Windows 2000 server and/or most routers contain a DHCP (Dynamic Host
Configuration Protocol) server, which if enabled will automatically assign a
unique IP address to a computer requesting one.
However it is also possible to set a specific IP address at a given computer
such that no DHCP request will be made, which is called a "static IP"
setting. This can be accomplished in Windows XP for example via the "Use the
following IP address:" setting under TCP/IP properties. You can see an
example of that at the bottom of the following page:
It is possible to restrict internet access to or from specific IPs or MAC
addresses at the internet gateway or firewall, which is normally contained in
your router. Since a limited or standard user cannot change IP or MAC address
settings, they would therefore remain bound by any such restrictions that
Note however that a user with administrator rights *can* change both the IP
and/or MAC addresses on a system, thus potentially working around any such
restrictions. Therefore if you wish to enforce the restrictions, you should
insure that untrusted users have only limited or standard accounts.
A more powerful way to control or limit users and systems on a network is
available via the Microsoft Shared Computer Toolkit:
http://www.microsoft.com/windowsxp/shar ... fault.mspx
This is a free set of tools for securing, protecting and controlling systems
that might be used by untrusted users.
In larger network environments, you can also use Active Directory and Group
Policy for centrally managing users, groups, and restrictions. The Shared
Computer toolkit includes a Group Policy template to apply the same user
settings and restrictions centrally that the User Restrictions tool provides
for local user accounts. Scott.