Solved

Block IP address on Window 2012

Posted on 2014-10-14
8
652 Views
Last Modified: 2014-10-16
How to block some IP address from accessing the FS01 ? is there any screen dump / example for reference ?

Tks
0
Comment
Question by:AXISHK
  • 4
  • 4
8 Comments
 
LVL 62

Expert Comment

by:btan
ID: 40381465
maybe use the windows firewall with advanced security ( i supposed FS01 is another win2012 federated server's hostname) https://support.gearhost.com/hc/en-us/articles/200341715-Block-IP-address-with-Windows-Firewall-2008-2012

if your are looking at ADFS proxy server, you can see more of the FW setting required for the SSL comms
http://blogs.technet.com/b/askds/archive/2012/01/05/understanding-the-ad-fs-2-0-proxy.aspx
0
 

Author Comment

by:AXISHK
ID: 40381596
FS01 is just our Window 2012 file server name - not a window federated server.  So, does the link work ?

Is it possible to  block IPs to access a particular folder in Window 2012 only ? Tks
0
 
LVL 62

Expert Comment

by:btan
ID: 40381662
The windows firewall for the first link for the file server should be alright.

For the folder restriction, it is best to go via Windows Security Model restricts access per-user, not per-IP. (http://windows.microsoft.com/en-us/windows-vista/share-files-and-folders-over-the-network-from-windows-vista-inside-out)

E.g. both Windows Sharing and Windows File Security have option to Allow and Deny access to a files and/or folders based on user names and/or computer names and/or Active Directory security groups. So the best is via setting  the share/file security to allow user group or even "Everyone", but deny a list of computers. Overall to accomplish with an AD security group created with all the computers you want to deny. Assigned the that AD security group to the resource access.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:AXISHK
ID: 40383810
Try to block a computer for a shared folder access, but it doesn't work. It only works for user name. Any alternative solution ?

Tks
0
 

Author Comment

by:AXISHK
ID: 40383892
Already try to block the IP 10.0.20.10 from access the server in Firewall setting but it doesn't work. Any idea ?
WindowFS.png
0
 
LVL 62

Expert Comment

by:btan
ID: 40384686
you cannot block based on computer ip access to shared folder using windows ACL as mentioned in prev post, they bind to user identity. But it seems viable for NFS http://technet.microsoft.com/en-us/library/cc753731.aspx

NFS-based access control for a shared resource is determined based on network names and groups. To use NFS permissions, you must first install the Services for Network File System (NFS) role service using Server Manager. After installing Services for NFS, use NFSAdmin.exe to create client groups and to add client computers to those groups before configuring NFS share permissions.

New shared resources. In the Provision a Shared Folder Wizard, if you select NFS as a share protocol, the NFS Permissions page is available in the wizard. You specify whether access is to be controlled by a specific client computer (host), or by a client group.


For the FW, 三haring a folder or file creates a Windows Firewall exception for File and Printer Sharing. The exception opens the ports listed. http://technet.microsoft.com/en-us/library/cc731402.aspx

The following ports are associated with file sharing and server message block (SMB) communications:
Microsoft file sharing SMB: User Datagram Protocol (UDP) ports from 135 through 139 and Transmission Control Protocol (TCP) ports from 135 through 139.
Direct-hosted SMB traffic without a network basic input/output system (NetBIOS): port 445 (TCP and UPD).
 
947709 How to use the "netsh advfirewall firewall" context instead of the "netsh firewall" context to control Windows Firewall behavior in Windows Server 2008 and in Windows Vista
http://support.microsoft.com/default.aspx?scid=kb;EN-US;947709
0
 

Author Comment

by:AXISHK
ID: 40385777
Still can't fix out the problem on firewall, Anything missing ?
Block01.png
Block02.png
0
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 40385789
see if this helps - enable/disable file share and udp
http://support.adminarsenal.com/entries/21531976-Windows-Firewall-Ports-and-Exceptions

to block the rules to prevent file and print services are :-
NetBIOS Datagram Service     Block    All programs   UDP 138
NetBIOS Name Service             Block    All programs   UDP 137
NetBIOS Session Service             Block    All programs   TCP 139
SMB over TCP                           Block    All programs   TCP 445
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
A procedure for exporting installed hotfix details of remote computers using powershell
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question