We help IT Professionals succeed at work.

How can I collect info on DHCP lease that are given out

Medium Priority
1,212 Views
Last Modified: 2012-05-06
We have several locations behind routers and each is on its own subnet and each has its own Windows 2003 DHCP Server. The DHCP works fine but occassionally I see outside computers have gotten an address from us. Usually an iPhone or the like but sometimes a laptop. How can I get some kind of notification of a lease for PC name that does not match those on our network?
Comment
Watch Question

Commented:
Maybe that's what you're looking for!?
http://www.petri.co.il/forums/showthread.php?t=2828

Hope that helps.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Commented:
You'll have to write a moderately difficult VBScript in order to do this.  The problem is that VBScript cannot directly access the DHCP server so it will have to rely on shelling to the NETSH command to query the DHCP server for the scope.  Attached you'll find an example of how to do this from Robbie Allen's website (I modded it to handle server names).

Once you have the scope info in the script, you'll have to trim out the non-scope stuff (header, etc) until you have the raw scope info.

Next you'll have to do some string comparisons to see if the leasors name doesn't match your naming criteria.  If it doesn't then you can send an email via VBScript to a distribution group on your Exchange server using the code at the following link:

http://www.activexperts.com/activmonitor/windowsmanagement/adminscripts/enterprise/mail/
'From:
'http://techtasks.com/code/viewbookcode/798
'Modded by Paka to cover \\servername format
 
' This code displays the leases for the specified scope
 
' ---------------------------------------------------------------
' From the book "Windows Server Cookbook" by Robbie Allen
' ISBN: 0-596-00633-0
' ---------------------------------------------------------------
 
' ------ SCRIPT CONFIGURATION ------
strScope = "15.0.0.0"
strServer = "dj-dc01"' leave blank for local server
' ------ END CONFIGURATION ---------
 
if strServer <> "" then
  strServer = "\\" & strserver
end if
 
'wscript.echo strServer
strCommand = "netsh dhcp server " & strServer & " scope " & strScope & " show clients"
' command: netsh dhcp server \\<ServerName> scope 10.1.2.0 show clients
 
WScript.Echo "Running command: " & strCommand
set objShell = CreateObject("Wscript.Shell")
set objProc  = objShell.Exec(strCommand)
 
Do
   WScript.Sleep 100
Loop Until objProc.Status <> 0
 
if objProc.ExitCode <> 0 then
   WScript.Echo "EXIT CODE: " & objProc.ExitCode
   WScript.Echo "ERROR: " & objProc.StdErr.ReadAll
end if
 
WScript.Echo "OUTPUT: " & objProc.StdOut.ReadAll

Open in new window

Set leasing IP to only specific MAC address (XX:XX:XX:XX:XX:XX).

DHCP1 will lease IPs only for computers with MAC1, MAC2 ... MAC 10
DHCP2 will lease IPs only for computers with MAC11, MAC12 ... MAC 20
DHCP3 will lease IPs only for computers with MAC21, MAC22 ... MAC 30 etc.

Look here: http://www.petri.co.il/filter-mac-address-windows-server-2008-dhcp-server-callout-dll.htm
..."When a device or computer tries to connect to network, it will first try to obtain an IP Address from any available DHCP Server. When installed, the DHCP Server Callout DLL checks if this device MAC Address is present in known list of MAC addresses configured by administrators. If it is present, the device will be allowed to obtain an IP Address from the DHCP. Otherwise, the device requests will be ignored based on the action configured by administrator."
Top Expert 2006

Commented:
If its an Iphone or a laptop thats getting this sounds like a wireless access point somewhere that doesnt have any encryption on the network.  I would check the routers or any wireless access points you have and either turn off wireless if its not in use or place a strong WPA encryption pass on them if they are in use.
Venom96737  is right, this can be the problem. But almost all access points have DHCP server build in, so turn off DHCP on access points (if there one is), and set filters for this AP (only hardware listed in (MAC address) can be connected to AP). And of course, secure this AP (WPA2).

Author

Commented:
This is a start but as it is at the moment it does not work for me but I can play around with it in my spare time.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.