Link to home
Start Free TrialLog in
Avatar of LarryDAH
LarryDAHFlag for United States of America

asked on

How can I collect info on DHCP lease that are given out

We have several locations behind routers and each is on its own subnet and each has its own Windows 2003 DHCP Server. The DHCP works fine but occassionally I see outside computers have gotten an address from us. Usually an iPhone or the like but sometimes a laptop. How can I get some kind of notification of a lease for PC name that does not match those on our network?
ASKER CERTIFIED SOLUTION
Avatar of JBlond
JBlond
Flag of Germany image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Paka
Paka

You'll have to write a moderately difficult VBScript in order to do this.  The problem is that VBScript cannot directly access the DHCP server so it will have to rely on shelling to the NETSH command to query the DHCP server for the scope.  Attached you'll find an example of how to do this from Robbie Allen's website (I modded it to handle server names).

Once you have the scope info in the script, you'll have to trim out the non-scope stuff (header, etc) until you have the raw scope info.

Next you'll have to do some string comparisons to see if the leasors name doesn't match your naming criteria.  If it doesn't then you can send an email via VBScript to a distribution group on your Exchange server using the code at the following link:

http://www.activexperts.com/activmonitor/windowsmanagement/adminscripts/enterprise/mail/
'From:
'http://techtasks.com/code/viewbookcode/798
'Modded by Paka to cover \\servername format
 
' This code displays the leases for the specified scope
 
' ---------------------------------------------------------------
' From the book "Windows Server Cookbook" by Robbie Allen
' ISBN: 0-596-00633-0
' ---------------------------------------------------------------
 
' ------ SCRIPT CONFIGURATION ------
strScope = "15.0.0.0"
strServer = "dj-dc01"' leave blank for local server
' ------ END CONFIGURATION ---------
 
if strServer <> "" then
  strServer = "\\" & strserver
end if
 
'wscript.echo strServer
strCommand = "netsh dhcp server " & strServer & " scope " & strScope & " show clients"
' command: netsh dhcp server \\<ServerName> scope 10.1.2.0 show clients
 
WScript.Echo "Running command: " & strCommand
set objShell = CreateObject("Wscript.Shell")
set objProc  = objShell.Exec(strCommand)
 
Do
   WScript.Sleep 100
Loop Until objProc.Status <> 0
 
if objProc.ExitCode <> 0 then
   WScript.Echo "EXIT CODE: " & objProc.ExitCode
   WScript.Echo "ERROR: " & objProc.StdErr.ReadAll
end if
 
WScript.Echo "OUTPUT: " & objProc.StdOut.ReadAll

Open in new window

Set leasing IP to only specific MAC address (XX:XX:XX:XX:XX:XX).

DHCP1 will lease IPs only for computers with MAC1, MAC2 ... MAC 10
DHCP2 will lease IPs only for computers with MAC11, MAC12 ... MAC 20
DHCP3 will lease IPs only for computers with MAC21, MAC22 ... MAC 30 etc.

Look here: http://www.petri.co.il/filter-mac-address-windows-server-2008-dhcp-server-callout-dll.htm
..."When a device or computer tries to connect to network, it will first try to obtain an IP Address from any available DHCP Server. When installed, the DHCP Server Callout DLL checks if this device MAC Address is present in known list of MAC addresses configured by administrators. If it is present, the device will be allowed to obtain an IP Address from the DHCP. Otherwise, the device requests will be ignored based on the action configured by administrator."
If its an Iphone or a laptop thats getting this sounds like a wireless access point somewhere that doesnt have any encryption on the network.  I would check the routers or any wireless access points you have and either turn off wireless if its not in use or place a strong WPA encryption pass on them if they are in use.
Venom96737  is right, this can be the problem. But almost all access points have DHCP server build in, so turn off DHCP on access points (if there one is), and set filters for this AP (only hardware listed in (MAC address) can be connected to AP). And of course, secure this AP (WPA2).
Avatar of LarryDAH

ASKER

This is a start but as it is at the moment it does not work for me but I can play around with it in my spare time.