internet access needs to be controlled by proxy server?

Hello, I have the folllowing config:

PC running Wingate Proxy with 2 NIC: (local network) and (ADSL router)
SERVER running SBS2003 with 2 NIC: and

Clients connect via DHCP server on the SBS server. They are able to browse the internet without them passing through the Wingate proxy.

What is the best practice for clients to be able to connect / authenticate to the Wingate proxy, using DHCP server of SBS and without letting them accessing internet through the DHCP server?

Anyone familiar with DHCP config on SBS2003?

Please help,

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Set the default gateway for the DHCP clients to the Wingate Proxy

Or set up an AD group policy object forcing the PCs to use the Wingate Proxy

You need to decide which system will provide DHCP.  From your question it looks like both SBS and Wingate Proxy are providing DHCP, you need to disable one or the other.  I agree with kminfotech and would disable the DHCP componet of Wingate Proxy and change the scope options of SBS for the default to gateway to
CliffordNgAuthor Commented:
Thank you for your quick answers. Wingate does not have the DHCP server on. Only SBS is the DHCP server, besides it does not allow both.

I agree that the default gateway for DHCP can go to Wingate proxy.

But can users change the default gateway (manual ip) if they know the SBS gateway ip? Do I then need to create the AD group policy object? Please help as I'm lost here !!!
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Yes, they can change the default gateway.

Create a group policy, assign the proxy, and lock down the changes.  I can give specific direction if you need.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Lock it down with group policy.

Create an OU for users if you haven't already done so and move the users to it.

Create or edit a group policy.  In the policy under User Configuration, Windows Settings, Internet Explorer Maintenance, Connection and then Proxy Settings.

Another option is to reduce the user rights on the workstations so that they are only a normal user, then they can't change network settings.

There is also a group policy for to restrict what they can do to the network settings.

User configuration, Administrative Templates, Network, Network Connections, Prohibit access to properties of a LAN connection.

CliffordNgAuthor Commented:
Thanks a lot, kiminfotech & avpwest.

I am worried about these people who do not need to logon to my domain, i.e. 'strangers' with wi-fi connection and yet they will have to use my DHCP server to connect.

Will this be a problem by using your above-mentioned solution or is there a workaround?
Do you have a wi-fi access point on the network also?

The proxy settings with group policy would only apply to the domain users.  

Assuming the wi-fi access point is configurable by you and as a DHCP facility.  You would be able to set-all the parameters on that and those would be the settings the wi-fi people would get.  The best way would be to put the wi-fi on its own subnet with a second network card in the Wingate Proxy so that DHCP sever does not intefere with your wired machines.  

I assume the wi-fi users would not need access to domain resources only internet access?  If they are people in the street then that is a whole new topic on wi-fi security and lockdown.
CliffordNgAuthor Commented:
yes, we have three access points on the same network.

all three are configurable and have DHCP facility. I was thinking of a different subnet for the wi-fi network, but do I have to cable again for that subnet?

sometimes, some wi-fi clients should also have to logon to the domain. how can i do this?

This is complicated for me, but sounds so easy for you, experts!!!
CliffordNgAuthor Commented:
anyone like to comment further please?
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.