• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Need help with a logon script for the domain user

S

Sunny Chan

#1
Hello everybody,

I am a Administrator in the Domain.I can let the users of Domain Admin to
change its IP address through the Logon script. But,how about the Domain
Users ?
I want to let the domain user change its IP address through the logon
script. How can I do ? Can someone help me edit the script to do that ?
 

My Computer

A

Al Dunbar

#2
"Sunny Chan" <cl_edp@xxxxxx> wrote in message
news:O%23KdKDpYJHA.1268@xxxxxx

> Hello everybody,
>
> I am a Administrator in the Domain.I can let the users of Domain Admin to
> change its IP address through the Logon script. But,how about the Domain
> Users ?
> I want to let the domain user change its IP address through the logon
> script. How can I do ? Can someone help me edit the script to do that ?
Your normal users (i.e. not domain admins) generally lack the privileges
required to modify the configuration of the workstations. This is a good
thing, as it keeps them from making changes that interfere with its ability
to function properly. Imagine, for example, if they were to set the IP
address to something not in your subnet.

But why is it that you want them to change the IP address? And how will your
logon script ensure that it will never cause duplicate IP addresses?

Why not let DHCP provide the IP addresses your workstations require?

/Al
 

My Computer

S

sunny

#4
Because I want to bind down the IP addresses to different users.So when
logon from the different computer,they can change themself IP address
through the logon script.



"Joe Blow" <joe@xxxxxx> дÈëÏûÏ¢ÐÂÎÅ:uMhF2$rYJHA.412@xxxxxx

> >
>> Why not let DHCP provide the IP addresses your workstations require?
>>
>> /Al
>>
>>
> Al,
>
> You took the words right out of my mouth!
>
> Joe
>
>
>
 

My Computer

R

Richard Mueller [MVP]

#5
IP addresses should be associated with computers, not users. In most cases,
users do not have permissions to change IP addresses, and they should not.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

"sunny" <sunny@xxxxxx> wrote in message
news:%23BwDALvZJHA.5124@xxxxxx

> Because I want to bind down the IP addresses to different users.So when
> logon from the different computer,they can change themself IP address
> through the logon script.
>
>
>
> "Joe Blow" <joe@xxxxxx>
> дÈëÏûÏ¢ÐÂÎÅ:uMhF2$rYJHA.412@xxxxxx

>> >
>>> Why not let DHCP provide the IP addresses your workstations require?
>>>
>>> /Al
>>>
>>>
>> Al,
>>
>> You took the words right out of my mouth!
>>
>> Joe
>>
>>
>>
>
>
 

My Computer

S

sunny

#6
Look at this Logon Script
************************************************************************************
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colNetAdapters = objWMIService.ExecQuery _
("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled =
True")
For Each objNetAdapter in colNetAdapters
objNetAdapter.SetGateways array()
next
************************************************************************************

How to let the Domain Users run this script before logon access by Logon
Script in Group Policy Object.



"Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx> дÈëÏûÏ¢ÐÂÎÅ:eKXVIZvZJHA.4520@xxxxxx

> IP addresses should be associated with computers, not users. In most
> cases, users do not have permissions to change IP addresses, and they
> should not.
>
> --
> Richard Mueller
> MVP Directory Services
> Hilltop Lab - http://www.rlmueller.net
> --
>
> "sunny" <sunny@xxxxxx> wrote in message
> news:%23BwDALvZJHA.5124@xxxxxx

>> Because I want to bind down the IP addresses to different users.So when
>> logon from the different computer,they can change themself IP address
>> through the logon script.
>>
>>
>>
>> "Joe Blow" <joe@xxxxxx> дÈëÏûÏ¢ÐÂÎÅ:uMhF2$rYJHA.412@xxxxxx

>>> >
>>>> Why not let DHCP provide the IP addresses your workstations require?
>>>>
>>>> /Al
>>>>
>>>>
>>> Al,
>>>
>>> You took the words right out of my mouth!
>>>
>>> Joe
>>>
>>>
>>>
>>
>>
>
>
 

My Computer

A

Al Dunbar

#7
"sunny" <sunny@xxxxxx> wrote in message
news:%23BwDALvZJHA.5124@xxxxxx

> Because I want to bind down the IP addresses to different users.
When I asked you "Why not let DHCP provide the IP addresses your
workstations require?" I was kind of hoping to get a reason somewhat more
rationale than "because I don't want to". I know you don't want to, I just
don't know why you don't want to, nor can I imagine a valid reason for this
posture.

