Determining IP Subnet in Login Script - April 26, 2001

It is often useful to be able to check the network address of a user in the login script in order to avoid running commands that should not be used over a slow link. This capability would be used if someone dials into the network via NIAS / NetWare Connect, or comes into the network via a VPN connection. The problem that occurs is with pure IP logins, where you do not have an IPX network number.

The IP address of the client is provided by the NETWORK_ADDRESS variable, but it is converted to hexadecimal. Still, you can use a pair of IF statements to determine if the client's network address is outside of your internal network and branch accordingly per the following example provided by Terry Rodecker.

To check for a subnet of 192.168.0.X just do the following,


This will find any IP address between and

You can do the same thing with other IP subnets by converting each octet into a hexadecimal number (192 = C0, 168 = A8, etc).

To get a bit fancier and look for both an IPX network number or an IP subnet, do the following;


This will find any machines logging in from an IPX segment of BADFACE or from an IP subnet of 192.168.0.X.

See also TID 10053394 at

Another way to handle the issue is to use the INSUBNET.EXE utility program written by Anders Gustafsson, and available at

This program is very useful and can be a lot less work than using the previous example. It compares the network address against a list of network numbers you provide and returns a simple error level from which you can branch. Some of the instructions are shown below. The list of addresses to be checked are saved in the text file SUBNETS.TXT stored in the PUBLIC directory.

To only allow the execution of a certain app inhouse:
if ERROR_LEVEL!="0" then begin
#F:\public\box.exe 36;Alert!;This program can only be run locally!
; Terminate if the user clicks cancel
if ERROR_LEVEL="7" then TERM "0"

This will read the machine's IP-address and compare it to the subnets defined in subnets.txt if a match is found it will return an ERROR_LEVEL of "1", zero otherwise.

You can use this in a creative way to give distribute apps according to which subnet the machine is connected to or do other nice things in batchfiles.

Anders has also written several applications published by the ZENworks Cool Solutions web site, and has an NDS auditing tool available at

Return to the Main Page