Securing DHCP in windows network

Few of the important pts to monitor and enhance DHCP security in windows network are listed below:

1) Enable 'DHCP audit logging' for each DHCP server. Logs are created in %windir%system32\dhcp directory. Lookout for BAD_ADDRESS entries in the log which may point to IP address conflict or a rogue DHCP server or client
2) Use Restricted Groups feature of Group Policy to enable automatic monitoring and control of modification in membership of DHCP administrators group. Any unauthorized member is automatically deleted from membership
3) Use dhcploc.exe, a windows XP support tool to locate rogue DHCP servers. The tool works by sending a DHCPREQUEST message and getting DHCPACK response as a result. One such tool for solaris platform is dhcp_probe developed by Network Systems Group, at Princeton's University office of IT.
4) Maintain control over membership of DHCP administrators group
5) Windows 2000 and 2003 servers have a built-in mechanism for authorization of DHCP servers. They will only lease addresses to client, after verification from a domain controller that their IP is in the list of authorized DHCP servers