DHCP CONTROL

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

DHCP is great for saving time and after implementing a few years back, not one problem. Now I would like to lock it down so only computers registered in my domain have access. I found more than one unauthorised machine in my lease list
How does one go about this.
 
Unfortunately, it can't be done. There are no security features in the
current implementation of DHCP. Its not a function of Windows either, just
DHCP in general. There are some solutions others have used with varied
success. I know admins on smaller networks, look for the unauthorized PC's
and create a registration for that computer's MAC address, assigning it an
IP address that is useless. but this is reactive, not proactive. Search
around here and you may find something. Its usually one of those things that
I add to my daily tasks to scan the leases for bogies.

pinmis said:
DHCP is great for saving time and after implementing a few years back, not
Click to expand...
one problem. Now I would like to lock it down so only computers registered
in my domain have access. I found more than one unauthorised machine in my
lease list.
 
I disagree.

DHCP can be configured with reservations that map to specific MAC addresses
of the NIC on the client machine. This can be administratively burdeonsome,
but effective under some circumstances .

What would be more useful, would be knowing "how" this unauthorized machine
got onto the network to begin with. Was it a WiFi connection? Someone
dragged thier laptop in ? Where did it come from?

NuTs
 
You can implement IPSEC

http://www.microsoft.com/windows2000/technologies/communications/ipsec/default.asp

Basically, you force all traffic (except broadcasts) to be encrypted with a
given key.

This was brought up in this online chat:
http://www.microsoft.com/technet/community/chats/trans/network/net1120.mspx


--
Colin Nash
Microsoft MVP
Windows Printing/Imaging/Hardware



pinmis said:
DHCP is great for saving time and after implementing a few years back, not
Click to expand...
one problem. Now I would like to lock it down so only computers registered
in my domain have access. I found more than one unauthorised machine in my
lease list.
 
After reserving addresses for all "authorized" clients, make sure to exclude
any unreserved addresses from your scope.

--

Thanks,
Marc Reynolds
Microsoft Technical Support

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Back
Top