Solved

Prevent Clients with Multiple NICs from Getting Multiple DHCP Addresses

Posted on 2010-09-07
3
431 Views
Last Modified: 2012-05-10
Hello all-

I have dhcpd and bind 9 running on CentOS, serving addresses to several subnets. Some of the clients obtaining ip address leases have LAN and Wireless connections, and thus grab two IP addresses. I think the server versions are irrelevant, but dhcpd is 3.0.5 bind is 9.3.6, CentOS is 5.5. Clients are Windows XP Pro SP3 or Windows 7.

I would like to limit each host to a single IP address for the following reasons: first, it's just a waste of the address pool, though that is not my primary motivation. Secondly, and more importantly for our organization, when a client has two addresses (one per interface) and one of those interfaces goes away (e.g., the network cable gets unplugged, or the user moves out of Wireless range) then one of the two addresses becomes useless. A DDNS update does not occur in this case, making it impossible for us (tech support) to access such a host via the hostname and DNS lookup.

Over time, the DDNS updates seem to make a mess out of DNS.

So, can I prevent a host from getting more than one IP address? All clients have client-hostnames, and I would prefer a server-side solution.

Thanks
0
Comment
Question by:phsit
  • 2
3 Comments
 
LVL 5

Expert Comment

by:jhill777
ID: 33621103
I found the following steps you can take to disable the wireless adapter on the machines in question.  If you don't need to do this to all machines on the LAN, I would suggest creating a seperate OU for the PCs you wish to configure and create a group policy that executes this login script.

1.  Collect/Share the Necessary Tools (devcon, qgrep)
The script requires devcon ( http://support.microsoft.com/kb/311272 ) and qgrep from the Windows 2k3 Resource Kit ( http://www.microsoft.com/downloads/details.aspx?FamilyID=9D467A69-57FF-4AE7-96EE-B18C4790CFFD&displaylang=en )

Devcon is a command-line utility for Device Manager. We'll be using Devcon to query our hardware and to disable or enable it.

Qgrep is a grep-like tool from the windows resource kit. We'll be using it to search for the line number of our wireless card's hardware ID (outputted from devcon).

So grab these two files and place them on a network-accessible server share (for this how-to, I'm going to be using \\FileServer\Script$\ as the location devcon and qgrep are saved to.
   
2.  Create our Script
Here's the sample script in its entirety... discussion and explanation will follow. Be aware that line-breaks may happen unintentionally from copy/pasting

-------------------
@echo off

rem - Copying Command Line Device Manager to clients...
IF NOT EXIST %SystemRoot%\System32\devcon.exe copy \\FileServer\Script$\devcon.exe %SystemRoot%\System32\devcon.exe

rem - Copying QGrep tool to clients...
IF NOT EXIST %SystemRoot%\System32\qgrep.exe copy \\FileServer\Script$\qgrep.exe %SystemRoot%\System32\qgrep.exe

devcon hwids =net > "%userprofile%\devconout.txt"
qgrep -n -y "wireless" "%userprofile%\devconout.txt" > "%userprofile%\qgrepout.txt"

FOR /F "tokens=1* usebackq delims=:" %%a in ("%userprofile%\qgrepout.txt") do set /a WirelessLine=%%a+1 & goto Locate
goto Cleanup

:Locate
echo ID Located on line %WirelessLine%

FOR /F "tokens=1* usebackq skip=%WirelessLine% delims=: " %%z in ("%userprofile%\devconout.txt") do set WirelessHID="%%z" & goto Shutdown
goto Cleanup

:Shutdown
echo ID is %WirelessHID%
devcon disable %WirelessHID%

:Cleanup
del /q "%userprofile%\qgrepout.txt"
del /q "%userprofile%\devconout.txt"
echo Done!

-----------
   
3.  Step-By-Step Explanation
I'm not a scripting guru... I usually just keep banging my head against a wall until they work. I'm certain there is probably a more efficient or effective way to script this - and I'll happily append/change the script in deference to some comments! So if you see a better way to accomplish these steps, speak up!

Let's dive it to the examination:
------
@echo off

rem - Copying Command Line Device Manager to clients...
IF NOT EXIST %SystemRoot%\System32\devcon.exe copy \\FileServer\Script$\devcon.exe %SystemRoot%\System32\devcon.exe

rem - Copying QGrep tool to clients...
IF NOT EXIST %SystemRoot%\System32\qgrep.exe copy \\FileServer\Script$\qgrep.exe %SystemRoot%\System32\qgrep.exe
------------
This section is checking whether our client machine already has qgrep and devcon. If not, it copies them from our server share into the system32 folder of the client. Pretty simple stuff, but we want the check to ensure we're not constantly copying files needlessly to clients.

