Solved

Securing Win2k Network - DHCP

Posted on 2004-04-07
10
396 Views
Last Modified: 2010-03-18
I want to limit network access to only computers that have domain accounts (Win2k Active Directory, Win2k DHCP).  I know it's probably simple but I can't seem seem to find it.

Thanks.
0
Comment
Question by:Crestline
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
  • +2
10 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 125 total points
ID: 10778764
There is NO simple fix, your only option is to limit access to your network from registered MAC addresses on your network switches :(
0
 

Author Comment

by:Crestline
ID: 10778863
Your kidding me right?   :(

You mean to say that anyone can walk in here, plug in their personal pc/laptop and spread all the crap from their home computers all over our network?  I just thought I was having a problem searching because I can't find anything either.

This is bad news...


0
 
LVL 57

Expert Comment

by:Pete Long
ID: 10778889
It is indeed this has been asked here many times, and a lot of casual questioners have been and abandoned the question because of it :(
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 9

Expert Comment

by:jamesreddy
ID: 10779591
Pete is correect.  While DHCP has the benefit of reducing administrator intervention, it has the drawback of security problems.  The only way around it is to create DHCP reservations that, as Pete stated, would require you to copy down every single MAC address on the network, and individually reserve them their respective addresses.  Other than that, you could eliminate DHCP and go with a static assigned addresses.

You can read more about it here:

http://www.microsoft.com/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/standard/proddocs/en-us/sag_dhcp_ovr_security.asp

DHCP is an unauthenticated protocol, even in the latest flavor, Windows Server 2003.  You have few options here.

James
0
 
LVL 31

Expert Comment

by:Gareth Gudger
ID: 10779989
Yea it kind of sucks.

I think Microsoft was almost thinking about it when they created the user and vendor classes in DHCP but never took it far enough. :)
0
 

Author Comment

by:Crestline
ID: 10783619
Ok.  Thanks guys.

This is obviuosly not the answer I was looking for but I'll contemplate your suggestions.  It's not like we have 100s of workstations, we are just under 100, but....

0
 
LVL 9

Expert Comment

by:jamesreddy
ID: 10783654
Unfortunately...we all feel your pain.  :)  Most of us have tried to find the answer to the same question at one point or another.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 10784537
ditto :(

ThanQ
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 13662420
A little update I've just researched- havent set it up/tested it yet but the 802.1x standard looks to be able to help in this situation:
http://www.microsoft.com/windows2000/server/evaluation/news/bulletins/8021xclient.asp
http://cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a00800da6ff.html#wp1025060
http://support.microsoft.com/kb/q303597/

Just popped in my head to share the info- i'll get a page up when I've tested this thoroghly
-rich
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 13666156
cheers rich Ive stuck it on my list of things to look at :)
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
Suggested Courses

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question