Solved

Deny Internet access in Terminal Server

Posted on 2003-11-08
13
535 Views
Last Modified: 2012-05-04
Hello, I have a WIndows 2000 Terminal Server with 25 users, I need to deny some users to surf Internet, but other users need to surf, how can I do this without ISA server? Is it posible to do with group policies?

Thankyou QRT
0
Comment
Question by:qrt
13 Comments
 
LVL 11

Accepted Solution

by:
Quetzal earned 168 total points
ID: 9707056
To reliably block Intenet access you really need a proxy server of some sort or router filter policies.  I'll also suggest a simplistic scheme that may stop the average TS user.

1. Proxy server.  Don't forget that there are alternative to ISA (a fine but somewhat complicated product).  Many are quite inexpensive and require a workstation-type box to run.

2. Router filter policies.  If you have access to router and users you want to block (or allow) are at specific computers, then you can create filter policies to enable or disable http traffic to/from these devices.

3. Here's a trick.  Create a group and add users who are allowed to surf Internet.  Locate iexplore.exe (usually found in Program Files\Internet Explorer).  Set the file permissions to permit read and execute access to ton the group you created; deny read and execute to everyone else.
0
 
LVL 11

Expert Comment

by:Quetzal
ID: 9707060
ack....can't seem to spell this am:

last sentence in 3 should read: Set the file permissions to permit read and execute access to only the group you created; deny read and execute to everyone else.
0
 
LVL 1

Assisted Solution

by:Jagerhill97
Jagerhill97 earned 166 total points
ID: 9707071
Create a group policy denying access to the IExplorer.exe. Place the users that are not allowed to access the web into this group and apply the policy to the group level. That is the easiest way to do it unless they need access to intranet sites.
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 11

Expert Comment

by:Quetzal
ID: 9707244
Be careful with group policies at the domain level...they may have a bigger impact than you intended.  My point #3 suggests applying permissions at the local machine at the NTFS level.  This method specifically denies access on that server.

Jagerhill's suggestion is perfectly correct (and some may say the "proper" way to do this).  However imho group policies can be tricky.
0
 
LVL 1

Assisted Solution

by:nurho83
nurho83 earned 166 total points
ID: 9708735
A sneaky little way I've found of doing this is to create a separate OU for the users that you don't want to have access.  I then configured their connection settings through a group policy that set their proxy server to IP address 0.0.0.0 port 0.  Worked for me but YMMV.

Jon Lewis
0
 
LVL 11

Expert Comment

by:Quetzal
ID: 9708748
nurho83, how cool...neat trick
0
 
LVL 11

Expert Comment

by:Quetzal
ID: 9901548
I think that the experts did provide useful answers.
0
 
LVL 11

Expert Comment

by:Quetzal
ID: 10045391
split the points
0
 
LVL 6

Expert Comment

by:phoenixfire425
ID: 21847603
I found a better method.
if you want to block access to the internet explorer program then just navigate to the IExplorer Director and find the iexplorer.exe and then set the premissions to deny access.

0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article explains the steps required to use the default Photos screensaver to display branding/corporate images
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question