Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DHCP on Windows 2000 Server

Status
Not open for further replies.
BHuckfield

BHuckfield

IS-IT--Management
Nov 6, 2003
52
0
0
ZA
I don't know if this is the right forum for this, it's kinda a hybrid 2k and network question...if not, apologies.
I want to know how to set the 2k DHCP server to restrict machines from leasing IP's if they are not authenticated by the dc...
is this possible?

Thanks in advance.
 
Sort by date Sort by votes
YES you can via RESERVATIONS into the DHCP. To do so go to ADMINISTRATIVE TOOLS/DHCP/ EXPAND your SCOPE,right click on RESERVATIONS and add the IP you dont want a lease on it.
Hope this helps
 
Upvote 0 Downvote
I think that's for a different scenario. I also don't see how to restrict the dhcp from granting addresses, since the workstation would have to communicate with the server in order to authenticate.

You could use MAC address restrictions, but I can see that becoming a management headache real fast.
 
Upvote 0 Downvote
I'm not sure you can actually do it in the way that you want.

With DHCP and IP addresses, the workstation needs an IP address before it can communicate with your Domain controller. This means the computer has asked for an address from your DHCP server before the user has tried to log-on for authentication.

Each of these actions are independant of each other so I don't think you can do what you are trying to do.

THe MAC level restrictions will prevent lease assignment but if the worstation doesn't have an IP to start with it won't communicate with your DC

Cheers

Brad
 
Upvote 0 Downvote
I think lgarner is correct. DHCP works in the following way.
1)DHCP server recieves DHCPDISCOVER message from a client looking for a dhcp server.
2)DHCP server sends a DHCPOFFER message containing an IP address for the client to use.
3)Once the client recieves an ip address from a dhcp server, it sends out a DHCPREQUEST message to the server, asking for the use of the ip address.
4)The dhcp server replies with an DHCPACK leasing the ip adddress to the client for a specified amount of time.
Once the client has an address, it can then get authentication. There are other DHCP messages, but this is the basics as to how it works. Just curios, why are you trying to block clients that shouldn't be authenticated?

Glen A. Johnson
"Fall seven times, stand up eight."
Proverb

Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884
 
Upvote 0 Downvote
true...the lease happens long before any form of 2k authentication occurs...
I am just curious to see how I can effectivly cripple clients on my network that don't log on to the domain...
MAC Address restrictions won't work in this case because it's not specific MACS that I want to block...
back to the drawing board...
thanks all of you for your input, I appreciate it...

 
Upvote 0 Downvote
Let's say you suceeded of what you're trying to accomplish. The guy can just add a static ip adddress and do the same thing. Suggestion: Don't allow them to login locally, by removing their local account. This way if they don't login to domain, their PC is useless. Use policies or proxy server to block internet surfing.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
116
Aquiles Vidal
Aquiles Vidal
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
142
suncit
suncit
MaioMaio
  • Question
Server Remote Desktop License
Replies
0
Views
101
MaioMaio
MaioMaio
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
92
antonio_dsanchez
antonio_dsanchez
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
141
DrB0b
DrB0b

Part and Inventory Search

Sponsor

Back
Top