|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Issue DHCP IP's only to computers in AD?Is it possible to only give an IP to a computers that appear in Active
Directory. We found a user bring his laptop in, put a network cable in it and get an IP address. His laptop was riddled with viruses, but lucky not worms. Just seems to easy for someone to cause a problem. No,
Well, not really. Sorta, but not really. DHCP does not really care about any particular domain membership or workgroup membership. It is a very simple four step process. Now, what you could do is create reservations. This is where you map a specific IP Address to a specific MAC Address. You would have to do this for every IP Address in the scope, however. So, I guess this is possible from within Windows. You could also look at IPSec. Again, something possible from within Windows. Another possible solution is to use VLANs. Again, the MAC Address would play a key role. And just think if his laptop had a computer name of 'www'. This can cause a problem! -- Show quoteHide quoteCary W. Shultz Roanoke, VA 24012 "SW" <S*@discussions.microsoft.com> wrote in message news:FBBEAB74-2814-44A9-8823-8B846F756E99@microsoft.com... > Is it possible to only give an IP to a computers that appear in Active > Directory. We found a user bring his laptop in, put a network cable in it > and get an IP address. His laptop was riddled with viruses, but lucky not > worms. Just seems to easy for someone to cause a problem. Create a group policy that prescribes all users to use IP Sec. If a user
isn't a member of AD and gets the certificate it won't be able to communicate with any of the domain users. Go to the website below and listen to Steve Riley's streaming video he gave at TechEd 2005. It is very insightful. http://www.steveriley.ms/ You could also run Network Access Control (NAC). Pretty spendy though, Cisco has a nice product for it. What it does is authenticate at the network layer. So if you don't belong you don't go anywhere. But like I said very $pendy. -- Show quoteHide quotePaul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA This posting is provided "AS IS" with no warranties, and confers no rights. "SW" <S*@discussions.microsoft.com> wrote in message news:FBBEAB74-2814-44A9-8823-8B846F756E99@microsoft.com... > Is it possible to only give an IP to a computers that appear in Active > Directory. We found a user bring his laptop in, put a network cable in it > and get an IP address. His laptop was riddled with viruses, but lucky not > worms. Just seems to easy for someone to cause a problem. Streaming audio and it is the death of the dmz link.
-- Show quoteHide quotePaul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA This posting is provided "AS IS" with no warranties, and confers no rights. "Paul Bergson" <pbergson@allete_nospam.com> wrote in message news:%23lNzl6oLGHA.2320@TK2MSFTNGP11.phx.gbl... > Create a group policy that prescribes all users to use IP Sec. If a user > isn't a member of AD and gets the certificate it won't be able to > communicate with any of the domain users. > > Go to the website below and listen to Steve Riley's streaming video he > gave at TechEd 2005. It is very insightful. > > http://www.steveriley.ms/ > > You could also run Network Access Control (NAC). Pretty spendy though, > Cisco has a nice product for it. What it does is authenticate at the > network layer. So if you don't belong you don't go anywhere. But like I > said very $pendy. > > -- > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA > > This posting is provided "AS IS" with no warranties, and confers no > rights. > > "SW" <S*@discussions.microsoft.com> wrote in message > news:FBBEAB74-2814-44A9-8823-8B846F756E99@microsoft.com... >> Is it possible to only give an IP to a computers that appear in Active >> Directory. We found a user bring his laptop in, put a network cable in >> it >> and get an IP address. His laptop was riddled with viruses, but lucky >> not >> worms. Just seems to easy for someone to cause a problem. > > 
Other interesting topics
How to exclude ADAM user from AD domain lockout policy??
Domain Controllers not talking to each other W2K3 server time slow AD replication after a year CSVDE export fields ordering Error in Accessing Primary Domain Controller from Backup Domain Controller Replace Primary DC with new 2003 Server Authentication problems on member server (file/print) User Name in AD Restricting User Logons |
|||||||||||||||||||||||
