[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 222
  • Last Modified:

Limit access to the internet on an individual basis

I work in a small company, about 200 users or so.  Internet abuse is starting to become an issue and HR has asked us to do something about it.  They want us to grant/deny Internet access rights based on need.  What is the easiest way to do this in a Windows Server 2003/Windows XP environment?

Thanks in advance,

1 Solution
Hi iptrader,
Probably the simplest way to do this would be to implement an MS ISA proxy server - see http://www.microsoft.com/isaserver

You would configure all your users to use the ISA server machine as a web proxy.  You can then configure exactly what your users have access to on the ISA server.
A common way of implementing this would be to set up groups that define what your users are permitted access to.

Other proxy servers are available, such as http://www.youngzsoft.net/ccproxy/

Does that help?
You can also do that with Group policies that either allow or deny IE use for a group of users
You can block Internet Explorer with group policy, but this does nothing to control Internet Access...it just controls IE. A user can still run firefox or another browser and go anywhere on the web they want and you can even run firefox from a usb drive :)  

For some that may be enough, but if you are looking for a complete Internet control solution then a proxy or a firewall is what you are going to need.
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Also take a look at SpectorCNE Software
can I just make another point everyone seems to have forgotten :)  IE blocking won't just block them from using it for the internet, it'll stop internal web browsing as well.  
If you want more information on ISA, there's a wealth of information at http://isaserver.org and as scampgb suggested it'll do everything you want plus a bit more (it's actually turning into a pretty decent piece of firewall software as well as the proxy stuff it started out as).
You can get as granular as allowing specific people certain amounts of bandwidth during certain times, restricting site access, port restrictions, logging of traffic, etc.. and you can base everything on your existing domain accounts and groups. It's not overly cheap though (cheap-er for govt and academic institutions), so with only 200 users another less expensive option may fulfil your requirements.

Hi iptrader - can you please provide some feedback to the experts on this question?  Do you want some clarification on any of the suggestions?

If this question is resolved and you don't know how to close it, the options are here: http://www.experts-exchange.com/help.jsp#hs5


Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now