Connection Security Authentication Exemptions

Applies To: Windows Server 2008

You can use this rule type to exempt computers or a group or range of IP addresses (computers) from being required to authenticate themselves, regardless of other connection security rules. This rule type is commonly used to grant access to infrastructure computers that this computer must communicate with before authentications can be performed. It is also used for other computers that cannot use the form of authentication you configure for this policy and profile.

Infrastructure computers, such as Active Directory domain controllers, certification authorities (CAs), or DHCP servers, might be allowed to communicate with this computer before authentication can be performed.

To create an authentication exemption rule, you only need to specify the computers or a group or range of IP addresses (computers) and give the rule a name and description (optional).

Exempt Computers

On this wizard page, you add one or more computers or computer groups to the list to exempt them from authentication requirements. Click the Add button to specify computers by IPv4 or IPv6 address, subnet, IP address range, or by using one of the predefined IP addresses: Default Gateway, WINS servers, DHCP servers, DNS servers, or Local Subnet. The Local Subnet is the collection of all computers available to this computer, except for any public IP addresses (interfaces). This includes both local area network (LAN) and wireless addresses.


Although the computers are exempt from authentication, they might still be blocked by the firewall unless a firewall rule is created to allow them to connect.

Additional references

Add or Edit IP Addresses