Force Windows user to a specific IP address?

T

TCM2

Gawd
Joined
Oct 17, 2013
Messages
572
Hi,

is there a way to force all applications of several Windows users to use a different local IP address? So user A has all his applications bind to .1, user B traffic only comes from .2 etc.

I know about ForceBindIP but it doesn't work with all applications.

Edit: No suggesting VMs please, I'm exactly trying to move away from that since it's overkill for the task.

Thx
 
You want the IP address to follow the user, regardless of the computer they log on to?
 
I want a multi-homed[1] Windows box with multiple concurrent users, where each user uses a different local IP address so I can classify traffic further down the path.

The box has e.g. 10.0.0.1, .2, .3 and .4 and user 1 traffic uses .1 as the source address for all connections, user 2 uses .2 and so on. This is trivial in BSD but I need the functionality for Windows programs without running 4 VMs.

[1] Yeah not really multi-homed. It has multiple aliases.
 
Last edited:
possibly some startup script to set the network settings, think they would have to log on first once tho
 
The users are supposed to run programs concurrently, i.e. login user 1, run program, switch to user 2, run program, ..., so changing network settings it out, too.

Looks like this is really not possible.
 
This isn't exactly possible because IP addresses are not assigned to user accounts, they're assigned to interfaces (real or virtual)

You CAN however use virtual machines (VDI) on the same physical box and assign users to virtual machines through something like XenDesktop. But there's no way to get two users logged into the same exact machine and assign them different IP addresses.

Another thing that MIGHT work for you is to create a proxy server that requires user authentication. Whatever they're doing would have to support some type of authenticated proxy connection, you could then monitor their traffic by monitoring the user account that its coming from.
 
I think what the OP wants is probably possible, but I'm not sure the solution exists as not many people would use it.

In a terminal server, you can give each user a separate IP address. An example of this use would be where a Server has 100 users logged into it, each running applications. These applications might have some sort of security requirement that dictates that each user must have it's own IP address and not share one. The terminal server can generate and use a unique IP address for each session so the applications for that user all communicate using an IP address that is unique to that session.

It's virtualized IP addressing...
 
You must log in or register to reply here.
Back
Top