Patrick,
I don't know about Troy, but I'd love to block just port 80 -- but the
wrinkle is I'd like to be able to assign permissions to it, because some job
function require internet access, whereas others should not have internet
access.
At the moment, we simply disable iexplore.exe. By doing this, we lose the
ability to use web services on our intranet for those users. In addition,
it still doesn't stop web surfing, since users can just type the URL into
Explorer's address bar, however, or type the URL in the Start | Run box. We
can use a system policy to disable Start | Run, but haven't found a way to
block the address bar of explorer.
If I could deny a single port, I could deny port 80, and create URL's to
internal stuff that specified a different port. Even if I could deny that
port, it seems that I would need to reboot after making the change, which
would be a horrible way to start each and every day.
IIS is turned off on all workstations.
Ideally, I would like to see a list of permitted IP subnets that could be
accessed from the local computer. I don't even want to THINK about
customizing the protocol stack.
There are 3rd-party 'solutions' like surfcontrol, but they are HUGELY
expensive to implement.
Cheers,
Bruce MacDonald
Manager, Information Technology
Pacific Newspaper Group (Kennedy Heights)
(604) 605-7269 ph
(604) 605-7239 fax
[EMAIL PROTECTED]
-----Original Message-----
From: Patrick Sweeney [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, September 25, 2001 15:53
To: MSWinNT Discussions
Subject: Re: WIN2K - IP Filtering
No, but maybe yes.
If, for example, you don't want the computer to do anything with packets on
port 80, you can turn off IIS.
What are you trying to block?
----Original Message Follows----
From: "Troy Jerkins" <[EMAIL PROTECTED]>
Reply-To: "MSWinNT Discussions" <[EMAIL PROTECTED]>
To: "MSWinNT Discussions" <[EMAIL PROTECTED]>
Subject: WIN2K - IP Filtering
Date: Tue, 25 Sep 2001 11:15:36 -0400
I know you can filter packets in WIN2K based IP Protocol port numbers by
changing the "Permit All" to "Permit Only" option in the TCP/IP properties,
but is there a way to just tell the OS to say "Deny Only" these protocols.
Perhaps through policy?
-Troy
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
------
You are subscribed as [EMAIL PROTECTED]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]
------
You are subscribed as [email protected]
Archives: http://www.swynk.com/sitesearch/search.asp
To unsubscribe send a blank email to [EMAIL PROTECTED]
