Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Security/Group Policy - DHCP Service Disable 1

Status
Not open for further replies.

HaierIT

IS-IT--Management
Nov 4, 2005
70
US
Good afternoon, I have a question, which I have been researching but haven’t gotten some clear feedback. I want to disable the DHCP Service on our network, the problem is I do not want to disable this on our servers only our users. Is there a way to create a group policy that will disable the DHCP service for all users except our servers or is there a better way of doing this. I am asking because last week someone accidentally installed a DHCP server on the network and it was a headache to find it. Any Suggestions. Thank you in advance.
 
Group policy will not resolve this issue for you. I've had many clients experience this problem (usually from someone installing a wireless access point and enabling dhcp on it, then plugging it in to the network). The reason group policy wont solve your problem is the fact that group policy only applies to Windows operating systems. Your problem is not a technical problem, it is a administrative problem. If you don't already have them, you need to begin implementation of some administrative controls. Start by creating a policy that designates who can install what, when and where. And of course this policy will need heavy involvement from upper management and actually be rolled out by them.

CISSP,ISC2 Affiliate & Instructor, MCT, MCSE2K/2K3, MCSA, CEH, Security+, Network+, CTT+, A+
 
Technically speaking, assuming you are running windows & AD, the easiest way of doing this, is to have 2 machine OU's. One for servers and aonther for workstations. You can then depoly a group policy for the workstation OU which will include a lockdown on the DHCP service, as disabled. The Server OU will not have this Group Policy restriction.

Additionally, you may wish to have a third OU, for DHCP servers under the Servers OU, which has the DHCP service enabled, but not on any other servers. This way it cannot be started on more servers by accident.

So often times it happens that we live our lives in chains
And we never even know we have the key
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top