Route.exe command permissions


Recommended Posts

Our users need to be able to add a route with the route.exe command in Windows. However, it says they do not have permission ("access denied"). I really don't feel like going around to every single computer and giving people admin rights on their local machine just to let them have permission to do this. I shouldn't have to give them full local machine admin rights to do this. Is there some way to do it from the DC? Through Group Policy -- or something? I've tried adding them to the Network Configuration Operators group, but that does nothing.

The DC is Server 2003, and the workstations are both 2000 and XP Pro.

Link to comment
https://www.neowin.net/forum/topic/387645-routeexe-command-permissions/
Share on other sites

  King Rilian said:
Our users need to be able to add a route with the route.exe command in Windows.  However, it says they do not have permission ("access denied").  I really don't feel like going around to every single computer and giving people admin rights on their local machine just to let them have permission to do this.  I shouldn't have to give them full local machine admin rights to do this.  Is there some way to do it from the DC?  Through Group Policy -- or something?  I've tried adding them to the Network Configuration Operators group, but that does nothing.

The DC is Server 2003, and the workstations are both 2000 and XP Pro.

586699786[/snapback]

:huh: For what possible reason in the WORLD would a "USER" need to add a route??

Where exactly are they trying to route too? Their machines should route to the DEFAULT gateway on your network..

If for some reason routes need to be added to the local machines, then this should be done by the network admin - not users!

if you really need to do this do it true a "OU" and apply proper rights eg: admin rights.

then make sure replication is done right away like that it will send the signal to every machines that needs that, then you can have then log off and log back in or reboot there own unit.

but seriously dont do it, as per if they had there own routes then they will be able to bypass all your security settings and had new devices to the network to go around your policies. and use software you dont want them to on there box

I always thought that the object of having a router was to route (hence the name). Why would any user ever need to set their own routes? 99.999% of the time you never have to worry about routes. The rest of the time is for inter site communication where the router selects the shortest route first instead of the fastest route first. But then again if you are dependant on inter site connection, you should have a leased line.

  MazX_Napalm said:
Why would any user ever need to set their own routes?

586708232[/snapback]

I completely agree with you! But there could be cases where you need to set up routes that are internal to the network - not a common thing, but I think your 99.999% might be a bit of an exaggeration :p

For example some device tied to a local machine that uses tcp/ip to talk to the host machine.. but is not directly tied to the lan, only to the host computer.. Testing equipment, measurement devices, camera's, etc.. And and another machine on the local network also needs access.

Say your local network is 10.10.10.0/24 and some device connected to the 10.10.10.100 machine using the 192.168.1.0/24 network..

If only 1 or 2 other machines on the network need access to this device.. you might want to setup a route on these machines to talk to the 10.10.10.100 machine if they need to get a device say on 192.168.1.10

It is possible that the gateway device for the local network does not support additional routes, or acls, etc.. so the best course of action might be routes on the machines than need to be able to find this 192.168.1.10 device.

But this normally would not be handled by the user ;)

I am very curious to why a user would think he needs to be able to add routes on the fly? Or for that matter why an admin would want to give this right to a user ;)

  BudMan said:
:huh: For what possible reason in the WORLD would a "USER" need to add a route??

Where exactly are they trying to route too?  Their machines should route to the DEFAULT gateway on your network..

If for some reason routes need to be added to the local machines, then this should be done by the network admin - not users!

586706214[/snapback]

You know, BudMan, for as much knowledge as you know, you can be quite insulting. However, this time, you really didn't give any information on how to fix this problem. We know why our users have to add routes. I shouldn't have to explain the in's and out's of our program operations to people on some Internet message board.

Thanks for the help. :)

Why does everyone keep asking why our users need to change routes? Why do I have to explain the in's and out's of what we do? You don't need to know, so, if you know the answer, why can't you just say so?

Bottom line, here's why they need to change routes. They do a failover test for a network application -- a failover test that ROUTES TO A DIFFERENT SERVER. I'm not going into it more than that.

Everyone can be curious to their heart's content, but if you're not going to bother to even answer a question (and therefore just demonstrate that you don't actually know the answer) then stop posting here, and let someone who DOES know the answer give a response.

