we are using NAC OOB, L3, Real IP gateway with AD-SSO. when users log in to the PC, PC is supposed to change the IP address after authentication with windows user account. But based on security policy, users don't allow to change IP address, so changing IP address will be failed. is there any workaround for this matter? should we change our security policy and let users to have right to change IP address?
in this case, what security in GPO we have to modify to give them permission to do "ipconfig /renew" command right?
any suggestion would be very appreciated.
You need to install the stub first with admin rights. Then once the user logs in with his own rights (non-admin) and he needs to do anything administratively (like change IP), the agent requests the stub to do it and it works.
Check the link I sent out. It has much more details :)