Hi Harrison,
Thanks for posting!
Please note that the newsgroups provide assistance to resolve break/fix
issues. Based on my knowledge, generally, we cannot prevent a registered
computer in AD from getting the IP from DHCP server. To avoid the potential
security issue that the unauthenticated user can access the internal
resource, you may gracefully set the NTFS permission of shared resource.
Additionally, if you need to deny unauthenticated user access external
resource, I recommend you use ISA server, it can restrict unauthenticated
user to access Internet even though he can get the IP from DHCP.
Furthermore, we recommend Microsoft Advisory Services, a
remotely-delivered, consultative support option that adds the element of
proactive support, providing a comprehensive result beyond your break-fix
product maintenance needs. More information on this service here:
<
http://support.microsoft.com/gp/advisoryservice>
For more info in the US and Canada:
http://support.microsoft.com/default.aspx?pr=AdvisoryService
Outside of the US/Canada:
http://support.microsoft.com/default.aspx?scid=/international.aspx
Thanks & Regards,
Jason Tan
Microsoft Online Partner Support
Get Secure! -
www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| Reply-To: "Harrison Midkiff" <
[email protected]>
| From: "Harrison Midkiff" <
[email protected]>
| References: <
[email protected]>
<eUwuYE#
[email protected]>
| Subject: Re: DHCP only to registered computers
| Date: Mon, 23 May 2005 21:47:29 -0400
| Lines: 44
| Organization: Audio Visual Innovations, Inc.
| X-Priority: 3
| X-MSMail-Priority: Normal
| X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
| X-RFC2646: Format=Flowed; Original
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
| Message-ID: <#
[email protected]>
| Newsgroups: microsoft.public.win2000.general
| NNTP-Posting-Host: 208.5.55.190
| Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl
| Xref: TK2MSFTNGXA01.phx.gbl microsoft.public.win2000.general:55298
| X-Tomcat-NG: microsoft.public.win2000.general
|
| David:
|
| Thanks for replying to my post.
|
| I thought of that, but that would be difficult to manage. I have done
some
| additional research and so far I am not coming up with anything. I
almost
| think this goes against the purpose of a DHCP server to serve out IP
| addresses to client computers...
|
| Harrison Midkiff
| | > From: "Harrison Midkiff" <
[email protected]>
| >
| > | Hello:
| > |
| > | I have been having an issue with users plugging unauthorized
computers
| > into
| > | the network. I have Windows 2003 DHCP configured. I thought there
was
| > a
| > | way to configure it so only computers registered in Active Directory
| > could
| > | get a DHCP address. I looked in the config, but didn't see anything
| > | relating to this.
| > |
| > | Does anyone know if you can configure DHCP so only computers
registered
| > in
| > | Active Directory will get a DHCP address? Thanks
| > |
| > | Harrison Midkiff
| > |
| >
| > Do you keep track of all MAC adresses ?
| >
| > You may be able to restrict DHCP leases to only known MAC addresses.
| >
| > --
| > Dave
| >
http://www.claymania.com/removal-trojan-adware.html
| >
http://www.ik-cs.com/got-a-virus.htm
| >
| >
|
|
|