?
Solved

DHCP scope and disable manually configuration

Posted on 2006-03-22
15
Medium Priority
?
329 Views
Last Modified: 2013-11-13
hello,
please i've ISA server and 100 pc behind ISA the users in my network all time change the ip address and this make conflict in the network ip's so i'm configured DHCP and maked scope for pc's by  mac address
i mean assigned stable ip address for the user pc by his mac address
but i've big proplem
the user can make manually configuration for the network card and put the ip's
please i want any solution prevent the users from making manuall configureation for network card ip's and accept only the DHCP.
0
Comment
Question by:tata_soft
  • 3
  • 2
  • 2
  • +5
13 Comments
 
LVL 27

Accepted Solution

by:
pseudocyber earned 296 total points
ID: 16257156
Take away their admin rights on their local pc and they can't manually change the NIC anymore.

If someone has rights to locally set the IP, nothing you can do about it from a network or DHCP perspective.
0
 
LVL 12

Assisted Solution

by:jjmartineziii
jjmartineziii earned 284 total points
ID: 16257448
agreed, add their accounts to the "user" group and remove them from the administrators.
0
 
LVL 6

Assisted Solution

by:ian_chard
ian_chard earned 284 total points
ID: 16257598
Hi,If you are in an Active Directory Domain, You can prevent them accessing the network settings using a group policy.

One problem with removing Admin rights is that it might effect other tasks they have to do on the PC, Although it will definately solve your problem!
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 27

Expert Comment

by:pseudocyber
ID: 16257632
My point is as long as they allowed/able to change NIC manually, nothing you can do to prevent the potential of duplicate IP addresses.
0
 
LVL 3

Assisted Solution

by:emce
emce earned 284 total points
ID: 16257699
I don't know if this is what you want, but you can set rules on your server to drop all the connections whose IP - MAC pairs don't match any of the IP - MAC pairs you defined in your DHCP configuration.
Regards,
MC
0
 
LVL 12

Expert Comment

by:jjmartineziii
ID: 16257716
emce, that would be impractical for a network of over 100 clients. at least that's my opinion
0
 
LVL 8

Expert Comment

by:d0ughb0y
ID: 16258962
I agree. That would mean DHCP reservations for every workstation, which sort of defeats the purpose of using DHCP in the first place.

I think Ian's got the best approach. Prevent them from mucking with the IP settings through Group Policy. The only thing is, I'm not sure where to find that in GP. I just looked.
0
 
LVL 6

Expert Comment

by:ian_chard
ID: 16259124
Hi,

The Group policy settings that effect network connections can be found under Userc Configuration/Administrative Templates/Network/Network Connections.

There are a whole bunch of things in there you can configure all to do with the network properties and stuff. Take a look and you should be able to work out what suits your environment best,

Cheers
0
 

Author Comment

by:tata_soft
ID: 16259611
hi all,
1st thx for replay
may be u don't know wht i mean exactly   the proplem if i maked DHCP server and maked my clients under this DHCP server
for example: if i actived the DHCP and maked reservation scope for client number 2 and assigned ip 10.0.0.2 and detect it by mac address
this user can write the ip address manulally in the network tcp/ip  and may be change the ip to 10.0.0.3
and take the ip of client number 3 if client number 2 shutdown his pc
how i can prevent the user from make this fault.
0
 
LVL 27

Expert Comment

by:pseudocyber
ID: 16259764
>>how i can prevent the user from make this fault.

As I said, the only way to do it is to prevent them from changing their NIC config either by policy or rights.

There is nothing you can do with network equipment or a DHCP server - except invest in a substantial 802.1x port authentication infrastructure.
0
 
LVL 44

Assisted Solution

by:scrathcyboy
scrathcyboy earned 284 total points
ID: 16265290
Better solution -- send interoffice memo, saying you have configured all systems to get an IP by DHCP.  If anyone change it to manual IP address without consulting you first, they will be fired.  That fix problem, immediately.  If not, next day, that person gone anyway.  They will soon learn.  Technology is to HELP people be productive, it was not invented to stop renegades from screwing with corporate network.  You need to enforce STRICT office policy, make all people responsible, and if they cant be, they get the AXE !
0
 
LVL 2

Assisted Solution

by:maxinglis
maxinglis earned 284 total points
ID: 16271444
The group policy option is the best way, although because some inventive users might be able to get around it, remove their admin rights too. Then when they bitch, tell them the ones changing their IPs manually were ruining it for everyone else.

Max.
0
 
LVL 8

Assisted Solution

by:d0ughb0y
d0ughb0y earned 284 total points
ID: 16275556
I actually agree with scrathcyboy, and was thinking about saying something like that. But if tata_soft's company is like many that I've worked with, s/he doesn't have that kind of clout within the company. <sigh>

I think we do understand the problem tata. I think you may not be understanding the answer. Let me put it another way.

Group Policy is a way to centrally manage many of the things that network users can do. You can modify just about everything you can imagine, including things like what background image must be used on the users' desktops, and what text will be displayed when they try to log in.

One of the things you can modify with Group Policy, is control over the users' network settings. You can prevent them from changing those settings completely, as long as they are part of the domain.

This, I believe, would solve your problem.

First, you set up DHCP to handle your IP addressing. You allow it to hand out IP addresses for all but those resources you specifically need to have static addresses for. This means the users will not know what IP address they will each have at any given time, but unless there's a specific reason they need to, who cares? (Yes, you can manually assign the addresses, by reservation, but why do that?)

Now, your concern is that the users will just go around your settings, and change their IP addresses to whatever they want them to be. That's where Group Policy comes in. You prevent them from making any changes to their network settings. They simply won't be able to make the change.

Hope this helps.
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question