IP Policy Implementation server prohibits Ping_win server

Solving method

Is there any way to get your server to escape the search in the online state? Installing and setting up firewalls is certainly the best way to solve the problem. If you do not have a firewall installed, creating a security policy that prohibits all computers from pinging native IP addresses can achieve the same function. The specific creation process is as follows (for example, in Windows 2003 Server).

Step 1: Add IP filters and filter actions

Click start → admin tools → local security policy. Open the Local Security Settings dialog box, right-click the IP security policy on the Local computer option on the left of the dialog box, and perform the Manage IP filter table and filter actions command; Click Add under the Manage IP Filter List tab of the pop-up dialog box button, name this filter as "No ping", the description language can be ping my hosts on any other computer, click Next, select IP traffic source address as my IP address, click Next, and select IP destination address as any IP address. Click Next, select the IP protocol type as ICMP (ping and tracert command actions are made using the messages in the ICMP protocol), click Next, and then click Finish to Add. Then switch to the Manage Filter Actions tab, click add → next, and the named filter action name is block all connections, the description language can be block all network connections, click Next, select the Block option as the action behavior for this filter, and then click Next. Complete all add operations

Step 2: Create an IP Security policy

Right-click the IP Security policy in the console, on the local computer option, execute the Create security Policy command, and then click Next button; Name the IP Security policy "Prohibit ping host", describe the language as "deny ping to any other computer", and click Next; After activating the default response rule, click Next; in the default Response Rule Authentication Method dialog box, select the use this string to protect key exchange option and type a string (such as "NO Ping") in the text box below, click Next, and then select Edit Properties and click Complete button to finish creating.

Step 3: Configure IP Security Policy

Under the General tab of the "Prohibit Ping Properties" dialog box that opens, click add → next. Select "This rule does not specify a tunnel" and click Next; select "All network Connections" to ensure that all computers are not pinging the host, click Next; in the IP Filter list box, select "No ping", click Next, select Block all connections in the Filter action list box, click Next, Cancel the Edit Properties option, and click Finish to end the match
STEP4: assigning IP Security Policies

After the security policy is created, it does not take effect immediately, and we also need to make it work through the "Assign" feature. You can enable this policy by right-clicking the Prohibit Ping host policy on the right side of the Local Security Settings dialog box and executing the Assign command.

At this point, the host already has the ability to reject any other machine to ping its own IP address, but can still ping yourself locally. After such a setting, all users, including administrators, cannot ping this server on another machine. Limited to the technical level, the author temporarily can not provide the IP security policy to achieve the user Rights Division method, I hope the relevant experience of friends to make corrections. This scenario is also applicable under Windows 2000/XP systems.