This is how we did it:
On the access switches:
Enable ip dhcp snooping on the VLAN you want to snoop
Example:
ip dhcp snooping vlan 1-4094
no ip dhcp snooping information option
ip dhcp snooping
On switchport:
ip dhcp snooping limit rate 100
(values lower than 100 can make your switchport go to errdisable. Windows can go pretty crazy on DHCP requests)
On uplink port do Distri/Core (if Layer 2 Trunk-Port):
ip dhcp snooping trust
If you do ip arp inspection you also want to tell the switch to save the snooping database on flash (in other case you'll lock out everyone after a switch reboot)
ip dhcp snooping database flash:dhcp
I think that's it.