Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: Windows 9.x policies?

Windows 9.x policies? 12 years 9 months ago #2811

  • Kn1ght
  • Kn1ght's Avatar
  • Offline
  • Distinguished Member
  • Posts: 163
  • Karma: 0
Anyone know anything about Windows 9.x? Not sure the details of it. We are trying to take some Windows 98 machines and make them so the internet doesn't work on them yet still give them network capitilities. My boss said to look that up. Any info anyone knows would be helpful.
Thanks
The administrator has disabled public write access.

Re: Windows 9.x policies? 12 years 9 months ago #2814

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
When you say you want to disable the internet do you mean disable websurfing or the net as a whole ? I assume when you say give them network capabilities you want them to still be able to access file shares etc right ?

Hmm well its been a while, but if you unbind TCP/IP from the adapter but leave NetBEUI and File & Printer sharing in, then F&P sharing should start using NetBEUI to communicate.. however this is non routable. (NetBEUI cannot leave its subnet)
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.

Re: Windows 9.x policies? 12 years 9 months ago #2819

  • tfs
  • tfs's Avatar
  • Offline
  • Expert Member
  • Posts: 521
  • Karma: 0
You could also delete your gateway from the Network settings, as well as DNS entries.
Thanks,

Tom
The administrator has disabled public write access.

Re: Windows 9.x policies? 12 years 9 months ago #2821

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
Yep that would also be an option.. once again you'd only get intra-subnet communication. What you could do would be give them their gateway, but ACL off their internet access at the border router.. this will be easier if they're all in one subnet...

supposing their ip range is 10.0.0.0-255

access-list 10 deny ip 10.0.0.0 0.0.0.255 any log

slap it on the appropriate interface and check the logs for any evil-doers.. smoke them out of their holes.

The advantage here is that its a more secure solution than the last two. For example supposing those users need to be local administrators on their machines.. they could very easily get around tfs and my earlier solutions by
1. Binding TCP/IP
2. Setting the default gateway

Here however, they have no control over the router.. so the only thing they can do is grumble about how evil their network admin is.

Of course this is not a win9x solution as you'd asked.. but it is more flexible.. look at the benefits :
1. Single point of administration, you don't have to configure 254 individual machines
2. Scalable solution.. its really easy to add other blocked subnets
3. IP connectivity still available for them to access internal FTP / HTTP servers
4. They are still routed around all the internal subnets
5. I like this solution :)

Anyone see any flaws in this approach ?
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.

Re: Windows 9.x policies? 12 years 9 months ago #2822

  • Chris
  • Chris's Avatar
  • Offline
  • Administrator
  • Posts: 1446
  • Thank you received: 13
  • Karma: 8
Sahir's proposal sounds like what I would do. Of course, in every network, you would normaly have a firewall as your gateway and I'm not talking about a router, but a Linux or Windows firewall (I'd personally prefer the first option).

With such a firewall, you simply apply the rules at the gateway/firewall level and your ready to earn some enemies in your office!

Of course, in the case your router is the only piece of equipment between your lan and your ISP, then you would apply the suggested rules to it, blocking the hosts you want.
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
The administrator has disabled public write access.

Re: Windows 9.x policies? 12 years 9 months ago #2824

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
Chris is right, it would make much more sense to deal with something like this on a dedicated firewall rather than making that poor router do extra work.

There's nothing more fun than swatting down peoples packets.. its almost like the government offices here.. you go to get something stamped.. if they like how you look, they'll stamp it.. otherwise.. wham ;).

Never make a network admin your enemy hehe..

My favourite humour... the Bastard Operator From Hell
members.iinet.net.au/~bofh/bofh/bofh1.html

I have the whole archive somewhere on CD.. good fun :)
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.091 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup