What are you really trying to do here?
Refusing a DHCP assigned address doesn't stop them from getting onto
your network with a static IP.
Should you be looking at 802.1x?
-----Original Message-----
From: Depp, Dennis M. [mailto:deppdm@ornl.gov]
Sent: Wednesday, December 21, 2005 8:45 AM
To: Murad Talukdar; focus-ms@securityfocus.com
Subject: RE: prevent DHCP server giving out leases to non-domain
machines?
There are DHCP products that require authentication prior to giving out
a DHCP address and these can be linked to AD. This can be setup to
require a user to authenticate before the first IP address is handed
out. During the renewals you might be able to use the Machine
authentication to renew an IP address.
Dennis
-----Original Message-----
From: Murad Talukdar [mailto:talukdar_m@subway.com]
Sent: Tuesday, December 20, 2005 9:00 PM
To: focus-ms@securityfocus.com
Subject: prevent DHCP server giving out leases to non-domain machines?
Hi,
Is there a way to stop a W2003 DHCP server from giving out leases for
IP's if a machine does not belong to the domain?
Or is this a fruitless question that someone simply needs to point out
something very simple to me.
A machine can't join the domain if it doesn't have an IP first(chicken
and egg type thing) I can see that but obviously I'm missing something
here-perhaps it's a question of layers-the domain is working at a
'higher' layer? Kind Regards Murad Talukdar
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
---------------------------------------------------------------------------
