MAC address filtering (DHCP) Part 2

After my previous post on the subject, I started thinking (happens once in a while):
If all you need to do is copy/create the files, create some “informative” registry keys
and then simply restart the service…then the service was looking for the “informative” keys
and the DLL all along.

In other words since Windows 2003 can use this feature, it has actually been there yet not
implemented. So I discussed this with T (shortly…he never has time for me… ;) ) and he
claimed that there might be a potential change to the DHCP service during the installation
process (MSI file).

I ran FILEMON and REGMON and I could not find any traces of a change to files or registry keys
that affect the DHCP service…hmm.

MAC address filtering (DHCP)

This is a feature I have been waiting for way too long. Up until today if you wanted to
have some control over who is entitled to receive an IP address from your DHCP you
either had to configure reservations (for each of your systems) or had to use some lower
level device to filter out unwanted systems.Finally that is over now.

The Microsoft DHCP team has posted a new DLL called “DHCP Server Callout DLL” on their blog
This DLL can be used on Windows 2003 and Windows 2008 DHCP servers to limit the scope of
systems entitled to receive an IP address from the server based on their MAC address.

To install it you need to download the installer and run it.

image  

Once the installation completes you will have to new files in your %windir%\system32 directory:

image

The first file provides documentation (installation and usage) while the second file is the DLL needed
to enable the functionality.
 

Installation and Configuration

  • Create a new directory ,basically anywhere but I would recommend to create under the DHCP
    service directory: %windir%\system32\DHCP . Give it an informative name such as MACFilter.
  • Copy both files to the new directory (Once copied, you can safely remove the application using
    Programs and Features).
  • Create a new text file under the new directory called: “MACList.txt”
    image
  • Add the following Registry keys to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DHCPServer\Parameters:
    image
  • Please note, that you have to specify a full path for the log files including filenames (they will be create
    automatically when the DHCP service is started).
  • Before you start using the feature make sure to edit the MACFilter.txt file using the following format which is
    self explanatory:
    image
  • Basically when choosing the ALLOW action, the server will provide IP addresses only to the systems that have their
    MAC addresses listed,while the DENY action will prevent the listed systems from getting an address. The MAC addresses
    should be listed without a delimiter and all lower case.
    image
  • To enable the feature you have to restart the DHCP service. If successfully started the following event(1033) will be logged:
    image

Operation

Once it is started you don’t need to meddle with it. the following screenshot shows you what happens networking-wise
when a specific host is denied:
image

Which is basically nothing- The DHCP server simply doesn’t respond.

As for the logs, they will help you determine what is happening. If you would like to archive your logs you will need to
provide a mechanism as at every restart the logs are recreated.

Operations:
image

Errors:
image

Keep in mind that if something is wrong the server will start without enabling this feature.


Conclusions

Nifty yet there are a few issues that I would like to see resolved:

  1. A better installation process (having to manually change the registry isn’t my idea of fun)
  2. A better user interface-one that checks for errors
  3. Logs are ok, but should be integrated with Event Viewer
  4. Every change needs a restart of the service (removing/adding a MAC). Now that isn’t a big deal
    since we are talking about DHCP,but still…

A few more things system admins. need to keep in mind:

  1. Integration with recovery procedures. Keep in mind that you need to manually take care of recovery
    procedure
  2. This isn’t a bulletproof solution, a user or a malicious user may change his MAC address. Although
    unlikely it is a possibility.

 

Don’t get me wrong here (I may have sounded negative) ,this is a great add-on (and a new add-on) that can make
life easier for us, once some of the small issues will be ironed out it will be perfect.

Linux Losing Market Share to Windows Server

As usual, you have to take this information with a grain of salt but still…

“Linux growth in the U.S. x86 server market has, over the past six quarters, started
to falter and reverse its positive course relative to Windows Server and the market as
a whole.”

“The same holds true for worldwide Linux x86 server shipments, which dropped from
the huge annual growth rate of about 45 percent is 2003 to growth of less than 10
percent in 2006, the IDC figures show. “

For the full story from eWeek.com:
http://www.eweek.com/article2/0,1895,2207368,00.asp

Obtaining a hotfix Quickly

I will start with a disclaimer: I am providing this information as is, I do not recommend
that you use this method of obtaining hotfixes nor do I vouch for it. Personally, I think
that you might be nuts if you will apply a hotfix that has not been obtained officially from
Microsoft to your production environment (or any environment).

Yet-desperate times call for desperate measures. Robert pointed me to this site when I
needed a hotfix for an issue I was experiencing:

http://thehotfixshare.net/board/index.php?

I say again,be careful!

Windows Movie Maker

Windows always comes with a few “built-in” tools (productivity tools), one of my favorites
is Movie Maker. Using Movie Maker you can create your own movies from your media.
With the advent of digital technologies most of us have pictures and movies taken by digital camera
laying around in their raw form, with Movie Maker we can transform the raw material into a prettier
form (with a little imagination you can get pretty cool results).

The major benefit provided by Movie Maker is that it’s simple to use(you don’t need to read three
books before you can start using it),it’s basically point and click.

Matt Hester made a short screencast on how to use Vista’s Movie Maker:
http://blogs.technet.com/matthewms/archive/2007/10/24/windows-vista-product-guide-screencast-movie-maker.aspx

And if you are really bored, you can take a look at a movie I made:
http://www.youtube.com/watch?v=l2D9S4Bybfs

Facebook and Microsoft Expand Strategic Alliance

This is somewhat old news(24/10), yet I was happy to see it, and felt like I need to mention it
since I saw a few posts about it where the sentiment was that it is very surprising that Microsoft
managed to close the deal before Google beat them to it…I mean guys, you are talking about a
software company that is around since 1975, even though at times they may make questionable
decision, you don’t get to stick around as a leader for so long if you don’t have a clue…

Anyway,this is the official press release:
Facebook and Microsoft Expand Strategic Alliance

Microsoft SharedView Beta

  • Work smarter

    Create, convey, and communicate across physical boundaries—through firewalls and down to the smallest details.

  • Share simply

    No more need for massive e-mails beforehand. Now you can just pass out materials at your meeting, to up to 15 participants. And you can share applications like Microsoft OneNote, Outlook, Word, and PowerPoint, so everyone can see it even if they don’t have it on their computers.

  • Keep track

    Remember who changed what long after your meeting is over. With Microsoft SharedView Beta, changes are color-coded and marked with the name of the participant who made an edit.

    *Microsoft SharedView Beta may only be used within the United States of America. (pity,would have liked to test it…)

  •  

    Sounds like a very handy tool for collaborative meetings.

    http://get.live.com/betas/sharedview_betas

    Harry Potter fan,head stuck in a cone…

    This was too funny to pass up…and yes I know,I laugh when people fall down,
    hurt themselves or do stupid stuff…I am a horrible person.


    A Harry Potter fan,three years old, decided to wear a plastic cone as a wizards hat.
    And then the cone got stuck on his head!!!!!
    [Then came the firefighters...]


    The pics:


    image


    image


    A


    And the story from the UK Daily Mail:
    http://www.dailymail.co.uk/pages/live/articles/news/news.html?in_article_id=489003&in_page_id=1770