DHCP servers you can prevent if they're joined to AD as an enterprise admin will have to authorize them. Otherwise you're looking at DHCP Snooping at the port level on network switches. The latter is what I have seen edu customers do to manage rogue DHCP on their resnet's (plugging in a Linksys "backwards" does this real quick).
DNS I can't think of any way to do this, but, I also can't think of any operational risk really. Thanks, Brian Desmond [email protected] c - 312.731.3132 -----Original Message----- From: John Hornbuckle [mailto:[email protected]] Sent: Monday, March 30, 2009 10:32 AM To: NT System Admin Issues Subject: Unauthorized DHCP / DNS Servers The Auditor General's office has asked us how we prevent the introduction of unauthorized DHCP/DNS servers on our network. Well, we kinda don't. How do you guys accomplish this? From the research I've done, there's no easy way to do it. John Hornbuckle MIS Department Taylor County School District 318 North Clark Street Perry, FL 32347 www.taylor.k12.fl.us ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
