Windows Vista DHCP bug, arp authorize, isc dhcp, workaround

Question

I am trying to find a workaround for the Windows Vista Force Broadcast bug with ISC DHCP and a Cisco Router. The problem is not windows vista trying to obtain an IP address from us that works fine (with or without the flag enabled). THe problem is we are using a cisco router and the command 'arp authorized' to prevent users from using static IP addresses on the network.

The problem is, if Windows Vista sets the boot flag to true the command 'arp authorized' will not work, as it looks for the IP address and destination MAC address in the DHCP Offer Packet to add it to its arp table. The machine will DHCP just fine, but since the ARP table is not aware of the machine, it is unable to access the internet. If I disable the broadcast flag in vista, the next time it DHCPs an arp entry gets created since the DHCP Offer is unicast instead of broadcast.

The thing is, we can not tell 500 to 1000 people to edit their registry, so we need a workaround for this issue. I have not had much success in finding a workaround. The question is, is there a way to force or trick ISC DHCP into unicasting a responce back to the user. Either on the Cisco Side, ISC DHCP side or intercepting and rewriting the DHCP Discover UDP packet to turn off the flag before it reaches ISC DHCP?

Answer 1

The thing is, we can not tell 500 to 1000 people to edit their registry,

That's basically what we did in my university environment with roughly 50,000 users. We didn't actually tell people to manually make the registry change (though we did publish the info). We packaged up the registry tweak into a standalone executable they could just download from us and double click. There are a ton of ways you could do this for your users and make it brain-dead simple.