I need to be able to deny internet access for specific users or machines.
I've been told that on their old server (i.e. Pre AD), they could set "internet access" within a user setup and that was it.
They've not been able to find it in AD.
And I'm very new to AD and windows security.
I think I really want a group which is denied access to the internet and I can then add/remove members without having to alter a user directly.
This needs to be centrally administered, as some users are not here (notebook users, WAN users, etc).
I am NOT familiar with windows security model so please be patient.