DHCP: Rogue detection should be enabled

  • Article

Applies To: Windows Server 2008 R2, Windows Server 2012

This topic is intended to address a specific issue identified by a Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the Dynamic Host Configuration Protocol Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about best practices and scans, see Best Practices Analyzer (https://go.microsoft.com/fwlink/?LinkId=122786).

Operating System

Windows Server 2008 R2, Windows Server 2012

Product/Feature

Dynamic Host Configuration Protocol (DHCP)

Severity

Warning

Category

Configuration

Issue

Rogue detection has been disabled on the DHCP server.

Impact

Disabling rogue detection can cause IP address conflicts.

Resolution

To enable rogue detection set registry key DisableRogueDetection under HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DHCPServer\Parameters to a value of 0.

When configured correctly and authorized for use on a network, Dynamic Host Configuration Protocol (DHCP) servers provide a useful administrative service. However, a misconfigured or unauthorized DHCP server can cause problems. For example, if an unauthorized DHCP server starts, it might begin either leasing incorrect IP addresses to clients or negatively acknowledging DHCP clients that attempt to renew current address leases.

To resolve these issues, DHCP servers are verified as authorized in Active Directory Domain Services before they can service clients and unauthorized, or rogue, servers are detected. This prevents most of the accidental damage caused by either misconfigured DHCP servers or correctly configured DHCP servers running on the wrong network.

To perform this procedure, you must be a member of the Administrators group, or you must have been delegated the appropriate authority.

To enable rogue detection

  1. Click Start, type regedit in Start Search, click Yes in User Account Control if prompted, and then press ENTER.

  2. In the registry tree, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\DHCPServer\Parameters.

  3. Right-click DisableRogueDetection and then click Modify…

  4. In Value Data type 0 and then click OK.

Additional references

For updated detailed IT pro information about DHCP and selectively enabling or disabling DHCP server bindings, see the Windows Server 2008 R2 documentation on the Microsoft TechNet Web site.