Solved

Setting a policy for group of machines on a 2000 network

Posted on 2004-10-04
6
164 Views
Last Modified: 2010-03-18
I have a network of about 300 w2k machines. Different users are able to get on to each of these machines. There are about 20 machines I want to exclude from Internet access, no matter who logs on to the machine. Because of special software, I can not use the ISA server to filter the machines out and I can not put them in a special domain, and they have to use dhcp.
I have tried group policy, but I can only get it to work for users, not by machine. Any Ideas?
0
Comment
Question by:gran88
  • 4
  • 2
6 Comments
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12220754
Hi

Do you have a firewall at all? If so, with many of the firewalls you can just deny access to port 80 (http default) and port 443 (https default)  for specified ip addresses. Then use your dhcp server to reserve these specific mac addresses so that they are always used by those pc's,

Deb :))
0
 
LVL 20

Expert Comment

by:Debsyl99
ID: 12220763
Hmm daft question as I just put my brain into first gear - your ISA is the firewall isn't it?
0
 
LVL 2

Author Comment

by:gran88
ID: 12220842
Nope, I have a seperate firewall, but ISA  is the proxy, so all internet traffic has to go through it. I thought of just your solution, but since I can not do anything to the ISA, filtering by ip will not work. Good try though
0
Save on storage to protect fatherhood memories

You're the dad who has everything. This Father's Day, make sure your family memories are protected. My Passport Ultra has automatic backup and password protection to keep your cherished photos and videos safe. With up to 3TB, you have plenty of room to hold the adventures ahead.

 
LVL 20

Expert Comment

by:Debsyl99
ID: 12220885
Hmm that's kind of what I meant (I think) - it's been a long day..........

Ok then next thought - any chance of using loopback policy processing by putting the machines in a separate (or nested OU) ? This way the settings would only apply when users were logged on to that particular pc.
Loopback Processing of Group Policy
http://support.microsoft.com/default.aspx?scid=kb;EN-US;231287

Deb :))

0
 
LVL 2

Author Comment

by:gran88
ID: 12220934
Deb, let me ask you this, what I kind of had in mid was to put the 10 computers in a seperate OU, create a seperate group policy for that ou, and set the internet explorer proxy to one that would not work, ex. .1.1.1.1 port 999. then lock them from changing the connection settings. I can do this if I put a person in the OU, but not a machine. Is there a reason I can not just put the machine ou and have that work?

In the mean time I am going to try you loop back idea
0
 
LVL 20

Accepted Solution

by:
Debsyl99 earned 250 total points
ID: 12221025
Generally because there's quite a big difference between user policies and machine policies in OU's. If the policy you set was in the User Policy portion ( and I don't have access right now to double check but I think it must be), then it just won't apply to machines in the OU - It will only apply to users, which is why I suggested the loopback route. It's a handy way to get user policies to apply based on specific machines that the users are logged into. If you got this to work based on the user, then it must be a user policy, and the loopback processing *should * work. If you notice there is the option to disable either user policy or machine policy for any OU in order to prevent unnecessary policy processing. The two areas are completely separate and one just will not apply to the other, apart from the link created through loopback,

Deb :))
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Change Time 5 51
Subnetting: Network with six subnets 8 113
Office 2016 Network Activation 2 16
How To Allow IIS 10 Anonymous Permissions 3 16
Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now