Next up:
------------
devcon hwids =net > "%userprofile%\devconout.txt"
qgrep -n -y "wireless" "%userprofile%\devconout.txt" > "%userprofile%\qgrepout.txt"
-------------
We need some writeable space (our script is going to output a couple intermediate text files), so we're assuming our user's home directory is writeable.

The Devcon line is asking for a profile of all net associated hardware IDs. We're outputting this to devconout.txt in our user's home directory.
Next up we ask qgrep to find any line with the word "wireless" (regardless of capitalization, which is the -y flag) and output the line numbers (the -n flag) and lines to qgrepout.txt

Next up: our favorite command line beast: the For command!
-----------------
FOR /F "tokens=1* usebackq delims=:" %%a in ("%userprofile%\qgrepout.txt") do set /a WirelessLine=%%a+1 & goto Locate
goto Cleanup
------------------
This is asking the for command to crawl through our qgrepout file (which, if you'll recall, begins with the line numbers). We use the set /a flag so we can perform arithmetic on the first variable FOR finds (in our case, the line number).

So we add 1 to the line number and call it our "Wireless Line" variable. Because we want to disable the first instance of any hardware that calls itself "wireless", we jump to the locate function to avoid subsequent wireless drivers etc from overwriting our WirelessLine variable.

Finally, if qgrepout is empty and FOR never matches a line (the client PC doesn't have any hardware that calls itself wireless) we jump to the cleanup function.

Next, let's examine the "Locate" function:
------------------------
:Locate
echo ID Located on line %WirelessLine%

FOR /F "tokens=1* usebackq skip=%WirelessLine% delims=: " %%z in ("%userprofile%\devconout.txt") do set WirelessHID="%%z" & goto Shutdown
goto Cleanup
-----------------
You can nuke the echo line, I just wanted to see what line number we're jumping to so I could troubleshoot the script... regardless, the For command is going to skip to the WirelessLine we've had qgrep identify and grab the hardware ID (we're calling it WirelessHID... and we're putting it in quotes to aid our devcon disable command down below). Then we jump away with a goto command before the for command can set the WirelessHID to the next token it finds.

Now that we've found a hardware ID associated with the work wireless, let's shut it down!
------------
:Shutdown
echo ID is %WirelessHID%
devcon disable %WirelessHID%
-------------
Again the echo command isn't necessary, but it is nice to see what's being asked of devcon.
So after all that work of locating the first reference to wireless in device manager and finding it's associated HID. the actual disable command isn't that tough. Just be certain the HID is surrounded by quotes, or you could find yourself fast disabling more than you bargained for:)

Finally, the cleanup stage (optional):
----------------
Cleanup
del /q "%userprofile%\qgrepout.txt"
del /q "%userprofile%\devconout.txt"
echo Done!
----------------
This step just deletes the two files we created. You probably don't want to clean up the two text files we wrote to when you're first testing the script (you can use these in your test lab to verify proper devcon output and qgrep identification).. but I figure the less clutter in the user's home directory, the better.
   
4.  Create an "Enable" script (optional)
You may wish to re-enable their wireless card at logoff... the same script will work word-for-word after changing the:

devcon disable %WirelessHID%

to:

devcon enable %WirelessHID%

 

Conclusion
This script comes with many caveats... first off, if we knew the hardware ID of the wireless cards, this script is vastly simplified – just devcon disable the specific hardware ID.

Second, this script only looks for the first hardware ID that names itself something including the word wireless... now, this works for a vast majority of cases, but you'll likely need to exercise some judgment and do some testing on your own.

Third, the script is only written with concern for one wireless device… multiple wireless hardware devices (is there a case for this?) would require editing the script.

Fourth, access rights should be considered any time you’re scripting something. Does the script have access to enable/disable items from control panel? When you’re adding it to group policy or whatever, ensure proper security/permissions across the board.

Hopefully you’re at least introduced to two potent tools: devcon and qgrep… and can see how something as seemingly complicated as disabling any wireless card when logging in to your LAN may be scriptable (without paying for a third-party product or relying on device manufacturers)
0
 
LVL 5

Expert Comment

by:jhill777
ID: 33621121
...or you can just buy this for 5 bucks.  
http://www.wirelessautoswitch.com/
0
 

Accepted Solution

by:
phsit earned 0 total points
ID: 33681395
Thank for the detailed response, but I cannot believe this is the solution. Is there no server-side solution for was is surely a common situation? I'm bumping the points to max, as this is apparently more difficult than I thought. Thanks again.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This article is intended as an extension of a blog on Aging and Scavenging by the MS Enterprise Networking Team. In brief, Scavenging is used as follows: Each record in a zone which has been dynamically registered with an MS DNS Server will have…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now