So I've heard and have worked in similar environments, but, I have never heard a convincing argument for it as a security concern.
It can be quite easy in a properly planned and operated environment. I honestly dont take any aspects of IT as trivial, and I think that anything that allows for centralized control to be paramount in IT operations. As far as workload goes, I have found DHCP reservations to require less workload than independently configured hosts. Independently configured hosts are going to require more man-hours and leg work, or a good deal of scripting skill. Centralized control via DHCP is also going to be easier to hand-off to other administrators. -- ME2 On Tue, May 18, 2010 at 10:54 AM, Malcolm Reitz <malcolm.re...@live.com>wrote: > There are places that prefer not to enable DHCP on server subnets for > security reasons. Also, managing DHCP reservations will be a non-trivial > operational workload in a dynamic data center. > > > > -Malcolm > > > > *From:* Micheal Espinola Jr [mailto:michealespin...@gmail.com] > *Sent:* Tuesday, May 18, 2010 11:52 > > *To:* NT System Admin Issues > *Subject:* Re: Scripting IP Changes on remote devices > > > > +1 > > If you are going to do the work of manually configuring specific IP > addresses, why not do it in a way that is centrally manageable? > > Although you did say servers... I would still go with DHCP possible. > > -- > ME2 > > On Fri, May 14, 2010 at 3:13 PM, Jonathan Link <jonathan.l...@gmail.com> > wrote: > > Any reason to have static? Consider DHCP with reservations so this > kind of transition could be managed centrally in the future? As long > as your rolling out the script you could have it switch from static to > dynic and be done. Of course all this is predicated on not having a > major reasons to be static. > > On Friday, May 14, 2010, Brian Desmond <br...@briandesmond.com> wrote: > > This is fairly easy to do with WMI. You just want to iterate through the > IPEnabled adapters collection and there are methods to stamp WINS and DNS > servers. I’d suggest inspecting the current settings and using that data to > decide whether you stamp or not. WINS is a simple primary/secondary stamp, > DNS is a collection you need to clear and populate. Thanks,Brian > desmondbr...@briandesmond.com c – 312.731.3132 From: Sean Martin > [mailto:seanmarti...@gmail.com] > > > Sent: Friday, May 14, 2010 2:43 PM > > To: NT System Admin Issues > > Subject: Scripting IP Changes on remote devices Good Morning/Afternoon, > I'm looking for a little assistance with automating IP changes on several > hundred servers. The vast majority will be Windows 2003 but there may be > some Windows 2000 boxes mixed in there. I'm going to need to change the DNS > and WINS IP addresses on our servers with static assignments. I'm thinking > VB would be the best language to use, unfortunately I'm not real strong with > VB so I was hoping someone might have some already written code I could > manipulate (certainly not asking anyone to write anything for me!). The main > problem is that I can't rely on any continuity amongst the servers. Meaning, > the interface names may not be the same (LAN Connection X), and some servers > may have multiple NICs for which I only need to modify one. I was hoping it > would be possible to query the current configuration of the NICs and > identify ones with DNS IP 1 = X and then modify those to DNS IP 1 = Y. I'd > like to do this for the primary and secondary DNS and WINs references. Any > pointers at all would be much appreciated. - Sean > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
