Re: DHCP security breach
- From: boomboom999@xxxxxxxxx
- Date: 14 Jun 2006 22:42:04 -0700
Roger,
I agree with you that theoretically I can preserve integrity of
important DNS records by preventing DHCP from rewriting them. But in
practice, what can I do?
Microsoft recommends to run DHCP under a low privilege account.
I am wondering why Microsoft omits in their docs any recommendations on
ACL that this account must have on DNS zones.
Suppose, I have one zone with 4000 workstations and 300 servers. The
DHCP server acts under a specific AD account. I do not want to tweak
ACLs on every single record in my DNS zone.
What permissions should I give to the DHCP account on my DNS zone?
May be something like this?
Domain Computers = Create child objects
CREATOR/OWNER = Full Control
.
- Follow-Ups:
- Re: DHCP security breach
- From: Jorge de Almeida Pinto [MVP]
- Re: DHCP security breach
- From: Roger Abell [MVP]
- Re: DHCP security breach
- References:
- DHCP security breach
- From: boomboom999
- Re: DHCP security breach
- From: Roger Abell [MVP]
- DHCP security breach
- Prev by Date: Re: DHCP security breach
- Next by Date: Re: DHCP security breach
- Previous by thread: Re: DHCP security breach
- Next by thread: Re: DHCP security breach
- Index(es):
Relevant Pages
|
