• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 414
  • Last Modified:

Active Directory restricting DHCP client address distribution

I have a windows 2003 server active directory network. My domain controller is also my dns and dhcp server. I would like to prevent users from just plugging in and getting an IP address. Can this be done with active directory?
0
gnosticgnowledge
Asked:
gnosticgnowledge
  • 3
  • 2
  • 2
  • +4
4 Solutions
 
JoeCommented:
*I would like to prevent users from just plugging in and getting an IP address - Do you mean giving themselves a static IP or receiving DHCP address?

Joe
0
 
gnosticgnowledgeAuthor Commented:
Ok wasn't specific enough. Receiving a DHCP address from my DNS/DHCP/Domain Controller. Specifically, I need to know if I can use Active Directory to prevent someone from getting an address.
0
 
m1crochipCommented:
To prevent a domain computer from getting an address or a non-domain computer?  What are you trying to accomplish?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
gnosticgnowledgeAuthor Commented:
To prevent a windows workstation configured as a dhcp client plugging into the network and getting an address. Come to think of it, I would like to stop someone from being able to give themselves a static address also.  To prevent a non-domain computer from getting an address. Domain Users can't add a machine to the domain.
0
 
victornegriCommented:
You can set up IP reservations in the DHCP MMC. That is about the extent of DHCP security on Windows 2k3. If you want to go a step further, you can set up a 802.1x switch with a list of your approved computer's MAC addresses (somewhat difficult). This will prevent machines from even hitting the DHCP server if they're unauthorized.
0
 
PaawanCommented:


Hi,
    The security settings for Win 3k server applies after connecting to the server. But a client has to be issued an IP address prior to connecting to the server and applying the security policies. Hence I dont believe it would work with the DHCP setting on the server. You would need a network device for that and as stated above (Victornegri) you will have to use MAC addresses for restrictions.

But again you can masquerade the MAC address as well and get the connectivity to the network.

Any particular reason you would like to do this?
0
 
PaawanCommented:


You might check with an ISP how they control the IP address issuing as for them each IP address actually costs. When we do a dial-up the server asks for username and passord and only after that is an IP address issued.
0
 
savi0627Commented:
Are you tryng to prevent access to local resources or to the internet?
0
 
nickhillsCommented:
Sometimes the simple solutions are the best ones...

disable unused ports on the network, if your switches are managed, simply configure the unused ports to be offline, then if someone plugs in they cant access your local resources.

of course that dosent stop someone unplugging a currently connected device, and plugging there laptop in instead, to protect against that you will need an snmp script that will monitor MAC address usage, and disable ports if MAC addresses are seen to change.

if you don't have managed switches, there is always the low-tec answer - pull the spare cables out

regards,
Nick
0
 
PaawanCommented:
Hi,
    Have a look at this. I should tell you everything:

http://www.windowsecurity.com/articles/DHCP-Security-Part1.html
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

  • 3
  • 2
  • 2
  • +4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now