Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 253
  • Last Modified:

Restrict user to access an IP

How to create a security policy which can deny user to access an IP address from Windows XP.

0
guanghuyang
Asked:
guanghuyang
1 Solution
 
officedogCommented:
Clarifiction needed I think. Is the IP local or external. What port(s) or all. What are you trying to block exactly.

TIA
0
 
MarkWYnneCommented:
Indeed, provide more information, network environment and technology used.

Is this one specific IP or a range of IPs, workstations. With xp you can specify what users can access
a workstation.
If you are using DHCP, denying access to a specific IP is a little trickier as IPs change.
If it is a directory on a specifiy workstation\server then you may create a new group, call it deny access, apply it ot the share and add the specific user account and select deny in permissions.

More info would be helpful
0
 
guanghuyangAuthor Commented:
I've solved this issue with IPsec.
In our office, there is a proxy(an IP address, port is  89) providing internet access for user. My boss said he want to limit the Internet Access, which means to prevent some users to use proxy. We try to create local IpSec policy for each computer which don't need proxy ,but we met the problem that we can't manage GPO locally, it was controlled by Domain administrators. Is there any possibility to apply one workstation(windows xp)'s policy to any other computers, but don't through OU.
0
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

 
MarkWYnneCommented:
Create a group and add specified W\S and apply GPO to that specific group.
Create an OU within the originating OU, call it NO proxy OU and apply the IPSec GPO to that OU.
Machines will recieve all GPOs from parent OU and as the new OU GPO will be applied last this should
have all the correct GPOs except for the new IPSec one applied last from the new OU

Local system GPO will block access, but upon logging into the domain GPO is applied to the machine from the domain
overriding the local GPO as last one applied is effective setting.
0
 
guanghuyangAuthor Commented:
We don't have permisson to create a group and to apply GPO.
0
 
MarkWYnneCommented:
If access is a problem..

Try configure the target machines with an invalid proxy addr.. if the changes will stick..


0
 
guanghuyangAuthor Commented:
Now we are planning to do is, use VBS to create IPSec for each computer which needn't proxy. The problem is ,it is not very easy to write such a VBS.
0
 
LBACISCommented:
You are going to use vb script to enable ipsec? how the WMI provider?

It sounds more like you should work on this from your firewall..
0
 
guanghuyangAuthor Commented:
I have solved the with ipseccmd.exe which provided by Microsoft. It is a tool that can help to import and export IP policy. It saves a lot of time to create a VBS.
0
 
Computer101Commented:
PAQed with points refunded (125)

Computer101
EE Admin
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now