Prevent certain users to access internet

Posted on 2005-04-07
Last Modified: 2012-05-05
In Windows 2003, how do I prevent certain users to access the internet?
This would apply to a certain member of the group "user", not an administrator or anything.
How do I do this?
Question by:JohnModig
    LVL 17

    Expert Comment

    How does your internet connection work ?  Do you have a proxy server ? If so, there may be settings you can configure to control who gets access. You  can definitely do this if you use MS ISA Server, and it can allow/deny access based on Windows group memebrship.  Other firewalls/proxies may offer similar features.
    LVL 33

    Expert Comment

    Another way of doing this (if your a small shop and can't afford ISA), is to use Group Policies to block IE access.  Couldn't be a simple as adding fake proxy settings automatically to IE...

    The GPO area you will want to look at is:

    Within the GPO set the following:
    User configuration | Windows Settings | Internet Explorer Maintence | connection | proxy setting

    LVL 17

    Expert Comment

    If they install or use a different browser, this may bypass the GPO method, but if you are OK about this possibilty, GPO might just do it for you.

    Setting up a dummy default gateway might also work, especially if it is a small network with no need to route traffic between subnets.  Any traffic that can't be delivered on the current subnet will then be lost.

    Like many other security related questions, it comes down to a question of how important it is to block this, and how much time and money you are therefore prepared to spend.

    If the machines are on a network, they should not be connecting directly to the INternet anyway without some kind of firewall protection. And unless you are giving them public IP addresses, there needs to be something there to hand out private IPs and then translate these to a public IP as required.

    LVL 11

    Author Comment

    Thank you so much for all your answers.
    Unfortunately, they are a bit too complicated for me.
    We are a really small company and we only use this server as a file and printer server. So no active domain or fancy administrator skill is needed here, as I wouldn't understand it. Just some basic advice, Im afraid.
    Anyway, the server has different users. I do not want all of them to be able to surf the web. That's all.
    The server is connected to a router and then to a T1 line. Sorry if this may sound low tech, but thats the way it is...
    ...and I don't even know how to access the GPO ^^

    Anyways, I am thankful if you could give me other (simple) advice on how to solve my problem.
    LVL 74

    Accepted Solution

    What server are you using?  Is it Small Business Server?  If so, do you know if it is Standard or Premium?

    If it is SBS Premium, you have ISA.  For an overview of how to configure content groups in ISA, please see:

    If not,
    What kind of Router are you using?  Most have filters available, such as the D-Link 604 or 624 which has Parental Controls.  (easy to configure)

    Or, you can always use a 3rd Party product like

    I must suggest, however, that if you are the one administering your server, that you seek the advice of a local professional to help you out.  The time it takes you to resolve a problem can be MUCH more than what it takes someone who does this stuff all the time.  A server requires regular maintenance and performance tuning in order to keep you running smoothly.  Consider how valuable the data is on your server, and whether you can do without it... how much would that cost your business?

    If you need a local referal please let me know.  Otherwise, you can find Microsoft Partners listed at http:///

    Jeff @
    LVL 11

    Author Comment

    Well, I took the easy way out and choosed
    Thank you all for your answers.



    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    I have never ceased to be amazed how many problems you can encounter on a fresh install of a Windows operating system.  This is certainly case in point& Unable to complete ANY MSI installation.  This means Windows Updates are failing and I can't …
    So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now