Can we ristrict any computer not to get an IP from the DHCP server of windows 2003?

Posted on 2011-09-07
Medium Priority
Last Modified: 2012-06-27
Can we ristrict any computer not to get an IP from the DHCP server of windows 2003?
Question by:mahmood66

Expert Comment

ID: 36500927
Why would you do that? You need an IP address if your PC is connected to a network, otherwise you don't have any network drives, intranet, internet, mail, etc..

If your computers get an IP address from a different server than you can switch off the DHCP server in this windows 2003 server.

Expert Comment

ID: 36500951
While I have not used it, a possible solution using DHCP classes can be found here:


which also refers to:


Author Comment

ID: 36501008

I found some unknown names in the list. so I want to block those. may be some ristricted persons are gettting connected which should be stopped through MAC address. suggest me best solution
We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!


Expert Comment

ID: 36501360
Hi Mahmoud.
If you are looking to block "rogue" computers from connecting onto your network, you are now entering the world of NAC (Network Access Control). You cannot use DHCP to manage this.
On a very small network, you can maybe look at manual port blocking on the switches. This is management-intensive and I would not recommend this for any infrastructure greater than 100 users.
For a larger enterprise, you need to look at a proper NAC solution. Unfortunately I only work with larger enterprises that use Juniper and Cisco solutions, which are brilliant, high-security, but also very costly.
I believe that Cisco and HP Procurve switches are also able to do dynamic port-blocking based on RADIUS authentication.

Accepted Solution

Chev_PCN earned 750 total points
ID: 36501369
To clarify further, even if you find a way to stop rogue devices from getting a dynamic IP address, a user can still manually configure the IP address.  I would not recommend using DHCP as a NAC tool.

Author Closing Comment

ID: 36501750
I understand now. DHCP is not for blocking the computer to get connected

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Ever wondered why you had to use DHCP options (dhcp opt 60, 66 or 67) in order to use PXE? Well, you don't!
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
When you have multiple client accounts to manage, it often feels like there aren’t enough hours in the day. With too many applications to juggle, you can’t focus on your clients, much less your growing to-do list. But that doesn’t have to be the cas…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question