Win2k DHCP server giving out IP add. to unauthorized PCs

Good afternoon everyone,
A fellow sys admin has come to me with a question and I didn't have an answer for him, so thought I would turn to you guys. He has a Win2k domain with DHCP set up. Everything is working and if you look up in the DHCP Leases, you will see all computers in his domain listed along with their FQDN. However, he noticed the other day that there was a PC listed as receiving a IP address lease that was not part of his domain. The computer's name appeared on the DHCP list, but just as computername followed by a ".", where all the others were listed as their FQDN's. So I am assuming what is going on is that someone connected a laptop to the subnet and it is trying and succeeded in getting an IP from the DHCP server. But due to security policies and rights, they were not able to join and be part of the domain.

But his concern is that a rogue laptop was able to get an IP address. So my question is, what sort of security risk was this and how can this be prevented or can it be?

Thank you!