Prevent certain users to access internet

Posted on 2005-04-07
Medium Priority
Last Modified: 2012-05-05
In Windows 2003, how do I prevent certain users to access the internet?
This would apply to a certain member of the group "user", not an administrator or anything.
How do I do this?
Question by:JohnModig
LVL 17

Expert Comment

ID: 13724897
How does your internet connection work ?  Do you have a proxy server ? If so, there may be settings you can configure to control who gets access. You  can definitely do this if you use MS ISA Server, and it can allow/deny access based on Windows group memebrship.  Other firewalls/proxies may offer similar features.
LVL 33

Expert Comment

ID: 13725917
Another way of doing this (if your a small shop and can't afford ISA), is to use Group Policies to block IE access.  Couldn't be a simple as adding fake proxy settings automatically to IE...

The GPO area you will want to look at is:

Within the GPO set the following:
User configuration | Windows Settings | Internet Explorer Maintence | connection | proxy setting

LVL 17

Expert Comment

ID: 13726112
If they install or use a different browser, this may bypass the GPO method, but if you are OK about this possibilty, GPO might just do it for you.

Setting up a dummy default gateway might also work, especially if it is a small network with no need to route traffic between subnets.  Any traffic that can't be delivered on the current subnet will then be lost.

Like many other security related questions, it comes down to a question of how important it is to block this, and how much time and money you are therefore prepared to spend.

If the machines are on a network, they should not be connecting directly to the INternet anyway without some kind of firewall protection. And unless you are giving them public IP addresses, there needs to be something there to hand out private IPs and then translate these to a public IP as required.

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

LVL 11

Author Comment

ID: 13726904
Thank you so much for all your answers.
Unfortunately, they are a bit too complicated for me.
We are a really small company and we only use this server as a file and printer server. So no active domain or fancy administrator skill is needed here, as I wouldn't understand it. Just some basic advice, Im afraid.
Anyway, the server has different users. I do not want all of them to be able to surf the web. That's all.
The server is connected to a router and then to a T1 line. Sorry if this may sound low tech, but thats the way it is...
...and I don't even know how to access the GPO ^^

Anyways, I am thankful if you could give me other (simple) advice on how to solve my problem.
LVL 74

Accepted Solution

Jeffrey Kane - TechSoEasy earned 750 total points
ID: 13747200
What server are you using?  Is it Small Business Server?  If so, do you know if it is Standard or Premium?

If it is SBS Premium, you have ISA.  For an overview of how to configure content groups in ISA, please see:  http://www.isaserver.org/tutorials/Understanding_and_Configuring_ISA_content_groups.html

If not,
What kind of Router are you using?  Most have filters available, such as the D-Link 604 or 624 which has Parental Controls.  (easy to configure)

Or, you can always use a 3rd Party product like http://www.surfcontrol.com/

I must suggest, however, that if you are the one administering your server, that you seek the advice of a local professional to help you out.  The time it takes you to resolve a problem can be MUCH more than what it takes someone who does this stuff all the time.  A server requires regular maintenance and performance tuning in order to keep you running smoothly.  Consider how valuable the data is on your server, and whether you can do without it... how much would that cost your business?

If you need a local referal please let me know.  Otherwise, you can find Microsoft Partners listed at http:///microsoft.com/smallbiz 

Jeff @
LVL 11

Author Comment

ID: 13753477
Well, I took the easy way out and choosed http://www.surfcontrol.com/ 
Thank you all for your answers.



Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question