Ok, i'm going to tell you guys how to block all off campus computers from accessing your network shares on your windows 2000 box, while still allowing isu computers to access it. And still allowing you to access shares that are on computers off campus. First open up control panel -> administrative tools -> local security policies Now you should have a screen that has a tab at the right called "IP Security Policies on Local Machine" Click it. Now in the right pain you should see the following Client (Respond Only) Secure Server (Required Security) Server (Request Security) Right click in that pain and select Create IP Security Policy Click next when the wizard pops up In the next window type this for the Name: ISU SMB Traffic only! Click next. Uncheck the checkbox for "activate the default response rule" Click next. Leave the checkbox checked for "Edit properties" Click finish. Now we set up the Authentication rules. For the first Filter List Click Add Click the "IP Filter List" tab at the top of the new window. click Add For the name type "ISU SMB Traffic" Make sure the "use add wizard" checkbox is checked Click add Click next when the wizard pops up. Select "A specific IP Subnet" For the IP Address type: 129.186.0.0 For the Subnet mask type: 255.255.0.0 Click Next. Select "My IP Address" and click next Select "TCP" for the protocol. Click next. Leave "From any port" checked. Check "To this port:" and type 137 into the box. Click next. Click Finish. Repeat and add rules for TCP ports 137 138 139 and 445 Now for another rule. Make sure the "use add wizard" checkbox is checked Click add Click next when the wizard pops up. Select "A specific IP Subnet" For the IP Address type: 129.186.0.0 For the Subnet mask type: 255.255.0.0 Click Next. Select "My IP Address" and click next Select "UDP" for the protocol. Click next. Leave "From any port" checked. Check "To this port:" and type 137 into the box. Click next. Click Finish. Repeat and add rules for UDP ports 137 138 139 and 445 Click Close Select the Filter you just created. "ISU SMB Traffic" Now click the "Filter Action" tab at the top Select the "Permit" radio button Now click the "Connection Type" tab at the top Select "Local area network (LAN)" Click Close Now for the second Filter List. Click Add Click the "IP Filter List" tab at the top of the new window. click Add For the name type "NON-ISU SMB Traffic" Make sure the "use add wizard" checkbox is checked For the first rule Click add Click next when the wizard pops up. Select "Any IP Address" and click next Select "My IP Address" Click Next. Select "TCP" for the protocol. Click next. Leave "From any port" checked. Check "To this port:" and type 137 into the box. Click next. Click Finish. Repeat and add rules for TCP ports 137 138 139 and 445 Now for another rule. Make sure the "use add wizard" checkbox is checked Click add Click next when the wizard pops up. Select "Any IP Address" and click next Select "My IP Address" Click Next. Select "UCP" for the protocol. Click next. Leave "From any port" checked. Check "To this port:" and type 137 into the box. Click next. Click Finish. Repeat and add rules for UDP ports 137 138 139 and 445 Click Close Select the Filter you just created. "NON-ISU SMB Traffic" Now click the "Filter Action" tab at the top Click Add Click next when the wizard pops up For the name type "Deny" Check "Block" Click Next Click Finish Select the "Deny" radio button that you just created Now click the "Connection Type" tab at the top Select "Local area network (LAN)" Click Close Click Close Now we are back in the original right pain of the "Local Security Settings" window. Right click on the Security policy you just created "ISU SMB Traffic Only!" Select "assign" Congratulations you just blocked any computer that isn't from isu from accessing your shares. Even better, you can still access computers that are off campus. If you want to be able to access your shares from a computer off campus you still can but you have to enable access for that computer first. But, seeing as this is getting damn long,,,and i'm getting tired of typing,,,I'm not going to explain that in here. Contact me if you need to know, or if you need help or for any other reason. -4T2 4T2@quake-n-bake.com