Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 424
  • Last Modified:

Restrict DCHP / Issue different Default Gateway to Domain Members

Is it possible to restrict issuing of DHCP leases to Domain Members only? Or to issue a different default gateway based on Domain Membership?

From what I know already and research so far it does not look to be possible.

Group Policy currently points Domain Members to an ISA Proxy Server via IE Settings.
I would like to ensure that non-domain members which connect to the network are either directed to the Proxy or, directed to a different Default Gateway (which is on a connection which is restricted via another method.).

Is the only way to do this for the Router/Firewall that is normally issued as the default gateway (and is the Gateway for the ISA Server) to only accept web traffic from the ISA Server?

Or is there a way to only issue DHCP Leases to Domain Members?
Given PXE booting exists I'm assuming DHCP is picked up long before Domain Credentials are checked for?
0
Softech99754096
Asked:
Softech99754096
  • 3
  • 2
2 Solutions
 
Justin OwensITIL Problem ManagerCommented:
You could do it if you want to input the MAC Address of each machine for a reserved DHCP lease, but that is even more maintenance than static IP addresses.  I don't think it is possible, though, outside that.
0
 
Softech99754096Author Commented:
That is not an option. It would be an administrative nightmare as there are approximately 200 client machines on the network.
0
 
Justin OwensITIL Problem ManagerCommented:
You could VLAN those machines and have a seperate DHCP scope for them...
0
Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

 
Softech99754096Author Commented:
Hmm.. yes, though I don't know if the Switches in use support multiple VLan's.

If I were to do that I would have to then have multiple DHCP servers - connecting each to an appropriate VLan, right?
0
 
Justin OwensITIL Problem ManagerCommented:
No, you can have multiple scopes on one DHCP server.  I use one Server 2003 DHCP server to farm out 97 different scopes for 92 different locations.
0
 
hau_itCommented:
Try to search the DHCP option classes.
With this configuration you can assign classes to to the users and each Class gets its own DHCP configuration.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now