Windows 10: Blocking incoming/outgoing except MS Updates?

  1.    02 Jan 2018 #1

    Blocking incoming/outgoing except MS Updates?


    I have a rig that I use for backups of all my devices, a desktop running windows 10. What is A way, or the best way, to limit its connectivity to the LAN, and to MS Updates, and effectively block everything else? searching around the web, I see a number of similar queries, but not good answers.

    perhaps I better do it through the router? in this case netgear R7000. the 'server' has static ip...
      My ComputerSystem Spec

  2.    02 Jan 2018 #2

    A simple way is to remove the default gateway from the network setting then nothing can get out then use then use the router CMD to give a route to ms updates only
      My ComputerSystem Spec


  3. Posts : 628
    Microsoft Windows 10 Pro 64-bit
       02 Jan 2018 #3

    You can do this but first you will have to find out the correct URL's for Windows update that you need to add to your HOSTS file. Once you do the changes below you will not have any connectivity except for the changes you make in the HOSTS file.

    I did this on a Win 7 machine but all versions of Windows should behave the same way, I had to use another OS so I could write this to the forum.

    In My example I only want my computer to connect to example.com so once I found the IP I did this.

    Open your network adapters and set a static IP with all the correct settings for your subnet.

    In my case it looks like this:
    Click image for larger version. 

Name:	ipv4.jpg 
Views:	17 
Size:	70.7 KB 
ID:	170596

    and set the DNS server to 127.0.0.1 leave the secondary empty.

    Now open your HOSTS file usually located at C:\Windows\System32\drivers\etc\ (I use notepad++ It just works without a fuss)

    My edited HOSTS file (I added 93.184.216.34 example.com at the bottom)

    Code:
    # Copyright (c) 1993-2009 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    #      102.54.94.97     rhino.acme.com          # source server
    #       38.25.63.10     x.acme.com              # x client host
    
    # localhost name resolution is handled within DNS itself.
    #    127.0.0.1       localhost
    #    ::1             localhost
    
    93.184.216.34 example.com
    I had to do a bit command line foo to get the IP of example.com before I made the changes to the network adapter using the command nslookup example.com
    Code:
    >nslookup  example.com
    Server:  pi10
    Address:  192.168.200.10
    
    Non-authoritative answer:
    Name:    example.com
    Addresses:  2606:2800:220:1:248:1893:25c8:1946
              93.184.216.34
    After making the above changes you will have to run the command below to flush out you cached DNS entries or it will take awhile for the changes to work
    Code:
    ipconfig /flushdns
    I do not know what URL Microsoft update uses you will have to figure that out yourself DNSQuerySniffer v1.65 from NirSoft may help you with that or the netstat command.

    Just be aware that this is by no means a secure way to lock down a computer, but for a home user with a computer that friends or family do not tinker with it will be fairly safe.

    Also be aware that Microsoft has probably many thousands of update servers and at anytime the IP you pick may go down unexpectedly.
    Last edited by sml156; 02 Jan 2018 at 19:27.
      My ComputerSystem Spec


  4. Posts : 628
    Microsoft Windows 10 Pro 64-bit
       02 Jan 2018 #4

    You may be in for a bigger job than you think, I went threw my DNS server logs for the last 4 or 5 months and found what I think might be related to Windows update

    Code:
    000055-1.l.windowsupdate.com
    000092-1.l.windowsupdate.com  ## URL's like these can grow into the 
    000100-1.l.windowsupdate.com  ## millions if they want
    000797-1.l.windowsupdate.com
    000855-1.l.windowsupdate.com
    000e57-1.l.windowsupdate.com
    000eed-1.l.windowsupdate.com
    00108b-1.l.windowsupdate.com
    001194-1.l.windowsupdate.com
    0015fa-1.l.windowsupdate.com
    001a22-1.l.windowsupdate.com
    001a95-1.l.windowsupdate.com
    001d24-1.l.windowsupdate.com
    001d8d-1.l.windowsupdate.com
    001de9-1.l.windowsupdate.com
    00208f-1.l.windowsupdate.com
    0023dc-1.l.windowsupdate.com
    0024ca-1.l.windowsupdate.com
    002545-1.l.windowsupdate.com
    00254c-1.l.windowsupdate.com
    0026a2-1.l.windowsupdate.com  ## End of millions
    
    appexmapsappupdate.blob.core.windows.net
    au.download.windowsupdate.com
    catalog.update.microsoft.com
    ctldl.windowsupdate.com
    definitionupdates.microsoft.com
    download.microsoft.com
    download.windowsupdate.com
    ds.download.windowsupdate.com
    fe2.update.microsoft.com
    sls.update.microsoft.com
    updates.push.services.mozilla.com
    windowsupdate.microsoft.com
    windowsupdate.microsoft.com.local
    www.catalog.update.microsoft.com
      My ComputerSystem Spec


 

Related Threads
I've had an old PC that I've been experimenting with and have been turning into a NAS for my data so I can access it whenever necessary. I currently have the built-in Windows "Incoming Connections" VPN set up, and I've got it working good. But in...
SAMSUNG Laptop : Blocking Window Updates in Installation and Upgrade
I have just learned that Samsung have installed a program that blocks Windows Updates. I am trying to get the Windows 10 upgrade notification and came across an article about this. Can someone assist me with details on how I can unblock this...
I did a clean install of Windows 10 for the 3rd time and somehow allways seem to lock either the windows update or the viual studio 2015 install.update.change program. I suspect it is Free AVG that is the couse bur I can't seem to find any...
Incoming and outgoing setting in Browsers and Email
I hope that some one can point me in the correct direction I need incoming and outgoing server SETTING using windows live mail 2012, with windows 10. I am using windows live mail with my current internet provider, but leaving this provider and will...
How to setup Incoming Connection? in Network and Sharing
I recently upgraded to Win10 and one thing I had in in my Win 7 setup was a VPN in to my pc from work. I was able to setup an Incoming Connection in the Networking section of the control panel and bring up the file menu for a new Incoming Connection...
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 13:28.
Find Us