I know there are lots of posts out there regarding the same issue, but I need it broken down for me.
I am running a Server 2003 doing DNS and DHCP on the domain. Right now, I just have an Adtran firewall installed by our ISP doing the NAT and forwarding a port or two for our VPN and Applications.
What I want to do is lock down internet access to the workstations in the domain. I do not want everyone locked down, Administrators, and special groups need to have certain access. These groups are already defined in AD on the 2003 Server.
Is there a way to lock down internet access at different levels for the different groups without having to buy ISA or a content filtering solution?
I am going to be buying a firewall shortly, so I can do all the configuration on that. Any recomendations on what gear I should get to help me out in this area would be useful.
I have read a little about proxies, but I do not understand how they work or where to begin setting one up. Also I have an intranet server that I can install some software on to do all this if someone has any recomendations for a software solution that does not have to be on the server that is doing the DHCP/DNS.