Edited by King Rilian

Dude this is a community - if you do not feel like giving us the details, them maybe we dont feel like answering your question.. ;)

Put them in the

Network Configuration Operators Group

http://support.microsoft.com/default.aspx?...8&Product=winxp

This gives them the ability to configure their local connection, I would think it should also give them the ability to add routes.. Though I have never actually needed to test it.

edit;

I just tested it - and yes it allows them to add routes.. :cool:

You must not have put them in the group on the local machine -- do you need help on how to do this? ;) I do not believe this available in 2k

Edited by BudMan
  BudMan said:
Dude this is a community - if you do not feel like giving us the details, them maybe we dont feel like answering your question.. ;)

Put them in the

Network Configuration Operators Group

http://support.microsoft.com/default.aspx?...8&Product=winxp

This gives them the ability to configure their local connection, I would think it should also give them the ability to add routes.. Though I have never actually needed to test it.

edit;

I just tested it - and yes it allows them to add routes..  :cool:

You must not have put them in the group on the local machine -- do you need help on how to do this? ;)  I do not believe this available in 2k

586716460[/snapback]

I've already tried this, and it doesn't work. I'm not sure why it doesn't work. Well, that's not entirely true. It works if I do it on the local machine, but, as you stated, it's only available in XP. Good advice, though, but for some reason it just doesn't work.

While I'm at it, let me tell everyone that I have also already tried to give them full admin rights to just the route.exe file, but that doesn't work either. They still need some sort of permission to change network settings (i.e. add routes).

Edited by King Rilian

Off the top, your stuck with 2k machines?? Easy solution would be to upgrade them to XP ;)

Other than that, I do believe to allow nonadmins to change network stuff you will need to set the permissions you desire on the registry keys in question

Im pretty sure the 2k Group Policy stuff was just to prevent even admins from accessing these settings - example;

http://www.microsoft.com/resources/documen....asp?frame=true

The issues of having to be admin to change networks settings in 2k and NT, etc.. was the reason they came up with the network operators group in XP - I thought ;)

Don't have alot of 2k boxes left around to play with to test it for you.

You will need to adjust the registry permissions on the key(s) in question to allow nonadmins to mess with these settings. A great tool for figuring out which keys are being accessed is regmon from sysinternals "free". Another great one is filemon..

These are great tools to have in figuring out EXACTLY what something is trying to do.. Which in your case can make sure the account trying to do it has the permissions on the objects it needs... I have used these tool many times in working out how to get a nonadmin account the ability to run a program that the maker says the user needs admin rights for.. ;)

If I find some time, maybe I'll take a look at it for you - since I do not recall off the top the reg keys.. But most likley somewhere around here;

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip

As to why we ask for details of what your doing - sometimes people get it in their head there is only one way to do something.. Which may be the HARD way of accomplishing what their after.. If we know WHAT your trying to do - maybe there is an easier way of doing it, etc..

As to me being "insulting" -- still not sure how asking a question is insulting? How is asking why a user would need to add/change routes insulting?

