Blocking Local network IPs from accessing a server

route add (local server ip) mask 255.255.255.255 (random fake IP) metric 1
on the computers you don't want accessing the server. This will send the request to the fake IP therefore never making it to the server.  you can even put it in a logon script
Shawn

best is relitive... but windows has the ipsec firewall filters built in that work quite well. The "good" thing about the ipsec firewall on M$ is that the necessary port's for AD are allowed to pass with out restriction. This however is not good if the firewall is facing the internet, but this has been updated and the default allowed ports can be blocked by using a key in the registry.

Ipsec Firewall howto:
http://www.microsoft.com/technet/itsolutions/network/security/ipsecld.mspx
Unsecured traffic http://support.microsoft.com/kb/253169/EN-US/
Exemptions removed http://support.microsoft.com/kb/810207/EN-US/

The firewall in M$ 2003 server (service pack 1 beta btw) works very well also.
-rich

2nd best answer is... put up a firewall and filter them out
> block local network IPs from accessing a local server

Best answer, if you have a server you want no one to use, unplug it.

answer three, use multiple LANs.  Users with good access separate physically from users without authorized access

Thanks for your input, I think I will go with the firewall solution, I was just seeing what other options there maybe