Disable Ping_win server via IP Security Policy WIN2003

In fact, if you are using Windows Server 2003, you can solve the problem by enabling a firewall with the system itself. In addition, you can create a security policy that prohibits all computers from pinging native IP addresses. The following is more appropriate for Win 2000, but is limited to the author's machine environment, using Windows Server 2003 as the platform for a brief process:

　　 STEP1: Adding IP Filters and filter actions

Click Start]→[Administration Tools]→[Local Security policy, and open the Local Security Settings dialog box. Right-click the IP Security Policy, local computer option in the console tree on the left side of the dialog box to perform the Manage IP filter table and filter actions command. Under the Manage IP Filter List tab of the Open dialog box, click the Add button, name this filter as "No ping", and the description language can be "ping my host on any other computer", and then click the Add button. Next click [Next]→[Next], select IP traffic source address as [my IP address], click Next, select IP traffic destination as [any IP address], click Next, select IP protocol type as [ICMP], and click Next. Click Finish]→[OK to end the Add. Then switch to the Manage Filter Actions tab, click Add]→[Next, and the name filter action names are block all connections, the description language can be block all network connections, click Next, select the Block option as the action behavior for this filter, and then click Next]→[ Complete]→[Close] to complete all add operations.

　　 STEP2: Create IP Security Policy

Right-click the IP Security Policy, local computer option in the console tree, execute the Create security Policy command, and then click Next. Name this IP security policy to "Prohibit Ping hosts", describing the language as "rejecting ping requirements for any other computer" and clicking [Next]. Then click [Next] If you select the Activate Default response rule. In the default Response Rule Authentication Method dialog box, select the Protect key exchange using this string option and type a string in the following text box, such as "NO PING", and click Next. Finally, click the Finish button to finish creating when you select Edit Properties.

　　 STEP3: Configuring IP Security Policy

Under the General tab of the "Prohibit Ping Properties" dialog box that opens, click [Add]→[Next]. The default selection [This rule does not specify a tunnel] and click Next; select [All network Connections] to ensure that all computers are not pinging the host, click Next. In the IP Filter list box, select Prohibit Ping, click Next, select Block all connections in the Filter action list box, click Next, and then cancel the Edit Properties option and click Finish to end the configuration.

　 STEP4: Assigning IP Security Policies

After the security policy is created, it does not take effect immediately, and we need to make it work by assigning it. Right-click the Prohibit Ping host policy on the right side of the Local Security Settings dialog box to enable the policy by executing the Assign command.

At this point, the host already has the ability to reject any other machine to ping its own IP address, but the local ping itself is still connected. And after this setup, all users including the administrator themselves to ping the host's IP address on other machines can be difficult. Limited to the technical level, the author temporarily unable to provide the IP security policy under the User Rights Division, I hope that the relevant experience of friends to add corrections.