Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP)
- 
 @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): Suggested does not mean that in any way. You keep skipping the "requirement" portion coming from his own company. So suggested sure does mean that. Show where that was stated. It's the entire purpose of the thread.... to satisfy this one part of the audit. The thread itself is that this is required. 
- 
 @dave247 said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): ... my boss is trying to get me to assign everything static again. Here is one spot. Right from the original post. 
- 
 @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): Suggested does not mean that in any way. You keep skipping the "requirement" portion coming from his own company. So suggested sure does mean that. Show where that was stated. It's the entire purpose of the thread.... to satisfy this one part of the audit. The thread itself is that this is required. Nope. Was never stated as a requirement. Only that the auditor suggested it and his boss just went along with what they said. He came here to get information on what to do. 
- 
 @dave247 said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): ...people are just reading lists that other people created and following instructions and trying to just "do their job" and keep their job. Security was/is a real concern, but it's been buried under the fluff of doing business and passing audits. Here is more. Yes they would like other things, but their goal is passing the audit. And passing, here, requires following the suggestion. So both the boss wants this done separately, and the goal passing the audit requires doing what the auditor suggests. 
- 
 @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): Suggested does not mean that in any way. You keep skipping the "requirement" portion coming from his own company. So suggested sure does mean that. Show where that was stated. It's the entire purpose of the thread.... to satisfy this one part of the audit. The thread itself is that this is required. Nope. Was never stated as a requirement. Only that the auditor suggested it and his boss just went along with what they said. He came here to get information on what to do. I've not heard anything about the boss going along with anything. The boss wants it, I've not noticed anything about the boss wanting it because of the audit, not do I see how that matters. The auditor wants it, the boss wants it, the goal is to pass audit... what more do you need? 
- 
 @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @dave247 said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): ...people are just reading lists that other people created and following instructions and trying to just "do their job" and keep their job. Security was/is a real concern, but it's been buried under the fluff of doing business and passing audits. Here is more. Yes they would like other things, but their goal is passing the audit. And passing, here, requires following the suggestion. So both the boss wants this done separately, and the goal passing the audit requires doing what the auditor suggests. but it's been buried under the fluff of doing business and passing audits Any my point was you can pass the audit without setting everything statically. It's not a requirement. 
- 
 @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): He came here to get information on what to do. Actually he stated twice in the OP that he was NOT here for advice and only wanted an answer on how to implement one thing, not anything connected to a goal. But we worked past that. But this is explicitly what he stated he didn't come here for. That said, we came up with both real world solutions AND dealt with "what he needs to do given the requirements of passing audit and not disobeying the boss." He had originally thought that DHCP and static could co-exist. That misconception led to the original post. But now that he knows that the boss and auditor want something explicit, not a general idea of IP assignment, it makes all of that stuff null and void. He's stuck either doing what they recommend, or fighting it. 
- 
 @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): Suggested does not mean that in any way. You keep skipping the "requirement" portion coming from his own company. So suggested sure does mean that. Show where that was stated. It's the entire purpose of the thread.... to satisfy this one part of the audit. The thread itself is that this is required. Nope. Was never stated as a requirement. Only that the auditor suggested it and his boss just went along with what they said. He came here to get information on what to do. I've not heard anything about the boss going along with anything. The boss wants it, I've not noticed anything about the boss wanting it because of the audit, not do I see how that matters. The auditor wants it, the boss wants it, the goal is to pass audit... what more do you need? The boss obviously didn't care before the audit or it would have been that way. Then the audit happened. Now the boss is going along with the auditors suggestion. 
- 
 @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @dave247 said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): ...people are just reading lists that other people created and following instructions and trying to just "do their job" and keep their job. Security was/is a real concern, but it's been buried under the fluff of doing business and passing audits. Here is more. Yes they would like other things, but their goal is passing the audit. And passing, here, requires following the suggestion. So both the boss wants this done separately, and the goal passing the audit requires doing what the auditor suggests. but it's been buried under the fluff of doing business and passing audits Any my point was you can pass the audit without setting everything statically. It's not a requirement. You're right, the requirement is to not hand out DHCP addresses to anything that connects. So lets just turn of the switches and servers and go home! 
- 
 @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @dave247 said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): ...people are just reading lists that other people created and following instructions and trying to just "do their job" and keep their job. Security was/is a real concern, but it's been buried under the fluff of doing business and passing audits. Here is more. Yes they would like other things, but their goal is passing the audit. And passing, here, requires following the suggestion. So both the boss wants this done separately, and the goal passing the audit requires doing what the auditor suggests. but it's been buried under the fluff of doing business and passing audits Any my point was you can pass the audit without setting everything statically. It's not a requirement. Given that the ONLY thing we know about the audit is that it suggests static for no reason other than that that is what they want, how can you say that? 
