Among my other duties, I help run a small computing lab for med students at the U of MN. Recently I learned that though we only have about twenty legitimate DHCP clients on our wired ethernet getting addresses from our Mac OS X 10.3 Server (great system), thirty allocated DHCP addresses were being used. Huh?

I found that some addresses went to testing, which I understand, but others were being grabbed by PCs that should have static IPs but were misconfigured and/or by outsiders who unplugged our PCs to network personal laptops (a no-no). We don't watch our PCs all the time and can't trust after-hours visitors to behave, so....

First I made a list of the MAC addresses for every PC or Mac I knew should have DHCP. These 12-character addresses are globally unique. In OS X find it under System -> Network -> Ethernet (I think). On Win2k/XP Start -> Run cmd and enter "ipconfig /all" to find the MAC addresses and more. Warning: some PCs, Macs, and laptops have more than one address. Be sure to record the wired one.

Then I logged onto our OS X Server as Administrator and lanuched the Server Administration app. After waiting a bit for it to recognize all services, including the Netboot service I had disabled (and may discuss elsewhere), I double-checked the DHCP status but then expanded Netboot -> Settings.

It's a little counterintuitive to find DHCP restrictions under something other than DHCP, but that's where it is. I selected to Exclude all but the listed addresses, then proceeded to enter every MAC addresses I had recorded as being from a legitimate DHCP client PC or Mac. The format is AA:AA:AA:AA:AA:AA. The data entry is a little awkward and time-consuming, but you only need to do it once per new device.

After entering all that, I played it "safe" and properly restarted the whole OS X Server (when nobody was depending on it) to make sure all services worked.

We also sometimes use Netboot to deploy OS X configs centrally, but that's a more complex topic and would consume too many words.