Block IP address on Window 2012

How to block some IP address from accessing the FS01 ? is there any screen dump / example for reference ?

Tks
AXISHKAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
maybe use the windows firewall with advanced security ( i supposed FS01 is another win2012 federated server's hostname) https://support.gearhost.com/hc/en-us/articles/200341715-Block-IP-address-with-Windows-Firewall-2008-2012

if your are looking at ADFS proxy server, you can see more of the FW setting required for the SSL comms
http://blogs.technet.com/b/askds/archive/2012/01/05/understanding-the-ad-fs-2-0-proxy.aspx
0
AXISHKAuthor Commented:
FS01 is just our Window 2012 file server name - not a window federated server.  So, does the link work ?

Is it possible to  block IPs to access a particular folder in Window 2012 only ? Tks
0
btanExec ConsultantCommented:
The windows firewall for the first link for the file server should be alright.

For the folder restriction, it is best to go via Windows Security Model restricts access per-user, not per-IP. (http://windows.microsoft.com/en-us/windows-vista/share-files-and-folders-over-the-network-from-windows-vista-inside-out)

E.g. both Windows Sharing and Windows File Security have option to Allow and Deny access to a files and/or folders based on user names and/or computer names and/or Active Directory security groups. So the best is via setting  the share/file security to allow user group or even "Everyone", but deny a list of computers. Overall to accomplish with an AD security group created with all the computers you want to deny. Assigned the that AD security group to the resource access.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

AXISHKAuthor Commented:
Try to block a computer for a shared folder access, but it doesn't work. It only works for user name. Any alternative solution ?

Tks
0
AXISHKAuthor Commented:
Already try to block the IP 10.0.20.10 from access the server in Firewall setting but it doesn't work. Any idea ?
WindowFS.png
0
btanExec ConsultantCommented:
you cannot block based on computer ip access to shared folder using windows ACL as mentioned in prev post, they bind to user identity. But it seems viable for NFS http://technet.microsoft.com/en-us/library/cc753731.aspx

NFS-based access control for a shared resource is determined based on network names and groups. To use NFS permissions, you must first install the Services for Network File System (NFS) role service using Server Manager. After installing Services for NFS, use NFSAdmin.exe to create client groups and to add client computers to those groups before configuring NFS share permissions.

New shared resources. In the Provision a Shared Folder Wizard, if you select NFS as a share protocol, the NFS Permissions page is available in the wizard. You specify whether access is to be controlled by a specific client computer (host), or by a client group.


For the FW, 三haring a folder or file creates a Windows Firewall exception for File and Printer Sharing. The exception opens the ports listed. http://technet.microsoft.com/en-us/library/cc731402.aspx

The following ports are associated with file sharing and server message block (SMB) communications:
Microsoft file sharing SMB: User Datagram Protocol (UDP) ports from 135 through 139 and Transmission Control Protocol (TCP) ports from 135 through 139.
Direct-hosted SMB traffic without a network basic input/output system (NetBIOS): port 445 (TCP and UPD).
 
947709 How to use the "netsh advfirewall firewall" context instead of the "netsh firewall" context to control Windows Firewall behavior in Windows Server 2008 and in Windows Vista
http://support.microsoft.com/default.aspx?scid=kb;EN-US;947709
0
AXISHKAuthor Commented:
Still can't fix out the problem on firewall, Anything missing ?
Block01.png
Block02.png
0
btanExec ConsultantCommented:
see if this helps - enable/disable file share and udp
http://support.adminarsenal.com/entries/21531976-Windows-Firewall-Ports-and-Exceptions

to block the rules to prevent file and print services are :-
NetBIOS Datagram Service     Block    All programs   UDP 138
NetBIOS Name Service             Block    All programs   UDP 137
NetBIOS Session Service             Block    All programs   TCP 139
SMB over TCP                           Block    All programs   TCP 445
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.