- 
 @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): Suggested does not mean that in any way. You keep skipping the "requirement" portion coming from his own company. So suggested sure does mean that. Show where that was stated. It's the entire purpose of the thread.... to satisfy this one part of the audit. The thread itself is that this is required. Nope. Was never stated as a requirement. Only that the auditor suggested it and his boss just went along with what they said. He came here to get information on what to do. I've not heard anything about the boss going along with anything. The boss wants it, I've not noticed anything about the boss wanting it because of the audit, not do I see how that matters. The auditor wants it, the boss wants it, the goal is to pass audit... what more do you need? The boss obviously didn't care before the audit or it would have been that way. Then the audit happened. Now the boss is going along with the auditors suggestion. This isn't good logic. We can't make that assumption, especially given that it WAS that way in the past. I'm working from what is stated. You are working from loads of assumptions as to the source of the audit, the order of events, the legal requirements, etc. None of those are things that we know or can assume. 
- 
 @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @dave247 said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): ...people are just reading lists that other people created and following instructions and trying to just "do their job" and keep their job. Security was/is a real concern, but it's been buried under the fluff of doing business and passing audits. Here is more. Yes they would like other things, but their goal is passing the audit. And passing, here, requires following the suggestion. So both the boss wants this done separately, and the goal passing the audit requires doing what the auditor suggests. but it's been buried under the fluff of doing business and passing audits Any my point was you can pass the audit without setting everything statically. It's not a requirement. Given that the ONLY thing we know about the audit is that it suggests static for no reason other than that that is what they want, how can you say that? It doesn't suggest static for no reason. It suggests static because they assume that stops people from plugging in and getting an address on the network. Again, it's a suggestion not a requirement. 
- 
 @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): Suggested does not mean that in any way. You keep skipping the "requirement" portion coming from his own company. So suggested sure does mean that. Show where that was stated. It's the entire purpose of the thread.... to satisfy this one part of the audit. The thread itself is that this is required. Nope. Was never stated as a requirement. Only that the auditor suggested it and his boss just went along with what they said. He came here to get information on what to do. I've not heard anything about the boss going along with anything. The boss wants it, I've not noticed anything about the boss wanting it because of the audit, not do I see how that matters. The auditor wants it, the boss wants it, the goal is to pass audit... what more do you need? The boss obviously didn't care before the audit or it would have been that way. Then the audit happened. Now the boss is going along with the auditors suggestion. This isn't good logic. We can't make that assumption, especially given that it WAS that way in the past. I'm working from what is stated. You are working from loads of assumptions as to the source of the audit, the order of events, the legal requirements, etc. None of those are things that we know or can assume. No, we go through multiple of these per year and this is how it works. 
- 
 @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): Suggested does not mean that in any way. You keep skipping the "requirement" portion coming from his own company. So suggested sure does mean that. Show where that was stated. It's the entire purpose of the thread.... to satisfy this one part of the audit. The thread itself is that this is required. Nope. Was never stated as a requirement. Only that the auditor suggested it and his boss just went along with what they said. He came here to get information on what to do. I've not heard anything about the boss going along with anything. The boss wants it, I've not noticed anything about the boss wanting it because of the audit, not do I see how that matters. The auditor wants it, the boss wants it, the goal is to pass audit... what more do you need? The boss obviously didn't care before the audit or it would have been that way. Then the audit happened. Now the boss is going along with the auditors suggestion. This isn't good logic. We can't make that assumption, especially given that it WAS that way in the past. I'm working from what is stated. You are working from loads of assumptions as to the source of the audit, the order of events, the legal requirements, etc. None of those are things that we know or can assume. No, we go through multiple of these per year and this is how it works. But what you do has NOTHING to do with the situation. You have SarBox, the OP likely does not. You have audit requirements, the OP likely does not, you don't have a rule saying that you need to do this, the OP does. Your personal experience doesn't apply here. It's not that your experience is wrong, it's just that the auditor, rules, audit, legality, and regulations that you are using as your experience we have no reason to believe exist here or specifically know them to be different. This is like telling the OP that he always has to go north to go to Walmart because Walmart is north of your house. It's not that you are wrong about where Walmart is compared to you, it's just that that information doesn't apply to the OP unless he lives next to you. 
