How to stop internet access but still allow intranet access for students

Posted on 2005-04-06
Medium Priority
Last Modified: 2010-04-10
I'm a network admin in a high school.  On occassion we have students who abuse internet privileges (no surprise) and the penalty is to lose computer access for a month.  We have a SonicWall in place.  Content Filter is set to not allow porn/nudity.  Everything else is allowed per school's request.  We do not use roaming/mandatory profiles, as we are a mixed environment with PCs and Macs so it really doesn't do much good.  I will be implementing it next year, though.  We use Internet Explorer and on the Macs we have Internet Explorer and Safari.  I have Windows 2K3 Servers only.

Teachers complain because students who are banned are no longer able to access their network folders and printers, etc.  So my question is this:  How to allow students to be able to access the network, but not the internet during their disciplinary phase?  Is there a way to do this through Win 2K3 Server?  Or does it have to be done at the firewall?  Because students do not always sit at the same place, banning with IP addresses does no good in the current setup.  It would have to be based on user name . . .

Any help would be greatly appreciated.  Teachers feeling bad for these students have resorted to logging in with their user name and password so the student can get access. . . What a great help that is for the discipline . . .

Question by:dmcwherter
LVL 13

Accepted Solution

2hype earned 2000 total points
ID: 13718817
Without setting up additonal hardware like an ISA Server or a Linux Solutioun (which I use) you could make a Temporary OU for Banned Internet and apply a new group policy.  In that group policy set the Internet Explorer Browser to use a Proxy Server.  Set the proxy server to point to a non-exisitant address, therefore stopping the student from getting internet access
LVL 17

Expert Comment

ID: 13719023
Sonicwall *should* be able to do it for you I think but I've never payed with user-based rules on Sonicwall so I don't know quite where to point you. Suggest you log a request on your MySonicwall account, I've always found them to be very helpful.  (provided, of cousre, your maintenance / support has not expired. :-)

LVL 25

Expert Comment

ID: 13719190
what do you use as your content filter?  Any good internet filter/monitor should be synched with your usernames, so you should just be able to go into your internet filter/monitor and block internet access on a per user or a per group basis.  I worked at a k-12 school for a while and this was pretty common.

Expert Comment

ID: 13720363
If you're using AD then 2hype's solution will work, so long as you also change the GP so that they can't change the Proxy settings themselves.  

Author Comment

ID: 13723102
I'm going to give the OU thing a try in the morning and will let you know how it turns out.  

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
This article will inform Clients about common and important expectations from the freelancers (Experts) who are looking at your Gig.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question