JohnModig
asked on
Prevent certain users to access internet
In Windows 2003, how do I prevent certain users to access the internet?
This would apply to a certain member of the group "user", not an administrator or anything.
How do I do this?
This would apply to a certain member of the group "user", not an administrator or anything.
How do I do this?
aflockhart
How does your internet connection work ? Do you have a proxy server ? If so, there may be settings you can configure to control who gets access. You can definitely do this if you use MS ISA Server, and it can allow/deny access based on Windows group memebrship. Other firewalls/proxies may offer similar features.
Another way of doing this (if your a small shop and can't afford ISA), is to use Group Policies to block IE access. Couldn't be a simple as adding fake proxy settings automatically to IE...
The GPO area you will want to look at is:
Within the GPO set the following:
User configuration | Windows Settings | Internet Explorer Maintence | connection | proxy setting
-later
The GPO area you will want to look at is:
Within the GPO set the following:
User configuration | Windows Settings | Internet Explorer Maintence | connection | proxy setting
-later
If they install or use a different browser, this may bypass the GPO method, but if you are OK about this possibilty, GPO might just do it for you.
Setting up a dummy default gateway might also work, especially if it is a small network with no need to route traffic between subnets. Any traffic that can't be delivered on the current subnet will then be lost.
Like many other security related questions, it comes down to a question of how important it is to block this, and how much time and money you are therefore prepared to spend.
If the machines are on a network, they should not be connecting directly to the INternet anyway without some kind of firewall protection. And unless you are giving them public IP addresses, there needs to be something there to hand out private IPs and then translate these to a public IP as required.
Setting up a dummy default gateway might also work, especially if it is a small network with no need to route traffic between subnets. Any traffic that can't be delivered on the current subnet will then be lost.
Like many other security related questions, it comes down to a question of how important it is to block this, and how much time and money you are therefore prepared to spend.
If the machines are on a network, they should not be connecting directly to the INternet anyway without some kind of firewall protection. And unless you are giving them public IP addresses, there needs to be something there to hand out private IPs and then translate these to a public IP as required.
ASKER
Thank you so much for all your answers.
Unfortunately, they are a bit too complicated for me.
We are a really small company and we only use this server as a file and printer server. So no active domain or fancy administrator skill is needed here, as I wouldn't understand it. Just some basic advice, Im afraid.
Anyway, the server has different users. I do not want all of them to be able to surf the web. That's all.
The server is connected to a router and then to a T1 line. Sorry if this may sound low tech, but thats the way it is...
...and I don't even know how to access the GPO ^^
Anyways, I am thankful if you could give me other (simple) advice on how to solve my problem.
Unfortunately, they are a bit too complicated for me.
We are a really small company and we only use this server as a file and printer server. So no active domain or fancy administrator skill is needed here, as I wouldn't understand it. Just some basic advice, Im afraid.
Anyway, the server has different users. I do not want all of them to be able to surf the web. That's all.
The server is connected to a router and then to a T1 line. Sorry if this may sound low tech, but thats the way it is...
...and I don't even know how to access the GPO ^^
Anyways, I am thankful if you could give me other (simple) advice on how to solve my problem.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Well, I took the easy way out and choosed http://www.surfcontrol.com/
Thank you all for your answers.
Regards
John
Thank you all for your answers.
Regards
John