DHCP Restriction

we run our network with DHCP, this means anyone can
connect a laptop to our system and get an IP and start surfing the
internet and connect any virus infected PC to our network. Can I restrict
DHCP to
only issue IP's to Domain member computers .Basically I want to stop any
one (visitor) from getting a net
connection. I have Win2k3 Enviroement which ahs Web/DB/Application Servers
printers etc etc. Can it be done. Any option thru doing it thru Group is
available?

Early reply from this forum is truly appreciated

Early reply from this forum is truly appreciated




Why not go and read what Mitch Tulloch has to say on this subject, instead?

You should look at NAP. To truly get this to work correctly, you will want
to have control at the switch level, thereby only allowing connection of
predefined clients.

http://www.microsoft.com/latam/windo...rotection.mspx


--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Rajnish" <Rajnish@discussions.microsoft.com> wrote in message
news:A67C8D87-72E6-4036-9BF9-6038C6C009DD@microsoft.com...
> we run our network with DHCP, this means anyone can
> connect a laptop to our system and get an IP and start surfing the
> internet and connect any virus infected PC to our network. Can I restrict
> DHCP to
> only issue IP's to Domain member computers .Basically I want to stop any
> one (visitor) from getting a net
> connection. I have Win2k3 Enviroement which ahs Web/DB/Application Servers
> printers etc etc. Can it be done. Any option thru doing it thru Group is
> available?
>
> Early reply from this forum is truly appreciated

"Rajnish" <Rajnish@discussions.microsoft.com> wrote in message
news:A67C8D87-72E6-4036-9BF9-6038C6C009DD@microsoft.com...
> we run our network with DHCP, this means anyone can
> connect a laptop to our system and get an IP and start surfing the
> internet and connect any virus infected PC to our network. Can I restrict
> DHCP to
> only issue IP's to Domain member computers .Basically I want to stop any
> one (visitor) from getting a net
> connection. I have Win2k3 Enviroement which ahs Web/DB/Application Servers
> printers etc etc. Can it be done. Any option thru doing it thru Group is
> available?
>
> Early reply from this forum is truly appreciated


Another option is to use QIP, a third party DHCP utility that does just
this.

Alcatel-Lucent VitalQIP™ DNS/DHCP IP Address Management
SoftwareAlcatel-Lucent VitalQIP DNS/DHCP IP Address Management Software is a
market leading solution for automating IP address management services across
networks.
http://enterprise.alcatel-lucent.com...&page=overview


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please
contact Microsoft PSS directly. Please check http://support.microsoft.com
for regional support phone numbers.

NAP should be the right way to do this, but as he is running W2K3, probably
he'll need to look at an IPSEC domain isolation scenario (or something
derived from that).

Andrei
www.winadmins.net

"Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> wrote in message
news:eY4QbzZpKHA.2076@TK2MSFTNGP05.phx.gbl...
> You should look at NAP. To truly get this to work correctly, you will
> want to have control at the switch level, thereby only allowing connection
> of predefined clients.
>
> http://www.microsoft.com/latam/windo...rotection.mspx
>
>
> --
> Paul Bergson
> MVP - Directory Services
> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
> 2008, 2003, 2000 (Early Achiever), NT4
> Microsoft's Thrive IT Pro of the Month - June 2009
>
> http://www.pbbergs.com
>
> Please no e-mails, any questions should be posted in the NewsGroup This
> posting is provided "AS IS" with no warranties, and confers no rights.
>
> "Rajnish" <Rajnish@discussions.microsoft.com> wrote in message
> news:A67C8D87-72E6-4036-9BF9-6038C6C009DD@microsoft.com...
>> we run our network with DHCP, this means anyone can
>> connect a laptop to our system and get an IP and start surfing the
>> internet and connect any virus infected PC to our network. Can I restrict
>> DHCP to
>> only issue IP's to Domain member computers .Basically I want to stop any
>> one (visitor) from getting a net
>> connection. I have Win2k3 Enviroement which ahs Web/DB/Application
>> Servers
>> printers etc etc. Can it be done. Any option thru doing it thru Group is
>> available?
>>
>> Early reply from this forum is truly appreciated
>
>

Ah yes, I didn't catch that and agree on your ipsec solution.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Andrei Ungureanu" <someone@mydomain.com> wrote in message
news:OW1TJYzpKHA.3792@TK2MSFTNGP06.phx.gbl...
> NAP should be the right way to do this, but as he is running W2K3,
> probably he'll need to look at an IPSEC domain isolation scenario (or
> something derived from that).
>
> Andrei
> www.winadmins.net
>
> "Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> wrote in message
> news:eY4QbzZpKHA.2076@TK2MSFTNGP05.phx.gbl...
>> You should look at NAP. To truly get this to work correctly, you will
>> want to have control at the switch level, thereby only allowing
>> connection of predefined clients.
>>
>> http://www.microsoft.com/latam/windo...rotection.mspx
>>
>>
>> --
>> Paul Bergson
>> MVP - Directory Services
>> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
>> 2008, 2003, 2000 (Early Achiever), NT4
>> Microsoft's Thrive IT Pro of the Month - June 2009
>>
>> http://www.pbbergs.com
>>
>> Please no e-mails, any questions should be posted in the NewsGroup This
>> posting is provided "AS IS" with no warranties, and confers no rights.
>>
>> "Rajnish" <Rajnish@discussions.microsoft.com> wrote in message
>> news:A67C8D87-72E6-4036-9BF9-6038C6C009DD@microsoft.com...
>>> we run our network with DHCP, this means anyone can
>>> connect a laptop to our system and get an IP and start surfing the
>>> internet and connect any virus infected PC to our network. Can I
>>> restrict
>>> DHCP to
>>> only issue IP's to Domain member computers .Basically I want to stop
>>> any
>>> one (visitor) from getting a net
>>> connection. I have Win2k3 Enviroement which ahs Web/DB/Application
>>> Servers
>>> printers etc etc. Can it be done. Any option thru doing it thru Group is
>>> available?
>>>
>>> Early reply from this forum is truly appreciated
>>
>>