Solved

What is the best way to disable internet access for certain members of a child sub domain

Posted on 2006-11-07
5
196 Views
Last Modified: 2010-03-18
I can't just kill the gateway as it is needed to link to my email system.  I need to find a way to kill internet access altogether for a couple users only but still allow them access to LAN resources.  I do not use a proxy not do I wish to install 3rd party software.  Group Policy would be best if possible
0
Comment
Question by:chitchcock
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 57

Accepted Solution

by:
Pete Long earned 500 total points
ID: 17890089
Set a group policy that locks their proxy server to 127.0.0.1

Windows 2003 Creating and editing group policy

Group policies can be applied on a domain or an Organisational Unit, to apply a group policy in a 2003 domain environment, do the following.

On a domain controller open "Active directory Users and computers"

NOTE: As said above you can apply a GP to an OU in this instance we will deal with a domain GP, if you are concerned with a GP for an OU insert the "OU name" instead of the "Domain Name"

1. Locate the domain (top of the Tree) and right click it, then select "Properties"
2. Select the group policy Tab.
3. You will see the Default domain policy (and any other policies applied at this level)
4. You can create another domain policy by clicking "New" giving it a name and configuring it"
5. Ensure the default domain policy is highlighted and select "Edit" (unless you are working on another policy)
6. The Group policy object editor will open.
7. You can now edit the policy and close the editor when you are finished.
8. Back in the domain properties click "apply" and "OK"

Troubleshooting Group Policy in Windows Server 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=B24BF2D5-0D7A-4FC5-A14D-E91D211C21B2&displaylang=en

Group Policy Infrastructure White Paper
http://www.microsoft.com/downloads/details.aspx?FamilyId=D26E88BC-D445-4E8F-AA4E-B9C27061F7CA&displaylang=en

+++++++++++++++++++++Set the Proxy

Set Proxy Server: user configuration >windows settings >internet explorer maintenance >connection >proxy settings
    NOTE Proxy IP can be set in DHCP options also (See option 252 on the scope)

0
 

Author Comment

by:chitchcock
ID: 17890143
Could GP policy be used in this case on local machines of users I wish to restrict.  Of the 200 users in this subdomain, there are only a couple that need this policy applied
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 17894034
Yes on the offending machine

Start > Run > gpedit.msc

The policy is in the same place - it will work as long as you ARE NOT specifying a proxy in domain policy
0
 

Author Comment

by:chitchcock
ID: 17909596
Seems to work.  Thank you
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 17916310
ThanQ
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question