How to stop internet access but still allow intranet access for students
Posted on 2005-04-06
I'm a network admin in a high school. On occassion we have students who abuse internet privileges (no surprise) and the penalty is to lose computer access for a month. We have a SonicWall in place. Content Filter is set to not allow porn/nudity. Everything else is allowed per school's request. We do not use roaming/mandatory profiles, as we are a mixed environment with PCs and Macs so it really doesn't do much good. I will be implementing it next year, though. We use Internet Explorer and on the Macs we have Internet Explorer and Safari. I have Windows 2K3 Servers only.
Teachers complain because students who are banned are no longer able to access their network folders and printers, etc. So my question is this: How to allow students to be able to access the network, but not the internet during their disciplinary phase? Is there a way to do this through Win 2K3 Server? Or does it have to be done at the firewall? Because students do not always sit at the same place, banning with IP addresses does no good in the current setup. It would have to be based on user name . . .
Any help would be greatly appreciated. Teachers feeling bad for these students have resorted to logging in with their user name and password so the student can get access. . . What a great help that is for the discipline . . .