Restricting Intranet/Internet Access w/ MS Proxy 2.0
Posted on 1998-07-02
We are implementing a Microsoft Proxy 2.0 array on our network as the Web Proxy Solution.
Our policy for internet/intranet access is, everyone can have intranet access, but only authorised people can use the internet.
All our workstations are Windows NT 4 workstation, and our only browser is IE 4.01.
All users must use a Proxy Server, because they are spread across 18 sites connected via WAN links, each with a proxy server, which is in a Microsoft Proxy Array.
With Microsoft Proxy 2.0 Permissions enabled on the Web Proxy, the levels of access are only Full (ie. Intranet AND internet) or None (as in No Access :).
This isn't a solution for us.
I must be able to allow all users to use the proxy server, but only members of a specific group 'Internet Users', access to the Internet.
I don't want to use any system which controls access based on IP address.
If a user gets authorisation to use the Internet, I put them in the Group, and they login again and have Internet Access, on whatever machine they use in the whole network.
I have tried enforcing IE 4.01 restrictions which will stop users not in the 'Internet Users' group accessing the IE zone 'Internet Zone', but with IEAK you cannot totally diable access to a zone, just disable most 'Active' components of that zone.
Can anyone help?
Hope the question isn't too complex, if so, please ask for a clarification.