> So when logon from the different computer,they can change themself IP
> address through the logon script.
That way lies madness. Once a user logs on and the IP is set, what will its
IP address be on that workstation when the user logs off? If the same, then
if the use logs on at another workstation, the script will be attempting to
create a duplicate IP address. There is a component designed to prevent this
problem automatically, and it is called DHCP.

/Al

>
>
>
> "Joe Blow" <joe@xxxxxx>
> дÈëÏûÏ¢ÐÂÎÅ:uMhF2$rYJHA.412@xxxxxx

>> >
>>> Why not let DHCP provide the IP addresses your workstations require?
>>>
>>> /Al
>>>
>>>
>> Al,
>>
>> You took the words right out of my mouth!
>>
>> Joe
>>
>>
>>
>
>
 

My Computer

A

Al Dunbar

#8
"sunny" <sunny@xxxxxx> wrote in message
news:OzjpmRxZJHA.556@xxxxxx

> Look at this Logon Script
> ************************************************************************************
> strComputer = "."
> Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
> Set colNetAdapters = objWMIService.ExecQuery _
> ("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled =
> True")
> For Each objNetAdapter in colNetAdapters
> objNetAdapter.SetGateways array()
> next
> ************************************************************************************
>
> How to let the Domain Users run this script before logon access by Logon
> Script in Group Policy Object.
Domain users cannot do anything before logging on, as they are not known as
domain users until they have been identified as such.

/Al

>
>
>
> "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx>
> дÈëÏûÏ¢ÐÂÎÅ:eKXVIZvZJHA.4520@xxxxxx

>> IP addresses should be associated with computers, not users. In most
>> cases, users do not have permissions to change IP addresses, and they
>> should not.
>>
>> --
>> Richard Mueller
>> MVP Directory Services
>> Hilltop Lab - http://www.rlmueller.net
>> --
>>
>> "sunny" <sunny@xxxxxx> wrote in message
>> news:%23BwDALvZJHA.5124@xxxxxx

>>> Because I want to bind down the IP addresses to different users.So when
>>> logon from the different computer,they can change themself IP address
>>> through the logon script.
>>>
>>>
>>>
>>> "Joe Blow" <joe@xxxxxx>
>>> дÈëÏûÏ¢ÐÂÎÅ:uMhF2$rYJHA.412@xxxxxx
>>>> >
>>>>> Why not let DHCP provide the IP addresses your workstations require?
>>>>>
>>>>> /Al
>>>>>
>>>>>
>>>> Al,
>>>>
>>>> You took the words right out of my mouth!
>>>>
>>>> Joe
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
 

My Computer

R

Richard Mueller [MVP]

#9
As noted by Al, this requires the users to manage IP addresses across the
network (to prevent duplicates), which is impossible. Just guessing, but
perhaps your real aim is to track which users are logged on by pinging some
IP address assigned to them. If so, this cannot work. What is your real
purpose?

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

"sunny" <sunny@xxxxxx> wrote in message
news:OzjpmRxZJHA.556@xxxxxx

> Look at this Logon Script
> ************************************************************************************
> strComputer = "."
> Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
> Set colNetAdapters = objWMIService.ExecQuery _
> ("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled =
> True")
> For Each objNetAdapter in colNetAdapters
> objNetAdapter.SetGateways array()
> next
> ************************************************************************************
>
> How to let the Domain Users run this script before logon access by Logon
> Script in Group Policy Object.
>
>
>
> "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx>
> дÈëÏûÏ¢ÐÂÎÅ:eKXVIZvZJHA.4520@xxxxxx

>> IP addresses should be associated with computers, not users. In most
>> cases, users do not have permissions to change IP addresses, and they
>> should not.
>>
>> --
>> Richard Mueller
>> MVP Directory Services
>> Hilltop Lab - http://www.rlmueller.net
>> --
>>
>> "sunny" <sunny@xxxxxx> wrote in message
>> news:%23BwDALvZJHA.5124@xxxxxx

