Log in Subscribe

DHCP - Activate Filter "Allow" & import MAC address from SCCM by WMI request

Rodolphe Herpeux
· 3 min read
DHCP - Activate Filter "Allow" & import MAC address from SCCM by WMI request

Hello folks,
Recently, i have post a script to interroge SCCM and find the MAC address informations. In this post, i show you how activate DHCP Filter “Allow” to protect your DHCP delivery lease to deny access to your network (i know, there is NAP or NAC but, it is a simple way to block the issuance of a DHCP lease).

Prerequirements

First, you need to create a Active Directory user and give to this account rights “DHCP Administrator”.

In SCCM console, add this users to group “Read-only Analyst” .

Activate filter “Allow” on DHCP server

Connect to your DHCP Server and open the management consoleOn the IPV4 tab, open the drop-down menu, and then select the “Filters” option and right-click the “Allow” folder and select “Enable”.

From now, the DHCP server no longer delivers leases.

On the DHCP Server, launch this script for retreive and add the MAC Address informations from SCCM Server to filter list “Allow”.

# Connection information
$SiteName = "FR1"
$ServerSite = "sccm"
# WMI Request
$ImportSCCM = $(Get-WmiObject -Class SMS_R_SYSTEM -Namespace "rootsmssite_$SiteName" -computerName $ServerSite)
# Create collection
$Mycoll = @()
foreach ($obj in $ImportSCCM) {
Write-Host $obj.NetbiosName $obj.MACAddresses $obj.OperatingSystemNameandVersion
$Mydetails = "" | Select-Object PCName, MacAddress, OS
If ($([String]$obj.MACAddresses) -eq "") {
$Mydetails.PCName = $obj.NetbiosName
$Mydetails.MacAddress = "Nul"
$Mydetails.OS = $obj.OperatingSystemNameandVersion
}
Else {
$Mydetails.PCName = $obj.NetbiosName
$Mydetails.MacAddress = [String]$obj.MACAddresses -replace ":","-"
$Mydetails.OS = $obj.OperatingSystemNameandVersion
}
$Mycoll += $Mydetails
}
#Add MacAddress into DHCP Filter
foreach ($objects in $Mycoll) {
Add-DhcpServerv4Filter -List Allow -MacAddress $objects.MacAddress -Description $objects.PCName -Confirm:$false -Force -Verbose
}
# Remove Obsolete entries
Compare-Object $(($Mycoll | Select-Object MacAddress).MacAddress) $(Get-DhcpServerv4Filter -ComputerName $DHCPServer -List Allow | Select-Object MacAddress).MacAddress -IncludeEqual | % {
if ($_.SideIndicator -eq "=>") {
Remove-DhcpServerv4Filter -ComputerName $DHCPServer -MacAddress $_.InputObject -Confirm:$false -Verbose
}
}

When the script is finished, you can see into the management console of DHCP Server, the entries are add into the “Allow” list.

The DHCP server correctly delivers the lease of the device whose MAC Address is allowed.

 

Related Articles

Docker Swarm on Ubuntu

Docker Swarm on Ubuntu

· 4 min read
Busy Light with ESP8266 mini D1 and Home Assistant

Busy Light with ESP8266 mini D1 and Home Assistant

· 3 min read
Citrix Adaptive Authentication (Netscaler) SAML Assertion verification failed

Citrix Adaptive Authentication (Netscaler) SAML Assertion verification failed

· 1 min read
Synchronizing Disabled User Accounts Between Active Directory Domains (forest) Using PowerShell

Synchronizing Disabled User Accounts Between Active Directory Domains (forest) Using PowerShell

· 3 min read
Automated Random User Creation Script for Active Directory

Automated Random User Creation Script for Active Directory

· 2 min read
Citrix's Struggles with Partners: How It Impacts Their Business

Citrix's Struggles with Partners: How It Impacts Their Business

· 2 min read