Windows

General discussion

Locked

DHCP

By donbrafford ·
Let's see if I can make this sound right.

I have a specific domain, however, I have contractors come into our office. When they do, the can connect to our LAN drops and our DHCP assigns them an IP address.

What I want to do is to ensure that any machine that does not belong to my domain will not get an IP assigned to them and they will get no access to the internet.

I have thought of static IP's howeve they will fix the problem however, I want to be able to manage my IP range at a central location.

Please any help would be much appreciated.
Thanks in advance for any help you might be able to provide.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

DHCP

by vh_s In reply to DHCP

You could work-around this problem.

Since you use DHCP, anyone who connect to your network will get an IP, automatically.

You could though strip-off your gateway from DHCP. The contractor would get an IP address, but they wouldn't get the gateway IP address, or the DNS address.

But, the extra work is that for each machine in the office that need the internet, you would have to enter the DNS and gateway IP address manually.

Would this help you ?

vh_s

Collapse -

DHCP

by donbrafford In reply to DHCP

Thanks but no thanks, these of government systems and they can be a little hard to get people to do the exta steps.,

Thanks anyhow

Collapse -

DHCP

by daver In reply to DHCP

If you have a firewall to allow your domain users access to the internet, I would recommend utilizing a product such as Websense to force the contractors to enter a username/password for Internet access; It works great in our network

Dave

Collapse -

DHCP

by donbrafford In reply to DHCP

The question was auto-closed by TechRepublic

Collapse -

DHCP

by Gary McP In reply to DHCP

I've done some digging on the microsoft site (this problem is really annoying me)and come up with a couple of possible solutions. However both assume you're using Win2K, and I've never tried them.

The first one is User Class Support, an option that allows you to "profile" your users and assign different DHCP properties depending on the type of user. It's explained here http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/deploy/confeat/dhcpnt5.asp
The second is SuperScopes. (I know, it sounds great)Superscopes allow you to set up two scopes with different properties on the same server.
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/reskit/tcpip/part2/tcpch04.asp

Either of these options should allow you to configure your legitimate clients correctly, and allow the contracors an IP address but no other confiuration.

In thinking about it, you're probably better off allowing the contractors have an IP address, otherwise all that DHCP broadcast traffic could kill your network.

Hope this one is it,
Gary

Collapse -

DHCP

by donbrafford In reply to DHCP

The question was auto-closed by TechRepublic

Collapse -

DHCP

by Gary McP In reply to DHCP

Just another thought in relation to answer 6. You could, as suggested, strip away all other configuration information from the DHCP, then create registry entries including the gateway config info. You could then run the reg files from your domain login script, ensuring that only those in your domain have access to the net.

There are some great registry tips and tricks at www.regedit.com

Hope this helps,
Gary

Collapse -

DHCP

by donbrafford In reply to DHCP

The question was auto-closed by TechRepublic

Collapse -

DHCP

by donbrafford In reply to DHCP

This question was auto closed due to inactivity

Related Discussions

Related Forums