DHCP Server only for a group of computers RRS feed

  • Question

  • Dear All

    We have a Windows server 2012R2 DHCP server in an isolated network. If any outside person enter into that network and connect their laptop into that network, our DHCP server should not release IP to that laptop. Can we create any NAP policy for only a group of computers and those computers should only get IP from DHCP server. Could anyone help me to get this configured? Please note there are some more scopes running on that server. otherwise we could have used MAC address allow/Deny feature.

    Shanif Salim

    Thursday, August 4, 2016 11:16 AM


All replies

  • Salim, it only achieved through MAC address reservation or can achieve with a L3 firewall to protect your network even one person connect his PC to the local network, but can not able to gain any access to the network or internet. You can achieve this through active directory and group policies.

    Thursday, August 4, 2016 11:28 AM
  • As psarangi said, using MAC Address reservation could be your only way to accomplish this.  With Windows 2012+, you could configure DHCP Policies and define policies based on MAC Address.  Or you could also configure a simple DHCP Reservation


    This posting is provided AS IS without warranty of any kind

    Thursday, August 4, 2016 11:58 AM
  • Thanks for our suggestions. But i have tried all these. Currently there are hundreds of devices under that DHCP server. Hence if i go ahead with DHCP policy, i will have to manually type down all MAC addresses which are there now. 

    I heard about NAP can be integrated with DHCP server and if we mention any computer group in NAP policy then DHCP server will lease IP address only to those machines. Any idea about that?

    Shanif Salim

    Thursday, August 4, 2016 4:39 PM
  • NAP is good as well, but Microsoft has deprecated this product from Windows 2012 R2.  It's still working with 2012 R2 but has been removed in 2016 as per this article

    This posting is provided AS IS without warranty of any kind

    • Proposed as answer by John Lii Wednesday, August 17, 2016 1:53 AM
    • Marked as answer by Leo HanModerator Wednesday, September 7, 2016 7:10 AM
    Thursday, August 4, 2016 4:53 PM
  • NAP with DHCP Enforcement can be configured if the NAP client is capable to participate in such a scenario. The drawback hereby is, that a Health check could pass on other clients, not only on the ones you need to pass. Therefore you need to restrict further by users or groups.

    Technically it is possible to configure NAP for a single scope: Enable DHCP Scopes for NAP

    you will need

    • NPS Server
    • Configure the NAP Policies to restrict to a limit set of Users and or Computer

    See this link: Configure Policies for DHCP Enforcement

    However, if you need to protect this network, this will not work as a user could change the IP-Address of his client computer and bypassing NAP.

    best regards

    MCITP Enterprise Administrator
    MCSA Windows Server 2012
    MCTS Windows 7 Configuration

    Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.

    • Edited by Switch1210 Thursday, August 4, 2016 5:02 PM
    Thursday, August 4, 2016 4:53 PM
  • You can try the NAP with DHCP. But if the client configured a static IP ,it will easily bypass the NAP.
    Thursday, August 4, 2016 6:25 PM
  • Hi,

    Just want to confirm the current situations.

    Please feel free to let us know if you need further assistance.

    Best Regards


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact

    Tuesday, September 6, 2016 8:28 AM