Deny DHCP or network resources

[Sparxx]

Is there a way to deny an IP from a client PC that does not logon to a domain?

For example, a person refuses to logon to a domain, so he/she chooses to logon to his/her client PC with the "(this computer)" option instead.

What I want to do is deny a client PC any rights to the network if it does not login to the domain. Either FORCE the domain login by disabling the "this computer" option or by denying an IP to the client from the dhcp server if the client chooses not to login to the domain.

I assume there might be a registry entry to edit that disables the "this computer" option, or even a group policy edit PER machine, but that is locally and too complicated to do to each individual computer. I need something that can be done globally across the network.

Basically the end result is as follows:

No Domain Login = No Internet or Network resources
(so this computer is exactly that - THIS computer standing alone)

Domain Login = Internet, Network resources, etc.
(all the goodies to be had in one network sitting )

Server = Windows 2000 Advanced Server w/ SP4, running WINS and DHCP
Clients= Windows XP/2000

any help with this is appreciated

...and if it sounds confusing, I apologize - feel free to ask questions

 

[The_Other_One]

Deny the MAC address?

 

[Sparxx]

That would make sense, seeing as how you can assign a fixed IP, or rather a "reserved" IP, by MAC address in the DHCP settings....

But wouldn't that deny the client machine totally? I mean, I want the client to have no other option but to login to the domain.

If that user wants Inet and Network resources, then they HAVE to login to the domain. If not, they basically are logging in to a standard, standalone workgroup computer with no network access at all.