I would like to know if there is a way to deny leasing an IP address through my MS DHCP server to computers which are not registered in my domain.
Thanks!
Asked
Active
Viewed 3,873 times
2 Answers
4
RFC 3118 allows for authentication in DHCP messages although AFAIK it isn't implemented in the current DHCP servers.
If you want to secure your network a better approach is IEEE_802.1X where clients must authenticate themselves to the switch port before they can access the network.
That means that even if an unauthenticated system is configured with a static IP-addres and doesn't use DHCP ; it still can't use your network.
HBruijn
- 77,029
- 24
- 135
- 201
0
You won't be able to restrict in on a domain basis as the client would need to be able to connect to your network via IP before it's credentials are validated via a Domain Controller. Having said that however, there is a DLL available that enables you to prevent unauthorised MAC addresses from getting a DHCP assigned address but this requires the administrator to enable this functionality and to register the MAC addresses of the network cards that you want to allow.
For more information on this option check this link DHCP Server callout DLL for MAC address based filtering
Note: This DLL may no longer be available as the functionality was added with Windows 2008 R2 and I'd last used this with Windows 2003 hosts some time ago.
Enigman
- 491
- 2
- 4