LarryDAH
asked on
How can I collect info on DHCP lease that are given out
We have several locations behind routers and each is on its own subnet and each has its own Windows 2003 DHCP Server. The DHCP works fine but occassionally I see outside computers have gotten an address from us. Usually an iPhone or the like but sometimes a laptop. How can I get some kind of notification of a lease for PC name that does not match those on our network?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Set leasing IP to only specific MAC address (XX:XX:XX:XX:XX:XX).
DHCP1 will lease IPs only for computers with MAC1, MAC2 ... MAC 10
DHCP2 will lease IPs only for computers with MAC11, MAC12 ... MAC 20
DHCP3 will lease IPs only for computers with MAC21, MAC22 ... MAC 30 etc.
Look here: http://www.petri.co.il/filter-mac-address-windows-server-2008-dhcp-server-callout-dll.htm
..."When a device or computer tries to connect to network, it will first try to obtain an IP Address from any available DHCP Server. When installed, the DHCP Server Callout DLL checks if this device MAC Address is present in known list of MAC addresses configured by administrators. If it is present, the device will be allowed to obtain an IP Address from the DHCP. Otherwise, the device requests will be ignored based on the action configured by administrator."
DHCP1 will lease IPs only for computers with MAC1, MAC2 ... MAC 10
DHCP2 will lease IPs only for computers with MAC11, MAC12 ... MAC 20
DHCP3 will lease IPs only for computers with MAC21, MAC22 ... MAC 30 etc.
Look here: http://www.petri.co.il/filter-mac-address-windows-server-2008-dhcp-server-callout-dll.htm
..."When a device or computer tries to connect to network, it will first try to obtain an IP Address from any available DHCP Server. When installed, the DHCP Server Callout DLL checks if this device MAC Address is present in known list of MAC addresses configured by administrators. If it is present, the device will be allowed to obtain an IP Address from the DHCP. Otherwise, the device requests will be ignored based on the action configured by administrator."
If its an Iphone or a laptop thats getting this sounds like a wireless access point somewhere that doesnt have any encryption on the network. I would check the routers or any wireless access points you have and either turn off wireless if its not in use or place a strong WPA encryption pass on them if they are in use.
Venom96737 is right, this can be the problem. But almost all access points have DHCP server build in, so turn off DHCP on access points (if there one is), and set filters for this AP (only hardware listed in (MAC address) can be connected to AP). And of course, secure this AP (WPA2).
ASKER
This is a start but as it is at the moment it does not work for me but I can play around with it in my spare time.
Once you have the scope info in the script, you'll have to trim out the non-scope stuff (header, etc) until you have the raw scope info.
Next you'll have to do some string comparisons to see if the leasors name doesn't match your naming criteria. If it doesn't then you can send an email via VBScript to a distribution group on your Exchange server using the code at the following link:
http://www.activexperts.com/activmonitor/windowsmanagement/adminscripts/enterprise/mail/
Open in new window