[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 232
  • Last Modified:

Using Active Directory and I want to disallow internet access for some users/pcs.

Hi,

I need to be able to deny internet access for specific users or machines.

I've been told that on their old server (i.e. Pre AD), they could set "internet access" within a user setup and that was it.

They've not been able to find it in AD.

And I'm very new to AD and windows security.

I think I really want a group which is denied access to the internet and I can then add/remove members without having to alter a user directly.

This needs to be centrally administered, as some users are not here (notebook users, WAN users, etc).

I am NOT familiar with windows security model so please be patient.

Regards,

Richard Quadling.
0
Richard Quadling
Asked:
Richard Quadling
1 Solution
 
beem4nCommented:
Hi,

first aff all you didnt mention what proxy server are you using - it would be good if you write it

but anyway, if you r using some kind of ISA server (Microsoft proxy), then it has ability to grant
internet to specific users/groups, this way you should create sum group in AD, like Internet Users, and in add in it user account you want to be able surf internet,
and setup your ISA to allow only "Internet Users" group to internet

thats all

ps: if you are using some kind of squid, you can also grant not all users access but by another way
0
 
Milind00Commented:
You can use GPO and restrict the usage of IE or other softwares for specific users or groups.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now