General discussion

Locked

Restrict IP addr to Win2K svr

By everyoneall ·
Hi,

Anyone has the steps to restrict the IP addr that can successfully connect/access a Win2K server?

I'm not restricting the ports that can come in, but I'm restricting the IP ADDR that can come in.

I guess it's something to do with IPSec? but can't find the steps to restrict the incoming IP addr specifically.

Thks.

This conversation is currently closed to new comments.

7 total posts (Page 1 of 1)  
Thread display: Collapse - | Expand +

All Comments

Collapse -

by mfischer In reply to Restrict IP addr to Win2K ...

IPsec will do it, but depending on how many clients are in the domain it could be cumbersome to deploy, and it's known to break a few network aware applications. Rather than IP addys being restricted is there a reason why NTFS/Share permissions aren't being used to restrict access? Is the DC behind a firewall or is it DMZ'ed?

Collapse -

by everyoneall In reply to

The server is already behind a firewall, protecting from the attack from the WAN. But, our Security Officer wanted to restrict the INTERNAL machines that can connect to these restricted servers even. Do you have the steps of implementing such using IPSec? And, why do you say it's cumbersome to deploy?

Appreciate your further advise.
Thks.

Collapse -

by mfischer In reply to Restrict IP addr to Win2K ...

The steps you should take are dependent on your network needs, and it isn't very realistic for me to guess your config. I would recommend using a restrictive permisssion set with solid gp's to get it done.

Collapse -

by everyoneall In reply to

I hear your comment. But, what I need is the steps to setup IP addr blocking on Win2K server and not other alternatives, due to restriction from my Security Officer. Thks.

Collapse -

by david.michaels In reply to Restrict IP addr to Win2K ...

Have you considered creating a "Group" (Control Panel / Users and Passwords) and then setting access rights for the "Group" and then you can simply add/delete users from the Group?

Collapse -

by everyoneall In reply to

Yes, it has been considered with our Security Officer.

Appreciate all forthcoming Answer submissions to answer directly to the question instead - what I need is the steps to setup IP addr blocking on Win2K server AND NOT OTHER ALTERNATIVES, due to restriction from my Security Officer.

Thks.

Collapse -

by everyoneall In reply to Restrict IP addr to Win2K ...

Point value increased by question poster.

Back to Windows Forum
7 total posts (Page 1 of 1)  

Related Discussions

Related Forums