Solved

Prevent Clients with Multiple NICs from Getting Multiple DHCP Addresses

Posted on 2010-09-07
3
434 Views
Last Modified: 2012-05-10
Hello all-

I have dhcpd and bind 9 running on CentOS, serving addresses to several subnets. Some of the clients obtaining ip address leases have LAN and Wireless connections, and thus grab two IP addresses. I think the server versions are irrelevant, but dhcpd is 3.0.5 bind is 9.3.6, CentOS is 5.5. Clients are Windows XP Pro SP3 or Windows 7.

I would like to limit each host to a single IP address for the following reasons: first, it's just a waste of the address pool, though that is not my primary motivation. Secondly, and more importantly for our organization, when a client has two addresses (one per interface) and one of those interfaces goes away (e.g., the network cable gets unplugged, or the user moves out of Wireless range) then one of the two addresses becomes useless. A DDNS update does not occur in this case, making it impossible for us (tech support) to access such a host via the hostname and DNS lookup.

Over time, the DDNS updates seem to make a mess out of DNS.

So, can I prevent a host from getting more than one IP address? All clients have client-hostnames, and I would prefer a server-side solution.

Thanks
0
Comment
Question by:phsit
  • 2
3 Comments
 
LVL 5

Expert Comment

by:jhill777
ID: 33621103
I found the following steps you can take to disable the wireless adapter on the machines in question.  If you don't need to do this to all machines on the LAN, I would suggest creating a seperate OU for the PCs you wish to configure and create a group policy that executes this login script.

1.  Collect/Share the Necessary Tools (devcon, qgrep)
The script requires devcon ( http://support.microsoft.com/kb/311272 ) and qgrep from the Windows 2k3 Resource Kit ( http://www.microsoft.com/downloads/details.aspx?FamilyID=9D467A69-57FF-4AE7-96EE-B18C4790CFFD&displaylang=en )

Devcon is a command-line utility for Device Manager. We'll be using Devcon to query our hardware and to disable or enable it.

Qgrep is a grep-like tool from the windows resource kit. We'll be using it to search for the line number of our wireless card's hardware ID (outputted from devcon).

So grab these two files and place them on a network-accessible server share (for this how-to, I'm going to be using \\FileServer\Script$\ as the location devcon and qgrep are saved to.
   
2.  Create our Script
Here's the sample script in its entirety... discussion and explanation will follow. Be aware that line-breaks may happen unintentionally from copy/pasting

-------------------
@echo off

rem - Copying Command Line Device Manager to clients...
IF NOT EXIST %SystemRoot%\System32\devcon.exe copy \\FileServer\Script$\devcon.exe %SystemRoot%\System32\devcon.exe

rem - Copying QGrep tool to clients...
IF NOT EXIST %SystemRoot%\System32\qgrep.exe copy \\FileServer\Script$\qgrep.exe %SystemRoot%\System32\qgrep.exe

devcon hwids =net > "%userprofile%\devconout.txt"
qgrep -n -y "wireless" "%userprofile%\devconout.txt" > "%userprofile%\qgrepout.txt"

FOR /F "tokens=1* usebackq delims=:" %%a in ("%userprofile%\qgrepout.txt") do set /a WirelessLine=%%a+1 & goto Locate
goto Cleanup

:Locate
echo ID Located on line %WirelessLine%

FOR /F "tokens=1* usebackq skip=%WirelessLine% delims=: " %%z in ("%userprofile%\devconout.txt") do set WirelessHID="%%z" & goto Shutdown
goto Cleanup

:Shutdown
echo ID is %WirelessHID%
devcon disable %WirelessHID%

:Cleanup
del /q "%userprofile%\qgrepout.txt"
del /q "%userprofile%\devconout.txt"
echo Done!

-----------
   
3.  Step-By-Step Explanation
I'm not a scripting guru... I usually just keep banging my head against a wall until they work. I'm certain there is probably a more efficient or effective way to script this - and I'll happily append/change the script in deference to some comments! So if you see a better way to accomplish these steps, speak up!

Let's dive it to the examination:
------
@echo off

rem - Copying Command Line Device Manager to clients...
IF NOT EXIST %SystemRoot%\System32\devcon.exe copy \\FileServer\Script$\devcon.exe %SystemRoot%\System32\devcon.exe

rem - Copying QGrep tool to clients...
IF NOT EXIST %SystemRoot%\System32\qgrep.exe copy \\FileServer\Script$\qgrep.exe %SystemRoot%\System32\qgrep.exe
------------
This section is checking whether our client machine already has qgrep and devcon. If not, it copies them from our server share into the system32 folder of the client. Pretty simple stuff, but we want the check to ensure we're not constantly copying files needlessly to clients.

Next up:
------------
devcon hwids =net > "%userprofile%\devconout.txt"
qgrep -n -y "wireless" "%userprofile%\devconout.txt" > "%userprofile%\qgrepout.txt"
-------------
We need some writeable space (our script is going to output a couple intermediate text files), so we're assuming our user's home directory is writeable.

