RE: Deny client from obtaining IP address


In Windows 2000/2003 DHCP, you can add reservations. This only
works if you know the MAC address of all good clients, and add any new
machines that have been authorised to use the network.

You could probably script a way to add clients to this list.
Unfortunately my own scripting is sub-par so I can't help out much with
it but it is one thing I shall be pushing for when/if these SOX audits
ever calm down and I get a bit more time on my hands.



-----Original Message-----
From: rolando_ruiz@xxxxxxxxxxxxxxx [mailto:rolando_ruiz@xxxxxxxxxxxxxxx]

Sent: Friday, 28 July 2006 2:24 AM
To: security-basics@xxxxxxxxxxxxxxxxx
Subject: Deny client from obtaining IP address

Hello all,

Is there a way that in DHCP or so, one can deny a client computer from
obtaining an IP address? We use Microsoft servers ADS environment and
I'd like to allow only those we want to obtain
an IP address. I don't want to make it too restricted where authorized
users are unable to connect. I'm sure there are some 3rd party apps that
can handle this and I welcome suggestions on those also. This is a
solution for denying connectivity to outsiders.

Thank you



------------------------------------------------------------------------
---
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence
in Information Security. Our program offers unparalleled Infosec
management
education and the case study affords you unmatched consulting
experience.
Using interactive e-Learning technology, you can earn this esteemed
degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Relevant Pages

  • Re: Multiple PTR records wont go away in the reverse zone.
    ... Now please consider how disabling DDNS on DHCP clients ... networks and need to get an IP address and possibly register with DNS. ... remove it or update it when Secure only updates are enabled. ...
    (microsoft.public.windows.server.dns)
  • RE: DHCP for Simple Security
    ... > our clients to have a unique User-Defined Class in IPconfig. ... > Microsoft DHCP server would support IP assignment by User-Defined ... User Class option. ...
    (microsoft.public.windows.server.networking)
  • Re: ISA Server & a WiFi Hotspot (some DHCP for good measure too)
    ... have the LAN side of the wireless router be in the 10.0.0.x ... your SBS has two nics - its WAN nic is using 10.0.0.2 ... The SBS handles DHCP for the ... The SBS firewall not only keeps the wireless clients ...
    (microsoft.public.windows.server.sbs)
  • Re: DNS Scavenged all my Service records!
    ... I made the changes to our DHCP scope as per your suggestions below, ... Good, in most cases, I see DNS scavenging as an unnecessary process, if the ... DHCP clients are properly configured. ... DHCP server is configured to dynamically update DNS.... ...
    (microsoft.public.windows.server.dns)
  • Re: Taking Domain Controller Offline
    ... Depends of the DHCP clients lease, if you think that the amount of time that ... additional DHCP server, of course if you've one in place you should use it ... sure that the clients are able to use the additional DNS server. ... "Jorge Silva" wrote: ...
    (microsoft.public.windows.server.active_directory)