Hamins Posted October 5, 2006 Share Posted October 5, 2006 (edited) Hi everyone,We have a domain with one Win2003 server as the DC and around 30 XP workstations, and the same number of users. None of the user have Admin rights. All the users belong to the same OU & group. They all have roaming profiles.Since the users don't have admin rights, they cannot change the Network Settings (IP address, Subnet, gateway, DNS etc) on their local workstatios. Out the the 30 user's I need to grant one user the right to change the Network settings on any local workstation, without granting that user any additional Admin priviledges. How do I do that, without creating a completely new group/OU, and then setting the appropriate GPO settings on that group/ou. Edited October 5, 2006 by Hamins Link to comment Share on other sites More sharing options...
EchoNoise Posted October 5, 2006 Share Posted October 5, 2006 Try using the runas utility Link to comment Share on other sites More sharing options...
Hamins Posted October 5, 2006 Author Share Posted October 5, 2006 Hi Undeadsoldier,Thanks for your response, but thats not what I'm looking for. I want a user with non-admin rights to be able to change the IP address. Link to comment Share on other sites More sharing options...
allen2 Posted October 5, 2006 Share Posted October 5, 2006 Use a netsh batch script and run it by a GPO (computer config, windows parameter, startup script). The script will be run with the local system account and should have more than enough rights. Link to comment Share on other sites More sharing options...
Hamins Posted October 5, 2006 Author Share Posted October 5, 2006 Hi Allen,Thanks for the response. What I meant was that I need a physical with non-admin rights, to be able to change the network settings (Manually). Link to comment Share on other sites More sharing options...
eyeball Posted October 5, 2006 Share Posted October 5, 2006 couldnt you create a sub ou in the current one and block inheritance, then create a new policy that allows this user to access only network connections in control panel? Link to comment Share on other sites More sharing options...
Hamins Posted October 5, 2006 Author Share Posted October 5, 2006 Yes yes, thats the obvious way of doing it. I'm wondering if there's another way of doing this, without creating another OU/Sub-OU Link to comment Share on other sites More sharing options...
bijicool Posted October 6, 2006 Share Posted October 6, 2006 You could also create a policy on the existing OU and filter it so that just one user gets that policy applied. Link to comment Share on other sites More sharing options...
Hamins Posted October 6, 2006 Author Share Posted October 6, 2006 You could also create a policy on the existing OU and filter it so that just one user gets that policy applied.How do I do that ? and would that slow things down ? I heard, creating/filtering too many policies slows and confuses things Link to comment Share on other sites More sharing options...
Ctrl-X Posted October 6, 2006 Share Posted October 6, 2006 True, but one extra policy will hardly make a difference (that is, if you don't have 100 policy objects already). Something you may find interesting: How to Implement Group Policy Security Filtering Link to comment Share on other sites More sharing options...
Hamins Posted October 6, 2006 Author Share Posted October 6, 2006 Thanks to all you guyz,Ctrl-X, I'll check out the link. Link to comment Share on other sites More sharing options...
Hamins Posted October 10, 2006 Author Share Posted October 10, 2006 Hi,Could someone please explain the steps to implment GPO Filtering ? Link to comment Share on other sites More sharing options...
Ctrl-X Posted October 10, 2006 Share Posted October 10, 2006 In short:Create the new GPO and edit the settings as needed;Select the "Scope" tab for the new GPO, remove "Authenticated Users" from the "Security Filtering" box and add the group(s) and/or user(s) you want the new GPO to apply to;Link the new GPO to the desired OU, placing it above the original GPO so it has higher priority.Refer to the article I linked to earlier for details. If you need more information, Google for "group policy security filtering" to get some more articles on the subject. Link to comment Share on other sites More sharing options...
Hamins Posted October 18, 2006 Author Share Posted October 18, 2006 (edited) Hi Ctrl-X,I followed the steps u mentioned above to apply GPO filtering on a particular user. However, when that user logs onto any workstation, and tries accessing the properties on a LAN connection to change the IP addres, he gets a message saying that access to the property page is restricted. I have created a new GPO with necessary settings under "User sConfiguration" , to allow access to the network settings. Edited October 18, 2006 by Hamins Link to comment Share on other sites More sharing options...
Hamins Posted October 18, 2006 Author Share Posted October 18, 2006 Anyone ?? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now