>>> Because I want to bind down the IP addresses to different users.So when
>>> logon from the different computer,they can change themself IP address
>>> through the logon script.
>>>
>>>
>>>
>>> "Joe Blow" <joe@xxxxxx>
>>> дÈëÏûÏ¢ÐÂÎÅ:uMhF2$rYJHA.412@xxxxxx
>>>> >
>>>>> Why not let DHCP provide the IP addresses your workstations require?
>>>>>
>>>>> /Al
>>>>>
>>>>>
>>>> Al,
>>>>
>>>> You took the words right out of my mouth!
>>>>
>>>> Joe
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
 

My Computer

S

Sunny Chan

#10
Please look at this Logon Script
************************************************************************************
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colNetAdapters = objWMIService.ExecQuery _
("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled =
True")
For Each objNetAdapter in colNetAdapters
objNetAdapter.SetGateways array()
next
************************************************************************************
In this logon script , I just want to change the Gateways address !!!!! When
the Gateways address is null, the user can't connect to the Internet !!!

"Al Dunbar" <alandrub@xxxxxx> дÈëÏûÏ¢ÐÂÎÅ:uO32vxWaJHA.1336@xxxxxx

>
> "sunny" <sunny@xxxxxx> wrote in message
> news:%23BwDALvZJHA.5124@xxxxxx

>> Because I want to bind down the IP addresses to different users.
>
> When I asked you "Why not let DHCP provide the IP addresses your
> workstations require?" I was kind of hoping to get a reason somewhat more
> rationale than "because I don't want to". I know you don't want to, I just
> don't know why you don't want to, nor can I imagine a valid reason for
> this posture.
>

>> So when logon from the different computer,they can change themself IP
>> address through the logon script.
>
> That way lies madness. Once a user logs on and the IP is set, what will
> its IP address be on that workstation when the user logs off? If the same,
> then if the use logs on at another workstation, the script will be
> attempting to create a duplicate IP address. There is a component designed
> to prevent this problem automatically, and it is called DHCP.
>
> /Al
>

>>
>>
>>
>> "Joe Blow" <joe@xxxxxx> дÈëÏûÏ¢ÐÂÎÅ:uMhF2$rYJHA.412@xxxxxx

>>> >
>>>> Why not let DHCP provide the IP addresses your workstations require?
>>>>
>>>> /Al
>>>>
>>>>
>>> Al,
>>>
>>> You took the words right out of my mouth!
>>>
>>> Joe
>>>
>>>
>>>
>>
>>
>
>
 

My Computer

S

Sunny Chan

#11
Please look at this Logon Script
************************************************************************************
strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colNetAdapters = objWMIService.ExecQuery _
("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled =
True")
For Each objNetAdapter in colNetAdapters
objNetAdapter.SetGateways array()
next
************************************************************************************
In this logon script , I just want to change the Gateways address. Because
when
the Gateways address is nothing , the users can not connect to the Internet
!
I only want this.

"Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx> дÈëÏûÏ¢ÐÂÎÅ:uFEecsdaJHA.1528@xxxxxx

> As noted by Al, this requires the users to manage IP addresses across the
> network (to prevent duplicates), which is impossible. Just guessing, but
> perhaps your real aim is to track which users are logged on by pinging
> some IP address assigned to them. If so, this cannot work. What is your
> real purpose?
>
> --
> Richard Mueller
> MVP Directory Services
> Hilltop Lab - http://www.rlmueller.net
> --
>
> "sunny" <sunny@xxxxxx> wrote in message
> news:OzjpmRxZJHA.556@xxxxxx

>> Look at this Logon Script
>> ************************************************************************************
>> strComputer = "."
>> Set objWMIService = GetObject("winmgmts:\\" & strComputer &
>> "\root\cimv2")
>> Set colNetAdapters = objWMIService.ExecQuery _
>> ("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled =
>> True")
>> For Each objNetAdapter in colNetAdapters
>> objNetAdapter.SetGateways array()
>> next
>> ************************************************************************************
>>
>> How to let the Domain Users run this script before logon access by Logon
>> Script in Group Policy Object.
>>
>>
>>
>> "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx> дÈëÏûÏ¢ÐÂÎÅ:eKXVIZvZJHA.4520@xxxxxx

