Solved

Setting a policy for group of machines on a 2000 network

Posted on 2004-10-04
6
169 Views
Last Modified: 2010-03-18
I have a network of about 300 w2k machines. Different users are able to get on to each of these machines. There are about 20 machines I want to exclude from Internet access, no matter who logs on to the machine. Because of special software, I can not use the ISA server to filter the machines out and I can not put them in a special domain, and they have to use dhcp.
I have tried group policy, but I can only get it to work for users, not by machine. Any Ideas?
0
Comment
Question by:gran88
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12220754
Hi

Do you have a firewall at all? If so, with many of the firewalls you can just deny access to port 80 (http default) and port 443 (https default)  for specified ip addresses. Then use your dhcp server to reserve these specific mac addresses so that they are always used by those pc's,

Deb :))
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12220763
Hmm daft question as I just put my brain into first gear - your ISA is the firewall isn't it?
0
 
LVL 2

Author Comment

by:gran88
ID: 12220842
Nope, I have a seperate firewall, but ISA  is the proxy, so all internet traffic has to go through it. I thought of just your solution, but since I can not do anything to the ISA, filtering by ip will not work. Good try though
0
Simple, centralized multimedia control

Watch and learn to see how ATEN provided an easy and effective way for three jointly-owned pubs to control the 60 televisions located across their three venues utilizing the ATEN Control System, Modular Matrix Switch and HDBaseT extenders.

 
LVL 20

Expert Comment

by:Debsyl99
ID: 12220885
Hmm that's kind of what I meant (I think) - it's been a long day..........

Ok then next thought - any chance of using loopback policy processing by putting the machines in a separate (or nested OU) ? This way the settings would only apply when users were logged on to that particular pc.
Loopback Processing of Group Policy
http://support.microsoft.com/default.aspx?scid=kb;EN-US;231287

Deb :))

0
 
LVL 2

Author Comment

by:gran88
ID: 12220934
Deb, let me ask you this, what I kind of had in mid was to put the 10 computers in a seperate OU, create a seperate group policy for that ou, and set the internet explorer proxy to one that would not work, ex. .1.1.1.1 port 999. then lock them from changing the connection settings. I can do this if I put a person in the OU, but not a machine. Is there a reason I can not just put the machine ou and have that work?

In the mean time I am going to try you loop back idea
0
 
LVL 20

Accepted Solution

by:
Debsyl99 earned 250 total points
ID: 12221025
Generally because there's quite a big difference between user policies and machine policies in OU's. If the policy you set was in the User Policy portion ( and I don't have access right now to double check but I think it must be), then it just won't apply to machines in the OU - It will only apply to users, which is why I suggested the loopback route. It's a handy way to get user policies to apply based on specific machines that the users are logged into. If you got this to work based on the user, then it must be a user policy, and the loopback processing *should * work. If you notice there is the option to disable either user policy or machine policy for any OU in order to prevent unnecessary policy processing. The two areas are completely separate and one just will not apply to the other, apart from the link created through loopback,

Deb :))
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes you might need to configure routing based not only on destination IP address, but also on a combination of destination IP address (or hostname) and destination port number. I will describe a method how to accomplish this with free tools. …
This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question