- 
 @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @dave247 said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): ...people are just reading lists that other people created and following instructions and trying to just "do their job" and keep their job. Security was/is a real concern, but it's been buried under the fluff of doing business and passing audits. Here is more. Yes they would like other things, but their goal is passing the audit. And passing, here, requires following the suggestion. So both the boss wants this done separately, and the goal passing the audit requires doing what the auditor suggests. but it's been buried under the fluff of doing business and passing audits Any my point was you can pass the audit without setting everything statically. It's not a requirement. Given that the ONLY thing we know about the audit is that it suggests static for no reason other than that that is what they want, how can you say that? It doesn't suggest static for no reason. It suggests static because they assume that stops people from plugging in and getting an address on the network. Again, it's a suggestion not a requirement. You are missing the point that it is required by the company. You can't keep saying it is a suggestion, we are past that. It's fine that the auditor stated incorrect information about why to do static. But they didn't write "We need X, therefore we recommend static." They wrote "We recommend static, and here are some reasons...." The auditor approached it as static being the goal, the reasons are just for you to understand a bit more. Not to meet some management goal and static, they think, will fulfill it. And since the suggestions are required, any use of the term suggestion means required. The two are synonymous in any case where suggestions must be followed. You are hung up on the auditor suggesting it, but the employer has required it. 
- 
 @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @dave247 said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): ...people are just reading lists that other people created and following instructions and trying to just "do their job" and keep their job. Security was/is a real concern, but it's been buried under the fluff of doing business and passing audits. Here is more. Yes they would like other things, but their goal is passing the audit. And passing, here, requires following the suggestion. So both the boss wants this done separately, and the goal passing the audit requires doing what the auditor suggests. but it's been buried under the fluff of doing business and passing audits Any my point was you can pass the audit without setting everything statically. It's not a requirement. Given that the ONLY thing we know about the audit is that it suggests static for no reason other than that that is what they want, how can you say that? It doesn't suggest static for no reason. It suggests static because they assume that stops people from plugging in and getting an address on the network. Again, it's a suggestion not a requirement. You are missing the point that it is required by the company. You can't keep saying it is a suggestion, we are past that. It's fine that the auditor stated incorrect information about why to do static. But they didn't write "We need X, therefore we recommend static." They wrote "We recommend static, and here are some reasons...." The auditor approached it as static being the goal, the reasons are just for you to understand a bit more. Not to meet some management goal and static, they think, will fulfill it. And since the suggestions are required, any use of the term suggestion means required. The two are synonymous in any case where suggestions must be followed. You are hung up on the auditor suggesting it, but the employer has required it. I think you, Scott, are reading to much into it. None of us know what the actual checkbox says on the original paper. We've only been told "the mark it if they plug in and get an IP address." 
 This could just be a lazy or equally as likely, ignorant auditor who is making up their own solution to that specific checkbox.
 We also don't know if this being checked actually causes a failure.Way to many unknowns. 
- 
 @dashrender said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @dave247 said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): ...people are just reading lists that other people created and following instructions and trying to just "do their job" and keep their job. Security was/is a real concern, but it's been buried under the fluff of doing business and passing audits. Here is more. Yes they would like other things, but their goal is passing the audit. And passing, here, requires following the suggestion. So both the boss wants this done separately, and the goal passing the audit requires doing what the auditor suggests. but it's been buried under the fluff of doing business and passing audits Any my point was you can pass the audit without setting everything statically. It's not a requirement. Given that the ONLY thing we know about the audit is that it suggests static for no reason other than that that is what they want, how can you say that? It doesn't suggest static for no reason. It suggests static because they assume that stops people from plugging in and getting an address on the network. Again, it's a suggestion not a requirement. You are missing the point that it is required by the company. You can't keep saying it is a suggestion, we are past that. It's fine that the auditor stated incorrect information about why to do static. But they didn't write "We need X, therefore we recommend static." They wrote "We recommend static, and here are some reasons...." The auditor approached it as static being the goal, the reasons are just for you to understand a bit more. Not to meet some management goal and static, they think, will fulfill it. And since the suggestions are required, any use of the term suggestion means required. The two are synonymous in any case where suggestions must be followed. You are hung up on the auditor suggesting it, but the employer has required it. I think you, Scott, are reading to much into it. None of us know what the actual checkbox says on the original paper. We've only been told "the mark it if they plug in and get an IP address." 
 This could just be a lazy or equally as likely, ignorant auditor who is making up their own solution to that specific checkbox.
 We also don't know if this being checked actually causes a failure.Way to many unknowns. Maybe, but it is the auditor's checkbox. So their solution is the only one that we can know checks it. 
- 
 @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @dashrender said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @dave247 said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): ...people are just reading lists that other people created and following instructions and trying to just "do their job" and keep their job. Security was/is a real concern, but it's been buried under the fluff of doing business and passing audits. Here is more. Yes they would like other things, but their goal is passing the audit. And passing, here, requires following the suggestion. So both the boss wants this done separately, and the goal passing the audit requires doing what the auditor suggests. but it's been buried under the fluff of doing business and passing audits Any my point was you can pass the audit without setting everything statically. It's not a requirement. Given that the ONLY thing we know about the audit is that it suggests static for no reason other than that that is what they want, how can you say that? It doesn't suggest static for no reason. It suggests static because they assume that stops people from plugging in and getting an address on the network. Again, it's a suggestion not a requirement. You are missing the point that it is required by the company. You can't keep saying it is a suggestion, we are past that. It's fine that the auditor stated incorrect information about why to do static. But they didn't write "We need X, therefore we recommend static." They wrote "We recommend static, and here are some reasons...." The auditor approached it as static being the goal, the reasons are just for you to understand a bit more. Not to meet some management goal and static, they think, will fulfill it. And since the suggestions are required, any use of the term suggestion means required. The two are synonymous in any case where suggestions must be followed. You are hung up on the auditor suggesting it, but the employer has required it. I think you, Scott, are reading to much into it. None of us know what the actual checkbox says on the original paper. We've only been told "the mark it if they plug in and get an IP address." 
