Solved

Deny Internet access in Terminal Server

Posted on 2003-11-08
13
531 Views
Last Modified: 2012-05-04
Hello, I have a WIndows 2000 Terminal Server with 25 users, I need to deny some users to surf Internet, but other users need to surf, how can I do this without ISA server? Is it posible to do with group policies?

Thankyou QRT
0
Comment
Question by:qrt
13 Comments
 
LVL 11

Accepted Solution

by:
Quetzal earned 168 total points
ID: 9707056
To reliably block Intenet access you really need a proxy server of some sort or router filter policies.  I'll also suggest a simplistic scheme that may stop the average TS user.

1. Proxy server.  Don't forget that there are alternative to ISA (a fine but somewhat complicated product).  Many are quite inexpensive and require a workstation-type box to run.

2. Router filter policies.  If you have access to router and users you want to block (or allow) are at specific computers, then you can create filter policies to enable or disable http traffic to/from these devices.

3. Here's a trick.  Create a group and add users who are allowed to surf Internet.  Locate iexplore.exe (usually found in Program Files\Internet Explorer).  Set the file permissions to permit read and execute access to ton the group you created; deny read and execute to everyone else.
0
 
LVL 11

Expert Comment

by:Quetzal
ID: 9707060
ack....can't seem to spell this am:

last sentence in 3 should read: Set the file permissions to permit read and execute access to only the group you created; deny read and execute to everyone else.
0
 
LVL 1

Assisted Solution

by:Jagerhill97
Jagerhill97 earned 166 total points
ID: 9707071
Create a group policy denying access to the IExplorer.exe. Place the users that are not allowed to access the web into this group and apply the policy to the group level. That is the easiest way to do it unless they need access to intranet sites.
0
 
LVL 11

Expert Comment

by:Quetzal
ID: 9707244
Be careful with group policies at the domain level...they may have a bigger impact than you intended.  My point #3 suggests applying permissions at the local machine at the NTFS level.  This method specifically denies access on that server.

Jagerhill's suggestion is perfectly correct (and some may say the "proper" way to do this).  However imho group policies can be tricky.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 1

Assisted Solution

by:nurho83
nurho83 earned 166 total points
ID: 9708735
A sneaky little way I've found of doing this is to create a separate OU for the users that you don't want to have access.  I then configured their connection settings through a group policy that set their proxy server to IP address 0.0.0.0 port 0.  Worked for me but YMMV.

Jon Lewis
0
 
LVL 11

Expert Comment

by:Quetzal
ID: 9708748
nurho83, how cool...neat trick
0
 
LVL 11

Expert Comment

by:Quetzal
ID: 9901548
I think that the experts did provide useful answers.
0
 
LVL 11

Expert Comment

by:Quetzal
ID: 10045391
split the points
0
 
LVL 6

Expert Comment

by:phoenixfire425
ID: 21847603
I found a better method.
if you want to block access to the internet explorer program then just navigate to the IExplorer Director and find the iexplorer.exe and then set the premissions to deny access.

0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Moving applications to the cloud or switching services to cloud-based ones, is a stressful job.  Here's how you can make it easier.
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now