We want to block all connections between client computers on our Active Directory domain except for those in an administrative group and of course between servers and clients. I want to use IP ranges as the basis for the blocking or allowing, i.e. the ranges handed out by DHCP for clients would be blocked from connecting to each other but IPs outside of those ranges and on our subnets would be allowed to connect. What rule could be implemented to either block a range completely and/or allowing only connections from within a range? Also, is this a good way to approach this? We have multiple AD sites and subnets. I would like to implement this through group policy.