Stop client from changing nstatic IP address

Page 1 of 2 12 LastLast
  1.    #1

    Stop client from changing nstatic IP address


    Is it possible to stop someone changing their IP address, or setting their system to DHCP? I have ACLs defined and somone is changing their IP address to get around the rules. This only applies to one rogue person who just won't play by the rules, so I'd prefer not to make everyone suffer because of one rebel.

    Eg. A registry change? Remove/Disable the network configuration?

    thanks
    Tanya
      My Computer


  2. Posts : 2,726
    Windows 7 Ultimate 64bit
       #2

    Hiya

    If you don't mind me asking, What OS is on the clients machines ? and are you using a server (if so which OS please) or is it just a peer to peer network with a router using DHCP ?
      My Computer


  3. Posts : 36
    Windows 7 Home Premium x64
       #3

    If you're using a Router maybe doing as I do and setting each IP a reserved address might help.

    I have Netgear Router and it allows me to assign an IP address to each device on the Network. As this is tied to the devices MAC address, depsite them all using Auto DHCP configurations the router will always make sure each device gets the same address everytime.
    Stop client from changing nstatic IP address-clipboard01.jpg

    You could limit the IP address range to just cover the number of devices in your Network, then if someone did try to bypass DHCP they couldn't get a different IP as they would all be reserved with no "spares".
      My Computer


  4. Posts : 1,170
    XP Pro SP3 X86 / Win7 Pro X86
       #4

    Tiffer said:
    If you're using a Router maybe doing as I do and setting each IP a reserved address might help.

    I have Netgear Router and it allows me to assign an IP address to each device on the Network. As this is tied to the devices MAC address, depsite them all using Auto DHCP configurations the router will always make sure each device gets the same address everytime.
    Stop client from changing nstatic IP address-clipboard01.jpg

    You could limit the IP address range to just cover the number of devices in your Network, then if someone did try to bypass DHCP they couldn't get a different IP as they would all be reserved with no "spares".
    That only works if they have DHCP running...

    If they are changing static IPs DHCP reservations do nothing.
      My Computer


  5. Posts : 36
    Windows 7 Home Premium x64
       #5

    Yes but if you reserved say addresses 192.168.2.2 to 192.168.2.6 on a 5 device Network and limited the Starting and Ending IP address range to just those 5 then surely the router wouldn't allow access to someone trying to use say 192.168.2.7 as it was out of this range.

    They couldn't use any of the available 5 as they would all be assigned to particular MAC addresses. Unless of course they were clever enough to go down the MAC spoofing avenue!

    If that's not the case I think the Router is maybe not as clever as its made out to be by some sources.
      My Computer


  6. Posts : 1,170
    XP Pro SP3 X86 / Win7 Pro X86
       #6

    Yanta said:
    Is it possible to stop someone changing their IP address, or setting their system to DHCP? I have ACLs defined and somone is changing their IP address to get around the rules. This only applies to one rogue person who just won't play by the rules, so I'd prefer not to make everyone suffer because of one rebel.

    Eg. A registry change? Remove/Disable the network configuration?

    thanks
    Tanya
    Tanya... There are ways in the Security Policy to prevent people from accessing certain control panel applets, etc... You could also set a deny security flag on the network control panel applet....

    However... Having many times been asked to fix the carnage caused by the unchained child-mind, please let me suggest you might be further ahead addressing the source of the problem. What you risk by playing cat and mouse is that it will be seen as a challenge and the game will simply begin to escallate... which I'm pretty sure isn't what you want.

    Far better I would think, to address at the "What the hell do you think you're trying to pull" level... You didn't say whether this was a work, home or school environment but in any event, confronting the bad actor is likely the only way you're going to stop it.
      My Computer


  7. Posts : 1,170
    XP Pro SP3 X86 / Win7 Pro X86
       #7

    Tiffer said:
    Yes but if you reserved say addresses 192.168.2.2 to 192.168.2.6 on a 5 device Network and limited the Starting and Ending IP address range to just those 5 then surely the router wouldn't allow access to someone trying to use say 192.168.2.7 as it was out of this range.

    They couldn't use any of the available 5 as they would all be assigned to particular MAC addresses. Unless of course they were clever enough to go down the MAC spoofing avenue!

    If that's not the case I think the Router is maybe not as clever as its made out to be by some sources.
    Ahhh... now I see where you're going... good idea ...
      My Computer


  8. Posts : 28,845
    Win 8 Release candidate 8400
       #8

    Yanta said:
    Is it possible to stop someone changing their IP address, or setting their system to DHCP? I have ACLs defined and somone is changing their IP address to get around the rules. This only applies to one rogue person who just won't play by the rules, so I'd prefer not to make everyone suffer because of one rebel.

    Eg. A registry change? Remove/Disable the network configuration?

    thanks
    Tanya
    Shoot the person, leave the NIC. You can make the network control panel read only and owned by admin.

    You can force that mac address to=set ip in router. If he changes the IP the router wont pass it to the internet.

    If there are only a few machines on the subnet you can define them all in the router, then block the rest of the subnet.

    We need some more info

    Ken
      My Computer

  9.    #9

    PooMan UK said:
    Hiya

    If you don't mind me asking, What OS is on the clients machines ? and are you using a server (if so which OS please) or is it just a peer to peer network with a router using DHCP ?
    Clients are using WIndows 7 ultimate.

    Yes, I have a server for our home web site, a syslog server and file storage. It runs Windows XP Sp3.
      My Computer

  10.    #10

    >Shoot the person,

    leave the NIC. You can make the network control panel read only and owned by admin.

    >You can force that mac address to=set ip in router. If he changes the IP the >router wont pass it to the internet.

    If there are only a few machines on the subnet you can define them all in the router, then block the rest of the subnet.

    We need some more info

    Ken[/QUOTE]

    I like the way u think. Unfortunately, I need him to pay rent

    I'll see if this D-Link allows me to do match MAC addresses to IP address.

    There are 11 Windows 7 machines, 1 XP (used as a small server), 4 ipod/iphones (which use DHCP), a PC3, a Wii and an XBox.

    The router is a D-Link DIR-655, which is very limited in it's capacity (32 IP addresses in ACLS, and 40 website filters etc). Internet is a cable connection. I use 192.168.1.x for the network. I currently use 101-106 for the DHCP addresses, basically to allow only the iphones/ipods. I have a rule that blocks all internet access for all addresses outside 192.168.1.14 - 192.168.1.100, and 192.168.1.107 - 192.168.1.249. Router is at 192.168.1.250. And 251-255 are also blocked.

    The website I created delivers tailored content based on IP address. So each person sees their version of the website. hence why I have used static IP addresses.

    I thought I had it tight enough, but he manages to grab one of the DHCP addresses.

    thanks for your help.
      My Computer


 
Page 1 of 2 12 LastLast

   Please note
Unregistered, once your issue is resolved, please remember to thank those that have helped you and mark the thread as Solved

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 11:35.
Find Us