Solved

Assign privileged computer to IP range

Posted on 2015-02-07
6
59 Views
Last Modified: 2015-02-21
I need to allow a certain group of computers unfiltered internet access. The easiest way for me to do this would be to assign these computers to a specific IP range. I can then allow any computers in that range to bypass our filtering policy. The problem is that I don' t see a way to assign these computers to a specific range via DHCP.

I am looking for an alternative to manual interventions such as IP reservations or setting static IPs. Also I want this to be as easy and maintenance free as possible so I don't want to do anything with VLANS, etc.

I am starting to believe it is not possible to assign a specific computer to an IP range via DHCP, GP, etc. We are running Server 2008 Standard.
0
Comment
Question by:pmckenna11
  • 4
6 Comments
 
LVL 92

Accepted Solution

by:
John Hurst earned 500 total points
ID: 40595750
You can, in the DHCP reservation area, pick a static IP for the privileged computers and match the IP address with the MAC address of the NIC on the privileged computer.  Now that computer gets the same IP address all the time.

In the Firewall, you can give the IP addresses above (or small range if all together) the unfettered access they need.

This works well (I use it) and is low maintenance if computers do not change (which does not happen frequently).
0
 
LVL 2

Author Comment

by:pmckenna11
ID: 40595777
thanks for the comment but as I said in the question I would rather not do this using reservations or any type of manual static IP assignment.

I would prefer to be able to assign a computer to a Group and then have computers in that Group get an IP address from the privileged range.

I have to get this done and will fall back to using reservations if there is no other way. I looked into using groups on the UTM but by the time I get LDAP and all the rest of it working it just is not worth the effort.
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 40595791
Based on what you have said, IP reservation is fairly simple and easily implemented. I also use this method to have a specific computer available to me.

I do understand what you posted, but I was just offering a simple way that works for me for a variety of situations.

Perhaps someone else has another idea.
0
Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40595841
Your best bet would be a reservation. Do not use Static IP's because when the users takes their laptop home or offsite they will constantly need to change there ip back to dhcp everytime. At least with a reservation you don't have to interact with the user at all.

I would prefer to be able to assign a computer to a Group and then have computers in that Group get an IP address from the privileged range

What your thinking of here would be using NAP (Network Access Policy) and GPO's to configrue a security group for specific assignment of DHCP address.

Below is a link on how to setup and configure this.
http://www.windowsecurity.com/articles-tutorials/windows_os_security/Using-Group-Policy-Filtering-Part1.html

Personally I would not use Group Policy because you now have 2 places to manage IP address assignment. I would use a reservation.

Will.
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 40595850
Just to be clear, I am not using static IP addresses on the computers. The server assigns a fixed IP that the firewall can use. My computer travels fine.

The only maintenance is knowing the MAC address of the computer.
0
 
LVL 92

Expert Comment

by:John Hurst
ID: 40623291
@pmckenna11 - Thanks, and I was happy to help you with this.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Every system administrator encounters once in while in a problem where the solution seems to be a needle in haystack.  My needle was an anti-virus version causing problems with my Exchange server. I have an HP DL350 with Windows Server 2008 Stand…
Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found here: http://www.experts-exchang…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now