Primary Method for Preventing All External Access Apart From Approved Services on 2008R2
Primary Method for Preventing All External Access Apart From Approved Services on 2008R2
Hey there! I've set up a lab with four DCs and several servers and VMs. Three of the four are from 2016 or 2019, but I still use an older 2008R2 machine. I don’t want it exposed to the internet because it’s end-of-life and no updates are coming. I really prefer the 2008R2 and plan to keep it running until Microsoft stops supporting it completely—my Windows 7 VMs are in the same situation.
I’ve created an AD GPO named “Legacy Windows 7 or Older” to restrict incoming and outgoing port 80 traffic. I’d disable Windows Firewall manually to get updates and install Chrome for internal use only. Are there other ways to implement traffic shaping that would block everything except MSE or Immunity? I’m also considering a free Windows Server antivirus solution. Let me know what you think!