Prevent administrative users from assigning duplicate static IPs to their workstations

  1. Have a separate subnet (and preferably a separate VLAN) for your servers. This pretty much eliminates the issue of "accidental" overlap.

  2. Use some kind of NAC or port-level authentication and have a DHCP-assigned address be a prerequisite of the health check.

  3. Don't let your users be admin on their local machines :)


You could run a script using group policy to set the network adapter to use DHCP.

For example: http://social.technet.microsoft.com/Forums/zh/winserverGP/thread/b1616b2f-6353-45fb-a258-8ea9e14b5e8f

It looks like there may also be group policy to disable the network settings: How to disable Tcp/Ip settings in windows 7 via GPO?