Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies. Only from Platform Scholar.
Course Of The Month
6 days, 10 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Assign privileged computer to IP range
Posted on 2015-02-07
I need to allow a certain group of computers unfiltered internet access. The easiest way for me to do this would be to assign these computers to a specific IP range. I can then allow any computers in that range to bypass our filtering policy. The problem is that I don' t see a way to assign these computers to a specific range via DHCP.
I am looking for an alternative to manual interventions such as IP reservations or setting static IPs. Also I want this to be as easy and maintenance free as possible so I don't want to do anything with VLANS, etc.
I am starting to believe it is not possible to assign a specific computer to an IP range via DHCP, GP, etc. We are running Server 2008 Standard.
I am looking for an alternative to manual interventions such as IP reservations or setting static IPs. Also I want this to be as easy and maintenance free as possible so I don't want to do anything with VLANS, etc.
I am starting to believe it is not possible to assign a specific computer to an IP range via DHCP, GP, etc. We are running Server 2008 Standard.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
4
6 Comments
Active today
You can, in the DHCP reservation area, pick a static IP for the privileged computers and match the IP address with the MAC address of the NIC on the privileged computer. Now that computer gets the same IP address all the time.
In the Firewall, you can give the IP addresses above (or small range if all together) the unfettered access they need.
This works well (I use it) and is low maintenance if computers do not change (which does not happen frequently).
In the Firewall, you can give the IP addresses above (or small range if all together) the unfettered access they need.
This works well (I use it) and is low maintenance if computers do not change (which does not happen frequently).
thanks for the comment but as I said in the question I would rather not do this using reservations or any type of manual static IP assignment.
I would prefer to be able to assign a computer to a Group and then have computers in that Group get an IP address from the privileged range.
I have to get this done and will fall back to using reservations if there is no other way. I looked into using groups on the UTM but by the time I get LDAP and all the rest of it working it just is not worth the effort.
I would prefer to be able to assign a computer to a Group and then have computers in that Group get an IP address from the privileged range.
I have to get this done and will fall back to using reservations if there is no other way. I looked into using groups on the UTM but by the time I get LDAP and all the rest of it working it just is not worth the effort.
Active today
Based on what you have said, IP reservation is fairly simple and easily implemented. I also use this method to have a specific computer available to me.
I do understand what you posted, but I was just offering a simple way that works for me for a variety of situations.
Perhaps someone else has another idea.
I do understand what you posted, but I was just offering a simple way that works for me for a variety of situations.
Perhaps someone else has another idea.
Active 2 days ago
Your best bet would be a reservation. Do not use Static IP's because when the users takes their laptop home or offsite they will constantly need to change there ip back to dhcp everytime. At least with a reservation you don't have to interact with the user at all.
What your thinking of here would be using NAP (Network Access Policy) and GPO's to configrue a security group for specific assignment of DHCP address.
Below is a link on how to setup and configure this.
http://www.windowsecurity.com/articles-tutorials/windows_os_security/Using-Group-Policy-Filtering-Part1.html
Personally I would not use Group Policy because you now have 2 places to manage IP address assignment. I would use a reservation.
Will.
I would prefer to be able to assign a computer to a Group and then have computers in that Group get an IP address from the privileged range
What your thinking of here would be using NAP (Network Access Policy) and GPO's to configrue a security group for specific assignment of DHCP address.
Below is a link on how to setup and configure this.
http://www.windowsecurity.com/articles-tutorials/windows_os_security/Using-Group-Policy-Filtering-Part1.html
Personally I would not use Group Policy because you now have 2 places to manage IP address assignment. I would use a reservation.
Will.
Active today
Just to be clear, I am not using static IP addresses on the computers. The server assigns a fixed IP that the firewall can use. My computer travels fine.
The only maintenance is knowing the MAC address of the computer.
The only maintenance is knowing the MAC address of the computer.
Featured Post
Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!
Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!
Act now. This offer ends July 14, 2017.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Have you considered what group policies are backwards and forwards compatible?
Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications. The user can either have a desktop shortcut installed or go through the web portal to…
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar.
Int…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses
Course of the Month6 days, 10 hours left to enroll
724 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.