Blocking incoming/outgoing except MS Updates?

  1. Posts : 417
    Windows 10 1803

    Blocking incoming/outgoing except MS Updates?

    I have a rig that I use for backups of all my devices, a desktop running windows 10. What is A way, or the best way, to limit its connectivity to the LAN, and to MS Updates, and effectively block everything else? searching around the web, I see a number of similar queries, but not good answers.

    perhaps I better do it through the router? in this case netgear R7000. the 'server' has static ip...
      My Computer

  2. Posts : 6,971
    windows 10

    A simple way is to remove the default gateway from the network setting then nothing can get out then use then use the router CMD to give a route to ms updates only
      My Computer

  3. Posts : 794
    Microsoft Windows 10 Pro 64-bit

    You can do this but first you will have to find out the correct URL's for Windows update that you need to add to your HOSTS file. Once you do the changes below you will not have any connectivity except for the changes you make in the HOSTS file.

    I did this on a Win 7 machine but all versions of Windows should behave the same way, I had to use another OS so I could write this to the forum.

    In My example I only want my computer to connect to so once I found the IP I did this.

    Open your network adapters and set a static IP with all the correct settings for your subnet.

    In my case it looks like this:
    Blocking incoming/outgoing except MS Updates?-ipv4.jpg

    and set the DNS server to leave the secondary empty.

    Now open your HOSTS file usually located at C:\Windows\System32\drivers\etc\ (I use notepad++ It just works without a fuss)

    My edited HOSTS file (I added at the bottom)

    # Copyright (c) 1993-2009 Microsoft Corp.
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    # For example:
    #          # source server
    #              # x client host
    # localhost name resolution is handled within DNS itself.
    #       localhost
    #    ::1             localhost
    I had to do a bit command line foo to get the IP of before I made the changes to the network adapter using the command nslookup
    Server:  pi10
    Non-authoritative answer:
    Addresses:  2606:2800:220:1:248:1893:25c8:1946
    After making the above changes you will have to run the command below to flush out you cached DNS entries or it will take awhile for the changes to work
    ipconfig /flushdns
    I do not know what URL Microsoft update uses you will have to figure that out yourself DNSQuerySniffer v1.65 from NirSoft may help you with that or the netstat command.

    Just be aware that this is by no means a secure way to lock down a computer, but for a home user with a computer that friends or family do not tinker with it will be fairly safe.

    Also be aware that Microsoft has probably many thousands of update servers and at anytime the IP you pick may go down unexpectedly.
    Last edited by Digital Life; 02 Jan 2018 at 18:27.
      My Computer

  4. Posts : 794
    Microsoft Windows 10 Pro 64-bit

    You may be in for a bigger job than you think, I went threw my DNS server logs for the last 4 or 5 months and found what I think might be related to Windows update

    Code:  ## URL's like these can grow into the  ## millions if they want  ## End of millions
      My Computer


  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd
All times are GMT -5. The time now is 02:49.
Find Us

Windows 10 Forums