block IP address

Hi Experts

My question is as following:

There are two subnets, 192.168.1.0/24 and 192.169.200.0/24.  The two subnets can ping each other.

I have a Windows 7 PC.  When the PC gets IP address from DHCP in the subnet 192.168.1/24, I can print to the printer with 192.168.1.10 address.  When I move my PC to the other subnet and get an IP address from DHCP of 192.168.200.0 subsnet, how can I  setup or run a scrip automatically to block the PC to print to the printer which is setup as default printer on my PC?

Thanks

EnjoyNet

EnjoyNetAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Lee_YCPCommented:
A few options:
1. Well, since they are two different subnets, you could simply use the routers to block traffic to/from the printer IP and the 200.0 subnet.
2. Do you have two different DC's for those subnets?  If so, you could assign the network printer based on the logon DC (i.e. which is tied to a specific subnet).  AD Sites and Services would have to be setup correctly.
3.  Put this code in a bat file and then put it in your \startup folder:  Gimme a sec to write it, I assume that your firewall is useable as a filter.
0
cbmmCommented:
are they vlans?
0
EnjoyNetAuthor Commented:
Thank you for your prompt reply.
1. this is a special case and don't want to block using router
2. Yes, actually they are in different domain. So when I go to subnet 192.168.200.0, I still logon the domain (or Cache logon) for sub 192.168.1.0.
3. I prefer to use this option if you can write a script to solve this unusual case.

Thanks
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

EnjoyNetAuthor Commented:
They are not a vlan and they are two subnets with vpn tunnel.  Thanks
0
Lee_YCPCommented:
Is there a router between the two subnets or some type of NAT/firewall?
0
Lee_YCPCommented:
Nevermind on the NAT/firewall question.  
Place this code inside a .bat or .cmd file and place it in your startup folder.

@echo off
sc query MpsSvc | find /I "RUNNING" >nul || echo Firewall service not running. && goto EOF

netsh advfirewall firewall show rule name=all | find /I "192.168.1.10_Printer_Rule" >nul && goto skip_add
netsh advfirewall firewall add rule name="192.168.1.10_Printer_Rule" remoteip=192.168.1.10 dir=out protocol=any action=block enable=yes 

:skip_add
REM Block traffic to 192.168.1.10 if host is on 192.168.200.0/24 subnet
ipconfig /all | find /I "192.168.200." >nul && netsh advfirewall firewall set rule name="192.168.1.10_Printer_Rule" new action=block
REM Allow traffic to 192.168.1.10 if host is on any other /24 subnet
ipconfig /all | find /I "192.168.200." >nul || netsh advfirewall firewall set rule name="192.168.1.10_Printer_Rule" new action=allow

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
EnjoyNetAuthor Commented:
Thank you for the code.

Could you please explain briefly about the first three lines, below @Echo line?

If I put this .bat file into Start folder, does it only take affect when the pc is reboot?

If I have another printer which ip is 192.168.1.11, how do we modify the code?

Sorry I am not a programmer so really need your instruction.  

Thanks
0
Lee_YCPCommented:
Line 1 tells it not to echo the commands to the screen.
Line 2 checks to see if the firewall is actually running.  If not the script ends.
Line 4 checks to see if the firewall rule exists.  If it does it skips to line 7.
Line 5 creates the firewall rule for the printer or whatever located at IP 192.168.1.10.
Line 6
Line 7 this is a "GOTO" label usd by line 4.
Line 8 is a comment that explains the next line.
Line 9 checks your IP address and if your IP address is in the 200.0/24 subnet, it blocks communication with the 192.168.1.10 printer by enabling the rule created in line 5
Line 10 is a comment that explains the next line.
Line 11 checks your IP address and if your IP address is anything not in the 200.0/24 subnet, it unblocks communication with the 192.168.1.10 printer.  The is a catch-all so that it is only unblocked once you move from a 200.0/24 subnet to anything else.
0
Lee_YCPCommented:
Well, based on the way I wrote the script, do a find/replace and give the document a new name.  Then place that document in the startup folder like you did the other one.

So, if the new printer is located at 192.168.1.11:
1.  Replace "192.168.1.10" with "192.168.1.11" in the document
2.  Save it with a new name (the file still needs to end in .bat or .cmd)
3.  Add that file to the startup folder.

0
Lee_YCPCommented:
Sorry, I missed your other question.  Well, it does not occur "everytime you boot".  It occurs everytime you "login"; meaning if you log off and back on, then it will run again.  You can also execute it anytime you want by navigating to "Start" \ "All Prgrams" \ "Startup" and executing the file from there.
0
EnjoyNetAuthor Commented:
Hi Lee,

Please give me a couple of few days to test it out.  I may close the case first, but if I run into issues, how can I contact you for help?

Thanks

EnjoyNet
0
EnjoyNetAuthor Commented:
Hi Lee,

Does your codes work for both XP and W7?

Thanks

Enjoynet
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 7

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.