Home | Site Map | Cisco How ToNet How To | Wireless |Search | Forums | Services | Donations | Careers | About Us | Contact Us|

How to let non-administrative user renew IP.

Active Directory, Domain, DNS, WINS, DHCP, SBS, New Releases.

How to let non-administrative user renew IP.

Postby guest » Mon Dec 18, 2006 5:01 pm

I have been looking for the answer to this question for at least two years,
this would resolve problems with notebook users for me. It seems that many
of my notebook users that use SBC at home cannot renew their IP addresses
once they return to the office with being given administrator rights.

I do not know why none of the experts have ever answered this question - How
do we give full ipconfig rights to a non-administrative user through an
active directory group policy?


> My users are not admins on their computers, but our DHCP service is often
> down. I need to allow them to do an ipconfig /release and renew without
> admin rights.
>
> Any ideas?
>
> Thanks
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 9690
Joined: Mon Nov 27, 2006 1:10 pm

Postby Bill Castner » Mon Dec 18, 2006 5:54 pm

The internals of the 'Repair' command are as follows:

• Disables, the re-enables the adapter. This is done with the equivalent of Device Manager calls using these APIs and the Netsh helper service APIs.
• Attempts to renew the DHCP lease, if the connection obtains its IP address through DHCP, using a broadcast message.
• Flushes the Address Resolution Protocol (ARP) cache using the command:
arp -d *
• Flushes the NetBIOS cache using the command:
nbtstat -R
• Flushes the DNS cache using the command:
ipconfig /flushdns
• Reregisters the NetBIOS name and IP address with WINS using the command:
nbtstat -RR
• Reregisters the computer name and IP address with DNS using the command
ipconfig /registerdns

To permit your Laptop Users all of these actions, make them members of the Network Configuration Operators Group. This is decidedly not the same as making them Administrators, it just permits the configuration of IP settings. Nor is this a Rights issue, per se. It is fundamentally a DACL issue. (And nor does this allow changes to the network configuration of the DC).

You can use NET LOCALGROUPS for this either in a script run remotely, or in the logon script for the users:

net localgroup "Network Configuration Operators" Users /add

Remember that predefined Domain Global Groups will not help in this instance. (You should be able to use Group Policy Restricted Groups to automatically change membership of local groups, and what is required here is a Group nested change in the membership in the local Group: Network Configuration Operators.) This is to some extent dependent on the Mode of your Domain.



"
Last edited by Bill Castner on Mon Dec 18, 2006 8:04 pm, edited 4 times in total.
Bill Castner
 
Posts: 119
Joined: Wed Nov 29, 2006 12:26 am
Location: Chevy Chase, MD

Postby Big Brother » Mon Dec 18, 2006 6:09 pm

Hi There,

I am sure i will help you in this within this week till the weekend, however, can you tell me about your system ? windows version, what rights they have right now ? normal users ? etc.......
Big Brother
 
Posts: 3
Joined: Wed Nov 29, 2006 4:47 pm

Postby guest » Mon Dec 18, 2006 8:59 pm

Thank you for the reply.

This is XP pro with SP2 in a workgroup network. I logon a regular user. When try to release/renew the IP using this command: ipconfig /release, I receive this message: An error occurred while releasing interface... Access is denied.
Tablet and Smartphone Setup Guide
http://www.quicksetupguide.com

Troubleshooting Vista Wireless
http://chicagotech.net/
guest
 
Posts: 9690
Joined: Mon Nov 27, 2006 1:10 pm

Postby Big Brother » Mon Dec 18, 2006 9:16 pm

Hi Again,

Sorry but, how many machines have this problem? u said workgroup, are the machine(s) are under the workgroup permission, or the active directory policy, i believe the last is override, but i need to know the case.

Whats the active directory version (2000 or 2003) ?

Check the APIPA configuration on the DHCP side.
Big Brother
 
Posts: 3
Joined: Wed Nov 29, 2006 4:47 pm


Return to Windows

Your Ad Here

Who is online

Users browsing this forum: No registered users and 3 guests