RE: [ActiveDir] TCP Port Blocking

[Lee, Wook]

The problem with trying to patch remote systems via GP is that simple things like ICMP blocking can prevent GP from applying. And it only works for W2K and XP clients that are members of the forest. It's not uncommon for remote users to be on systems that are just workgroup members.   Wook From: Roger Seielstad Sent: Thu 5/13/2004 1:54 PM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] TCP Port Blocking I've not done it directly, but its possible to use IPSec policies to block specific ports, which would do exactly what you're trying to do.   Roger -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc.   From: Mike Hogenauer [mailto:[EMAIL PROTECTED] Sent: Thursday, May 13, 2004 4:14 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] TCP Port Blocking Sorry for the newbie sounding question.   How can I use Group Policy to block certain ports in all workstation in a certain OU? Ex: for the SASSER virus it’s recommended to block TCP 5554 9996. I have remote users that I wanted apply a GP to that will block these ports.   Thanks   Mike   Mike Hogenauer blocked::mailto:[EMAIL PROTECTED] Rendition Networks, Inc. 10735 Willows Rd NE, Suite 150 Redmond, WA 98052 425.636.2115 | Fax: 425.497.1149