[Webinar] Learn how to a build a cloud-first strategyRegister Now


internet access needs to be controlled by proxy server?

Posted on 2004-11-23
Medium Priority
Last Modified: 2010-04-10
Hello, I have the folllowing config:

PC running Wingate Proxy with 2 NIC: (local network) and (ADSL router)
SERVER running SBS2003 with 2 NIC: and

Clients connect via DHCP server on the SBS server. They are able to browse the internet without them passing through the Wingate proxy.

What is the best practice for clients to be able to connect / authenticate to the Wingate proxy, using DHCP server of SBS and without letting them accessing internet through the DHCP server?

Anyone familiar with DHCP config on SBS2003?

Please help,

Question by:CliffordNg
  • 4
  • 3
  • 2

Expert Comment

ID: 12655481
Set the default gateway for the DHCP clients to the Wingate Proxy

Or set up an AD group policy object forcing the PCs to use the Wingate Proxy


Expert Comment

ID: 12656102
You need to decide which system will provide DHCP.  From your question it looks like both SBS and Wingate Proxy are providing DHCP, you need to disable one or the other.  I agree with kminfotech and would disable the DHCP componet of Wingate Proxy and change the scope options of SBS for the default to gateway to

Author Comment

ID: 12656259
Thank you for your quick answers. Wingate does not have the DHCP server on. Only SBS is the DHCP server, besides it does not allow both.

I agree that the default gateway for DHCP can go to Wingate proxy.

But can users change the default gateway (manual ip) if they know the SBS gateway ip? Do I then need to create the AD group policy object? Please help as I'm lost here !!!
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.


Accepted Solution

kminfotech earned 1000 total points
ID: 12656411
Yes, they can change the default gateway.

Create a group policy, assign the proxy, and lock down the changes.  I can give specific direction if you need.

Assisted Solution

avpwest earned 1000 total points
ID: 12656509
Lock it down with group policy.

Create an OU for users if you haven't already done so and move the users to it.

Create or edit a group policy.  In the policy under User Configuration, Windows Settings, Internet Explorer Maintenance, Connection and then Proxy Settings.

Another option is to reduce the user rights on the workstations so that they are only a normal user, then they can't change network settings.

There is also a group policy for to restrict what they can do to the network settings.

User configuration, Administrative Templates, Network, Network Connections, Prohibit access to properties of a LAN connection.


Author Comment

ID: 12662680
Thanks a lot, kiminfotech & avpwest.

I am worried about these people who do not need to logon to my domain, i.e. 'strangers' with wi-fi connection and yet they will have to use my DHCP server to connect.

Will this be a problem by using your above-mentioned solution or is there a workaround?

Expert Comment

ID: 12662853
Do you have a wi-fi access point on the network also?

The proxy settings with group policy would only apply to the domain users.  

Assuming the wi-fi access point is configurable by you and as a DHCP facility.  You would be able to set-all the parameters on that and those would be the settings the wi-fi people would get.  The best way would be to put the wi-fi on its own subnet with a second network card in the Wingate Proxy so that DHCP sever does not intefere with your wired machines.  

I assume the wi-fi users would not need access to domain resources only internet access?  If they are people in the street then that is a whole new topic on wi-fi security and lockdown.

Author Comment

ID: 12662956
yes, we have three access points on the same network.

all three are configurable and have DHCP facility. I was thinking of a different subnet for the wi-fi network, but do I have to cable again for that subnet?

sometimes, some wi-fi clients should also have to logon to the domain. how can i do this?

This is complicated for me, but sounds so easy for you, experts!!!

Author Comment

ID: 12671979
anyone like to comment further please?

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

868 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question