asked on Configuring DHCP to deny Internet access
I apologize if this question was answered before in another area. I'm trying to setup DHCP in our network to deny access to any computer that is not part of the domain. I'm not sure how to go about that. I'd like to also have a way to be able to grant access to some computers like vendors and such but something that we can control rather than a vendor coming and pluggin in. Any help is well appreciated.
Thansk
Thansk
OS SecurityWindows Server 2003
Last Comment
Brian Pierce
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Let me have one more idea (apologize my hyperactivity:-):
It's quite wild solution, but what about this - let's have the DHCP server provide just the "local" TCP/IP settings, like IP, mask, DNS server. Thus all computers will not be able to access the Internet. But you can configure a startup(or logon) script in the Group policy, which will change the TCP/IP settings to static and also set a default gateway IP (a "netsh" command will do the job perfectly). Now only computers (users) who will be authenticated in domain will receive the script and they will be able to access the Internet.
Next thing to be done is to create also shutdown (logoff) batch file, that will revert the TCP/IP settings back to automatic (DHCP).
Far from being perfect, just wanted to give some inspiration :-)
It's quite wild solution, but what about this - let's have the DHCP server provide just the "local" TCP/IP settings, like IP, mask, DNS server. Thus all computers will not be able to access the Internet. But you can configure a startup(or logon) script in the Group policy, which will change the TCP/IP settings to static and also set a default gateway IP (a "netsh" command will do the job perfectly). Now only computers (users) who will be authenticated in domain will receive the script and they will be able to access the Internet.
Next thing to be done is to create also shutdown (logoff) batch file, that will revert the TCP/IP settings back to automatic (DHCP).
Far from being perfect, just wanted to give some inspiration :-)
There is another way - by using a group policy to set the default gateway - not DHCP
In order to validate a machine on the network, it has to connect to the domain controller to check the computer account. In order to do that, it needs an IP address to communicate on the network. Since it's DHCP's job to assign IP addresses in the first place, it can't validate that a machine is authenticated on the network because there is no way to do so without one.