Solved

Restrict user to access an IP

Posted on 2006-11-06
11
214 Views
Last Modified: 2010-04-11
How to create a security policy which can deny user to access an IP address from Windows XP.

0
Comment
Question by:guanghuyang
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
11 Comments
 

Expert Comment

by:officedog
ID: 17888823
Clarifiction needed I think. Is the IP local or external. What port(s) or all. What are you trying to block exactly.

TIA
0
 
LVL 3

Expert Comment

by:MarkWYnne
ID: 17889787
Indeed, provide more information, network environment and technology used.

Is this one specific IP or a range of IPs, workstations. With xp you can specify what users can access
a workstation.
If you are using DHCP, denying access to a specific IP is a little trickier as IPs change.
If it is a directory on a specifiy workstation\server then you may create a new group, call it deny access, apply it ot the share and add the specific user account and select deny in permissions.

More info would be helpful
0
 

Author Comment

by:guanghuyang
ID: 17896788
I've solved this issue with IPsec.
In our office, there is a proxy(an IP address, port is  89) providing internet access for user. My boss said he want to limit the Internet Access, which means to prevent some users to use proxy. We try to create local IpSec policy for each computer which don't need proxy ,but we met the problem that we can't manage GPO locally, it was controlled by Domain administrators. Is there any possibility to apply one workstation(windows xp)'s policy to any other computers, but don't through OU.
0
Space-Age Communications Transitions to DevOps

ViaSat, a global provider of satellite and wireless communications, securely connects businesses, governments, and organizations to the Internet. Learn how ViaSat’s Network Solutions Engineer, drove the transition from a traditional network support to a DevOps-centric model.

 
LVL 3

Expert Comment

by:MarkWYnne
ID: 17897029
Create a group and add specified W\S and apply GPO to that specific group.
Create an OU within the originating OU, call it NO proxy OU and apply the IPSec GPO to that OU.
Machines will recieve all GPOs from parent OU and as the new OU GPO will be applied last this should
have all the correct GPOs except for the new IPSec one applied last from the new OU

Local system GPO will block access, but upon logging into the domain GPO is applied to the machine from the domain
overriding the local GPO as last one applied is effective setting.
0
 

Author Comment

by:guanghuyang
ID: 17898508
We don't have permisson to create a group and to apply GPO.
0
 
LVL 3

Expert Comment

by:MarkWYnne
ID: 17898706
If access is a problem..

Try configure the target machines with an invalid proxy addr.. if the changes will stick..


0
 

Author Comment

by:guanghuyang
ID: 17898861
Now we are planning to do is, use VBS to create IPSec for each computer which needn't proxy. The problem is ,it is not very easy to write such a VBS.
0
 
LVL 4

Expert Comment

by:LBACIS
ID: 17946291
You are going to use vb script to enable ipsec? how the WMI provider?

It sounds more like you should work on this from your firewall..
0
 

Author Comment

by:guanghuyang
ID: 17954780
I have solved the with ipseccmd.exe which provided by Microsoft. It is a tool that can help to import and export IP policy. It saves a lot of time to create a VBS.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
ID: 18190651
PAQed with points refunded (125)

Computer101
EE Admin
0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Barracuda WAF Training? 2 31
Fraud Email 22 83
Password recovery or reset Windows 10 home Premium 8 56
firewall log 4 39
As cyber crime continues to grow in both numbers and sophistication, a troubling trend of optimization has emerged over the last year.
Ransomware continues to grow in reach and sophistication, putting data everywhere at risk. Learn how to avoid being caught in its sinister clutches with these 11 key tips.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question