Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.
block domain access via firewall
Name: carl parker Date: May 11, 2005 at 09:14:28 Pacific OS: 2000/2003 CPU/Ram: 2ghz/1gb
Comment:
I want to know if there is a way I can join a domain and then effectively block all access from the domain to my pc via firewall. I know that I also need to remove the domain accounts from my local machine but what ports do I need to block as well?
Name: jimminy Date: May 11, 2005 at 10:31:41 Pacific
Reply:
Good firewall policy is to block everything by default. Then, allow traffic only on necessary ports. This should effectively block domain traffic.
If you want to selectively block only the ports used by Active Directory - which you shouldn't, becuase it is bad firewall policy - block ports 88 445 and 135. This should break your ability to authenticate to the domain. Depending on what you mean by "all access" you may need to block other ports as well. But you will have already done that becuase you are implememting good firewall policies. Right?
0
Response Number 2
Name: ooglenz1 Date: May 13, 2005 at 07:58:10 Pacific
Reply:
how can remove domain accounts locally?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
there are domain accounts so NOT local accounts
0
Response Number 3
Name: jimminy Date: May 13, 2005 at 08:01:19 Pacific
Reply:
Maybe he meant local profiles?
0
Response Number 4
Name: Jennifer SUMN Date: May 13, 2005 at 12:15:21 Pacific
Reply:
ooglenze, you may want to post this separate issue in it's own thread, and be a little more specific, as Domain Accounts are created on a DC, and local accounts are created on a client/node/machine. Are you talking about removing User Accounts from a DC?
0
Response Number 5
Name: carl parker Date: May 17, 2005 at 08:18:04 Pacific
Reply:
I just want to physically join the domain but block the ports that allow AD and domain admins access to manage my PC.
0
Response Number 6
Name: jimminy Date: May 17, 2005 at 09:19:54 Pacific
Reply:
What do you mean by "physically join the domain?" And what specific management capabilities do you want to block?
0
Response Number 7
Name: carl parker Date: June 15, 2005 at 07:36:41 Pacific
Reply:
I have joined the domain, but I want to keep big brother from watching over me and controlling my workstation.
Summary: Dear All, can anyone help me here??? I am running a network with 170 workstations and 12 servers all running Windows 2000 Server with a domain environment. I have noticed more and more people install...
Summary: I have a Win 2k machine that is behind a firewall. My PDC is not. How can I join the domain? I keep getting a DNS error, this one to be exact. http://www.microsoft.com/windows2000/dns/tshoot/dns_ts...
Summary: I have two WIN2K machines networked via crossover and using ICS. Zone Alarm keeps giving me an alert that it has "blocked internet access to windowsupdate.microsoft.com from your computer". This only ...
0 
