Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Security/Group Policy - DHCP Service Disable 1

Status
Not open for further replies.
HaierIT

HaierIT

IS-IT--Management
Nov 4, 2005
70
US
Good afternoon, I have a question, which I have been researching but haven’t gotten some clear feedback. I want to disable the DHCP Service on our network, the problem is I do not want to disable this on our servers only our users. Is there a way to create a group policy that will disable the DHCP service for all users except our servers or is there a better way of doing this. I am asking because last week someone accidentally installed a DHCP server on the network and it was a headache to find it. Any Suggestions. Thank you in advance.
 
Sort by date Sort by votes
Group policy will not resolve this issue for you. I've had many clients experience this problem (usually from someone installing a wireless access point and enabling dhcp on it, then plugging it in to the network). The reason group policy wont solve your problem is the fact that group policy only applies to Windows operating systems. Your problem is not a technical problem, it is a administrative problem. If you don't already have them, you need to begin implementation of some administrative controls. Start by creating a policy that designates who can install what, when and where. And of course this policy will need heavy involvement from upper management and actually be rolled out by them.

CISSP,ISC2 Affiliate & Instructor, MCT, MCSE2K/2K3, MCSA, CEH, Security+, Network+, CTT+, A+
 
Upvote 0 Downvote
Technically speaking, assuming you are running windows & AD, the easiest way of doing this, is to have 2 machine OU's. One for servers and aonther for workstations. You can then depoly a group policy for the workstation OU which will include a lockdown on the DHCP service, as disabled. The Server OU will not have this Group Policy restriction.

Additionally, you may wish to have a third OU, for DHCP servers under the Servers OU, which has the DHCP service enabled, but not on any other servers. This way it cannot be started on more servers by accident.

So often times it happens that we live our lives in chains
And we never even know we have the key
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

nate901
  • Locked
  • Question
(1) Cell phone app security and (2) Shared-site login security
Replies
1
Views
79
Noway2
Noway2
p3achy2Grl
  • Locked
  • Question
Charging Clients to complete their security questionnaires
Replies
1
Views
75
johnherman
johnherman
rider90
  • Locked
  • Question
ASP.NET Forms Authentication - Security implications
Replies
0
Views
71
rider90
rider90
ITGuyLA
  • Locked
  • Question
need help with group policy standardization at different branches
Replies
2
Views
55
chanakya
chanakya
MasterRacker
  • Locked
  • Question
Wireless security
Replies
4
Views
82
jet042
jet042

Part and Inventory Search

Sponsor

Back
Top