prevent a computer to get a IP address in DHCP

[Lars]

Archived from groups: microsoft.public.win2000.advanced_server (More info?)

Hi

Is there a way to prevent computers to get an IP address in DHCP with out
using a router? Because I have a domain (Domain A) and the users of that
domain shall access a neighbor domain (B) but I don't want to let the users
on the other domain ( Domain B) to get access to domain A. The problem is
when I connect domain a to the domain B users on domain B gets an IP address
from domain A.

 

[Guest]

Archived from groups: microsoft.public.win2000.advanced_server (More info?)

"Lars" <lars.homlung@semcon.com> wrote in message news:<#PDvE5oNEHA.268@TK2MSFTNGP11.phx.gbl>...

> Is there a way to prevent computers to get an IP address in DHCP with out
> using a router? Because I have a domain (Domain A) and the users of that
> domain shall access a neighbor domain (B) but I don't want to let the users
> on the other domain ( Domain B) to get access to domain A. The problem is
> when I connect domain a to the domain B users on domain B gets an IP address
> from domain A.

Set up an IPsec Policy on the DHCP server for the DHCP ports (546/547) to
require security (integrity only) and Kerberos authentication. Unless
your domains trust each other, then you could set up a shared secret.

--
Matt Hickman
Army paymasters come in only two sizes; one sort shows you where the
book says that you can't have what you have coming to you; the second
digs through the book until he finds a paragraph that lets you have
what you need, even if you don't rate it.
Robert A. Heinlein (1907 - 1988)
_The Door Into Summer_ 1956

 

[Guest]

Archived from groups: microsoft.public.win2000.advanced_server (More info?)

Create two Groups in Users and Groups giving the Domain A group access to
all network resources and the Domain B group limited network access.



On 5/10/04 5:56 AM, in article #PDvE5oNEHA.268@TK2MSFTNGP11.phx.gbl, "Lars"
<lars.homlung@semcon.com> wrote:

> Hi
>
> Is there a way to prevent computers to get an IP address in DHCP with out
> using a router? Because I have a domain (Domain A) and the users of that
> domain shall access a neighbor domain (B) but I don't want to let the users
> on the other domain ( Domain B) to get access to domain A. The problem is
> when I connect domain a to the domain B users on domain B gets an IP address
> from domain A.
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.advanced_server (More info?)

hemo_jr@space.com (Matt Hickman) wrote in message news:<ce9a9081.0405101718.5a191300@posting.google.com>...
> "Lars" <lars.homlung@semcon.com> wrote in message news:<#PDvE5oNEHA.268@TK2MSFTNGP11.phx.gbl>...
>
> > Is there a way to prevent computers to get an IP address in DHCP with out
> > using a router? Because I have a domain (Domain A) and the users of that
> > domain shall access a neighbor domain (B) but I don't want to let the users
> > on the other domain ( Domain B) to get access to domain A. The problem is
> > when I connect domain a to the domain B users on domain B gets an IP address
> > from domain A.
>
> Set up an IPsec Policy on the DHCP server for the DHCP ports (546/547) to
> require security (integrity only) and Kerberos authentication. Unless
> your domains trust each other, then you could set up a shared secret.

Another way to do this is with DHCP class id info. For example,
for every workstation that you want to be serviced by your DHCP
server, set them up with the 'feedme' DHCP class id for their LAN
NIC:

ipconfig /setclassid "local area connection" feedme

Then, at the DHCP server, you configure it to only prarcel out
IP addresses to those adapters with the DHCP class ID set to feedme.

--
Matt Hickman
I think girls should be raised in the bottom of a
deep, dark sack until they are old enough to know
better. Then, when it came time, you could either
let them out or close the sack and throw them away,
whichever was the best idea.
- Robert A. Heinlein _Farmer in the Sky_