Solved

Can we ristrict any computer not to get an IP from the DHCP server of windows 2003?

Posted on 2011-09-07
6
367 Views
Last Modified: 2012-06-27
Can we ristrict any computer not to get an IP from the DHCP server of windows 2003?
0
Comment
Question by:mahmood66
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 8

Expert Comment

by:bright12
ID: 36500927
Why would you do that? You need an IP address if your PC is connected to a network, otherwise you don't have any network drives, intranet, internet, mail, etc..

If your computers get an IP address from a different server than you can switch off the DHCP server in this windows 2003 server.
0
 
LVL 3

Expert Comment

by:vk3kjc
ID: 36500951
While I have not used it, a possible solution using DHCP classes can be found here:

http://www.techrepublic.com/article/use-dhcp-class-to-deny-internet-access-to-unauthorized-machines/5498436

which also refers to:

http://support.microsoft.com/kb/240247/EN-US/
0
 

Author Comment

by:mahmood66
ID: 36501008
dear,

I found some unknown names in the list. so I want to block those. may be some ristricted persons are gettting connected which should be stopped through MAC address. suggest me best solution
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 9

Expert Comment

by:Chev_PCN
ID: 36501360
Hi Mahmoud.
If you are looking to block "rogue" computers from connecting onto your network, you are now entering the world of NAC (Network Access Control). You cannot use DHCP to manage this.
On a very small network, you can maybe look at manual port blocking on the switches. This is management-intensive and I would not recommend this for any infrastructure greater than 100 users.
For a larger enterprise, you need to look at a proper NAC solution. Unfortunately I only work with larger enterprises that use Juniper and Cisco solutions, which are brilliant, high-security, but also very costly.
I believe that Cisco and HP Procurve switches are also able to do dynamic port-blocking based on RADIUS authentication.
0
 
LVL 9

Accepted Solution

by:
Chev_PCN earned 250 total points
ID: 36501369
To clarify further, even if you find a way to stop rogue devices from getting a dynamic IP address, a user can still manually configure the IP address.  I would not recommend using DHCP as a NAC tool.
0
 

Author Closing Comment

by:mahmood66
ID: 36501750
I understand now. DHCP is not for blocking the computer to get connected
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco vWLC DHCP issues 36 145
Port not opening complex Huwaei Router - Sonicwall - Airport extreme 32 137
Urgent domain controller problems 8 95
DHCP behind catalyst 3750 POE-48 2 84
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
Learn how to PXE Boot both BIOS & UEFI machines with DHCP Policies and Custom Vendor Classes
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question