"Network Configuration Operators" & SP2

  • Thread starter Thread starter bmgoodmanva
  • Start date Start date
B

bmgoodmanva

Prior to SP2 I had added my users to the local "Network Configuration
Operators" local group. This allowed them to change their IP-related
information (static-to-dynamic and back again, enable/disable, etc.).
I have built a new image with SP2, but I find that users cannot change
any IP-related information. In fact, there seems to be a disconnect
(at times) between what the GUI shows and what you can see from a
command prompt.

For example, as an admin, I changed from DHCP to static and assigned IP
info. I was not prompted to reboot. The GUI and IPCONFIG show the
static info I just assigned. I then logged out and logged in as a
member of the "Network Configuration Operators" group. I tried to
change from static to DHCP. I was prompted to reboot. I again logged
in as a member of NCO. Now, when I pull up the properties for TCP/IP,
the gui shows "Obtain an IP address automatically" and "Obtain DNS
server address automatically". When I type ipconfig, though, I still
see the static ip info that I configured as an admin. When I try to
ipconfig /release, I get a message "The operation failed as no adapter
is in the state permissible for this operation." This is what I would
expect to see when using a static address. So, although I am allowed
to make changes through the GUI, as a member of NCO, I am always
prompted to reboot, and, after rebooting, I can see no changes to the
configuration. This used to work.

I have seem comments of issues with NCO under SP2, but these seem like
speculation. I cannot find any hard facts.

Can anybody help?
 
I would suggest you post this also in the
Microsoft.public.windowsxp.network_web newsgroup to see if any of the
network gurus there have seen or heard of this. I have not had that problem
on my XP Pro SP2 computers. --- Steve
 
It seems related to security settings applied to the computers. I have
added "network configuration operators" to the
HKLM\SYSTEM\CurrentControlSet\Services\tcpip and gave the group
everything except (full control and Write Owner). This seemed to allow
non-admins in the NCO group to adjust TCP properties; however, Windows
wants a reboot after changes. There is also still some inconsistency
between what is shown in the GUI vs. what you can see at the CMD prompt
using ipconfig. Clearly there are more things that need looser
permissions. I would appreciate it if anybody could provide
information on what items specifically need to be adjusted so that I
can completely restore the NCO functionality. Thanks.
 
t seems related to security settings applied to the computers. I have
added "network configuration operators" to the
HKLM\SYSTEM\CurrentControlSet\Services\tcpip and gave the group
Full Control. This seemed to allow
non-admins in the NCO group to adjust TCP properties; however, Windows
wants a reboot after changes. Clearly there are more things that need
looser
permissions. I would appreciate it if anybody could provide
information on what items specifically need to be adjusted so that I
can completely restore the NCO functionality. Thanks.
 
[email protected] said:
It seems related to security settings applied to the computers. I have
added "network configuration operators" to the
HKLM\SYSTEM\CurrentControlSet\Services\tcpip and gave the group
everything except (full control and Write Owner). This seemed to allow
non-admins in the NCO group to adjust TCP properties; however, Windows
wants a reboot after changes. There is also still some inconsistency
between what is shown in the GUI vs. what you can see at the CMD prompt
using ipconfig. Clearly there are more things that need looser
permissions. I would appreciate it if anybody could provide
information on what items specifically need to be adjusted so that I
can completely restore the NCO functionality. Thanks.
Click to expand...

had a request to try and stop windows from asking for a reboot after a user with NCO changed the ip address of the system. after looking online and a bit of trouble shooting. you need to allow full control for the NCO group to the registry key GUID for Network Adapters beneath "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\"
once they have rights to this key windows no longer asks for a reboot.
 
Back
Top