Re: Unauthorised PCs

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 08/19/05

• Next message: Tom Pepper Willett: "Re: Port Blocking"
• Previous message: LarMan: "Re: EFS Errors"
• In reply to: RBlunden: "Unauthorised PCs"
• Next in thread: keith: "Re: Unauthorised PCs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 19 Aug 2005 13:04:21 -0500

You could try configuring your DHCP scope with only reservations that map an
IP lease to a mac address of a computers network adapter. However I have
heard in that past that such does not always work as expected and for all
but small networks it would be very labor intensive to configure and
maintain.

If your switches can do mac filtering you may want to look at that. Many
switches have a feature to allow the switch ports to memorize current mac
addresses and then lock the table so that only those are allowed. Of course
mac addresses can be spoofed but that is not something that the average user
would probably try.

Since unauthorized computers can bring in problems such as a worm or a
backdoor to your network that can cause great damage I would suggest you
consider implementing a computer use policy that prohibits unauthorized
computers. To be effective such a policy would need to spell out specific
disciplinary action, have a signed copy from the user be on file, and be
enforced. --- Steve

"RBlunden" <RBlunden@discussions.microsoft.com> wrote in message
news:7DAF5179-DA72-46D8-87E2-2955AA238112@microsoft.com...
> Any ideas how I can prevent users picking up a dhcp lease when they plug
> their own PC onto the network? I want only my domain members to get IP
> addresses.
> I know if they add manual addresses they will get in, but as a 1st step
> securing dhcp to my PCs only would seem logical.
> Any help appreciated.
> Regards
> RB

---

• Next message: Tom Pepper Willett: "Re: Port Blocking"
• Previous message: LarMan: "Re: EFS Errors"
• In reply to: RBlunden: "Unauthorised PCs"
• Next in thread: keith: "Re: Unauthorised PCs"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Vista clients became unresponsive after network move ... The computers detected a new network, ... Connection-specific DNS Suffix  . ... you must change the DHCP scope to match your new subnet. ... (microsoft.public.windows.server.networking) Re: Vista clients became unresponsive after network move ... The computers detected a new network, ... Connection-specific DNS Suffix  . ... you must change the DHCP scope to match your new subnet. ... (microsoft.public.windows.server.networking) Re: Preventing DHCP from allocating IPs ... Each segment is physically separate with a Linux ... unknown MAC addresses firstly don't get a DHCP ... >> wants access to your network, they will have to come to you to obtain ... (Security-Basics) Re: Secure your DHCP ... I can only think of allocating via dhcp reservation using network card ... Create an exclusion of your whole DHCP scope (So no IP's are free to be ... assign each mac address an Ip address from what was in your pool. ... (microsoft.public.windows.server.sbs) Re: Networks ... In the light of my last comment above, I had a Mac in 1984, and in 1985 set ... up a network of five Macs by the simple means of plugging a cable into each ... >>> David Kelsey ... although many people seem to think computers should be as easy ... (microsoft.public.windowsxp.network_web)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.security  > 2005-08