By default, all consoles are granted access. Administrators can log on to the main console locally or remotely from any computer on the network.
You can secure a management console from remote connections by denying access to certain computers.
You may want to grant or deny access from the following types of users or computers:
You should deny access to anyone on the Internet. Otherwise, the console is exposed to Internet attacks.
You should deny access to limited administrators who use consoles on a different network than the network they manage.
You should grant access to system administrators and IT administrators.
You should grant access to lab computers, such as a computer that is used for testing.
In addition to globally granting or denying access, you can specify exceptions by IP address. If you grant access to all remote consoles, the management server denies access to the exceptions. Conversely, if you deny access to all remote consoles, you automatically grant access to the exceptions. When you create an exception, the computer that you specified must have a static IP address. You can also create an exception for a group of computers by specifying a subnet mask. For example, you may want to grant access in all areas that you manage. However, you may want to deny access to a console that is located in a public area.
To grant or deny access to a remote console
In the console, click Admin, and then click Servers.
Under Servers, select the server for which you want to change the remote console access permission.
Under Tasks, click Edit the server properties.
On the General tab, click Granted Access or Denied Access.
If you want to specify IP addresses of the computers that are exempt from this console access permission, click Add.
Computers that you add become exceptions. If you click Granted Access, the computers that you specify are denied access. If you click Denied Access, the computers that you specify are granted access. You can create an exception for a single computer or a group of computers.
In the Deny Console Access dialog box, click one of the following options:
For one computer, type the IP address.
Group of Computers
For several computers, type both the IP address and the subnet mask for the group.
The computers now appear in the exceptions list. For each IP address and mask, its permission status appears.
If you change Granted Access to Denied Access or vice versa, all exceptions change as well. If you have created exceptions to deny access, they now have access.
Click Edit All to change the IP addresses or host names of those computers that appear on the exceptions list.
The IP Address Editor appears. The IP Address Editor is a text editor that lets you edit IP addresses and subnet masks.
When you finish adding exceptions to the list or editing the list, click OK.