DHCP Restriction

T

Tad Gralewski

Quick question - is it possible to configure a Windows2000
based DHCP server that is a member of an Active Directory
domain so that it will only provide DHCP leases for
machines that are members of the Active Directory tree?

Thanks for your help.

Tad
 
M

Matjaz Ladava [MVP]

This could be done by using IPSec in the network and configuring it in that
way, that only domain clients can use the network thus getting IP's from
DHCP server. But this is not an easy setup and people who had done this said
that it is not an easy thing to configure.
One more simple approach would be to create reservations for all computers
in DHCP server in your network and put the rest of leases in exclusion
range. This way systems w/o prior DHCP reservation won't be able to obtain
leases.

--
Regards

Matjaz Ladava, MCSE, MCSA, MCT, MVP
Microsoft MVP - Active Directory
(e-mail address removed), (e-mail address removed)
http://ladava.com
 
C

Cary Shultz [MVP]

Matjaz Ladava said:
This could be done by using IPSec in the network and configuring it in that
way, that only domain clients can use the network thus getting IP's from
DHCP server. But this is not an easy setup and people who had done this said
that it is not an easy thing to configure.
One more simple approach would be to create reservations for all computers
in DHCP server in your network and put the rest of leases in exclusion
range. This way systems w/o prior DHCP reservation won't be able to obtain
leases.

--
Regards

Matjaz Ladava, MCSE, MCSA, MCT, MVP
Microsoft MVP - Active Directory
(e-mail address removed), (e-mail address removed)
http://ladava.com
Click to expand...

Matjaz,

That is really "thinking outside the box"! I am going to remember this!
IPSec would be interesting as well. Probably a whole lot harder than the
other "outside the box" solution, though ( as you said ).

Cary
 
M

Matjaz Ladava [MVP]

"thinking outside the box" always reminds me of Don Box :)) (a great
speaker and now an MS employee).

--
Regards

Matjaz Ladava, MCSE, MCSA, MCT, MVP
Microsoft MVP - Active Directory
(e-mail address removed), (e-mail address removed)
http://ladava.com
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

DHCP Issue / Question 2
Un-identified device on network 1
DHCP Rogue Detection Problem 4
Netbios names with IP 6
dhcp 3
DHCP Scopes Delegation 1
DHCP Authorization in active directory. 13
[URGENT] Only DC went down; can I DCPROMO another server + restore AD while old DC is repaired? 1

Top