Hello,We run a Windows 2003 domain. All our clients obtain lease through our DHCP server running Windows 2003.We have consultants who come with their computer, connect to our network amd get a lease from our DHCP scope. I am looking at ways to not allow such non-authenticated/ non-domain/ foreign computers from getting a DHCP lease from our servers. Is it possible to control this at a software level?Thanks much

The best way to insure non-authenicated computers to get a DCHP lease is to setup and use MAC reservations on the DHCP server. While this may be time consuming it would be the best of both worlds, provide DHCP leases to authorized computers while blocking out the rest of the scope so non - authorized computers will not be able to get an address.or convert the enviroment to static IP's. :) Here is an interesting article that might help you more:http://technet.microsoft.com/en-us/magazine/2009.05.goat.aspx?pr=blog

Hi, I think it is impossible, at least I have never heard about such solution. What you can do is: 1) Create Mac address reservations for authorized PCs (if have not too many PCs) 2) Disable all not used network sockets in your building. 3) You can make use of NPS in windows 2008 and apply it for your needs.

Hi ,@kudrat : NPS is supported in windows 2008 , but customer is using windows server 2003 @TSAM: all the above suggestions are great and they work. To to add you can give the scope a wrong gateway so that consultants cannot access any of the network which makes your life easy.

Hello, Thank you for your post here. I believe that IPSec domain isolation is the most secure method to prevent unauthorized devices and computers from connecting to the network. To consider the worst situation 1. MAC masquerade can easily pass by any MAC filters. 2. Most network management tools can scan the IP subnet and default gateway easily within several minutes. Server and Domain Isolation http://technet.microsoft.com/en-us/network/bb545651.aspx If you have any questions or concerns, please do not hesitate to let me know.

Hi , @kudrat : NPS is supported in windows 2008 , but customer is using windows server 2003 @sainath : thanks for your comment, I am aware that NPS is supported in W2008, that is why is said "You can make use of NPS in windows 2008 and apply it for your needs". If TSAM realy needs a solution, nothing stops him from upgrading to Windows 2008.

oops! , sorry i missed it kudrat :)

Thanks all for your input.Is there a KB for implementing this solution?Thanks in advance

This will get you started:http://www.windowsnetworking.com/articles_tutorials/Understanding-new-Windows-Server-2008-Network-Policy-Server.html