I've not done it directly, but its possible to use IPSec
policies to block specific ports, which would do exactly what you're trying to
do.
Roger
--
Roger D. Seielstad -
MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc.
Wook
From: Roger SeielstadSent: Thu 5/13/2004 1:54 PMTo: [EMAIL PROTECTED]Subject: RE: [ActiveDir] TCP Port Blocking
I've not done it directly, but its possible to use IPSec policies to block specific ports, which would do exactly what you're trying
tems that are just
workgroup members.
Wook
From: Roger SeielstadSent: Thu
5/13/2004 1:54 PMTo: [EMAIL PROTECTED]Subject:
RE: [ActiveDir] TCP Port Blocking
I've not done it directly, but its possible to use IPSec
policies to block specific ports, which w
Instead of blocking ports, we opted to delegate creatorOwner group policy permissions to our NOC, and enabled GPOs to keep application executables from running...
for example under
UserConfiguration/Admin Templates/System/"Don't run specified windows applications"
The sasser variants would be
From: Lee, Wook [mailto:[EMAIL PROTECTED]
Sent: Thursday, May 13, 2004 6:19 PMTo:
[EMAIL PROTECTED]Subject: RE: [ActiveDir] TCP Port
Blocking
The problem with trying to
patch remote systems via GP is that simple things like ICMP blocking can
prevent GP from applying. And it
You will need to create an IPSEC policy and apply this via
GPOs.
Denny
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mike
HogenauerSent: Thursday, May 13, 2004 4:14 PMTo:
[EMAIL PROTECTED]Subject: [ActiveDir] TCP Port
Blocking
Sorry for
the newbie sounding question.
Great article that simplifies the creation of IPsec policies ...seeing that
the GUI is nefarious...
http://www.microsoft.com/serviceproviders/columns/using_ipsec.asp
At 10:36 AM 5/14/2004, Depp, Dennis M. wrote:
"urn:schemas-microsoft-com:office:office" xmlns:w =
"urn:schemas-microsoft-com:offi
