blocking untrusted pc's

[Lois Morrett]

How can I block untrusted client pcs from obtaining an ip
address from our DHCP server? I want to be able to
guarantee that only trusted clients obtain ip addresses
and block others especially laptops owned by contractors
that try to connect to our network.

 

[Andrew]

As far as I know this is not possible to restrict this with the Windows
implementation of DHCP. You could however make a reservation for every
trusted machine's mac addess and then reduce your address pool to nothing.
Denying access through DHCP is not very good anyway as it would not stop the
user from using a static IP address. If they were using their own PC I
guess they would have the rights to configure that.

Alternatively, you could make sure these computer accounts do not have
domain accounts and then ensure none of your network resources allow access
to the Everyone group.

I hope that helps.
Andrew.

 

[Oli Restorick [MVP]]

This is just an idea. I haven't tested it.

If you created a totally invalid scope (one that is not routed on your
network) and added the untrusted client's MAC address to a reservation,
would that just give the untrusted machine a useless IP address?

Just a thought.

Oli

 

[Oli Restorick [MVP]]

Sorry, I should have read the question. As far as I know, there isn't a way
to do this.

I think there should be an option to only issue addresses to clients with a
reservation.

Oli