Re: Logon rights

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 04/13/04 

Date: Tue, 13 Apr 2004 21:54:57 GMT

You can use ipsec filtering policy on those machines which will act like a built in
firewall. Start with a mirrored block all IP rule. Then add a mirrored rule including
a filter list with permitted exceptions. You would have to add an entry for "all" for
the domain controllers by their IP address and any other lan computers they need
access to by their IP address if any. Then an entry will need to be made to allow
PCAnyhwere connection by making an entry to the list for the appropriate inbound port
from the appropriate source. Those computers may still be able to see the browse list
in My Network Places since a domain controller may supply them with the browse list,
but they will only be able to access those computers they are allowed to in the
permitted list in the ipsec rule. You could also try to disable netbios over tcp/ip
on those computers via tcp/ip properties/advanced/wins. See the link below for an
example of using ipsec filtering. --- Steve

http://www.securityfocus.com/infocus/1559

"Andrew" <anonymous@discussions.microsoft.com> wrote in message
news:1c1d901c42199$8fe8d450$a401280a@phx.gbl...
> Hello all,
>
> I would like to setup 3 computers in my LAN only for login in
> to our Domain. Since those computers are exposed to WAN through
> PCAnywhere I don't want those computers to browse the network
> or access the internet over the LAN. I could able to stop the
> access the internet through my proxy but, couldn't stop
> browsing the network. Just I am using the group Domain user for
> those accounts. Is there any way I can acheive this while login
> to DOMAIN.
>
> Looking for some advice from the experts.
>
> Thanks

Relevant Pages

  • Re: Logon rights
    ... Start with a mirrored block all IP rule. ... Those computers may still be able ... >> PCAnywhere I don't want those computers to browse the network ...
    (microsoft.public.win2000.security)
  • Re: how to restrict remote desktop control applications
    ... different services & ports (dynamic ports which means ... about restricting of access to computers from network. ... >Remote Desktop or a third party application. ... You should be able to use ipsec filtering to ...
    (microsoft.public.win2000.security)
  • Re: Help ! Need to disable network browsing on 2000 pro clients
    ... I suggest that you consider removing those computers from the domain and putting them ... in a workgroup and either using ipsec filtering or personal firewalls allow them to ... Group Policy to disable the command prompt and registry editing, ... the risks of enabling the guest account]. ...
    (microsoft.public.win2000.networking)
  • Re: GP No internet
    ... If it is only a few computers you can configure the computer with a bogus ... default gateway as long as the user is not a local administrator which would ... filtering policy to those computers. ... The link below explains more on ipsec filtering. ...
    (microsoft.public.win2000.group_policy)
  • Re: The Hard Problem for Behaviorists
    ... correct low level abstractions to define the operation of the brain with - ... Do you not know how computers work? ... you can think of this type of network like you ... when you drop a marble in hole X1, ...
    (sci.cognitive)
Quantcast