hello, create a rule to match any ip address to any ip address any port. Then create a rule to select "block". Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com----- Original Message ----- From: "Ray Lewis" <razor@xxxxxxxxxxxxxxxxxxxxxxxx>
To: <gptalk@xxxxxxxxxxxxx> Sent: Thursday, January 25, 2007 10:16 PM Subject: [gptalk] Re: Disabling Computer Accounts
This is a very interesting topic. Guys, which IP Security Policy should be active within the GPO and what changes should be made? Cheers Ray -----Original Message----- From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of Neil Berry Sent: 25 January 2007 19:49 To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Disabling Computer Accounts Thanks Mathieu Good idea - that would make them pretty much unusable ! Just what I need -----Original Message----- From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx]On Behalf Of Mathieu CHATEAU Sent: 25 January 2007 19:04 To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Re: Disabling Computer Accounts hello, on the GPO to block, add IPSEC so to deny any non encrypted traffic (mandatory to encrypt). As only these stations uses IPSEC, they won't be able to connect to others workstations neither servers. The only solution for those bad boys is to stop the ipsec windows service, so you will enforce it started through the same GPO Regards, Mathieu CHATEAU http://lordoftheping.blogspot.com ----- Original Message ----- From: <neil@xxxxxxxxxxxxxxxx> To: <gptalk@xxxxxxxxxxxxx> Sent: Thursday, January 25, 2007 5:03 PM Subject: [gptalk] Disabling Computer AccountsHi all, Does anyone have any ideas on how best to achieve the following. I need to make a computer that is intially built into the domain - virtually unusable until it is placed in the correct OU. I had thought of applying a very restrictive GPO to the default computers OU which made it unusable but not quite sure which settings to apply and if there are any issues with doing this.It is bascially to stop people bypassing build procedures and policies andnot putting the computer into the correct OU. Thanks for any thoughts :) Neil *********************** You can unsubscribe from gptalk by sending email togptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR bylogging into the freelists.org Web interface. Archives for the list are available at //www.freelists.org/archives/gptalk/ *********************************************** You can unsubscribe from gptalk by sending email to gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by logging into the freelists.org Web interface. Archives for the list are available at //www.freelists.org/archives/gptalk/ ************************ *********************** You can unsubscribe from gptalk by sending email to gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by logging into the freelists.org Web interface. Archives for the list are available at //www.freelists.org/archives/gptalk/ ************************ ***********************You can unsubscribe from gptalk by sending email to gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by logging into the freelists.org Web interface. Archives for the list are available at //www.freelists.org/archives/gptalk/************************
*********************** You can unsubscribe from gptalk by sending email to gptalk-request@xxxxxxxxxxxxx with 'unsubscribe' in the Subject field OR by logging into the freelists.org Web interface. Archives for the list are available at //www.freelists.org/archives/gptalk/ ************************