Run logon script with different user credentials

Anything VBScript-related, including Windows Script Host, WMI, ADSI, and more.
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
User avatar
tech_soul8
Posts: 26
Meble kuchenne na zamówienie - na wymiar - Wrocław
Joined: Mon Apr 02, 2012 8:46 pm

Run logon script with different user credentials

Post by tech_soul8 »

Hello folks.

I just started to learn scriptnig but I need some help and I need it quickly as possible. I'm working on my final exam and I set up network with win 2003 server and xp clients. On win server 2003 I installed active directory service and I want to run some log on scripts on client computers through group policy. What I want to achive is change client ip address based on computer name through logon script. Now the problem is that I need administrative privileges to change ip address but users who logs on on client computers have user accounts.

I need some code to implement in my script so it can be run with domain administrative account on client machines regardless on currently logged on user credentials. The script looks something like this and this is just example script for one machine:

Dim strIPAddress
Dim strSubnetMask

strIPAddress = "192.168.100.39"
strSubnetMask = "255.255.255.224"

Set wshShell = WScript.CreateObject( "WScript.Shell" )
strComputerName = wshShell.ExpandEnvironmentStrings( "%COMPUTERNAME%" )
Set wshShell = WScript.CreateObject( "WScript.Shell" )
strComputerName = wshShell.ExpandEnvironmentStrings( "%COMPUTERNAME%" )
if strComputerName = "POGON" then _
Set objShell = WScript.CreateObject("Wscript.Shell")
objShell.Run "netsh interface ip set address name=""Local Area Connection"" static " & strIPAddress & " " & strSubnetMask, 0, True

While googling I found this code but I'm not shure that's what I need or I just don't know how to put all this peaces together:

Const WbemAuthenticationLevelPktPrivacy = 6

strComputer = "atl-ws-01"
strNamespace =

User avatar
tech_soul8
Posts: 26
Joined: Mon Apr 02, 2012 8:46 pm

Run logon script with different user credentials

Post by tech_soul8 »

Yes, I get exactly the same error you mention above:(

I know it's a little bit messy implementation and in real world scenario I wouldn't configure my domain that way but becouse of lack of equipment and other configuration problems I got (not to go in detail) my dhcp server servers only ip addresses from one pool of ip addresses and I want for some client machines to be on other subnet than one that dhcp issues to them. So in real world scenario that all would be achived through dhcp relay agent (router) which is connected to the subnet client machines issues dhcp broadcast but unfortunatelly I can't configure my network like that and that's the reason why I tought I could change ip addresses of some clients through logon script.

Thanks for the answer, now I know I must search for some other solutions.

jvierra
Posts: 14444
Joined: Tue May 22, 2007 9:57 am
Contact:

Run logon script with different user credentials

Post by jvierra »

Yes it can if you use superscopes and subnet merging. YOu can also use clases and assign an intereface to a class. Set DHCP scope to a class.

You are trying to reinvent the wheel and doing it the wrong way. YOu don't think other admins have the same problem.

If a router that is a dhcp relay is subnetted to a subnet of a superscope it will honor the superscope subnet.

Support multiple subnets with one DHCP server by configuring jvierra2012-04-03 09:26:44

User avatar
tech_soul8
Posts: 26
Joined: Mon Apr 02, 2012 8:46 pm

Run logon script with different user credentials

Post by tech_soul8 »

Yes I was trying with defining classes on client computers and than configure specific option for that class on dhcp server. Now I'm going little bit off the topic and I'm sorry for that but how can I configure dhcp server to issues ip addresses based on dhcp class?? I didn't find that option on dhcp server (I found options for example defining different router, time server etc...) but nothing for subnets???I also tryed with superscopes and tryed do assign multiple ip address to dhcp adapter but it didn't had any sense becouse dhcp requests packets are comming from the same subnet dhcp server is on so it issues ip addresses from that range of ip addresses. Thanks again for helping me and pointing me to right direction.

jvierra
Posts: 14444
Joined: Tue May 22, 2007 9:57 am
Contact:

Run logon script with different user credentials

Post by jvierra »

Follow the instuctions in the documentation that I posted. There are many steps to set up DHCP correctly in WIndows and you need to understand what each does and why. The easiet way is th subnet at teh router and the proxy wil class it out correctly from a superscope.

This is a scripting forum and that is a networking question.

Also post in the MS Server forum for the server version you use.


User avatar
tech_soul8
Posts: 26
Joined: Mon Apr 02, 2012 8:46 pm

Run logon script with different user credentials

Post by tech_soul8 »

Thanks one more time for helping me and sorry for going off the topic and posting networking question on vbscript forum but I wanted to explain my problem from the background...