>>> IP addresses should be associated with computers, not users. In most
>>> cases, users do not have permissions to change IP addresses, and they
>>> should not.
>>>
>>> --
>>> Richard Mueller
>>> MVP Directory Services
>>> Hilltop Lab - http://www.rlmueller.net
>>> --
>>>
>>> "sunny" <sunny@xxxxxx> wrote in message
>>> news:%23BwDALvZJHA.5124@xxxxxx
>>>> Because I want to bind down the IP addresses to different users.So when
>>>> logon from the different computer,they can change themself IP address
>>>> through the logon script.
>>>>
>>>>
>>>>
>>>> "Joe Blow" <joe@xxxxxx> дÈëÏûÏ¢ÐÂÎÅ:uMhF2$rYJHA.412@xxxxxx
>>>>> >
>>>>>> Why not let DHCP provide the IP addresses your workstations require?
>>>>>>
>>>>>> /Al
>>>>>>
>>>>>>
>>>>> Al,
>>>>>
>>>>> You took the words right out of my mouth!
>>>>>
>>>>> Joe
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
 

My Computer

R

Richard Mueller [MVP]

#12
Then you can do it yourself remotely. Assign the NetBIOS name of the
computer to the variable strComputer. If you are a member of the group
"Domain Admins" you should have permission. By default the group "Domain
Admins" is made a member of the local Administrators group when the computer
is joined to the domain. I assume you have assigned one or more values for
Array(), something similar to

Array("192.168.1.100")

or

Array("192.168.1.100", "192.168.1.101")

See this link:

http://www.microsoft.com/technet/scriptcenter/scripts/network/client/modify/nwmovb23.mspx

As far as I know this only needs to be done once, not at every logon. You
can even code a script to modify several computers per a text file. You
could read computer names from a text file and assign the same IP address as
gateway for all at once. Perhaps similar to below:
==========
Option Explicit
Dim objFSO, strFile, objFile, strComputer
Dim objWMIService, colNetCards, arrGateways

Const ForReading = 1

' Specify text file with NetBIOS names of computers.
strFile = "c:\scripts\computers.txt"

' Open the file for read access.
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(strFile, ForReading)

' Specify IP address of gateway.
arrGateways = Array("192.168.1.100")

' Read the text file.
Do Until objFile.AtEndOfStream
strComputer = Trim(objFile.ReadLine)
' Skip blank lines.
If (strComputer <> "") Then
' Trap error if computer not available.
On Error Resume Next
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate}!\\" _
& strComputer & "\root\cimv2")
If (Err.Number = 0) Then
On Error GoTo 0
Set colNetCards = objWMIService.ExecQuery _
("Select * From Win32_NetworkAdapterConfiguration Where
IPEnabled = True")

For Each objNetCard in colNetCards
objNetCard.SetGateways(arrGateways)
Next
Else
On Error GoTo 0
Wscript.Echo "Computer " & strComputer & " not available.
End If
End If
Loop

' Clean up.
objFile.Close
=========
The computers must be available. If any are not, you can run the script
again for just the computers that were not available before. Normal users
would not be expected to have permissions to assign the IP address. An
alternative would be to run your script as a startup script, since startup
scripts run with system permissions on the local computer. However, this
means the script runs repeatedly, plus you are not sure when the IP address
has been assigned. Running the script yourself remotely might be the better
option.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

"Sunny Chan" <cl_edp@xxxxxx> wrote in message
news:u5ZmleoaJHA.1964@xxxxxx

> Please look at this Logon Script
> ************************************************************************************
> strComputer = "."
> Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
> Set colNetAdapters = objWMIService.ExecQuery _
> ("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled =
> True")
> For Each objNetAdapter in colNetAdapters
> objNetAdapter.SetGateways array()
> next
> ************************************************************************************
> In this logon script , I just want to change the Gateways address. Because
> when
> the Gateways address is nothing , the users can not connect to the
> Internet !
> I only want this.
>
> "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx>
> дÈëÏûÏ¢ÐÂÎÅ:uFEecsdaJHA.1528@xxxxxx

>> As noted by Al, this requires the users to manage IP addresses across the
>> network (to prevent duplicates), which is impossible. Just guessing, but
>> perhaps your real aim is to track which users are logged on by pinging
>> some IP address assigned to them. If so, this cannot work. What is your
>> real purpose?
>>
>> --
>> Richard Mueller
>> MVP Directory Services
>> Hilltop Lab - http://www.rlmueller.net
>> --
>>
>> "sunny" <sunny@xxxxxx> wrote in message
>> news:OzjpmRxZJHA.556@xxxxxx

