Setting a policy for group of machines on a 2000 network

I have a network of about 300 w2k machines. Different users are able to get on to each of these machines. There are about 20 machines I want to exclude from Internet access, no matter who logs on to the machine. Because of special software, I can not use the ISA server to filter the machines out and I can not put them in a special domain, and they have to use dhcp.
I have tried group policy, but I can only get it to work for users, not by machine. Any Ideas?
LVL 2
gran88Asked:
Who is Participating?
 
Debsyl99Connect With a Mentor Commented:
Generally because there's quite a big difference between user policies and machine policies in OU's. If the policy you set was in the User Policy portion ( and I don't have access right now to double check but I think it must be), then it just won't apply to machines in the OU - It will only apply to users, which is why I suggested the loopback route. It's a handy way to get user policies to apply based on specific machines that the users are logged into. If you got this to work based on the user, then it must be a user policy, and the loopback processing *should * work. If you notice there is the option to disable either user policy or machine policy for any OU in order to prevent unnecessary policy processing. The two areas are completely separate and one just will not apply to the other, apart from the link created through loopback,

Deb :))
0
 
Debsyl99Commented:
Hi

Do you have a firewall at all? If so, with many of the firewalls you can just deny access to port 80 (http default) and port 443 (https default)  for specified ip addresses. Then use your dhcp server to reserve these specific mac addresses so that they are always used by those pc's,

Deb :))
0
 
Debsyl99Commented:
Hmm daft question as I just put my brain into first gear - your ISA is the firewall isn't it?
0
Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

 
gran88Author Commented:
Nope, I have a seperate firewall, but ISA  is the proxy, so all internet traffic has to go through it. I thought of just your solution, but since I can not do anything to the ISA, filtering by ip will not work. Good try though
0
 
Debsyl99Commented:
Hmm that's kind of what I meant (I think) - it's been a long day..........

Ok then next thought - any chance of using loopback policy processing by putting the machines in a separate (or nested OU) ? This way the settings would only apply when users were logged on to that particular pc.
Loopback Processing of Group Policy
http://support.microsoft.com/default.aspx?scid=kb;EN-US;231287

Deb :))

0
 
gran88Author Commented:
Deb, let me ask you this, what I kind of had in mid was to put the 10 computers in a seperate OU, create a seperate group policy for that ou, and set the internet explorer proxy to one that would not work, ex. .1.1.1.1 port 999. then lock them from changing the connection settings. I can do this if I put a person in the OU, but not a machine. Is there a reason I can not just put the machine ou and have that work?

In the mean time I am going to try you loop back idea
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.