Since they use a round robin DNS for Windows Update, you may need to make a
DNS entry to block it. For instance:
Make a new zone Microsoft.com
Set the NS records to Microsoft's DNS servers (so everything is working)
Make a entry for windowsupdate to point to 127.0.0.1
This should override the DNS entries on Microsoft's server. Otherwise you
would need to block all of the ips for windowsupdate, and you would need to
keep an eye on the changes they make.
Non-authoritative answer:
Name: windowsupdate.microsoft.com
Addresses: 207.46.232.17, 207.46.177.10, 207.46.177.16
I'm not sure if windows update downloads from other machines, such as the
hosting partners of Microsoft, if that's the case, if you block the ip of
the hosting partners, your blocking could disable the users to download any
software from Microsoft (might be a good idea :) ).
-----Original Message-----
From: zinc zdj [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 24, 2000 5:18 PM
To: [EMAIL PROTECTED]
Subject: [FW1] How to block windows update
Hi all Checkpoint Gurus,
What policy (services) that I have to block so that user can not go to
internet download through windows update (such as I.E). A user uses windows
update and able to download the program even though we have a policy not to
download from internet?
Please help.
Thanks in advance.
zinc
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
