Sysinternals Homepage
Forum Home Forum Home > Windows Discussions > Internals
  New Posts New Posts RSS Feed - Change IP without password admin
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Change IP without password admin
 Post Reply Post Reply
Author
Message
  Topic Search Topic Search  Topic Options Topic Options
dhia View Drop Down
Newbie
Newbie


Joined: 24 May 2006
Location: Tunisia
Status: Offline
Points: 1 		Post Options Post Options   Thanks (0) Thanks(0)   Quote dhia Quote  Post ReplyReply Direct Link To This Post Topic: Change IP without password admin
    Posted: 24 May 2006 at 3:57am

Hello,

How we can allow user to change his IP addresses without according the local administrator password.

Best regards
Back to Top
MP_ART View Drop Down
Senior Member
Senior Member
Avatar

Joined: 08 March 2006
Location: Russian Federation
Status: Offline
Points: 947 		Post Options Post Options   Thanks (0) Thanks(0)   Quote MP_ART Quote  Post ReplyReply Direct Link To This Post Posted: 24 May 2006 at 4:05am
It can be done by win32 interactive service that runs under admin/system account.
Back to Top
EP_X0FF View Drop Down
Senior Member
Senior Member
Avatar

Joined: 08 March 2006
Location: Russian Federation
Status: Offline
Points: 4753 		Post Options Post Options   Thanks (0) Thanks(0)   Quote EP_X0FF Quote  Post ReplyReply Direct Link To This Post Posted: 24 May 2006 at 11:36am
Maybe Group Policy (gpedit.msc) settings might help?
Back to Top
Pisnaz View Drop Down
Newbie
Newbie
Avatar

Joined: 24 May 2006
Location: Canada
Status: Offline
Points: 2 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Pisnaz Quote  Post ReplyReply Direct Link To This Post Posted: 24 May 2006 at 7:51pm
You could apply it throgh a script.  You just need to allow it to run as admin.  Either using a bat file with runas.  I'd suggest CPAU.exe allows admin pasword to be stored in the file.  Then use a vb script to change the ip called fom the bat file.

Sample VB from MS attached below.

Quote #Description
#Sets the IP address of a computer to 192.168.1.141, and sets the IP gateway to 192.168.1.100.

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colNetAdapters = objWMIService.ExecQuery _
    ("Select * from Win32_NetworkAdapterConfiguration where IPEnabled=TRUE")

strIPAddress = Array("192.168.1.141")
strSubnetMask = Array("255.255.255.0")
strGateway = Array("192.168.1.100")
strGatewayMetric = Array(1)
 
For Each objNetAdapter in colNetAdapters
    errEnable = objNetAdapter.EnableStatic(strIPAddress, strSubnetMask)
    errGateways = objNetAdapter.SetGateways(strGateway, strGatewaymetric)
    If errEnable = 0 Then
        WScript.Echo "The IP address has been changed."
    Else
        WScript.Echo "The IP address could not be changed."
    End If
Next
   


I am working on similar items currently this will be one I proably modify to run automated without the possibility of my admin password being viewed.  CPAU does allow a method for protecting the file, to prevent recovery of the admin password. 

http://www.robvanderwoude.com/  < great site full of bat files /scripts

I will repost anything I stumble across/ hash out

Pisnaz

Forgot this till now

Quote netsh interface ip set address name="Local Area Connection" static 192.168.0.100 255.255.255.0 192.168.0.1 1


Netsh is a comand line way to interact with your network settings.    The above command will change ip, netmask, and gateway.  If only ipconfig was as powerful as ifconfig. 
http://www.petri.co.il/configure_tcp_ip_from_cmd.htm

Really good ref you may be able to use save / import features.  Some things like rundll32.exe can be called from the command line with system access (meaning users can use it to perform actions above thier access rights).  I am not sure about netsh I can confirm it tomorrow on my test system.

Pisnaz


Edited by Pisnaz - 24 May 2006 at 8:57pm
Back to Top
yafake View Drop Down
Newbie
Newbie


Joined: 18 June 2006
Status: Offline
Points: 27 		Post Options Post Options   Thanks (0) Thanks(0)   Quote yafake Quote  Post ReplyReply Direct Link To This Post Posted: 18 June 2006 at 5:12pm
Changing the IP address just requires being a member of the Network Configuration Operators group (or, well, an Administrat0r).

> CPAU does allow a method for protecting the file, to
> prevent recovery of the admin password.

Bullsh*t. One can modify to executeable to display the password in clear text instead of passing it to CreateProcessAsUser().

What about using Impersonation on a program without any credentials, f.e. with PolicyMaker Application Security? Now that's actually secure.
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down