RE: [ActiveDir] Changing DHCP Servers

[GRILLENMEIER,GUIDO (HP-Germany,ex1)]

Title: Message

Roger makes an important point - shouldn't forget that clients can "use" the DHCP server to hijack the DCs address simply by registering the same name (MS DHCP servers will happily overwrite their own name record in DNS, if configured to register client's names in DNS !!!)   however, as this is a Win2k3 DC, you can aleviate this security hole by running the DHCP service under a different security context (instead of allowing it to register records using the machine's LSA account) => this way it won't be able to overwrite i's own and thus the DC's records in DNS...   /Guido From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: Dienstag, 10. Februar 2004 16:38 To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Changing DHCP Servers I'd suggest against running DHCP on a domain controller, due to a know security issue. However, its a fairly small window of opportunity, but it is a ugly hole if it is exploited.     -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -----Original Message----- From: Jerry Johnson [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 10, 2004 8:52 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Changing DHCP Servers Everyone   I have added a w2k3 DC into our network and am gradually giving it more responsibility, so far so good. The next thing I want to do is make it our DHCP server (currently being held by win2k server that is going to be formatted and made into w2k3). I have created an identical scope on the new box but have not activated it. Is it just a matter of deactivating the old and activating the new, or is it more involved than that?   Thank You   Jerry Scicom Data Services Minnetonka,Mn