I need direction. I need to protect a network from the inside. I have a PITA user who takes great pleasure in causing me trouble. His father is a network admin at some large company and must be coaching him. He admits nothing so can't be disciplined. He does things like change IP's on machines to the same as another one, enable Wifi on the same machine that has a lan connection. Its a nightmare and makes me look bad since I can't prove its him. My only ammunition is that the problems stopped when he moved away, he came back 2 months ago and the same problems have started again.
Its a church believe it or not. I've been doing network assistance for lots of churches over the years and this is more common than you think especially with the band members who respect no security measures and think everything should be wide open like their house.
This is an A/D Domain so he can/t get anywhere he isn't supposed to go, but he does cause problems and is just annoying and I want to shut him down.
Anyway, For starters I need a device or service that will deliver DHCP to machines I specifically list and for others either deny completely to respond or give then completely different settings to route them to an alternate network. And to kill the connection if he uses a static IP that doesn't not match the MAC address I assigned to it.
I know others have dealt with this kind of idiot, There isn't a lot of money available but there is some. I will be upgrading it from Windows server 2003 to 2012 very shortly, Their machines are already win7. I have budget for an upgrade and I'm looking for help. What else can I ask for to help this problem?