Solved

Can we ristrict any computer not to get an IP from the DHCP server of windows 2003?

Posted on 2011-09-07
6
366 Views
Last Modified: 2012-06-27
Can we ristrict any computer not to get an IP from the DHCP server of windows 2003?
0
Comment
Question by:mahmood66
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 8

Expert Comment

by:bright12
ID: 36500927
Why would you do that? You need an IP address if your PC is connected to a network, otherwise you don't have any network drives, intranet, internet, mail, etc..

If your computers get an IP address from a different server than you can switch off the DHCP server in this windows 2003 server.
0
 
LVL 3

Expert Comment

by:vk3kjc
ID: 36500951
While I have not used it, a possible solution using DHCP classes can be found here:

http://www.techrepublic.com/article/use-dhcp-class-to-deny-internet-access-to-unauthorized-machines/5498436

which also refers to:

http://support.microsoft.com/kb/240247/EN-US/
0
 

Author Comment

by:mahmood66
ID: 36501008
dear,

I found some unknown names in the list. so I want to block those. may be some ristricted persons are gettting connected which should be stopped through MAC address. suggest me best solution
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 
LVL 9

Expert Comment

by:Chev_PCN
ID: 36501360
Hi Mahmoud.
If you are looking to block "rogue" computers from connecting onto your network, you are now entering the world of NAC (Network Access Control). You cannot use DHCP to manage this.
On a very small network, you can maybe look at manual port blocking on the switches. This is management-intensive and I would not recommend this for any infrastructure greater than 100 users.
For a larger enterprise, you need to look at a proper NAC solution. Unfortunately I only work with larger enterprises that use Juniper and Cisco solutions, which are brilliant, high-security, but also very costly.
I believe that Cisco and HP Procurve switches are also able to do dynamic port-blocking based on RADIUS authentication.
0
 
LVL 9

Accepted Solution

by:
Chev_PCN earned 250 total points
ID: 36501369
To clarify further, even if you find a way to stop rogue devices from getting a dynamic IP address, a user can still manually configure the IP address.  I would not recommend using DHCP as a NAC tool.
0
 

Author Closing Comment

by:mahmood66
ID: 36501750
I understand now. DHCP is not for blocking the computer to get connected
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Learn how to PXE Boot both BIOS & UEFI machines with DHCP Policies and Custom Vendor Classes

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question