You could configure an ipsec filtering policy on those servers. Ipsec filter
policies use rules that use permit and block filter actions. Of course this
would only work well if the computers that access it have static IP
addresses. Start with a mirrored block all rule and then add a mirrored
permit rule with the exceptions which would include the IP addresses of the
allowed computers. Ipsec policies do not require reboots, are built into the
operating system, and take effect shortly after assigning. Make sure you
have physical access to the server to assign and test the policy. If you do
it remotely and the policy is misconfigured, you could be blocked from
access [I know from first hand experience] . See the link below for tips on
setting up ipsec policies and info on and how to remove default exemptions
with a registry change.. --- Steve
http://www.securityfocus.com/infocus/1559
http://support.microsoft.com/default.aspx?scid=kb;en-us;811832
"brian.hesseling(at)lsrlaw.lsr"
