Limiting internet access by user/ip - schedule driven. SBS2003.


I'm the domain admin on a Windows 2003 SBS R1 SP2 (R2 will not install) server.
I need to configure it so that certain users can only access the internet between certain times each day, but always have access to the domain, shared resources, email etc.  It's just surfing i need to limit, but only for some users (the ones that never get any work done).

Can i do this within 2003 SBS? I've noticed this kind of scheduling present in some Netgear routers, but we're using a Draytek Vigor 2800VG which is excellent kit, but doesn't appear to have this facility.

Perhaps there is some additional software that you can advise me on to do this?

Thanks for your suggestions.

Who is Participating?
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Before embarking on this effort, I would ask that you read my lates blog post on the subject:  Imposing Parental Controls on your Employees.  (

While I'm not sure what the regulations would require in your area, in the US you must issue a written policy regarding the use of company IT systems (example:  In my opinion that should be all that it takes and if employees don't follow the policy they are dealt with in the same manner as they would be for violating any other company policy.  

My views on this are fairly strong because I believe that there is much more good that can come from having Internet access than bad.  For instance... you have turned to the Internet to help you solve this problem, wouldn't it be good if your employees were empowered to do the same?  

Now I realize you didn't come here for that type of answer, but I know that sometimes we look for a technological solution to a problem which really may need a more human touch.  That being said, I can tell you that you will really only be able to have this kind of selective control if you use a proxy such as ISA Server.  If you have SBS 2003 Premium edition then you already have ISA Server, if not, it's a version upgrad that runs about US $700.00.

You wouldn't be able to block at the router in most cases because most routers of that class don't selectively filter by the user's IP Address.  There are web filtering appliances such as those provided by but they are rather pricey (about 10 time the cost of your current router).

You could use Group Policy to block specific users, I've outlined a way to do that in this question:  http:Q_22644344.html.  The example shown in that thread would have to be modified to accommodate the "specific times".  I know there is a way to have group policies only apply during specific hours, but I've never done it so I can't give you much more on that.

But there may be a better way to handle this which would not be so restrictive on your employees, but would let them know you mean business about their Internet use.  If users aren't getting their work done, then perhaps you could just keep track of their web activity and providie them with a weekly usage report so that they know that you know both where and for how long they were on the Internet.

The one program I've used for this is Activity Monitor (  You can download a trial version which I think works for just a couple workstations, but the who program isn't terribly expensive.  You may need to check local privacy laws to be sure that you can use it, but it's best used when the employee is very aware of it.

eMicrosAuthor Commented:
Thanks Jeff,

This was a request put to me by a client of mine.  I have advised them appropriately and they have decided against nannying their employees afterall :)

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.