "*" student" and get the access denied error, this is
because you have assign the batch file via the logon script, the common
user does not have the permission to execute this command. I have written a
startup script contains the following command:

ipconfig /setclassid "*" stu
ipconfig /renew

Put this bat file to the computer startup script in the local group policy.
The script has successfully changed the classid to stu under system
account. To assign the scrip to the computer startup script, please use the
steps below:

NOTE: Please create a batch file called test.bat under the folder
c:\windows\system32\grouppolicy\machine\script\startup folder, which
contains the following command:

===========================
ipconfig /setclassid "*" stu
ipconfig /renew

================================

1. Bring up the local group policy by keying "gpedit.msc"
2. Locate to Computer configuration\Windows Settings\Scrip\Startup
3. Assign the test.bat as the startup script.
For more information about the startup script, please refer to the
following article, the concept is the same in win2k3:

Overview of Logon, Logoff, Startup, and Shutdown Scripts in Windows 2000
http://support.microsoft.com/default.aspx?scid=kb;en-us;198642

4. Restart the machine and you will find the classid has been successfully
set and the machine has get the new IP address according to the classid.

If you sucessfuly perform the steps above, please then deploy the OU policy
to the machines which you want to change the classid.

I belive it helps.

If you have any update or question, please feel free to post back.

Best regards,

Rebecca Chen

MCSE2000 MCDBA CCNA


Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

.

Relevant Pages

  • Re: Ooooopppps. Rights not right...
    ... Use a log in script to call a compiled file stored on a share. ... > because the classid is for per machine instead of per user. ... > you have create two user classes, one is called student; ... > Put this bat file to the computer startup script in the local group policy. ...
    (microsoft.public.windows.server.general)
  • Re: 2 Default Gateways On ISA Server
    ... quickly change the gateway in my school. ... It works in my startup script but ... only when the user has supervisory privledges. ...
    (microsoft.public.isa)