Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Domain auth before issuing IP address via DHCP

Posted on 2011-03-21
7
Medium Priority
?
303 Views
Last Modified: 2012-05-11
I'm trying to see if it's possible to lock down DHCP (running on a Windows 2003 Server R2) so that before a DHCP lease is issued, the computer has to be a member of the domain. I've seen a few posts on EE and on the interweb at large that mention 802.1x and a RADIUS server, but at the moment we don't have a RADIUS server running (only AD/ LDAP.)

I realize that without being a member of the domain and having the proper rights a rouge machine/ user couldn't access any network resources (easily, anyway), I'd still like to avoid and "visitors" to the company who just jack in from causing havoc via malware. (And yes, we do have a guest wifi AP setup on a DMZ, it's just sometimes people see a port and plug in.)
Any thoughts or answers are greatly appreciated on the issue.
0
Comment
Question by:biofishfreak
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 8

Expert Comment

by:ActiveDirectoryman
ID: 35184613


Check out this article

Wireless networking in Windows Server 2003
http://www.windowsnetworking.com/articles_tutorials/Wireless-Networking-Windows-2003.html
0
 
LVL 3

Author Comment

by:biofishfreak
ID: 35184670
AD man, would this sort of setup translate to a wired network? The recent issue we've had is a consultant was asked to sign onto our DMZ wireless network, but instead they plugged into our ethernet network. This is what we are trying to avoid right now. It's kind of looking like MAC address filtering is the way to go.
0
 
LVL 8

Accepted Solution

by:
ActiveDirectoryman earned 1400 total points
ID: 35184921

Yea, there is

here you go :

Deployment of IEEE 802.1X for Wired Networks Using Microsoft Windows

http://www.microsoft.com/downloads/en/details.aspx?familyid=05951071-6b20-4cef-9939-47c397ffd3dd&displaylang=en
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 47

Assisted Solution

by:Craig Beck
Craig Beck earned 600 total points
ID: 35199208
You can make a RADIUS server using a Windows Server by installing IAS (2003) or NPS (2008).

However, Microsoft are a bit twitchy when it comes to supporting clients using 802.1X.
This would be the way to do it though, and I have deployed this in some big sites without any problems.

Of course, your switches will need to support 802.1X too.
0
 
LVL 8

Expert Comment

by:ActiveDirectoryman
ID: 35199260

It explains that in the article.  It is very straight-forward.
0
 
LVL 3

Author Comment

by:biofishfreak
ID: 35200901
Awesome, thanks you two. I'm going to wait to double check with my network guy on this when he gets back in on Monday. I'll update everyone then.
0
 
LVL 3

Author Closing Comment

by:biofishfreak
ID: 35796991
Wow, I suck at responding fast. So after talking with my Network Admin, we've decided to use some network monitoring software to detect when a new system comes onto the network, alert us, and we roll out ASAP to fix things. I appreciate both of your help, and assigned points to the both of you.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question