I was indeed able to use the appropriate mask for some of the ranges I needed to add, but some of them just didn't fit a mask properly. My example was one that I had used a mask on and wasn't truly representative of one of the "problem child" ranges.
Thanks again. ********************** Charlie Kaiser W2K3 MCSA/MCSE/Security Systems Engineer Essex Credit / Brickwalk 510 595 5083 ********************** > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Darren Mar-Elia > Sent: Tuesday, November 21, 2006 3:49 PM > To: [email protected] > Subject: RE: [ActiveDir] GP question - port exceptions using > IP address ranges > > Andrew- > > Your response is perfectly good if the bit math works for > that mask. What I was referring to is the fact that you can't > enter something like: > > > > 10.1.1.0 - 10.1.10.0 into the firewall exceptions dialog > > > > In other words, you can only enter a single contiguous > address space per entry. But if you're right, and a 20 bit > mask works for Charlie's addressing, then he's good to go. > > > > Darren > > > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Andrew Cace > Sent: Tuesday, November 21, 2006 12:21 PM > To: [email protected] > Subject: RE: [ActiveDir] GP question - port exceptions using > IP address ranges > > > > Oops, Charlie. Then ignore my previous email. Darren knows > his GPO stuff. > > > > -Andrew > > > > > > ________________________________ > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Darren Mar-Elia > Sent: Tuesday, November 21, 2006 11:30 AM > To: [email protected] > Subject: RE: [ActiveDir] GP question - port exceptions using > IP address ranges > > Charlie- > > I've seen this question asked many times, and the bottom line > is no, there is no way to enter ranges into the exceptions > lists. It would be nice though :) > > > > Darren > > > > > > Darren Mar-Elia > > For comprehensive Windows Group Policy Information, check out > www.gpoguy.com <http://www.gpoguy.com/> -- the best source > for GPO FAQs, video training, tools and whitepapers. Also > check out the Windows Group Policy Guide > <http://www.amazon.com/gp/product/0735622175/qid=1122367169/sr > =8-1/ref=pd_bbs_1/104-1133146-9411929?v=glance&n=283155> , > the definitive resource for Group Policy information. > > > > Group Policy Management solutions at SDM Software > <http://www.sdmsoftware.com/> > > > > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Charlie Kaiser > Sent: Tuesday, November 21, 2006 7:56 AM > To: [email protected] > Subject: [ActiveDir] GP question - port exceptions using IP > address ranges > > > > I've been tasked with modifying one of our GPs to allow a > greater range > > of access to our desktop PCs using Dameware since our support > model has > > changed. Currently we allow Dameware access from one IP subnet. We now > > need to add more subnets. The problem is that a number of > these subnets > > are not nicely divided. For example, 204.24.0.1 - > 204.24.15.255, to pick > > a random range. > > > > I know the syntax for the policy setting is something like this: > > "6129:TCP:204.24.0.1/24:enabled:dameware" or > > "6129:TCP:204.24.0.1/255.255.255.0:enabled:dameware". Is > there a way to > > enter the range above without having to enter each of the included > > subnets? > > Thanks... > > > > ********************** > > Charlie Kaiser > > W2K3 MCSA/MCSE/Security > > Systems Engineer > > Essex Credit / Brickwalk > > 510 595 5083 > > ********************** > > List info : http://www.activedir.org/List.aspx > > List FAQ : http://www.activedir.org/ListFAQ.aspx > > List archive: > http://www.mail-archive.com/[email protected]/ > > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/[email protected]/
