DHCP servers you can prevent if they're joined to AD as an enterprise admin 
will have to authorize them. Otherwise you're looking at DHCP Snooping at the 
port level on network switches. The latter is what I have seen edu customers do 
to manage rogue DHCP on their resnet's (plugging in a Linksys "backwards" does 
this real quick).

DNS I can't think of any way to do this, but, I also can't think of any 
operational risk really.

Thanks,
Brian Desmond
[email protected]

c - 312.731.3132


-----Original Message-----
From: John Hornbuckle [mailto:[email protected]]
Sent: Monday, March 30, 2009 10:32 AM
To: NT System Admin Issues
Subject: Unauthorized DHCP / DNS Servers

The Auditor General's office has asked us how we prevent the introduction of 
unauthorized DHCP/DNS servers on our network.

Well, we kinda don't.

How do you guys accomplish this? From the research I've done, there's no easy 
way to do it.



John Hornbuckle
MIS Department
Taylor County School District
318 North Clark Street
Perry, FL 32347

www.taylor.k12.fl.us


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Reply via email to