The Devcon line is asking for a profile of all net associated hardware IDs. We're outputting this to devconout.txt in our user's home directory.
Next up we ask qgrep to find any line with the word "wireless" (regardless of capitalization, which is the -y flag) and output the line numbers (the -n flag) and lines to qgrepout.txt

Next up: our favorite command line beast: the For command!
-----------------
FOR /F "tokens=1* usebackq delims=:" %%a in ("%userprofile%\qgrepout.txt") do set /a WirelessLine=%%a+1 & goto Locate
goto Cleanup
------------------
This is asking the for command to crawl through our qgrepout file (which, if you'll recall, begins with the line numbers). We use the set /a flag so we can perform arithmetic on the first variable FOR finds (in our case, the line number).

So we add 1 to the line number and call it our "Wireless Line" variable. Because we want to disable the first instance of any hardware that calls itself "wireless", we jump to the locate function to avoid subsequent wireless drivers etc from overwriting our WirelessLine variable.

Finally, if qgrepout is empty and FOR never matches a line (the client PC doesn't have any hardware that calls itself wireless) we jump to the cleanup function.

Next, let's examine the "Locate" function:
------------------------
:Locate
echo ID Located on line %WirelessLine%

FOR /F "tokens=1* usebackq skip=%WirelessLine% delims=: " %%z in ("%userprofile%\devconout.txt") do set WirelessHID="%%z" & goto Shutdown
goto Cleanup
-----------------
You can nuke the echo line, I just wanted to see what line number we're jumping to so I could troubleshoot the script... regardless, the For command is going to skip to the WirelessLine we've had qgrep identify and grab the hardware ID (we're calling it WirelessHID... and we're putting it in quotes to aid our devcon disable command down below). Then we jump away with a goto command before the for command can set the WirelessHID to the next token it finds.

Now that we've found a hardware ID associated with the work wireless, let's shut it down!
------------
:Shutdown
echo ID is %WirelessHID%
devcon disable %WirelessHID%
-------------
Again the echo command isn't necessary, but it is nice to see what's being asked of devcon.
So after all that work of locating the first reference to wireless in device manager and finding it's associated HID. the actual disable command isn't that tough. Just be certain the HID is surrounded by quotes, or you could find yourself fast disabling more than you bargained for:)

Finally, the cleanup stage (optional):
----------------
Cleanup
del /q "%userprofile%\qgrepout.txt"
del /q "%userprofile%\devconout.txt"
echo Done!
----------------
This step just deletes the two files we created. You probably don't want to clean up the two text files we wrote to when you're first testing the script (you can use these in your test lab to verify proper devcon output and qgrep identification).. but I figure the less clutter in the user's home directory, the better.
   
4.  Create an "Enable" script (optional)
You may wish to re-enable their wireless card at logoff... the same script will work word-for-word after changing the:

devcon disable %WirelessHID%

to:

devcon enable %WirelessHID%

 

Conclusion
This script comes with many caveats... first off, if we knew the hardware ID of the wireless cards, this script is vastly simplified – just devcon disable the specific hardware ID.

Second, this script only looks for the first hardware ID that names itself something including the word wireless... now, this works for a vast majority of cases, but you'll likely need to exercise some judgment and do some testing on your own.

Third, the script is only written with concern for one wireless device… multiple wireless hardware devices (is there a case for this?) would require editing the script.

Fourth, access rights should be considered any time you’re scripting something. Does the script have access to enable/disable items from control panel? When you’re adding it to group policy or whatever, ensure proper security/permissions across the board.

Hopefully you’re at least introduced to two potent tools: devcon and qgrep… and can see how something as seemingly complicated as disabling any wireless card when logging in to your LAN may be scriptable (without paying for a third-party product or relying on device manufacturers)
0
 
LVL 5

Expert Comment

by:jhill777
ID: 33621121
...or you can just buy this for 5 bucks.  
http://www.wirelessautoswitch.com/
0
 

Accepted Solution

by:
phsit earned 0 total points
ID: 33681395
Thank for the detailed response, but I cannot believe this is the solution. Is there no server-side solution for was is surely a common situation? I'm bumping the points to max, as this is apparently more difficult than I thought. Thanks again.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Root Hints - Windows DNS 8 33
Can't find one of our original registrars for 2 of our domains 4 45
DNS A record 4 45
Export DHCP scope Information 4 37
I wrote this article to explain some important DNS concepts that should be known to avoid some typical configuration errors I often see in forums. I assume that what is described here is the typical behavior of Microsoft DNS client. I don't know …
Occasionally you run into the website or two that will not resolve properly using your own DNS servers.  Some people simply set up global forwarders for their DNS server.  I don’t recommend doing this because it can cause problems resolving addresse…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

912 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now