Solve : I.P. address?

1.	Solve : I.P. address?
Answer» There are 50 pcs in our local network.some of he pcs are provided with internet IP address & only these pcs have permission to access the Internet. So the other users are hacking the IP addresses and using internet services. We want to prevent them from editing I.P. address in network properties window. Please HELP me out.So your router is configured to block certain IP addresses from accessing the internet, right? You could always try changing the users computers that AREN'T allowed to access the internet to have a limited user account. On the computer(s) you don't want on the internet you can use gpedit.msc to deny them the ability. Click start, (on xp then click run) type "gpedit.msc" go to User Configuration>Administrator Templates>Network>Network Connections. Double click Prohibit access to properties of a LAN connection, set to enable. You can adjust what else you need to also. Just don't let them see you do this then they can change it back! Good LuckIt sounds like you have a big problem and need to hold the people who are hacking IP address accountable for their actions. There are several commercial programs that monitor all computer useage. There are some that are specifically designed to monitor internet useage. With an internet monitoring program you could even turn on internet useage for EVERYONE, and monitor who goes where and for how long. There's a big difference between someone who goes to weather.com for a minute and someone that spends all day on a porn site. If you gave internet access to everyone, you would need to lay out the rules, let them know they are being monitored, and what the consequences for abuse would be.Assuming all of your computers are Windows, Group Policy would be the best way to do it. Is your network part of a domain or a workgroup? In a domain structure, you can set the group policy in Active Directory, which would be the most efficient way to do it. If you're on a workgroup, you'll have to go to each computer individually and set group policy as joe3fl stated. Without knowing more about your network infrastructure, we can't really give much more advice.Quote from: prasil on August 10, 2010, 10:48:18 AM hi friend, i understand your situation please try this site ..... to help you, i think it may help you out.. Don't spam our forums. (Reported)Quote from: psk1977 on August 03, 2010, 11:25:37 PM There are 50 pcs in our local network.some of he pcs are provided with internet IP address & only these pcs have permission to access the Internet. So the other users are hacking the IP addresses and using internet services. We want to prevent them from editing I.P. address in network properties window. Please help me out. What are you using to control which IPs have access? I know in ISA Server 2004/2006 (and, presumably Forefront THREAT Management Gateway 2010) there are plenty of options for RESTRICTING Internet access. Instead of using IP addresses, try prohibiting User Names instead. It's a lot easier to control that instead of having to make a ton of DHCP reservations or manually assigning static IPs to every PC. Either way, if users within the network are changing their IP addresses, then not only do they need to be accountable, but a Group Policy should be in place preventing them from doing that in the first place. User Configuration -> Administrative Templates -> Network -> Network Connections: Enable "Prohibit Access to the properties of a LAN connection" User Configuration -> Administrative Templates -> Start Menu and Taskbar: Enable "Remove Run menu from Start Menu" User Configuration -> Administrative Templates -> Control Panel Enable "Prohibit Access to the Control Panel" User Configuration -> Administrative Templates -> Desktop Enable "Hide Network Locations from Desktop" User Configuration -> Administrative Templates -> System -> CTRL+ALT+DEL options Enable "Remove Task Manager" User Configuration -> Administrative Templates -> System Enable "Prevent access to REGISTRY editing tools" Enable "Prevent access to the command prompt" You could simply establish one DMZ on the network for internet usage and one DMZ on the network without internet usage. Then just apply the corrispoding IP Adress to the corrisponding computors and make the administrator the only one with capabilities of changing the IP Adresses. Sounds like you got a roudy bunch of computer nerds working for you.

Answer»

There are 50 pcs in our local network.some of he pcs are provided with internet IP address & only these pcs have permission to access the Internet. So the other users are hacking the IP addresses and using internet services. We want to prevent them from editing I.P. address in network properties window. Please HELP me out.So your router is configured to block certain IP addresses from accessing the internet, right?

You could always try changing the users computers that AREN'T allowed to access the internet to have a limited user account. On the computer(s) you don't want on the internet you can use gpedit.msc to deny them the ability.

Click start, (on xp then click run) type "gpedit.msc" go to User Configuration>Administrator Templates>Network>Network Connections. Double click Prohibit access to properties of a LAN connection, set to enable. You can adjust what else you need to also. Just don't let them see you do this then they can change it back!

Good LuckIt sounds like you have a big problem and need to hold the people who are hacking IP address accountable for their actions.

There are several commercial programs that monitor all computer useage. There are some that are specifically designed to monitor internet useage. With an internet monitoring program you could even turn on internet useage for EVERYONE, and monitor who goes where and for how long.

There's a big difference between someone who goes to weather.com for a minute and someone that spends all day on a porn site.

If you gave internet access to everyone, you would need to lay out the rules, let them know they are being monitored, and what the consequences for abuse would be.Assuming all of your computers are Windows, Group Policy would be the best way to do it. Is your network part of a domain or a workgroup? In a domain structure, you can set the group policy in Active Directory, which would be the most efficient way to do it. If you're on a workgroup, you'll have to go to each computer individually and set group policy as joe3fl stated.

Without knowing more about your network infrastructure, we can't really give much more advice.Quote from: prasil on August 10, 2010, 10:48:18 AM

hi friend, i understand your situation please try this site ..... to help you, i think it may help you out..

Don't spam our forums. (Reported)Quote from: psk1977 on August 03, 2010, 11:25:37 PM

There are 50 pcs in our local network.some of he pcs are provided with internet IP address & only these pcs have permission to access the Internet. So the other users are hacking the IP addresses and using internet services. We want to prevent them from editing I.P. address in network properties window. Please help me out.

What are you using to control which IPs have access?

I know in ISA Server 2004/2006 (and, presumably Forefront THREAT Management Gateway 2010) there are plenty of options for RESTRICTING Internet access. Instead of using IP addresses, try prohibiting User Names instead. It's a lot easier to control that instead of having to make a ton of DHCP reservations or manually assigning static IPs to every PC.

Either way, if users within the network are changing their IP addresses, then not only do they need to be accountable, but a Group Policy should be in place preventing them from doing that in the first place.

User Configuration -> Administrative Templates -> Network -> Network Connections:
Enable "Prohibit Access to the properties of a LAN connection"

User Configuration -> Administrative Templates -> Start Menu and Taskbar:
Enable "Remove Run menu from Start Menu"

User Configuration -> Administrative Templates -> Control Panel
Enable "Prohibit Access to the Control Panel"

User Configuration -> Administrative Templates -> Desktop
Enable "Hide Network Locations from Desktop"

User Configuration -> Administrative Templates -> System -> CTRL+ALT+DEL options
Enable "Remove Task Manager"

User Configuration -> Administrative Templates -> System
Enable "Prevent access to REGISTRY editing tools"
Enable "Prevent access to the command prompt"
You could simply establish one DMZ on the network for internet usage and one DMZ on the network without internet usage. Then just apply the corrispoding IP Adress to the corrisponding computors and make the administrator the only one with capabilities of changing the IP Adresses. Sounds like you got a roudy bunch of computer nerds working for you.

Solve : I.P. address?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment