We do have similar question to restrict non-Domain Computers to lease IP address.
Although if we add a new User class we can restrict a machine not to have available options.
i.e. Router address, DNS and WINS etc. but still the machine can have the IP address. good thing is that machine cannot cross the router, hence narrowing down the vunlnerability impact.
what if the requirment is to restrict the IP address Lease for the Machine which is not authorized either by means of Domain, User or Vendor Class or any ohter way.
Focus is to restrict any un authorized Machine to connects to production Network.