[gptalk] Re: Disabling Computer Accounts

hello,

create a rule to match any ip address to any ip address any port.
Then create a rule to select "block".

Regards,
Mathieu CHATEAU
http://lordoftheping.blogspot.com


----- Original Message ----- From: "Ray Lewis" <razor@xxxxxxxxxxxxxxxxxxxxxxxx>
To: <gptalk@xxxxxxxxxxxxx>
Sent: Thursday, January 25, 2007 10:16 PM
Subject: [gptalk] Re: Disabling Computer Accounts


This is a very interesting topic.

Guys, which IP Security Policy should be active within the GPO and what
changes should be made?

Cheers

Ray

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On
Behalf Of Neil Berry
Sent: 25 January 2007 19:49
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Disabling Computer Accounts

Thanks Mathieu

Good idea -  that would make them pretty much unusable !
Just what I need

-----Original Message-----
From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]On
Behalf Of Mathieu CHATEAU
Sent: 25 January 2007 19:04
To: gptalk@xxxxxxxxxxxxx
Subject: [gptalk] Re: Disabling Computer Accounts


hello,

on the GPO to block, add IPSEC so to deny any non encrypted traffic
(mandatory to encrypt).

As only these stations uses IPSEC, they won't be able to connect to others
workstations neither servers.

The only solution for those bad boys is to stop the ipsec windows service,
so you will enforce it started through the same GPO

Regards,
Mathieu CHATEAU
http://lordoftheping.blogspot.com


----- Original Message -----
From: <neil@xxxxxxxxxxxxxxxx>
To: <gptalk@xxxxxxxxxxxxx>
Sent: Thursday, January 25, 2007 5:03 PM
Subject: [gptalk] Disabling Computer Accounts


Hi all,

Does anyone have any ideas on how best to achieve the following.

I need to make a computer that is intially built into the domain -
virtually unusable until it is placed in the correct OU.

I had thought of applying a very restrictive GPO to the default computers
OU which made it unusable but not quite sure which settings to apply and
if there are any issues with doing this.

It is bascially to stop people bypassing build procedures and policies and
not putting the computer into the correct OU.

Thanks for any thoughts :)

Neil
***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at http://www.freelists.org/archives/gptalk/
************************


***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at http://www.freelists.org/archives/gptalk/
************************


***********************
You can unsubscribe from gptalk by sending email to
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by
logging into the freelists.org Web interface. Archives for the list are
available at http://www.freelists.org/archives/gptalk/
************************

***********************
You can unsubscribe from gptalk by sending email to gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by logging into the freelists.org Web interface. Archives for the list are available at http://www.freelists.org/archives/gptalk/
************************


***********************
You can unsubscribe from gptalk by sending email to 
gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by 
logging into the freelists.org Web interface. Archives for the list are 
available at http://www.freelists.org/archives/gptalk/
************************

Other related posts: