Rocky, I've heard of people using Option Classes to provide different gateways to different clients (execs get the T-1, peons get the 56K link). What you could do is use the option class to provide the correct gateway to your clients and have the default gateway address be 0.0.0.0 -- computers without the appropriate option class would be handed a bad gateway address. Now, this wouldn't get you around the issue of that user being able to see what's on the local subnet, but it would cause them to fail any connection across the router.
You need to have 2K3 DHCP server, but here's some technet on option classes. http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/Serve rHelp/89307509-8450-4dd0-b35f-61396072e59d.mspx Thanks, JD Northrop Grumman Information Technology Commercial, State & Local Solutions -----Original Message----- From: Rocky Habeeb [mailto:[EMAIL PROTECTED] Sent: Thursday, September 29, 2005 8:54 AM To: [email protected] Subject: [ActiveDir] Stopping DHCP from issuing an address Dear List, We have a conference room which has a network port which is directly connected to the internet cloud so that visitors who want to hook up notebooks and get out can. That port does not allow network access. Yesterday, a department head asked us if one of his visitors could use that port and we said go-ahead. Next thing I know, there's a new PC on my network in a workgroup. An investigation revealed that this guest was taken to an open cubicle which had a PC turned off and he unplugged it and plugged his notebook in and now my DHCP server says, "Oh here's an address for you, live it up." This disturbs me. I was not aware of this problem in DHCP and thought that unless a PC was joined to the domain, it could not get an address or live on the network. But now that I think about it, I guess I somewhat understand as Workgroups need to be created and they will all need addresses. Nonetheless, is there a way to tell DHCP "Hey, NO ADDRESSES unless a Domain Administrator grants it?" Thanks in advance for any advice. RH ______________________________ Rocky Habeeb Microsoft Systems Administrator James W. Sewall Company 136 Center Street Old Town, Maine 04468 207.827.4456 [EMAIL PROTECTED] www.jws.com ______________________________ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
