spectraflame
asked on
Restrict Internet access by username or on per PC basis
I would like to know if it is possible to block Internet access either by a specific username or by machine name. Currently all PC's are connected to a corporate LAN and connect to the Internet through a PIX 501. I think that the PIX can block by specific IP address, but we are using DHCP instead of static IP's.
Just wondering if there is anything that is built into Windows XP Pro SP2 that will block access so that the user cannot connect.
I thought about a 3rd party proxy server, but I feel that may be overkill for our organization.
Thanks,
Matthew
Just wondering if there is anything that is built into Windows XP Pro SP2 that will block access so that the user cannot connect.
I thought about a 3rd party proxy server, but I feel that may be overkill for our organization.
Thanks,
Matthew
Without a device that understands Windows usernames (such as a proxy server) there isn't going to be any way to restrict the access. The PIX device does not see the usernames.
As for restricting by machine name, I am just starting learning PIX so someone may correct me if I am wrong. I don't think this will be possible either. The reason is that even if PIX allows you to put a machine name in access control list instead of IP address, it is going to try to validate this name to external DNS, not your internal DNS server.
A third part proxy server really is the best bet for this.
Your other choice is static IP addresses really is static IP address.
As for restricting by machine name, I am just starting learning PIX so someone may correct me if I am wrong. I don't think this will be possible either. The reason is that even if PIX allows you to put a machine name in access control list instead of IP address, it is going to try to validate this name to external DNS, not your internal DNS server.
A third part proxy server really is the best bet for this.
Your other choice is static IP addresses really is static IP address.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
use ipsec to stop the internet access per PC. Configuring ipsec on each and every PC should help you out in blocking the internet access from the PCs
There is also Contect Filtering software (parental control) like Net Nanny or CyberPatrol Surf Watch.
At the extreme you can control the user environment by installing kiosk software (http://sitekiosk.com) or give him a CE terminal and force him to RDP into a Terminal Server where you lock down his entire Windows environment. I've done this in manufacturing environments for day laborers.