Now buy a friend of the server will find that a little new point of the hard drive has not supported the WIN2003 system, mainly to drive people do not give you, coupled with Microsoft's 2003 security also does not provide support, it will be difficult to have patches. Recommended that you use the 2008 R2 system, for the 32G/64G server, running 2003 really very wasteful.
The following cloud Habitat Community Small series for everyone to share a specific method, and finally a good thing to provide:
First, open Local security policy
1, the "Start"-"Run" input "Secpol.msc" Enter the "Local Security Policy" page opens, see Figure 1.
Figure 1
Second, manage IP filter list
1, as Figure 1, right click on "IP Security Policy, on the local computer", select "Manage IP filter list and filter action (M) ...", pop-up as shown in Figure 2, "Manage IP Filter List" Settings page. Click "Add (D) ..."
Figure 2
2, enter the corresponding name and description click "Add (A) ..." (Figure 3), then continue to click "Next (N) >" (Figure 4, Figure 5)
Figure 3
Figure 4
Figure 5
3, then to the "IP Traffic Source" page, at the source address (S): "Select a specific IP address or subnet", will need to block the IP to add in (here set the blocked IP for 10.0.32.21). Then continue clicking "Next (N) >" (Figure 6)
Figure 6
4, next specify the target address, in the "Destination Address (D):" Select "My IP Address", and then continue to click "Next (N) >" (Figure 7)
Figure 7
5, then to select the IP protocol Type page, because it is blocked all access, so in the "Select the Protocol type (S):" Select "Any" (Figure 8), click "Next (N) >" Again, to the "Finish" page (Figure 9, Figure 10)
Figure 8
Figure 9
Figure 10
Iii. Managing filter actions
1, in Figure 2 interface, select the "Manage Filter Action" tab page for the filter action, and then select "Add (D) ...", and then press the wizard to click "Next (N) >" (Figure 11, 12)
Figure 11
Figure 12
2. Next, enter a name and description for the filter, then click Next (N) > (Figure 13)
Figure 13
3, then to the filter action options, select "Block (L)", continue to click "Next (N) >", until the "completion" status, (Figure 14, 15, 16)
Figure 14
Figure 15
Figure 16
Iv. Creating IP Security Policies
1, as shown in Figure 17, on the Local Security Policy page, right click on "IP Security Policy, on the local computer", select "Create IP Security Policy (C) ..." To start creating an IP Security policy. (Figure 17, 18)
Figure 17
Figure 18
2. Next, set the corresponding "name" and "description" in the IP Security Policy Name Settings page (Figure 19), then click on "Next (N) >" (Figure 19, 20) until finished (Figure 21) to edit IP Security policy after selecting Edit property (P)
Figure 19
Figure 20
Figure 21
3. On the IP Security Control Policy Properties page (Figure 22), select "Add (D) ..." and click "Next (N) >" (Figure 23)
Figure 22
Figure 23
4, on the "Tunnel endpoint" page Select "This rule does not specify a tunnel (T)", click "Next (N) >" (Figure 24)
Figure 24
5, Next on the Network Type page, select all network Connections (C), and then click Next (N) > (Figure 25)
Figure 25
6, then to the IP Filter List Selection page, select the previously created IP filter name "Filter fundtest Server IP", and then click "Next (N) >" (Figure 26)
Figure 26
7. Select the "Deny" filter that you created prior to the filter action page, and then click Next (N) > until complete (Figure 27, 28)
Figure 27
Figure 28
8, finally in the IP Security Control Policy property Page "rules"-"IP Security Rules", select the rules set above (Figure 29), and then "OK" completed.
Figure 29
V. Allocation strategy
On the Local Security Policy page, right-click the IP control policy you created above and select Assign (A). (Figure 30)
Figure 30
It's done! (Figure 31)
Figure 31
Finish!!!
The following cloud Habitat Community Small series continues to share some knowledge:
Need to accept the
Source Address |
Destination Address |
Protocol (Port) |
My IP Address |
Any IP address |
UDP (53) |
Any IP address |
My IP Address |
UDP (53) |
The following are ports that need to be blocked: including databases, etc.
Source Address (Any IP disciple) destination address (my IP disciple)
Agreement |
Port |
Tcp |
3095 |
Tcp |
3096 |
Tcp |
3097 |
Tcp |
1025 |
Tcp |
135 |
Tcp |
139 |
Tcp |
3001 |
Tcp |
3002 |
Tcp |
3003 |
Tcp |
445 |
Udp |
Any |
Tcp |
88 |
Tcp |
389 |
Tcp |
464 |
Tcp |
593 |
Tcp |
636 |
Tcp |
1720 |
Tcp |
1433 |
Tcp |
3306 |
Udp |
123 |
Tcp |
4899 |
Udp |
4899 |
If one input is more tired ah, here is a small series of cloud-dwelling community has been organized for everyone:
win2008 Security Policy Download address
IP Security Policy Import method:
Start > Run > Gpedit.msc
Computer Configuration > Windows Settings > Security Settings > IP Security Policy > Right key > All Tasks > Import Policy
An assignment is required to enable it after import.
Well, basically it's OK, others can refer to the home of some articles.