Re: Ooooopppps. Rights not right...

Thats some good thinking Charlie.

"charles kuchar" wrote:

> Yes, i want to set the gateway based upon the group membership of the user
> account. As a staff member, the rights are correct for running 'ipconfig
> /setclassid "*" students' but the students group does not have that right.
> I don't have a problem giving them the right to run that item but i don't
> know how to give them that right. Would it be possible to have the script
> run under admin rights? An alternate solution would be to have the default
> gateway for the students and run the setclassid for the staff... That would
> be a solution... charlie
>
> ""Rebecca Chen [MSFT]"" <v-rebc@xxxxxxxxxxxxxxxxxxxx> wrote in message
> news:zr9$PxAbFHA.3336@xxxxxxxxxxxxxxxxxxxxxxxx
> > Hi Charles,
> >
> > Do you mean you want to assign different gateway according to different
> > user account?
> >
> > I understand you want to assign different gateway address for the students
> > and the Staff groups. However, according to my knowledge, we are unable to
> > assign different gateway for different user since network configuration is
> > for per machine rather than per user.
> >
> > The client has already get the IP address configuration before you use the
> > account to logon to the machine; on other hand, the user should be a
> > member
> > of local admin who can change the IP configuration. This is the reason why
> > you encounter "access denied" when running setclassid command in logon
> > script. In other words, the client machine will contact the DHCP to obtain
> > IP address and the gateway when starting up. For exmpale, client A has
> > obtain IP add 192.168.0.40 and the gateway is 192.168.0.1, however, you
> > describable gateway is 192.168.0.100.
> >
> > I have tried two ways to test if we can change the gateway before the user
> > logon by using registry and netsh command. Below is my test result:
> >
> > Method 1: registry
> > ====================
> >
> > The gateway in the registry is located at:
> > HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces
> > \{FBD72F8D-6334-4739-957A-7D324D9C27EF}
> >
> > The interface number {FBD72F8D-6334-4739-957A-7D324D9C27EF} varies on
> > different machine, therefore, it is not convenient for you to change the
> > gateway via registry on many machines.
> >
> > Method 2: netsh
> > =================
> > Netsh command can change the NIC gateway, however, you are unable only set
> > the gateway if you have enabled DHCP, which means you can change the
> > gateway if the NIC use static ip address. I have tried the following
> > command:
> >
> > netsh interface ip set address name="local area connection" source=dhcp
> >
> > the result is: Dhcp is already enabled on this interface.
> >
> > Then issue the command:
> > netsh interface ip set address name="local area connection" gateway
> > 192.168.0.1
> >
> > The result is: gateway is not an acceptable value for source.
> >
> > Therefore, I suggest you try to put "ipconfig /setupclassid "*" students"
> > in the startup script instead of the logon script, startup script use
> > system account to change the ip configuration. I will setup the
> > environment
> > and test this scenario later, and post back if I have the result.
> >
> > Any update, let us get in touch!
> >
> > --------------------
> >>From: "charles kuchar" <charliekuchar@xxxxxxxxxxxxxx>
> >>References: <OMoFfB3aFHA.1312@xxxxxxxxxxxxxxxxxxxx>
> > <uJGs8g3aFHA.3280@xxxxxxxxxxxxxxxxxxxx>
> > <OjBWjp3aFHA.3240@xxxxxxxxxxxxxxxxxxxx>
> > <1EBAC519-46F4-4383-A9A2-1DF0C836E133@xxxxxxxxxxxxx>
> >>Subject: Ooooopppps. Rights not right...
> >>Date: Tue, 7 Jun 2005 15:10:05 -0500
> >>Lines: 83
> >>X-Priority: 3
> >>X-MSMail-Priority: Normal
> >>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
> >>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
> >>X-RFC2646: Format=Flowed; Original
> >>Message-ID: <eiPJnz5aFHA.2440@xxxxxxxxxxxxxxxxxxxx>
> >>Newsgroups: microsoft.public.windows.server.general
> >>NNTP-Posting-Host: delaserver3.delasallecenter.org 66.136.154.253
> >>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
> >>Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.windows.server.general:38741
> >>X-Tomcat-NG: microsoft.public.windows.server.general
> >>
> >>As a student i can log on the computer but i don't have the rights to run
> >>"ipconfig /setupclassid "*" students". I think it is a right in AD but
> > have
> >>experimented there and have had no success. I can sign on as an staff
> >>person and edit it ok... I will continue trying to find out what is the
> >>problem . I can even logon the computer and get the error message trying
> > to
> >>run the setclassid and get the error message 'An internal error occurred.