 This could just be a lazy or equally as likely, ignorant auditor who is making up their own solution to that specific checkbox.
 We also don't know if this being checked actually causes a failure.Way to many unknowns. Maybe, but it is the auditor's checkbox. So their solution is the only one that we can know checks it. That's absolutely true - but again, the human checking the box could be completely in error, without knowing the verbiage for that checkbox, we don't know. 
- 
 @dashrender said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @dashrender said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @dave247 said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): ...people are just reading lists that other people created and following instructions and trying to just "do their job" and keep their job. Security was/is a real concern, but it's been buried under the fluff of doing business and passing audits. Here is more. Yes they would like other things, but their goal is passing the audit. And passing, here, requires following the suggestion. So both the boss wants this done separately, and the goal passing the audit requires doing what the auditor suggests. but it's been buried under the fluff of doing business and passing audits Any my point was you can pass the audit without setting everything statically. It's not a requirement. Given that the ONLY thing we know about the audit is that it suggests static for no reason other than that that is what they want, how can you say that? It doesn't suggest static for no reason. It suggests static because they assume that stops people from plugging in and getting an address on the network. Again, it's a suggestion not a requirement. You are missing the point that it is required by the company. You can't keep saying it is a suggestion, we are past that. It's fine that the auditor stated incorrect information about why to do static. But they didn't write "We need X, therefore we recommend static." They wrote "We recommend static, and here are some reasons...." The auditor approached it as static being the goal, the reasons are just for you to understand a bit more. Not to meet some management goal and static, they think, will fulfill it. And since the suggestions are required, any use of the term suggestion means required. The two are synonymous in any case where suggestions must be followed. You are hung up on the auditor suggesting it, but the employer has required it. I think you, Scott, are reading to much into it. None of us know what the actual checkbox says on the original paper. We've only been told "the mark it if they plug in and get an IP address." 
 This could just be a lazy or equally as likely, ignorant auditor who is making up their own solution to that specific checkbox.
 We also don't know if this being checked actually causes a failure.Way to many unknowns. Maybe, but it is the auditor's checkbox. So their solution is the only one that we can know checks it. That's absolutely true - but again, the human checking the box could be completely in error, without knowing the verbiage for that checkbox, we don't know. My understanding that the verbiage that we got was the one for the checkbox. 
- 
 @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @scottalanmiller said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): @stacksofplates said in Best way to secure DHCP so that not just anyone can plug their PC in and get an IP? (Windows DC with DHCP): Suggested does not mean that in any way. You keep skipping the "requirement" portion coming from his own company. So suggested sure does mean that. Show where that was stated. It's the entire purpose of the thread.... to satisfy this one part of the audit. The thread itself is that this is required. Nope. Was never stated as a requirement. Only that the auditor suggested it and his boss just went along with what they said. He came here to get information on what to do. I've not heard anything about the boss going along with anything. The boss wants it, I've not noticed anything about the boss wanting it because of the audit, not do I see how that matters. The auditor wants it, the boss wants it, the goal is to pass audit... what more do you need? The boss obviously didn't care before the audit or it would have been that way. Then the audit happened. Now the boss is going along with the auditors suggestion. This isn't good logic. We can't make that assumption, especially given that it WAS that way in the past. I'm working from what is stated. You are working from loads of assumptions as to the source of the audit, the order of events, the legal requirements, etc. None of those are things that we know or can assume. I really like you Scott, but I think this is part of the problem with how you post. Making loads of assumptions is just as bad as dishing out paragraphs and paragraphs based ONLY on what was stated, when it's clear that there are still plenty of unknown blanks that need to be filled in first. You should probably be asking for more information first before giving out so much firm advice. Otherwise, you get people like me, who look up to people like you online for guidance, running with what you've told me, only to hit a wall shortly down the road. There have been many times where I am taking someone's advice where they've given what seems to be extremely good advice to go by, only to realize, wait a second, I didn't tell them about this factor, so maybe they would change what they said if they knew this. Part of my problem is that I may ask too many questions and go off of what I was told without thinking too much into it. I DO still try to carefully weigh the advice of my online peers as best I can. That being said, I still strongly value your input, as well as many of the others on this forum. I'm just trying to figure stuff out man. 




