Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Block IP address on Window 2012

Posted on 2014-10-14
8
Medium Priority
?
1,022 Views
Last Modified: 2014-10-16
How to block some IP address from accessing the FS01 ? is there any screen dump / example for reference ?

Tks
0
Comment
Question by:AXISHK
  • 4
  • 4
8 Comments
 
LVL 65

Expert Comment

by:btan
ID: 40381465
maybe use the windows firewall with advanced security ( i supposed FS01 is another win2012 federated server's hostname) https://support.gearhost.com/hc/en-us/articles/200341715-Block-IP-address-with-Windows-Firewall-2008-2012

if your are looking at ADFS proxy server, you can see more of the FW setting required for the SSL comms
http://blogs.technet.com/b/askds/archive/2012/01/05/understanding-the-ad-fs-2-0-proxy.aspx
0
 

Author Comment

by:AXISHK
ID: 40381596
FS01 is just our Window 2012 file server name - not a window federated server.  So, does the link work ?

Is it possible to  block IPs to access a particular folder in Window 2012 only ? Tks
0
 
LVL 65

Expert Comment

by:btan
ID: 40381662
The windows firewall for the first link for the file server should be alright.

For the folder restriction, it is best to go via Windows Security Model restricts access per-user, not per-IP. (http://windows.microsoft.com/en-us/windows-vista/share-files-and-folders-over-the-network-from-windows-vista-inside-out)

E.g. both Windows Sharing and Windows File Security have option to Allow and Deny access to a files and/or folders based on user names and/or computer names and/or Active Directory security groups. So the best is via setting  the share/file security to allow user group or even "Everyone", but deny a list of computers. Overall to accomplish with an AD security group created with all the computers you want to deny. Assigned the that AD security group to the resource access.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 

Author Comment

by:AXISHK
ID: 40383810
Try to block a computer for a shared folder access, but it doesn't work. It only works for user name. Any alternative solution ?

Tks
0
 

Author Comment

by:AXISHK
ID: 40383892
Already try to block the IP 10.0.20.10 from access the server in Firewall setting but it doesn't work. Any idea ?
WindowFS.png
0
 
LVL 65

Expert Comment

by:btan
ID: 40384686
you cannot block based on computer ip access to shared folder using windows ACL as mentioned in prev post, they bind to user identity. But it seems viable for NFS http://technet.microsoft.com/en-us/library/cc753731.aspx

NFS-based access control for a shared resource is determined based on network names and groups. To use NFS permissions, you must first install the Services for Network File System (NFS) role service using Server Manager. After installing Services for NFS, use NFSAdmin.exe to create client groups and to add client computers to those groups before configuring NFS share permissions.

New shared resources. In the Provision a Shared Folder Wizard, if you select NFS as a share protocol, the NFS Permissions page is available in the wizard. You specify whether access is to be controlled by a specific client computer (host), or by a client group.


For the FW, 三haring a folder or file creates a Windows Firewall exception for File and Printer Sharing. The exception opens the ports listed. http://technet.microsoft.com/en-us/library/cc731402.aspx

The following ports are associated with file sharing and server message block (SMB) communications:
Microsoft file sharing SMB: User Datagram Protocol (UDP) ports from 135 through 139 and Transmission Control Protocol (TCP) ports from 135 through 139.
Direct-hosted SMB traffic without a network basic input/output system (NetBIOS): port 445 (TCP and UPD).
 
947709 How to use the "netsh advfirewall firewall" context instead of the "netsh firewall" context to control Windows Firewall behavior in Windows Server 2008 and in Windows Vista
http://support.microsoft.com/default.aspx?scid=kb;EN-US;947709
0
 

Author Comment

by:AXISHK
ID: 40385777
Still can't fix out the problem on firewall, Anything missing ?
Block01.png
Block02.png
0
 
LVL 65

Accepted Solution

by:
btan earned 2000 total points
ID: 40385789
see if this helps - enable/disable file share and udp
http://support.adminarsenal.com/entries/21531976-Windows-Firewall-Ports-and-Exceptions

to block the rules to prevent file and print services are :-
NetBIOS Datagram Service     Block    All programs   UDP 138
NetBIOS Name Service             Block    All programs   UDP 137
NetBIOS Session Service             Block    All programs   TCP 139
SMB over TCP                           Block    All programs   TCP 445
0

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…
Suggested Courses

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question