RE: [ActiveDir] Unauthorized DHCP Requests

[Tyson Leslie]

We were looking into exactly this problem, and came across a few options.  If you want to get fancy, (with a fair bit more work), you could go with an 802.1x solution, and automatically VLAN people (or not) as they connect to the network.  We also stumbled across a neat solution, that requires much less effort: SAFE DHCP, from MetaInfo.  (http://www.metainfo.com/index.cfm/page/safedhcp)    We haven't actually implemented it yet, so I can't vouch for how well it works, but there's a couple of layers of authentication you can use (MAC and 2-factor with an A-key).   AFAIK, you cannot base rules on names, just given MAC addresses.   HTH,       Tyson. From: Edwin [mailto:[EMAIL PROTECTED] Sent: Thursday, September 09, 2004 4:21 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Unauthorized DHCP Requests Our domain is using a Win2K3 server which is also a domain controller as its DHCP solution.  Often I look at the DHCP tables and notice that there are unauthorized machines that connect to our network.  This seems to occur from employees who bring in their laptop during the weekend when the workload is light and management does not have as much a presence.   The workstations within the domain all follow a naming scheme.  For example, ORL-RM3-204-2 which means, the server is located in Orlando, physically located in Room3, desk number 204 and the number of times that that particular workstation has been replaced.   So if I see a workstation in the DHCP tables that does not follow that naming scheme, then I know that something else has managed to get an IP Address from the network.   Is there a way to prevent unauthorized machines from retrieving an IP address?  If so, is there also a way to make an exception to the rule should a non-standard naming convention machine require authorized access to the network?   Thank you all for your replies.   Edwin