Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 172
  • Last Modified:

Setting a policy for group of machines on a 2000 network

I have a network of about 300 w2k machines. Different users are able to get on to each of these machines. There are about 20 machines I want to exclude from Internet access, no matter who logs on to the machine. Because of special software, I can not use the ISA server to filter the machines out and I can not put them in a special domain, and they have to use dhcp.
I have tried group policy, but I can only get it to work for users, not by machine. Any Ideas?
0
gran88
Asked:
gran88
  • 4
  • 2
1 Solution
 
Debsyl99Commented:
Hi

Do you have a firewall at all? If so, with many of the firewalls you can just deny access to port 80 (http default) and port 443 (https default)  for specified ip addresses. Then use your dhcp server to reserve these specific mac addresses so that they are always used by those pc's,

Deb :))
0
 
Debsyl99Commented:
Hmm daft question as I just put my brain into first gear - your ISA is the firewall isn't it?
0
 
gran88Author Commented:
Nope, I have a seperate firewall, but ISA  is the proxy, so all internet traffic has to go through it. I thought of just your solution, but since I can not do anything to the ISA, filtering by ip will not work. Good try though
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
Debsyl99Commented:
Hmm that's kind of what I meant (I think) - it's been a long day..........

Ok then next thought - any chance of using loopback policy processing by putting the machines in a separate (or nested OU) ? This way the settings would only apply when users were logged on to that particular pc.
Loopback Processing of Group Policy
http://support.microsoft.com/default.aspx?scid=kb;EN-US;231287

Deb :))

0
 
gran88Author Commented:
Deb, let me ask you this, what I kind of had in mid was to put the 10 computers in a seperate OU, create a seperate group policy for that ou, and set the internet explorer proxy to one that would not work, ex. .1.1.1.1 port 999. then lock them from changing the connection settings. I can do this if I put a person in the OU, but not a machine. Is there a reason I can not just put the machine ou and have that work?

In the mean time I am going to try you loop back idea
0
 
Debsyl99Commented:
Generally because there's quite a big difference between user policies and machine policies in OU's. If the policy you set was in the User Policy portion ( and I don't have access right now to double check but I think it must be), then it just won't apply to machines in the OU - It will only apply to users, which is why I suggested the loopback route. It's a handy way to get user policies to apply based on specific machines that the users are logged into. If you got this to work based on the user, then it must be a user policy, and the loopback processing *should * work. If you notice there is the option to disable either user policy or machine policy for any OU in order to prevent unnecessary policy processing. The two areas are completely separate and one just will not apply to the other, apart from the link created through loopback,

Deb :))
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now