davidndallas
asked on
How to set per user policy on Windows 2000 running Citrix
I have a Windows 2000 Citrix Server. I want to be able to restrict Internet access to certain users only (10), not all. How do I set up a policy? We are NOT on an Active Directory domain. Any suggestions?
Last Comment
ASKER
We are on a domain .. we have Samba who does the authentication of the users. I can't create groups in Samba where this Windows server can recognize since we have the older version (of Samba). We do plan on upgrading soon, but right now I need to be able to block Internet access to certain users.
These users are mostly on thin clients.
Can I create a policy on the Windows 2000 server and assign that policy to a user? Was this done back in NT?
Any suggestions?
These users are mostly on thin clients.
Can I create a policy on the Windows 2000 server and assign that policy to a user? Was this done back in NT?
Any suggestions?
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
I'm a bit confused as in the original question you said you did not have active directory but in your latest reply you say you do have a domain
If you are able to set up and use OUs then create an OU and put all the users that you want to restrict into it. You can then create a GPO that sets the IE Connection proxy to 127.0.0.1 do this under the USER, WINDDOWS SETTINGS, IE MAINTENENCE, CONNECTIONS, PROXY SETTINGS.
The link the GPO to the restricted OU. With the proxy set to themselves users will not have internet access.
If you are able to set up and use OUs then create an OU and put all the users that you want to restrict into it. You can then create a GPO that sets the IE Connection proxy to 127.0.0.1 do this under the USER, WINDDOWS SETTINGS, IE MAINTENENCE, CONNECTIONS, PROXY SETTINGS.
The link the GPO to the restricted OU. With the proxy set to themselves users will not have internet access.
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Hello KCTS: .. you wrote "I'm a bit confused as in the original question you said you did not have active directory but in your latest reply you say you do have a domain" .. we are in a Non Active Directory Domain .. we are in a mixed environment, i.e Linux as file and print, Windows as web server and terminal server... so we cannot set up OU's.
To mgcIT and nprignano .. I went with your suggestions of removing/denying access to the IE executable and it's an acceptable work around. Thanks.
To mgcIT and nprignano .. I went with your suggestions of removing/denying access to the IE executable and it's an acceptable work around. Thanks.
Microsoft Legacy OS
The Microsoft Legacy Operating System topic includes legacy versions of Microsoft operating systems prior to Windows 2000: All versions of MS-DOS and other versions developed for specific manufacturers and Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions, and Windows Mobile.
55K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
However, if the users in question use the same machines you could do it by IP address. Do you need a DNS server to resolve internal names? if not then you could assign 127.0.0.1 as the DNS server for the users machines (either manually of via a DHCP reservation). This would prevent them from accessing the internet.