Re: Denying access to a server

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 10/27/04

• Next message: Tom: "Re: Reset password"
• Previous message: brian.hesseling(at)lsrlaw.lsr: "Denying access to a server"
• In reply to: brian.hesseling(at)lsrlaw.lsr: "Denying access to a server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Wed, 27 Oct 2004 19:50:58 GMT

You could configure an ipsec filtering policy on those servers. Ipsec filter
policies use rules that use permit and block filter actions. Of course this
would only work well if the computers that access it have static IP
addresses. Start with a mirrored block all rule and then add a mirrored
permit rule with the exceptions which would include the IP addresses of the
allowed computers. Ipsec policies do not require reboots, are built into the
operating system, and take effect shortly after assigning. Make sure you
have physical access to the server to assign and test the policy. If you do
it remotely and the policy is misconfigured, you could be blocked from
access [I know from first hand experience] . See the link below for tips on
setting up ipsec policies and info on and how to remove default exemptions
with a registry change.. --- Steve

http://www.securityfocus.com/infocus/1559
http://support.microsoft.com/default.aspx?scid=kb;en-us;811832

"brian.hesseling(at)lsrlaw.lsr"
<brian.hesseling(at)lsrlaw.lsr@discussions.microsoft.com> wrote in message
news:7EAE57A2-B531-4A4A-ABB8-CDEE01B8828E@microsoft.com...
>I want to deny access to our SQL servers from all computers except for
> specific computers. Is there a way to do this in windows with out having
> to
> use a router and ACL's between the SQL servers and the rest of the
> network.

---

• Next message: Tom: "Re: Reset password"
• Previous message: brian.hesseling(at)lsrlaw.lsr: "Denying access to a server"
• In reply to: brian.hesseling(at)lsrlaw.lsr: "Denying access to a server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: revert to default domain policy ... What are the consequences of copying the Default policies, reverting, ... There are many changes in the default domain policy, ... may be causing problems with my servers. ... I want to revert to the default policy, ... (microsoft.public.windows.group_policy) Re: revert to default domain policy ... policies, while I analyse the "default" default policies? ... There are many changes in the default domain policy, ... may be causing problems with my servers. ... I want to revert to the default policy, ... (microsoft.public.windows.group_policy) Re: Group Policy on Registry Level ... redo them after I know the servers are stable. ... First of all, you should try to find out, which policies are causing your trouble. ... Try to deactivate the policy with the GPMC. ... You have to run exchange setup with /domainprep after you recreate your default policies or your exchangeserver will stop working. ... (microsoft.public.windows.group_policy) Re: Windows 2003 GPO ... Use the Resultant Set of Policies feature in GPMC to verify that the GPOs ... all servers are running Windows 2003 Standard Server OS. ... > Citrix servers are configured in a load balance farm. ... The Policy is a User Policy and my understanding is that the ... (microsoft.public.windows.group_policy) netsh ipsec command. an easier way? ... I'm in the process of implementing ipsec filtering on my 2003 servers. ... add the rules, policy, filter, and filteraction in pretty much one ... (microsoft.public.security)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(10)