As we discussed last week, the Windows 2000 Server DHCP lease process involves a simple exchange of IP packets. There is no authentication or encryption, so there is basically no security.
Suppose someone sets up another DHCP server with different IP addresses. As you recall, clients will select the server that responds first. If some unauthorized ("rogue") server is chosen, clients will get incorrect IP addresses and other TCP/IP configuration data and will be unable to communicate with other computers on the network.
To prevent such rogue DHCP servers from leasing wrong configuration data on the network, Windows 2000 Server requires the authorization of all Windows 2000 DHCP servers. When a Windows 2000 DHCP server starts, it queries the Active Directory. If it finds out that it's not authorized, it will not start the DHCP service. If it is authorized, it will start the DHCP service and provide TCP/IP configuration to clients.
To authorize a Windows 2000 DHCP server you have to be a member of the Enterprise Admins group. Here's how to give yourself permissions:
- Open the DHCP console.
- Right-click on DHCP.
- Select Manage Authorized Server.
- Click on Authorize and type the name or IP address of the DHCP server you want to authorize.
Check out the Windows 2000 Server archive, and catch up on previous Windows 2000 Server columns.
Want more Windows 2000 Server tips and tricks? Automatically sign up for our free Windows 2000 Server newsletter, delivered each Tuesday!