• Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
    Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.

Purposefully wrong IP address.

S

steelman2202

Limp Gawd
Joined
Oct 26, 2005
Messages
349
Hello, I hope you all can help me with this odd situation that I'm stuck in.

I have a Win7x64 PC that needs access to 2 networks, but not at the same time. (there is a private VLAN that I don't want to give all users access). The user that needs to change the network configuration is in the network configuration users group.

The PC has two Ethernet adapters. I thought I would be able to script the ethernet adapters to enable and disable on logon/logoff using WMI/powershell or NETSH, but I can't. I think it requires full admin access, and not a just network configuration user role.

However, given that role - the user is able to change IP address/subnet mask/etc. And this I am able to do via NETSH, and thus script. Here's the question:

Is it possible to set such an IP address to ensure that no communication occurs over the network? The two networks are (165.x.x.x - public IP's) and (10.x.x.x).

EDIT:
To clarify - I am trying to do this, because I CANNOT script the network adapter to turn on and off via logon/logoff events without giving users admin rights.
 
Last edited:
Why not setup proper routing rules between the networks and firewall so that only that workstation can access?

Or is it a shared workstation?
 
Sounds like the same computer. Couldn't you just set up another user account and disable the other NIC then set up a Group Policy to prevent them from messing with the settings?
 
And you're also taking a PC and plugging it into the public network, then your private network, back and forth?

That sounds like a good way to get viruses unless you have firewalls on both networks.
 
Grentz said:
Why not setup proper routing rules between the networks and firewall so that only that workstation can access?

Or is it a shared workstation?
Click to expand...

The workstation is a shared machine in a meeting space. There are two groups of people that need to use it, and each one of them needs access to a separate network. It is due to get very light use - web browsing and powerpoints, so I was hoping to avoid having two light use machines in one space.

Liger88 said:
Sounds like the same computer. Couldn't you just set up another user account and disable the other NIC then set up a Group Policy to prevent them from messing with the settings?
Click to expand...

Yes, it is the same computer, and yes I can keep the users from messing with the settings - the trouble is, a set of users need to access one network, and another set needs to access a different network. But I don't want anyone to have access to both networks at the same time.

jjeff1 said:
And you're also taking a PC and plugging it into the public network, then your private network, back and forth?

That sounds like a good way to get viruses unless you have firewalls on both networks.
Click to expand...

Essentially yes, I am trying to toggle which network the machine is connected to, without having the users physically unplug the cables. Both of the lans have some firewalls in place, with the private one having no DHCP and no access to the outside world.

Sorry, I know this is a goofy way to go about it, but setting up a second PC in that space seems like such a waste.

It will probably have to be the way to go, though. Does my question make sense now?

Thanks!
 
You can add multiple IPs to a single network card. After you set a static IP, click advanced and add another subnet/mask.

I've been in the IT field for a while and only found out about it recently, it's super convenient. Not sure if it will help you with limiting users to a particular network but it's a useful tip and would allow you to ping both networks from a single NIC card.
 
vitalym said:
You can add multiple IPs to a single network card. After you set a static IP, click advanced and add another subnet/mask.

I've been in the IT field for a while and only found out about it recently, it's super convenient. Not sure if it will help you with limiting users to a particular network but it's a useful tip and would allow you to ping both networks from a single NIC card.
Click to expand...

Thank you for the suggestion! I did now know about that.

The only problem with our setup is that the two networks are on physically separate switches and would require different nics/network cables.

At least as far as I know, sadly my networking knowledge is not that great.

Any other suggestions/answers of the original question?
 
Could you do it by scripting a windows firewall rule? Don't know, just throwing it out there.
 
Can you dual boot the machine, each installation connected to a different network
 
"The only problem with our setup is that the two networks are on physically separate switches and would require different nics/network cables."
Either a dual boot machine..each machine only has NIC drivers for the right network its used with.
*or*
possibly some VM setup
 
are you on a domain network?

as said above you should be able to do a GPO or local security policy to disable a NIC pending on the logged in account

"You can use a Group Policy to disable the hardware required to connect, be it Wifi or Ethernet.

Alternately you can set up a limited user account, and use parental controls to disable all internet related software."

If the log in account is say a guest account you can disable the NIC under their account, then try to log into the other account to see if it is disabled or enabled.
 
You must log in or register to reply here.
Back
Top