Posted: Thu Sep 15, 2011 6:16 am Post subject: win2003 DHCP server question!!!
hello every body, i've one question about DHCP ...
In one of my small network has win2003 server, that running for DHCP service for
clients in the network ... one day, one of user plug Wireless Router (enable DHCP Service) accidentally ... then, some of clients get IPs from this Router (wrong IP) and didn't get access to network ... i found this problem ... so i want to make sure all clients get IP only from my Win2003 DHCP server ... i want to prevent getting from another wrong configured devices like as above ...
how can i do??? can i configure through GPO?? or is there Computer Startup Script that client can choose or point to default DHCP server??
Joined: 29 Apr 2005 Posts: 16777195 Location: London, UK
Posted: Thu Sep 15, 2011 9:52 am Post subject:
As far as I'm aware you can only do this by having full control of your network and preventing a rogue DHCP server being plugged into it.
The issue with the options you mentioned is that they all require the PC to be on the network first which means it's already dealt with a DHCP server.
One option that does spring to mind though is enabling MAC address security on your network switches. That was anything not on your approved list will not be able to plug into the network to start off with. May not be possible with the switches you have in place now and it takes maintenance / looking after to make sure the MAC address list is up to date but it would solve the problem.
Personally I'd just take "The Training Stick" to the user that plug the wireless router in without permission and make sure it doesn't happen again.
The whole point of DHCP is that the client does not need to know where the server is, it can simply ask for the first available server to provide an address which makes it very robust and simple to deploy.
One thing that can help so that if these situations arise the impact is lessened, is to increase the DHCP lease time (default from memory is 8 days in W2003, up this to say 16 or more as long as you have enough addresses to cover infrequent users such as sales laptops).
This would mean that when someone puts a rogue DHCP server on the network fewer clients will be renewing their addresses in a given time frame before you discover the problem.
Another thing that will help is to hang the offending user from a LAN cable in the office lobby, where other users can see what happens when you do stupid things like this. "Pour encourager les autres", as they say.
The issue with the options you mentioned is that they all require the PC to be on the network first which means it's already dealt with a DHCP server.
I hadn't thought of it that way round. Although GP would still apply the previous cached settings up until it connects to the network and gets refreshed (so that GP is still in force when a user is offline)
graycat wrote:
Personally I'd just take "The Training Stick" to the user that plug the wireless router in without permission and make sure it doesn't happen again.
Great minds, and all that...
Maybe if a user likes wireless routers*, they might like my cordless drill? Hm?? Say hello to my leedle friend!
*IP routers / woodworking routers - pun only works if you don't already pronounce rooter like rowter
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Featured Links*
Looking for more Windows Networking info?
Sign up to the WindowsNetworking.com Monthly Newsletter, written by Enterprise Security MVP Deb Shinder, containing news, the hottest tips, Networking links of the month and much more. Subscribe today and don't miss a thing! View a sample newsletter.
Become a WindowsNetworking.com member!
Discuss your Windows Networking issues with thousands of other Windows Newtorking experts. Click here to join!