The tdatDeniedIP attribute defines a filter, and requires two values, an IP address and a mask. The tdatDeniedIP is similar to a deny element in an IP XML document. If the IP address of the incoming session, when ANDed with the mask, matches the IP address in the attribute ANDed with the mask, the filter denies access to the incoming IP address.
To specify IP addresses and masks, see the topics beginning with About IP Filters.