In Windows XP or Windows Server 2003:
I have a laptop configured with software for network-based vulnerability scanning of systems. The reason this is put on a laptop instead of a desktop or server, is to check systems that normally operate independently of a network, or are on remote isolated networks.
Since this laptop's primary purpose entails travel between networks, all users of the system will need access to change the TCP/IP configuration. Within our department, that's not an issue. We're all Administrators on this system for maintenance purposes anyway.
However, we plan on loaning this system out to other departments or organizations from time to time. Obviously, we do not want these other groups to have full privileges on the system if they don't need them. As far as I can tell, the only Administrator-like privilege they should need is to change the IP Address, Subnet Mask, Gateway, and DNS Servers.
How can this be done for Limited Users, without giving them any more privileges from the higher groups?
I don't have a machine to test whether or not a limited user can double-click pre-configured scripts at the moment. You could create some scripts and add them to the all-users desktop (so they're visible to everyone) and use a netsh command for each of the different networks.
I'm assuming you have to allow them to enter manually instead of dhcp?
This idea would of course mean that you have SOME idea of the networking setups of these various networks.
Examples:
Edited to add:
Do you have a Network Configuration Operators Group? Make the local users a part of this group.