Your IP:

Our Forums Have Moved!

Visit our new forums at http://community.opendns.com/forums/ to post on topics and read the latest content. These forums are now read-only archives.

K-12 Forums

Talk with other K-12 network administrators in your state.

Or see all states.

Categories

Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.

This discussion has been inactive for longer than 30 days, and is thus closed.
    • CommentAuthorkevinb70
    • CommentTimeJan 17th 2009
     permalink
    Windows XP Home - Here is how to setup OpenDNS with your limited accounts, but allow you as an Administrator to bypass OpenDNS so you have unrestricted internet access.

    This is using the PER COMPUTER OpenDNS setup, NOT router setup!

    Win XP Pro and above have better tools built-in to allow you to set DNS per user - under Adminstrative Tools -> Computer Management -> Local Users and Groups you can create per user/group Logon scripts to setup DHCP/OpenDNS. I'm not teaching that!

    As far as Vista Home, this probably won't work as names have been changed or something. This is specifically for XP Home since I setup a friend's PC - I typed up the instructions to post here since I hadn't found any solutions.

    Start off with all accounts having Administrator rights

    Go to Network Connections in Control Panel

    Under "LAN or High Speed Internet connection" rename "Local Area Network" to "LAN" - need to get the spaces out of the name so CPAU will work correctly within the registry

    Download CPAU from joeware.net and put it in C:\WINDOWS\cpau
    CPAU will allow changing network settings for limited users - because Network changes are now allowed in Limited accounts
    Limited users will not be able to delete these files as they are protected in the Windows directory - they will get "Cannot delete CPAU: Access is denied"

    Run these registry files from each account (files below):

    Admin Accounts:
    DHCPDNS.reg

    Limited User Accounts in this order:
    OpenDNS.reg
    DisableRegistryTools.reg

    DO NOT RUN DisableRegistryTools.reg from ANY Admin account!

    Make 2 registry files to Enable and Disable Registry editor

    DisableRegistryTools.reg (don't include the dashed lines)
    -------------------------------------------------------[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableRegistryTools"=dword:00000001
    -------------------------------------------------------

    EnableRegistryTools.reg
    -------------------------------------------------------[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    "DisableRegistryTools"=dword:00000000
    -------------------------------------------------------

    The DNS registry files:

    replace "admin" after -u with your admin account - avoid spaces - might cause issues if you have username with spaces
    replace "yourpassword" after -p with the admin password
    -registry is disabled for Limited users so they can't view the password without hacking tools

    OpenDNS.reg
    -------------------------------------------------------
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "opendns1"="C:\\WINDOWS\\cpau\\cpau -profile -u admin -p yourpassword -ex \"netsh interface ip add dns LAN addr=208.67.222.222\""
    "opendns2"="C:\\WINDOWS\\cpau\\cpau -profile -u admin -p yourpassword -ex \"netsh interface ip add dns LAN addr=208.67.220.220\""
    -------------------------------------------------------

    DHCPDNS.reg
    -------------------------------------------------------
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "logon"="netsh interface ip set dns LAN DHCP"
    -------------------------------------------------------

    PUT THESE REG FILES IN A SAFE PLACE - THUMB DRIVE AND HIDE IT FROM KIDS

    What use is EnableRegistryTools.reg if it registry is disabled? Dunno, I am putting it in there for posterity :)


    I suggest creating a BackupAdmin account, password it, and never run any of these .reg files so you don't mess anything up permanently. If you mess up an account, delete it and recreate it. I advise against making personal folders private because you will lose the files if you delete the account (you can bypass that, but that's another tutorial, one I am not about to write!)


    Check to see if things are working.

    Log into each Limited account and try this
    1) Start -> Run -> regedit
    You should receive message "Registry editing has been disabled by your administrator"
    2) Start -> Control Panel -> Network Connections
    Right click "LAN" -> pick "Properties" Click "Internet Protocol (TCP/IP)" Click "Properties"
    Should receive message "Some of the controls on this property sheet are disabled because you do not have sufficient priviledges to access or change them."


    One problem for Limited Users is that running both CPAU commands at once will most always setup only one of OpenDNS's DNS servers. If this causes any issues, have the Limited User log off and log back on, this will insert the 2nd OpenDNS server. There is no issue for Admin since only one command is run from the registry. I could have written a batch file for limited users which included a short wait for the first command to run, but I don't want to risk the chance the Limited user breaking out of the batch file and bypass setting up the OpenDNS servers.
    • CommentAuthorkevinb70
    • CommentTimeJan 17th 2009
     permalink
    standard disclaimer: editing registry has some risks blahblahblah ...

    the registry files as plain text and there for you to create the actual .reg files using notepad. You may not understand it, but you should read enough from the text to know im not going to come hacking your pc lol.

    the only external program is CPAU, I took a look on the web and seems fairly popular, I give it an A+ for safety. I am in no way connected to CPAU nor it's author.

    ~kev
    • CommentAuthorsroopendns
    • CommentTimeJan 25th 2009
     permalink
    something changes opendns settings back to 192.168.x.x -- why does this happen and how can i 'lock' the open dns settings in the tcp ip properties?
  1.  permalink

This discussion has been inactive for longer than 30 days, and is thus closed.