I have several questions which I need assistance with concerning Active Directory running on Windows 2003 Server Standard Edition R2. I have only recently installed Active Directory and DNS. I am learning quickly what I can do and not do, I hope (AD is daunting to say the least).
Please refer to the PDF at http://www.bachandbach.com/LAN/LANTopography.pdf
for a visual representation of our local network.
Currently, I need mentoring on how to do the following:
1. Control access to the Internet. Since users can login to their computers using their AD user id and password or their local user id and password, the latter does not protect who uses our Internet connection. One solution I can think of is to connect the Comcast modem directly to the 2nd NIC on the server running AD. Would I then be able to exclusively control Internet access from our LAN by doing this or is there a better way to accomplish the same thing?
2. I need to control what remote users (either using Remote Desktop or VPN) have access to with respect to servers, file directories and programs they can execute. Remote users will also need access to some IIS 6.0 web sites and some MS SQL 2005 databases but not all of these. I will need pointers on how to restrict access to those web sites and databases remote user don't need access to.
3. How do I control via AD printers which are connected directly to the router and not locally to one of the servers?
Much thanks on any help you can lend ... David