> >>Access is denied.' That should be a rights problem. charlie
> >>
> >>"Manny Borges" <MannyBorges@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >>news:1EBAC519-46F4-4383-A9A2-1DF0C836E133@xxxxxxxxxxxxxxxx
> >>> Don't believe the hype. There are lots of ways to do what you want that
> > do
> >>> not involve stsaic IPs.
> >>>
> >>> With what you say you have running now, I would use class ids in dhcp.
> >>> You can use the log in script to set the class id on the client and se
> >>> your
> >>> 2000 or 2003 based dhcp to do what you need to do.
> >>>
> >>> I'll get ya started, ipconfig /?. See the option for setclassid? Now
> >>> explore
> >>> your dhcp servers properties.
> >>>
> >>> Or if thats too twisty, and you have the time to do statsic IPs , try
> >>> using
> >>> DHCP reservations and setting options that way.
> >>>
> >>> or even
> >>>
> >>> Don't give a gateway adress at all through DHCP, but use route add
> >>> commands
> >>> in the login script to add a new default route to the local routing
> > table
> >>> of
> >>> the PC.
> >>>
> >>>
> >>> Thats just what I can think of off the top of my head. I am sure there
> > are
> >>> more ways to do it.
> >>>
> >>> "charles kuchar" wrote:
> >>>
> >>>> So the only logical thing for me to do is have to eliminate DHCP? I
> > only
> >>>> have a hundred workstations for the students and 20 or so for staff. I
> >>>> can
> >>>> hard code a local IP address in each computer for the students and the
> >>>> staff. The only problem is when i change the DNS server or something
> >>>> like
> >>>> that... At least school is out and i have time to do that. Thank you,
> >>>> charlie
> >>>>
> >>>> "Daniel" <daniel@xxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >>>> news:uJGs8g3aFHA.3280@xxxxxxxxxxxxxxxxxxxxxxx
> >>>> > charles kuchar wrote:
> >>>> >> When the students log on to the network a script runs to map the
> >>>> >> drives
> >>>> >> needed for their work. I need to set the Gateway for them. I have
> >>>> >> two
> >>>> >> gateways in the network and wish to separate them, staff from
> >>>> >> students.
> >>>> >> Can i do this in a logon script? Or what other method should i be
> >>>> >> pursuing? Thank you, charlie
> >>>> >
> >>>> > You can only set gateways via DHCP. You could set up reservations
> > for
> >>>> > the
> >>>> > MAC addresses of the computers so that they switch. However, this is
> >>>> > only
> >>>> > set on boot.
> >>>> >
> >>>> > If you are doing it for security, then specify what your concerns are
> >>>> > and
> >>>> > maybe someone can help you with them.
> >>>> >
> >>>> > --
> >>>> >
> >>>> > Daniel
> >>>> > MCSE, MCP+I, MCP in Windows 2000/NT
> >>>> >
> >>>> > --------------------------------------
> >>>> > remove the 2nd madrid from my mail address to contact me.
> >>>>
> >>>>
> >>>>
> >>
> >>
> >>
> >
> > Best regards,
> >
> > Rebecca Chen
> >
> > MCSE2000 MCDBA CCNA
> >
> >
> > Microsoft Online Partner Support
> > Get Secure! - www.microsoft.com/security
> >
> > =====================================================
> >
> > When responding to posts, please "Reply to Group" via your newsreader so
> > that others may learn and benefit from your issue.
> >
> > =====================================================
> > This posting is provided "AS IS" with no warranties, and confers no
> > rights.
> >
>
>
>
.

Relevant Pages

  • Re: Ooooopppps. Rights not right...
    ... i want to set the gateway based upon the group membership of the user ... the rights are correct for running 'ipconfig ... Would it be possible to have the script ... the client machine will contact the DHCP to obtain ...
    (microsoft.public.windows.server.general)
  • Changing Default Gateway
    ... Is it possible to change the default gateway in the TCP-IP settings, ... VB-script? ... I would like to have one account that has access ... to the internet, the other account should have no access to the internet ...
    (microsoft.public.scripting.vbscript)
  • Re: Reason #4,172 Never to Use a Debit Card
    ... card and have backup credit cards available even if I was stupid enough to do that. ... I keep a "gateway" account which handles all checking, ...
    (misc.consumers)
  • Re: ora-00942
    ... So I start the gateway and it logs in OK. ... Why are you using the SYSTEM account as your gateway login? ... So my question is can I debug this at the Oracle end? ... you can see the actual SQL involved. ...
    (comp.databases.oracle.server)
  • Re: ora-00942
    ... Why are you using the SYSTEM account as your gateway login? ... an after servererror trigger would do just that. ... box all to myself and any data will be test data from the gateway ...
    (comp.databases.oracle.server)