Edited by BudMan
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • 2025 finally the Year of Linux? LibreOffice explains "real costs" of Windows 11 by Sayan Sen A big change is coming to Windows PCs as Microsoft will soon end support for systems and devices running on Windows 10. As such, the company, alongside its partners like AMD, Asus, and Dell, have begun urging users to embrace the "mandatory Windows 11 upgrade." The problem is that not every PC out there will be able to do so, at least not officially, as Microsoft had declared higher requirements for Windows 11 and thus many systems would be left out. Redmond's official stance for such situations is that users get a new computer by dumping their older system. There is another option users have: switching to Linux. Back in January, earlier this year, ESET recommended that users do that if they can not upgrade from Windows 10 to 11 or perhaps when they do not want to. Last month, KDE launched a new campaign dubbed "Endof10", which encourages users to make the jump. The project page explains several of the benefits of Linux over an unsupported Windows 10 system, like security and privacy, among others. And it also published another post earlier this month welcoming such "Windows 10 exiles". Now, The Document Foundation, maker of LibreOffice, has also joined in to support the Endof10 initiative. The foundation writes: "You don’t have to follow Microsoft’s upgrade path. There is a better option that puts control back in the hands of users, institutions, and public bodies: Linux and LibreOffice. Together, these two programmes offer a powerful, privacy-friendly and future-proof alternative to the Windows + Microsoft 365 ecosystem." It further adds the "real costs" of upgrading to Windows 11 as it writes: "The move to Windows 11 isn’t just about security updates. It increases dependence on Microsoft through aggressive cloud integration, forcing users to adopt Microsoft accounts and services. It also leads to higher costs due to subscription and licensing models, and reduces control over how your computer works and how your data is managed. Furthermore, new hardware requirements will render millions of perfectly good PCs obsolete. .... The end of Windows 10 does not mark the end of choice, but the beginning of a new era. If you are tired of mandatory updates, invasive changes, and being bound by the commercial choices of a single supplier, it is time for a change. Linux and LibreOffice are ready — 2025 is the right year to choose digital freedom!" To help users with the migration from Windows to Linux, The Document Foundation has laid out some key steps on how to proceed: Start by testing Linux and LibreOffice on a second partition of your PC (for individuals) or in less critical departments (for companies). Check the compatibility of your software configuration with Linux and LibreOffice; most office tasks can easily be transferred or adapted with minimal effort. Build documentation to learn how Linux and LibreOffice work and organise training if necessary. Find a consultant who can help with the migration process, such as someone certified by the Linux Professional Institute or The Document Foundation (for LibreOffice). The foundation stresses how "important" it is to "start immediately" with the transition. You can find the full details about the announcement here in the official blog post.
    • Why is it that some people think we have a tinfoil hat mentality, as you put it, just because we don't want AI on our devices? As for MS or any other company looking at everything, it seems to be the thing these days that companies want to know all about us. Can't even go shopping these days without being asked if you have some sort of card that tell them what you are buying and who you are.
    • Until the employer looks right though the AI created letter and notice it is AI created. You will be surprised how many can tell, there is something about an AI created letter that stands out to some people.
    • Snapchat brings new features, including auto-saving for public Stories by David Uzondu Snapchat, which recently expanded to watchOS after a decade, is rolling out new tools for its creators. The company says people are watching more content than ever, so these updates are meant to help creators get more out of that attention. The new features focus on a few key areas: making video editing less of a hassle, showing who is actually watching, and saving posts that used to vanish forever. Video editing on the platform has always been a huge problem. The tools are fine for quick clips, but they get messy if you try to do anything more complex. A new Timeline Editor for creators in the US is coming "soon" to fix this. It shows your video clips in a simple timeline, letting you cut and move parts around without wanting to pull your hair out. You can still add all the usual Lenses and music on top of these edits. For even quicker edits, a "Create a Video" template is now available globally for iOS users. The idea is simple: you look through your saved Memories, pick a handful of photos or videos, and then choose a song from the app's library. After you select a template, Snapchat mashes it all together into a single compilation video for you. But making videos is only part of the job. To help people see if anyone is paying attention, new insights are also available. These stats give a much better idea of how an audience behaves. Instead of just one giant view number, creators can now track "Returning Viewers." This counts how many people watched their content at least 12 times in the last month. Other metrics include the "Spotlight Average View Rate," showing what percentage of a video people finished. You can also see "Views by Traffic Sources," which tells you if people found you from the Discover page, search, or their own feed. Finally, there is a new "Auto-Save Stories to Public Profiles" feature. For years, the whole point of a Snapchat Story was that it was temporary. This new option, which is rolling out to creators globally, automatically saves public Stories to a creator's profile. Snapchat notes that the new feature "helps creators build a lasting collection of their best moments, giving fans a deeper look into their creative journey and making it easier to keep content alive, accessible, and meaningful over time."
    • I did not think it could be removed, all it does is remove the icon, co-pilot is still there as far as I know. Also don't forget the other apps it is in. What is needed is a simple thing to click to remove co-pilot and any AI rubbish from the computer, just like I can on my Mac.
  • Recent Achievements

    • One Month Later
      POR2GAL4EVER earned a badge
      One Month Later
    • One Year In
      Orpheus13 earned a badge
      One Year In
    • One Month Later
      Orpheus13 earned a badge
      One Month Later
    • Week One Done
      Orpheus13 earned a badge
      Week One Done
    • Week One Done
      serfegyed earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      562
    2. 2
      ATLien_0
      256
    3. 3
      +Edouard
      163
    4. 4
      +FloatingFatMan
      156
    5. 5
      Michael Scrip
      109
  • Tell a friend

    Love Neowin? Tell a friend!