|
Posted by =?Utf-8?B?UGFjdC5UZWNo?= on November 4, 2007, 9:57 pm
If you were Registered and logged in, you could reply and use other advanced thread options
and accomplish this tast, I should leave the general configuration as "obtain
IP automatically" and "obtain DNS server automatically". However, under the
alternate configuration, I can use a static IP and ISP DNS server IPs,
correct? Then when DHCP is NOT available it will failover to the static IP.
Haven't gotten involved with group policy too much, so that option wasn't
going to work for me.
Thanks for any clarification or agreement.
"Roger Abell [MVP]" wrote:
> Your scenario is exactly one of the main reasons that the group
> I mentioned came into existence. It sounds like you have a user
> education issue since if the alternate net config is used the main
> network config is DHCP and on start it is used if possible with
> the alternate coming into play if it cannot be used (i.e. instead of
> failing over to an autonet IP). You would have an issue only if
> they were bringing a box out of standby/hibernate, in which case
> the GPO startup script would have no affect either. Anyway, you
> might want to look at the slow link detection feature and add some
> smarts to the startup script such as whether sysvol is reachable if
> you do decide to use one, but again, it seems to me that informing
> your users on how to use their new grant is the way to do this.
>
> Roger
>
> > Hi Roger,
> >
> > Thanks for the reply.
> >
> > I hadn't considered this group, didn't even really know about it, I
> > generally just keep things down to Users, or Administrators, so as to make
> > sure users don't get elevated privileges when they don't need them. But
> > looking at the MS pages on 'Network Configuration Operators' it doesn't
> > seem too risky to add users to this group, and it looks like it will
> > certainly solve some of our problems.
> >
> > I've found an nice script on TechNet that sets DHCP on IP enabled
> > adaptors, so I think I can add this as a computer startup script via GP,
> > and it should force any adaptor IP settings to reset. Not sure where the
> > script will run every time the users boots, including if they are out of
> > the office/on a client site! Do you know if startup scripts get cached
> > locally, or do they only run when connected to the network?
> >
> > Many thanks
> >
> > Ben
> >
> >> You have covered most of the options but seem to be overlooking
> >> the Network Configuration Operators group. The alternate network
> >> config is the way to go, as you mentioned, but you still have the issue
> >> that the fixed IP is only "fixed" per client site that does not use DHCP.
> >> Making them members of the indicated group should get you going.
> >>
> >>
> >>> Hi,
> >>>
> >>> We have our laptops locked down pretty tight, and the users aren't local
> >>> admins. This works pretty well internally as we run DHCP, and on clients
> >>> site who run DHCP, however some of our clients are running fixed IP
> >>> networks. This means if a user gets on site they may need to modify
> >>> their TCP/IP properties, which they can't do as a standard user.
> >>>
> >>> I know there is a group policy setting to allow/prohibit certain
> >>> sections of network connections (User Config > Admin Template > Network
> >>> > Network Connections) but this means they could come back into the
> >>> office with a non-standard IP settings, or even worse, a conflicting
> >>> address.
> >>>
> >>> Is there anyway to force a workstation back to DHCP when it comes into
> >>> the office? Or would it be possible to prohibit access to the general
> >>> TCP/IP settings tab, but allow users access to the Alternate Config tab?
> >>> This way they could modify the TCP/IP properties when DHCP isn't
> >>> available, but still get DHCP info when it is available.
> >>>
> >>> If there is a better way of doing this, please feel free to suggest!
> >>>
> >>> Many thanks
> >>>
> >>> Ben
> >>>
> >>
> >>
> >
> >
>
>
>
| 
XML site map