User avatar
tech_soul8
Posts: 26
Joined: Mon Apr 02, 2012 8:46 pm

Run logon script with different user credentials

Post by tech_soul8 »

Ok. Thanks!

User avatar
tech_soul8
Posts: 26
Joined: Mon Apr 02, 2012 8:46 pm

Run logon script with different user credentials

Post by tech_soul8 »

Yes, I understand that, but my biggest problem comes from the fact that I have only two net adapters on my router so everything begins from that point.

My router is on 192.168.0.6/30 and I added six alias ip addresses to route between subnetes.
This six alias ip addresses are:

192.168.100.62/28 for net 192.168.100.32
192.168.100.94/28 for net 192.168.100.64
192.168.100.126/28 for net 192.168.100.96
192.168.100.158/28 for net 192.168.100.128
192.168.100.190/28 for net 192.168.100.160
192.168.100.220/28 for net 192.168.100.192

My dhcp server is on 192.168.100.33/28 with def router 192.168.100.62. Everything is run within virtualbox so my clients always get ip addresses from range 192.168.100.32. Ok I understand that becouse in virtual box they are configured with host-only(private network) net adapter. But if this is real world scenario on my router I would be running dhcp relay agent and clients which issues dhcp discovery packets would get ip address from range 192.168.0.4/30 (becouse my routers real ip address is on 192.168.0.6/30)am I wright? So I was trying to find some solution to force certain client computers to get ip address from specific range I wanted them to have and I was trying to achive this through dhcp classes and later through logon script.

I know this shouldn't be implemented like this, but I have no other option becouse I want to make shure that everything will work just the way I set it up before passing my work to my professor. Of course if I have money than I would build test lab, buy layer 2,3 switches, set up vlans etc... Or put one dhcp server on each subnet and that's it. But unfortunatelly I'm sruggle with this clumsy implementation becouse it is the only way I could test it...

jvierra
Posts: 14444
Joined: Tue May 22, 2007 9:57 am
Contact:

Run logon script with different user credentials

Post by jvierra »

I don't think you understand. DHCP wil do that for you. Just crate a superscope with a scope defined for each subnet with the gateway for each defined. The dhcp relay will take care of the rest.

This is not a scripting issue. You will need to go to a networking forum to pursue this further.

Yes in a small netowrk your cross routing these addresses wil lwork but your nets are not routable over a WAN if they pass traffic across an Internet. They will work locally and outbound routing will work. Inbound routing is likely to fail.


jvierra
Posts: 14444
Joined: Tue May 22, 2007 9:57 am
Contact:

Run logon script with different user credentials

Post by jvierra »

You need to read the whole article carefully. It does a very clear job of explaining how the DHCP technology is designed to do this.

A subnet scope has a defined gateway. It has to if it is on a routed network. Each subnet has to have a different gateway address. (router LAN address in non-tech terms)

The scope and DHCP know this because when you ask to be routed and the IP is on the other side or the router the router puts its address into the request as it passes it on if it is a DHCP request.

The DHCP relay at the router or on a workstation on the local subnet knows by the router address which subnet it is on and asks the upstream DHCP server to serve an address for that subnet identified by the gateway address.


YOu have no subnets defined so you willnot get an address due the the router. Affing an alias puts a foreign address on your interface and cause the dhcp server to think you are on the main subnet so it gives you an address. YOU will have iissues because the router and the DHCP server think the pc is on two subnets on both sides of a router.

Follow the instuctions in the article and set up your DHCP correctly. It will be safer and will actually be somewhat faster becuse you may be getting loops on packets an you can have issues with broadcast packets. DHCP uses broadcasts to ask for service using the BOOTP and DHCP protocols.

Microsoft DHCP and DNS support BOOTP relay protocols natively and will work together to keep your systrem aware of where things are.



You have no subnets defined so you will not get an address due the router. Adding an alias puts a foreign address on your interface and cause the DHCP server to think you are on the main subnet so it gives you an address. YOU will have issues because the router and the DHCP server think the pc is on two subnets on both sides of a router.

Follow the instructions in the article and set up your DHCP correctly. It will be safer and will actually be somewhat faster because you may be getting loops on packets an you can have issues with broadcast packets. DHCP uses broadcasts to ask for service using the BOOTP and DHCP protocols.

Microsoft DHCP and DNS support BOOTP relay protocols natively and will work together to keep your system aware of where things are.


jvierra2012-04-05 17:29:37

Locked