RE: [ActiveDir] Unauthorized DHCP Requests

[Ken Cornetet]

Title: Message

Resistance is futile - you will be assimilated. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, Hunter Sent: Monday, September 13, 2004 9:31 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Unauthorized DHCP Requests It's part of our plan to force a pure MS environment :-).   I asked our network group about this last week, and was told that the non-MS devices would need a "placeholder" account in AD. I haven't had a chance to check through the documentation to verify this. I'll post back whatever I can dig up. From: Ayers, Diane [mailto:[EMAIL PROTECTED] Sent: Monday, September 13, 2004 8:19 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Unauthorized DHCP Requests Hunter:   With Cisco ACS, how are you going to deal with non-MS based devices that get DHCP addresses?  That's always been the hang-up for us to shift to a setup like you describe. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Coleman, Hunter Sent: Monday, September 13, 2004 6:41 AM To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Unauthorized DHCP Requests Our network folks are starting to roll out Cisco's Access Control Server. They plan to tie it into our AD, and eventually configure all of the network devices so that machines won't get on the network unless they're joined to the AD and have successfully authenticated. I'm not sure who else besides Cisco has this kind of thing, but I suspect they're not the only one.   Hunter From: Joe L. Casale [mailto:[EMAIL PROTECTED] Sent: Sunday, September 12, 2004 4:33 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Unauthorized DHCP Requests Yea, it's ugly as heck to manage though. Mac reservations for all, but anyone can spoof that if they have a wit. Your problem is a common one, but not a simple one.   If you hear of a slicker solution then that, pray tell!   jlc   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Edwin Sent: Thursday, September 09, 2004 4:21 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Unauthorized DHCP Requests   Our domain is using a Win2K3 server which is also a domain controller as its DHCP solution.  Often I look at the DHCP tables and notice that there are unauthorized machines that connect to our network.  This seems to occur from employees who bring in their laptop during the weekend when the workload is light and management does not have as much a presence.   The workstations within the domain all follow a naming scheme.  For example, ORL-RM3-204-2 which means, the server is located in Orlando, physically located in Room3, desk number 204 and the number of times that that particular workstation has been replaced.   So if I see a workstation in the DHCP tables that does not follow that naming scheme, then I know that something else has managed to get an IP Address from the network.   Is there a way to prevent unauthorized machines from retrieving an IP address?  If so, is there also a way to make an exception to the rule should a non-standard naming convention machine require authorized access to the network?   Thank you all for your replies.   Edwin