Windows 2000 DHCP restricting Windows 2000/XP's request

[J.H]

Hi there,

Normally, any Windows 2000/XP Workstation plugging their network
cable to the network adapter, they will get an IP address from the server.

Our company is on Windows 2000 Domain and has a Windows 2000 DHCP server
that serving the DHCP ack/request from any client on the network.

Coming to the question that how we can restrict some unauthorized system
from requesting
the IP address from the Windows 2000 DHCP server? By any way we can
accomplish?
Third party ? Someone susgetting to do by that way that restricting the DHCP
request/ack
through some general ID, OS image ....

please advise!!

Thanks,
J.H

 

[Richard G. Harper]

Windows 2000 cannot allow or deny access to the DHCP server - anyone who
plugs in will get an address. I would suggest adding a router or switch
that offers MAC address filtering - if the MAC address is not on the allowed
list, the switch/router won't let the computer connect to the network.

--
Richard G. Harper [MVP Shell/User] (e-mail address removed)
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* My website, such as it is ... http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm

 

[Herb Martin]

Hi there,

Normally, any Windows 2000/XP Workstation plugging their network
cable to the network adapter, they will get an IP address from the server.

Third party ? Someone susgetting to do by that way that restricting the DHCP
request/ack
through some general ID, OS image ....

Normally the DHCP server doesn't care about
domain, OS or anything else, it gives out
addresses promiscuously.

There are a couple of things you can do which
aren't really security however:

1) Reservations (by MAC address)

2) User Classes

Other than that, real solutions include things
like 802.1x capabile switches, perhaps combined
with IAS-RADIUS server or certificates.