Link to home
Start Free TrialLog in
Avatar of drehype07
drehype07

asked on

Can I configure DHCP to assign addresses only to authenticated domain users?

I am looking for a group policy, or some other setting which will allow my server to only assign a dhcp lease if you are part of the windows domain... I want to avoid users or anyone else for from coming in with a laptop during on or off hours and plugging into the network and getting onto the internet...
ASKER CERTIFIED SOLUTION
Avatar of enrique_salazar
enrique_salazar

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I am not aware of a way to do that. But even if there was, anyone could easily give themselves a static IP and they would be able to access the internet that way.
Avatar of glebn
glebn

Attempting to deny Internet access merely by not handing out DHCP leases is so trivially easy to get around that it is not worth even trying to implement. There are a lot of solutions to this problem but the right one depends on your network size, your skills, your tech budget, etc. Post more info about your network size, budget, etc. and I'm sure you will get some good options to accomplish this.
True, DHCP "security" is very easy to break, for a little to middle size network, yo may try smoothwall.

www.smoothwall.org/ 

Smoothwall express (GPL) is a great firewall but lack of serious athentication features. But the corporate, has a very easy to implement Active Directory integration, and is a relatively low cost solution. I tried a demo in December and worked great, gonna buy next month.
Oh, and everything is configured through a graphical web interface, so is very easy to use.
Avatar of drehype07

ASKER

Well in this case, we're talking about a relatively small office suite with ports from each individual office wired directly to a switch.
each office to a switch or each individual in the office to a switch? and the switch directly to the modem or router?
each port in the individual offices to the switch, lets say 4 ports per office directly to the switch. The switch is directly connected to the router.
Your only hope, is if the DHCP reservations, still very easy to break. But also you could check your modem authentication capabilities, some modems are capable to do some some MAC filtering.