What is the best way to disable internet access for certain members of a child sub domain

I can't just kill the gateway as it is needed to link to my email system.  I need to find a way to kill internet access altogether for a couple users only but still allow them access to LAN resources.  I do not use a proxy not do I wish to install 3rd party software.  Group Policy would be best if possible
Who is Participating?
Pete LongConnect With a Mentor Technical ConsultantCommented:
Set a group policy that locks their proxy server to

Windows 2003 Creating and editing group policy

Group policies can be applied on a domain or an Organisational Unit, to apply a group policy in a 2003 domain environment, do the following.

On a domain controller open "Active directory Users and computers"

NOTE: As said above you can apply a GP to an OU in this instance we will deal with a domain GP, if you are concerned with a GP for an OU insert the "OU name" instead of the "Domain Name"

1. Locate the domain (top of the Tree) and right click it, then select "Properties"
2. Select the group policy Tab.
3. You will see the Default domain policy (and any other policies applied at this level)
4. You can create another domain policy by clicking "New" giving it a name and configuring it"
5. Ensure the default domain policy is highlighted and select "Edit" (unless you are working on another policy)
6. The Group policy object editor will open.
7. You can now edit the policy and close the editor when you are finished.
8. Back in the domain properties click "apply" and "OK"

Troubleshooting Group Policy in Windows Server 2003

Group Policy Infrastructure White Paper

+++++++++++++++++++++Set the Proxy

Set Proxy Server: user configuration >windows settings >internet explorer maintenance >connection >proxy settings
    NOTE Proxy IP can be set in DHCP options also (See option 252 on the scope)

chitchcockAuthor Commented:
Could GP policy be used in this case on local machines of users I wish to restrict.  Of the 200 users in this subdomain, there are only a couple that need this policy applied
Pete LongTechnical ConsultantCommented:
Yes on the offending machine

Start > Run > gpedit.msc

The policy is in the same place - it will work as long as you ARE NOT specifying a proxy in domain policy
chitchcockAuthor Commented:
Seems to work.  Thank you
Pete LongTechnical ConsultantCommented:
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.