Re: Blocking Access to Non-domain computers

[Rob Hughes <rob () robhughes com>]

On Thursday 19 August 2004 09:58, Brian Gehrke wrote:
> I am running a W2K domain, using DHCP.  Is it possible to block
> non-domain computers from getting an IP address from the DHCP server, so
> they will not be able to access the Internet through the network.
>
> Brian

I can see two ways to do this. One, assign all the systems a static lease, 
then create an exclusion so that there are no free addresses available. Two, 
implement port security at the switches so that only authorized MAC addresses 
can connect to the network. But so far as I'm aware, there's no way to limit 
DHCP assignments to domain members, as the server has no way to know if 
you're a domain member or not until the system has gotten an IP and can send 
its credentials.

If someone else has a better idea, I'd love to hear it.

-- 
Recursion: n. See Recursion

---------------------------------------------------------------------------
Computer Forensics Training at the InfoSec Institute. All of our class sizes
are guaranteed to be 12 students or less to facilitate one-on-one
interaction with one of our expert instructors. Gain the in-demand skills of
a certified computer examiner, learn to recover trace data left behind by
fraud, theft, and cybercrime perpetrators. Discover the source of computer
crime and abuse so that it never happens again.

http://www.infosecinstitute.com/courses/computer_forensics_training.html
----------------------------------------------------------------------------