<div>
use dhcploc.exe<br />
<br />
<a href="http://www.windowsnetworking.com/kbase/WindowsTips/Windows2000/AdminTips/DHCPandDNS/UsingtheDHCPLOCUtility.html" rel="ugc">Using the DHCPLOC Utility</a><br />
<br />
<br />
<a href="http://www.microsoft.com/downloads/details.aspx?FamilyId=49AE8576-9BB9-4126-9761-BA8011FABF38&displaylang=en" rel="ugc">http://www.microsoft.com/downloads/details.aspx?FamilyId=49AE8576-9BB9-4126-9761-BA8011FABF38&displaylang=en</a><br />

</div>


use dhcploc.exe

Using the DHCPLOC Utility [http://www.windowsnetworking.com/kbase/WindowsTips/Windows2000/AdminTips/DHCPandDNS/UsingtheDHCPLOCUtility.html]


http://www.microsoft.com/downloads/details.aspx?FamilyId=49AE8576-9BB9-4126-9761-BA8011FABF38&displaylang=en [http://www.microsoft.com/downloads/details.aspx?FamilyId=49AE8576-9BB9-4126-9761-BA8011FABF38&displaylang=en]


<div>
The above advice is what I would have provided:<br />
<br />
However, 192.168.0.1 is usually a router. <br />
<br />
For microsoft DHCP servers, &nbsp;you MUST manuall authorize them to be a DHCP server. Usually rogue DHCP servers are MASS STORAGE devices, (nas servers) or ROUTERS. These devices come default as providing DHCP often.
</div>


The above advice is what I would have provided:

However, 192.168.0.1 is usually a router.

For microsoft DHCP servers,  you MUST manuall authorize them to be a DHCP server. Usually rogue DHCP servers are MASS STORAGE devices, (nas servers) or ROUTERS. These devices come default as providing DHCP often.

<div>
<div class="content wysiwyg-content">
I am a network engineer for a company as a contractor and have recently been given a new account. &nbsp;This account has a problem with a rogue DHCP server. &nbsp;Another DHCP server comes online with an address of 192.168.0.1 and starts handing out phony DHCP leases to all the unsuspecting clients in my active directory. &nbsp;Now my DC has DHCP setup on it as well, and when it sees this phony DHCP server it says there's another DHCP server on the network and stops the DHCP server service. &nbsp;This seems to happen every other week for a few hours, then it goes away. &nbsp;What would be the best solution to finding this rogue device and stopping it from assigning DHCP leases? &nbsp;And is there a way to configure AD to not shut down the server when it sees the192 server?
</div>
</div>


I am a network engineer for a company as a contractor and have recently been given a new account.  This account has a problem with a rogue DHCP server.  Another DHCP server comes online with an address of 192.168.0.1 and starts handing out phony DHCP leases to all the unsuspecting clients in my active directory.  Now my DC has DHCP setup on it as well, and when it sees this phony DHCP server it says there's another DHCP server on the network and stops the DHCP server service.  This seems to happen every other week for a few hours, then it goes away.  What would be the best solution to finding this rogue device and stopping it from assigning DHCP leases?  And is there a way to configure AD to not shut down the server when it sees the192 server?

Rogue DHCP Server Prevention

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).