Solved

Deny Internet access in Terminal Server

Posted on 2003-11-08
13
536 Views
Last Modified: 2012-05-04
Hello, I have a WIndows 2000 Terminal Server with 25 users, I need to deny some users to surf Internet, but other users need to surf, how can I do this without ISA server? Is it posible to do with group policies?

Thankyou QRT
0
Comment
Question by:qrt
13 Comments
 
LVL 11

Accepted Solution

by:
Quetzal earned 168 total points
ID: 9707056
To reliably block Intenet access you really need a proxy server of some sort or router filter policies.  I'll also suggest a simplistic scheme that may stop the average TS user.

1. Proxy server.  Don't forget that there are alternative to ISA (a fine but somewhat complicated product).  Many are quite inexpensive and require a workstation-type box to run.

2. Router filter policies.  If you have access to router and users you want to block (or allow) are at specific computers, then you can create filter policies to enable or disable http traffic to/from these devices.

3. Here's a trick.  Create a group and add users who are allowed to surf Internet.  Locate iexplore.exe (usually found in Program Files\Internet Explorer).  Set the file permissions to permit read and execute access to ton the group you created; deny read and execute to everyone else.
0
 
LVL 11

Expert Comment

by:Quetzal
ID: 9707060
ack....can't seem to spell this am:

last sentence in 3 should read: Set the file permissions to permit read and execute access to only the group you created; deny read and execute to everyone else.
0
 
LVL 1

Assisted Solution

by:Jagerhill97
Jagerhill97 earned 166 total points
ID: 9707071
Create a group policy denying access to the IExplorer.exe. Place the users that are not allowed to access the web into this group and apply the policy to the group level. That is the easiest way to do it unless they need access to intranet sites.
0
Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

 
LVL 11

Expert Comment

by:Quetzal
ID: 9707244
Be careful with group policies at the domain level...they may have a bigger impact than you intended.  My point #3 suggests applying permissions at the local machine at the NTFS level.  This method specifically denies access on that server.

Jagerhill's suggestion is perfectly correct (and some may say the "proper" way to do this).  However imho group policies can be tricky.
0
 
LVL 1

Assisted Solution

by:nurho83
nurho83 earned 166 total points
ID: 9708735
A sneaky little way I've found of doing this is to create a separate OU for the users that you don't want to have access.  I then configured their connection settings through a group policy that set their proxy server to IP address 0.0.0.0 port 0.  Worked for me but YMMV.

Jon Lewis
0
 
LVL 11

Expert Comment

by:Quetzal
ID: 9708748
nurho83, how cool...neat trick
0
 
LVL 11

Expert Comment

by:Quetzal
ID: 9901548
I think that the experts did provide useful answers.
0
 
LVL 11

Expert Comment

by:Quetzal
ID: 10045391
split the points
0
 
LVL 6

Expert Comment

by:phoenixfire425
ID: 21847603
I found a better method.
if you want to block access to the internet explorer program then just navigate to the IExplorer Director and find the iexplorer.exe and then set the premissions to deny access.

0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This article shows the steps required to install WordPress on Azure. Web Apps, Mobile Apps, API Apps, or Functions, in Azure all these run in an App Service plan. WordPress is no exception and requires an App Service Plan and Database to install
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question