Solved

Deny Internet access in Terminal Server

Posted on 2003-11-08
13
533 Views
Last Modified: 2012-05-04
Hello, I have a WIndows 2000 Terminal Server with 25 users, I need to deny some users to surf Internet, but other users need to surf, how can I do this without ISA server? Is it posible to do with group policies?

Thankyou QRT
0
Comment
Question by:qrt
13 Comments
 
LVL 11

Accepted Solution

by:
Quetzal earned 168 total points
ID: 9707056
To reliably block Intenet access you really need a proxy server of some sort or router filter policies.  I'll also suggest a simplistic scheme that may stop the average TS user.

1. Proxy server.  Don't forget that there are alternative to ISA (a fine but somewhat complicated product).  Many are quite inexpensive and require a workstation-type box to run.

2. Router filter policies.  If you have access to router and users you want to block (or allow) are at specific computers, then you can create filter policies to enable or disable http traffic to/from these devices.

3. Here's a trick.  Create a group and add users who are allowed to surf Internet.  Locate iexplore.exe (usually found in Program Files\Internet Explorer).  Set the file permissions to permit read and execute access to ton the group you created; deny read and execute to everyone else.
0
 
LVL 11

Expert Comment

by:Quetzal
ID: 9707060
ack....can't seem to spell this am:

last sentence in 3 should read: Set the file permissions to permit read and execute access to only the group you created; deny read and execute to everyone else.
0
 
LVL 1

Assisted Solution

by:Jagerhill97
Jagerhill97 earned 166 total points
ID: 9707071
Create a group policy denying access to the IExplorer.exe. Place the users that are not allowed to access the web into this group and apply the policy to the group level. That is the easiest way to do it unless they need access to intranet sites.
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 11

Expert Comment

by:Quetzal
ID: 9707244
Be careful with group policies at the domain level...they may have a bigger impact than you intended.  My point #3 suggests applying permissions at the local machine at the NTFS level.  This method specifically denies access on that server.

Jagerhill's suggestion is perfectly correct (and some may say the "proper" way to do this).  However imho group policies can be tricky.
0
 
LVL 1

Assisted Solution

by:nurho83
nurho83 earned 166 total points
ID: 9708735
A sneaky little way I've found of doing this is to create a separate OU for the users that you don't want to have access.  I then configured their connection settings through a group policy that set their proxy server to IP address 0.0.0.0 port 0.  Worked for me but YMMV.

Jon Lewis
0
 
LVL 11

Expert Comment

by:Quetzal
ID: 9708748
nurho83, how cool...neat trick
0
 
LVL 11

Expert Comment

by:Quetzal
ID: 9901548
I think that the experts did provide useful answers.
0
 
LVL 11

Expert Comment

by:Quetzal
ID: 10045391
split the points
0
 
LVL 6

Expert Comment

by:phoenixfire425
ID: 21847603
I found a better method.
if you want to block access to the internet explorer program then just navigate to the IExplorer Director and find the iexplorer.exe and then set the premissions to deny access.

0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to migrate DHCP sever on Windows 2003  to Windows 2008 4 506
auto copy 8 615
Windows WEb Server sp2 13 520
Windows task manager not executing scheduled task correctly? 6 148
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
One of the biggest threats in the cyber realm pertains to advanced persistent threats (APTs). This paper is a compare and contrast of Russian and Chinese APT's.
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question