DHCP ? How to Block a PC from getting an IP?

Is there a way to  block a computer from gettting an IP from my DHCP server via MAC address?  I'm currently using Window 20003 standard as my DHCP server and from the DHCP lease properties I can see that one IP is being leased to a computer without a name but I can see his MAC address.  I'm just wondering what's the best way to block this pc from getting an IP?  

Thanks
Victor_TorresAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AdamRobinsonCommented:
Depending on what you're trying to do and what you have available, you_could_ just create a new DHCP scope with one address allowed, create a reservation for that MAC address, and block that subnet from having any access whatsoever.  

This is assuming you don't have ISA server installed.  

If you can let us know what you're trying to prohibit this user from doing, we may be able to provide you with simpler answers.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
markpalinuxCommented:

If the computer is getting an ip, you should be able to view active leases and see the mac.
In dhcp admin mmc, select view add/remove columns, the "unique id" column lists the mac address.

if you can see the ip address, try to ping it then do "arp -a" and the mac should be in your address table.

I do not think you can block a specific mac, but you can setup a reservation for it, then give it an incorrect "router" option which will become the default gateway address for the dhcp client, you maybe even able to give it a incorrect ip address - which would prevent it from accessing items on your network.
0
Mark WaldenInformation Security EngineerCommented:
What type of switchs are you using on you network?  Do they support MAC-Address authentication.  I now Foundry, Cisco, and HP ProCurve switch support this.  I happen to use Foundry.  If it is supported you will need to config IAS on one of you Windows servers.  Foundry and Cisco has a lot of White Papers on this.  This setup is not bulletproof, but to block to block a average user it works well.

This mayke some time to setup, but is a good proactive step in network security.
0
Victor_TorresAuthor Commented:
I'll split the points to adam and mark because both ideas are good advise.    
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.