Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Deny Internet access in Terminal Server

Posted on 2003-11-08
13
Medium Priority
?
541 Views
Last Modified: 2012-05-04
Hello, I have a WIndows 2000 Terminal Server with 25 users, I need to deny some users to surf Internet, but other users need to surf, how can I do this without ISA server? Is it posible to do with group policies?

Thankyou QRT
0
Comment
Question by:qrt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
13 Comments
 
LVL 11

Accepted Solution

by:
Quetzal earned 672 total points
ID: 9707056
To reliably block Intenet access you really need a proxy server of some sort or router filter policies.  I'll also suggest a simplistic scheme that may stop the average TS user.

1. Proxy server.  Don't forget that there are alternative to ISA (a fine but somewhat complicated product).  Many are quite inexpensive and require a workstation-type box to run.

2. Router filter policies.  If you have access to router and users you want to block (or allow) are at specific computers, then you can create filter policies to enable or disable http traffic to/from these devices.

3. Here's a trick.  Create a group and add users who are allowed to surf Internet.  Locate iexplore.exe (usually found in Program Files\Internet Explorer).  Set the file permissions to permit read and execute access to ton the group you created; deny read and execute to everyone else.
0
 
LVL 11

Expert Comment

by:Quetzal
ID: 9707060
ack....can't seem to spell this am:

last sentence in 3 should read: Set the file permissions to permit read and execute access to only the group you created; deny read and execute to everyone else.
0
 
LVL 1

Assisted Solution

by:Jagerhill97
Jagerhill97 earned 664 total points
ID: 9707071
Create a group policy denying access to the IExplorer.exe. Place the users that are not allowed to access the web into this group and apply the policy to the group level. That is the easiest way to do it unless they need access to intranet sites.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 11

Expert Comment

by:Quetzal
ID: 9707244
Be careful with group policies at the domain level...they may have a bigger impact than you intended.  My point #3 suggests applying permissions at the local machine at the NTFS level.  This method specifically denies access on that server.

Jagerhill's suggestion is perfectly correct (and some may say the "proper" way to do this).  However imho group policies can be tricky.
0
 
LVL 1

Assisted Solution

by:nurho83
nurho83 earned 664 total points
ID: 9708735
A sneaky little way I've found of doing this is to create a separate OU for the users that you don't want to have access.  I then configured their connection settings through a group policy that set their proxy server to IP address 0.0.0.0 port 0.  Worked for me but YMMV.

Jon Lewis
0
 
LVL 11

Expert Comment

by:Quetzal
ID: 9708748
nurho83, how cool...neat trick
0
 
LVL 11

Expert Comment

by:Quetzal
ID: 9901548
I think that the experts did provide useful answers.
0
 
LVL 11

Expert Comment

by:Quetzal
ID: 10045391
split the points
0
 
LVL 6

Expert Comment

by:phoenixfire425
ID: 21847603
I found a better method.
if you want to block access to the internet explorer program then just navigate to the IExplorer Director and find the iexplorer.exe and then set the premissions to deny access.

0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Instead of error trapping or hard-coding for non-updateable fields when using QODBC, let VBA automatically disable them when forms open. This way, users can view but not change the data. Part 1 explained how to use schema tables to do this. Part 2 h…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question