How to lockdown the way Windows Server 2003 hands out IP addresses?

[FreshPrince]

Is there a way to stop roaming laptops from grabbing an ip as it snaps into my network?

Right now, anyone can just snap a machine into an open port and get ip, dns, gateway info because the dhcp server hands it out. But, I want to secure that a little so maybe an authentication is required? How do I go about doing that?

Thanks!

-FP

 

[spidey07]

What your asking for really sounds like 802.1x.

It is a mechanism where network gear authenticates the end node before allowing it to get a DHCP address or communicate.

That or you could try to incorporate some certificate setup with your active directory?

 

[FreshPrince]

Originally posted by: spidey07
What your asking for really sounds like 802.1x.

It is a mechanism where network gear authenticates the end node before allowing it to get a DHCP address or communicate.

That or you could try to incorporate some certificate setup with your active directory?

that's what I figured...

My switch allows me to turn off ports, so my best solution right now is to turn off all unused ports and only turn them on when someone needs to plug into our network.