My CNC control doesn't work with windows updates on or virus software in
place... Somebody (I think "the kid" but maybe me) accidentally turned the
updates on and it crashed the control. Its too easy to do - the damn thing
Is there a way to permanently disable virus and update requests on windows
This is my follow up question. I pulled the three CNC machines off my LAN
for now. Is there some way to connect my CNC machines to the office computer
so i can download Gcode and backup machine setup but do nothing else and let
nothing from the outside in? Note: The office computer is internet
Today, I have a DSL modem, then router, then a peer to peer LAN through out
I'm not a network guru, but here are a couple of suggestions:
The simplest way would probably be to set up the firewall in your
router to block all communication between the IP addresses of your CNC
machines and the WAN (internet).
Another way would be to pop another network card into your office
computer and use that for your shop network. By default it should not
bridge packets between the two networks. If it's a higher end machine,
it might even have two network cards already (all three of my office
machines do, the later ones it's all on the motherboard).
The router should have MAC address filtering. That is, you should be
able to put the ethernet hardware addresses of the computers you don't
want accessing the Internet in the router configuration. That will allow
those computers to participate on the local network while not having
access to the WAN (Internet).
If your router doesn't have such filtering capabilities, suggest get a
better one. All the Linksys Cable/DSL routers I've set up have that
Run the free version of ZoneAlarm on the CNC machines and all 3,
prohibit all IP addresses except from the office PC.
ZoneAlarm will ask the first time but check the "Always do this" and
the absolute simplest, and most secure approach is to use an "air gap" -
plug the machines into your network to do what you need, then disconnect
them again. the simplest way is to get a $10 hub, connect the machines to
the hub, bring a single wire from the hub to your router and plug it in when
you need to, then disconnect when done. ** Posted from
OK, I went there and read about a bunch of stuff I don't understand. its
talking about unbinding services on NT4. Sounds a bit dated to me. Is this
right? My first impression is this is a really good way to hose everything.
You need to find the MAC addresses of the network cards in the computers
you want to set up filtering for. To do that in Windows, open a command
prompt and enter the command "ipconfig /all". The MAC address is listed
as "Physical Address" in the output. It'll look like this but have a
Physical Address. . . . . . . . . : 00-10-5A-1B-C0-02
Every network card has a different MAC address, like a finger print, no
two are the same.
Write down the MAC address(es) minus the hyphens, just the letters and
Now log into your routers web based configuration and go to the advanced
settings. The MAC address filtering will be set up there. It may be
under a security tab depending on the router. Go to it and enter each MAC
address you want to filter in the list, then click apply.
If you've never logged into your routers web based configuration,
consult the documentation for the router on how to do it. It's not
difficult and the first thing you should do is change the default
password, then add the MAC address filtering and leave every other
On Sun, 29 Jun 2008 17:26:19 -0500, with neither quill nor qualm,
"Karl Townsend" quickly quoth:
RTFcheatsheet, Karl. Didn't it come with a poster-sized Routers for
Dummies installation sheet? ;)
Try the Knowledge Base at Micro$oft:
(If it's still
being given away.)
Such is the irresistible nature of truth that all it asks, and all it wants,
is the liberty of appearing. -- Thomas Paine
I just use Shields Up (one of the tabs) to check common ports, it will tell you
if they are accessible on the internet by bad guys. Nothing is installed or
changed. Your router's firewall will protect your systems from all but a
determined targeted non-random attack by experts with a lot of time and
sophistication. Any Gov. agencies after you?
Umm ... cut off "the kid"s hands so he can't type or work the
Remove windows and install some other OS?
Personally, I would *never* let a Windows box being used as a
machine control gain access to the net. *Period*. There is no reason
that it should, and plenty of reasons why it should not. And as long as
it can't get out, you don't have to worry about updates. And if systems
on the outside can't get in, you don't have to worry about virus updates
And -- you'll probably have to clean the disk and reinstall to
get rid of your problems. (At least you aren't stuck with "Windows
Genuine Advantage" wanting to talk to home after every loose screw gets
tightened as you would be with Vista. :-)
If you *have* to have it on an internal net, keep a separate
firewall machine which is told to prevent allowing that machine to
contact the outside for updates or anything else.
Do you have an empty slot in the office machine? Install an
extra ethernet card, and direct connect it to the CNC machines through a
stand-alone hub. Make sure you resist any attempts of the office
machine to get you to allow it to route between networks, which would
defeat what you want to do.
Break the lan with the extra ethernet card in the office
machine, and allow connections to the CNC machines only through that
ethernet port. I could tell you how to set it up on unix boxen, you'll
have to get it from someone else for Windows -- especially how to keep
it from routing between the two nets. I'll bet that Windows will want
to do the routing by default, and you'll have to fight it to keep it
from doing that.