DHCP
has been an unassuming network service as of late. The simplicity of
the protocol is another reason for its success because it is not cursed
by a high degree of administrative complexity. However, greater control
over a DHCP environment can be achieved through the understanding of
some advanced concepts regarding its use. Some of these concepts are new
to Windows Server 2008 R2, and some were introduced in Windows 2000
Server, Windows Server 2003, and Windows Server 2008. These improvements
can help you gain control over a DHCP environment and provide for more
security and ease of use.
Understanding DHCP Superscopes
A DHCP superscope is used for
environments in which multiple network subnets encompass a single scope
environment. In these cases, a superscope can be created to contain
multiple scopes. The individual scopes are subsequently dependent on the
master superscope. If it is turned off, they will also be deactivated.
Examining DHCP Multicast Scopes
A multicast scope is created
to allow clients to be assigned multicast IP addresses. A multicast IP
address is one in which destination hosts can each have the same IP
address, which is useful in one-to-many forms of communications, such as
webcasts and videoconferencing sessions.
Delegating Administration of DHCP
It is never wise to hand over
full administrative privileges to individuals who need to perform only a
specific network function. If a small group of administrators needs
control over the DHCP environment, Windows Server 2008 R2 makes it easy
to delegate administrative capabilities to them through the inclusion of
a group called DHCP Administrators. Adding users or, preferably, groups
to this security group will enable those users to administer the DHCP
servers in an environment. If the DHCP server is a member server, this
will be a local security group. If DHCP is deployed on a domain
controller, this will be a domain security group and membership in this
group will apply to all DHCP servers in the domain that are running on
domain controllers. There is also another group named DHCP Users that
can be used to grant read-only view rights to the DHCP system. This is a
good group for desktop or Network Operations Center administrators to
be members of.
Using the Netsh Command-Line Utility
Windows Server 2008 R2
has made great strides in allowing virtually all administrative
functions to be performed through the command line. This not only helps
those users who are used to command-line administration, such as that in
UNIX operating systems, but
also allows for the execution of scripts and batch files, which can
automate administrative processes. The Netsh command-line utility is one
such utility that effectively allows administrators to accomplish
virtually all DHCP tasks that can be run through the MMC GUI interface.
For a full listing of potential functions with Netsh, run netsh /? from the command line, as illustrated in Figure 1.
