Is there any way of not allowing users to statically set an IP address on their machines?
We have a lot of servers with static IP addresses and also a DHCP server. I am afraid of allowing users to set a static IP address on their machines and they eventually get a server IP address by mistake.
I know we could create a rule on Active Directory blocking changes on network interfaces, or create logins without administrative rights, but all of those solutions can be bypassed. I want some server rule that only our network administrator has access to.
- Our DHCP server is Ubuntu
- Our desktop machines are Windows 7 based
- Our firewall is Ubuntu + iptables
- Active Directory
Best Answer
Workaround: Put your users and your servers in separate subnets. A quick VLAN and router change should get it running. Then your users couldn't take a server's IP address, because they're on the "wrong" physical connection to be able to do so.