Restricting Access to NetShow Server

You can control client and server connections to NetShow Server and the Real-Time Encoder based on the IP addresses of the clients or servers attempting to connect. Access is controlled by creating a list of addresses in the Windows NT registry. By default, all connections are allowed.

You can use masks to specify a range of addresses. If you specify an invalid mask, the mask is ignored. Like an IP address, the mask is a 32-bit value. To set a range of addresses, each bit in the mask is compared to the bits in the IP address. Where the value in the mask is 1, the corresponding bit in the address is included in the list. Where the value in the mask is 0, any value is acceptable. For example, in decimal notation, if the IP address in the list is 134.123.123.20 and the mask is 255.255.255.0, all IP addresses from 134.123.123.0 to 134.123.123.255 are included in the list. If the mask is 255.255.255.128, all IP addresses from 134.123.123.0 to 134.123.123.127 are included in the list.

The path to the access control registry keys is:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetShow\AccessLists.

The following registry keys control access.

Registry Key Description

DisallowUnicastClients Client computers using the IP addresses in this list are not allowed to connect to NetShow Server to receive unicasts. If an address is included in both the disallow and allow lists, the connection is not allowed.

AllowUnicastClients Client computers using the IP addresses in this list are allowed to connect to NetShow Server to receive unicasts. If there are no addresses in the list, any client can connect unless the client's address is in the DisallowUnicastClients list.

DisallowDistribution Server computers using IP addresses in this list are not allowed to connect to NetShow Server or to the Real-Time Encoder. Client computers using IP addresses in this list are not allowed to connect to the Real-Time Encoder or to connect to NetShow Server to receive a distribution stream.

AllowDistribution Server computers using IP addresses in this list are allowed to connect to NetShow Server or to the Real-Time Encoder. Client computers using IP addresses in this list are allowed to connect to the Real-Time Encoder and allowed to connect to NetShow Server to receive a distribution stream. If there are no addresses in the list, any computer can connect unless its address is in the DisallowDistribution list.

To work with the access control registry keys, you must start the Windows NT Registry Editor and then navigate to the key whose list you want to change.

To start Registry Editor and navigate to an access control list registry key

On the Start menu, click Run.
The Run dialog box is displayed.
In the Open box, type regedit and then click OK.
Registry Editor starts.
In Registry Editor, use the tree view to navigate through the following path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NetShow\AccessLists
To work with one of the access control lists, click the appropriate registry key:
- DisallowUnicastClients
- AllowUnicastClients
- DisallowDistribution
- AllowDistribution

After you have started Registry Editor and navigated to the appropriate key, you can add values to it.

To add an IP address to an access control list registry key

On the Edit menu, point to New and click String Value.
Type the value of the IP address you want to add to the list in the Name column, and press Enter.

After you have added an IP address to an access control list registry key, you can add a mask to it to specify a range of addresses.

To add a mask for an IP address

In the Name column, click the IP address.
On the Edit menu, click Modify.
The Edit String dialog box is displayed.
In the Value Data box, type the value for the mask and click OK.
The value for the mask is added to the Data column.

After you have added an IP address to an access control list registry key, you can change it.

To change an IP address

In the Name column, click the IP address.
On the Edit menu, click Rename.
Edit the value in the Name column, and press Enter.

You can remove IP addresses from an access control list registry key.

To remove an IP address

In the Name column, click the IP address.
On the Edit menu, click Delete.
In the Confirm Value Delete dialog box, click Yes.

Registry Key	Description
DisallowUnicastClients	Client computers using the IP addresses in this list are not allowed to connect to NetShow Server to receive unicasts. If an address is included in both the disallow and allow lists, the connection is not allowed.
AllowUnicastClients	Client computers using the IP addresses in this list are allowed to connect to NetShow Server to receive unicasts. If there are no addresses in the list, any client can connect unless the client's address is in the DisallowUnicastClients list.
DisallowDistribution	Server computers using IP addresses in this list are not allowed to connect to NetShow Server or to the Real-Time Encoder. Client computers using IP addresses in this list are not allowed to connect to the Real-Time Encoder or to connect to NetShow Server to receive a distribution stream.
AllowDistribution	Server computers using IP addresses in this list are allowed to connect to NetShow Server or to the Real-Time Encoder. Client computers using IP addresses in this list are allowed to connect to the Real-Time Encoder and allowed to connect to NetShow Server to receive a distribution stream. If there are no addresses in the list, any computer can connect unless its address is in the DisallowDistribution list.