>>> Look at this Logon Script
>>> ************************************************************************************
>>> strComputer = "."
>>> Set objWMIService = GetObject("winmgmts:\\" & strComputer &
>>> "\root\cimv2")
>>> Set colNetAdapters = objWMIService.ExecQuery _
>>> ("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled =
>>> True")
>>> For Each objNetAdapter in colNetAdapters
>>> objNetAdapter.SetGateways array()
>>> next
>>> ************************************************************************************
>>>
>>> How to let the Domain Users run this script before logon access by Logon
>>> Script in Group Policy Object.
>>>
>>>
>>>
>>> "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx>
>>> дÈëÏûÏ¢ÐÂÎÅ:eKXVIZvZJHA.4520@xxxxxx
>>>> IP addresses should be associated with computers, not users. In most
>>>> cases, users do not have permissions to change IP addresses, and they
>>>> should not.
>>>>
>>>> --
>>>> Richard Mueller
>>>> MVP Directory Services
>>>> Hilltop Lab - http://www.rlmueller.net
>>>> --
>>>>
>>>> "sunny" <sunny@xxxxxx> wrote in message
>>>> news:%23BwDALvZJHA.5124@xxxxxx
>>>>> Because I want to bind down the IP addresses to different users.So
>>>>> when logon from the different computer,they can change themself IP
>>>>> address through the logon script.
>>>>>
>>>>>
>>>>>
>>>>> "Joe Blow" <joe@xxxxxx>
>>>>> дÈëÏûÏ¢ÐÂÎÅ:uMhF2$rYJHA.412@xxxxxx
>>>>>> >
>>>>>>> Why not let DHCP provide the IP addresses your workstations require?
>>>>>>>
>>>>>>> /Al
>>>>>>>
>>>>>>>
>>>>>> Al,
>>>>>>
>>>>>> You took the words right out of my mouth!
>>>>>>
>>>>>> Joe
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
 

My Computer

A

Al Dunbar

#13
"Sunny Chan" <cl_edp@xxxxxx> wrote in message
news:u8ZElaoaJHA.4500@xxxxxx

> Please look at this Logon Script
> ************************************************************************************
> strComputer = "."
> Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
> Set colNetAdapters = objWMIService.ExecQuery _
> ("Select * From Win32_NetworkAdapterConfiguration Where IPEnabled =
> True")
> For Each objNetAdapter in colNetAdapters
> objNetAdapter.SetGateways array()
> next
> ************************************************************************************
> In this logon script , I just want to change the Gateways address !!!!!
> When the Gateways address is null, the user can't connect to the Internet
> !!!
Now that we finally realize that this is what you want (as opposed to
changing the IP address), Richard's solution would seem a more likely way
you could accomplish this.

/Al

> "Al Dunbar" <alandrub@xxxxxx>
> дÈëÏûÏ¢ÐÂÎÅ:uO32vxWaJHA.1336@xxxxxx

>>
>> "sunny" <sunny@xxxxxx> wrote in message
>> news:%23BwDALvZJHA.5124@xxxxxx

>>> Because I want to bind down the IP addresses to different users.
>>
>> When I asked you "Why not let DHCP provide the IP addresses your
>> workstations require?" I was kind of hoping to get a reason somewhat more
>> rationale than "because I don't want to". I know you don't want to, I
>> just don't know why you don't want to, nor can I imagine a valid reason
>> for this posture.
>>

>>> So when logon from the different computer,they can change themself IP
>>> address through the logon script.
>>
>> That way lies madness. Once a user logs on and the IP is set, what will
>> its IP address be on that workstation when the user logs off? If the
>> same, then if the use logs on at another workstation, the script will be
>> attempting to create a duplicate IP address. There is a component
>> designed to prevent this problem automatically, and it is called DHCP.
>>
>> /Al
>>

>>>
>>>
>>>
>>> "Joe Blow" <joe@xxxxxx>
>>> дÈëÏûÏ¢ÐÂÎÅ:uMhF2$rYJHA.412@xxxxxx
>>>> >
>>>>> Why not let DHCP provide the IP addresses your workstations require?
>>>>>
>>>>> /Al
>>>>>
>>>>>
>>>> Al,
>>>>
>>>> You took the words right out of my mouth!
>>>>
>>>> Joe
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
 

My Computer

Users Who Are Viewing This Thread (Users: 1, Guests: 0)