Restricting access to server by IP

[imunro01]

Is there a way of restricting access to either an individual windows share, or the entire server to only a certain IP range.

Using subnetting doesn't seem to be possible, as the server is on the 192.168.3 range, and we wish to allow access to only the 192.168.3 aqnd 192.168.4 ranges, excuding the 192.168.0,1,2,5,6,7 and 8 ranges.

Cheers

[pantscat]

If your switches support them, you could do this using Access Control Lists (ACLs).

[bio]

Found this for you :

If you dont have control over a router or firewall you can block IP's at the server via Windows 2003.

Click 'Start' > 'Run' >type 'MMC' press ok.
In the console click > 'File' > 'Add/Remove Snap in'
In the 'Standalone Tab' click The 'add' button
Select 'IP Security Policy Managment' > 'ADD' > 'Local Computer' > 'finish' > 'close' > 'ok'
You should now be back to the console.
In the left frame right click 'IP security policies on local computer' > 'Create IP security policy'
Click Next and then name your policy 'Block IP' and type a description.
Click 'Next' then leave 'activate' ticked then click 'Next'
leave the 'edit properties ticked and click 'Finish'
You should now have the properties window open.
Click 'ADD' then click 'Next' to continue.
Leave 'This rule does not specify a tunnel' selected and click 'next'
Leave 'all network connections' selected and click 'next'
You should now be on the IP filter list. You need to create a new filter, so dont select any of the default ones. Click 'ADD'
Type a Name for your list, call it 'IP block list'
Type a description in, can be same as name.
Click 'ADD' then click 'Next' to continue.
In the description box type a description. As its the first IP you are blocking call it 'IP1' or 'IP Range 1'
Leave ticked the 'Mirrored. Match packets with the exact opposite source and destination addresses'
Click 'Next'
The 'Source address' should be left as 'My IP address' click 'Next'
You can now select 'A Specific IP address' or 'A Specific Subnet' for the Destination address.
Type in the IP address you want to block and if blocking a subnet type in the subnet block. Click 'next'
Leave the protocol type as 'Any' and click 'Next' and then 'Finish'
You have now blocked your first IP or IP range.

Otherwise upgrade to windows 2008 or use ACL on your router/switch

bio..