Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Limiting internet access by user/ip - schedule driven. SBS2003.

Posted on 2007-07-28
Medium Priority
Last Modified: 2008-01-09

I'm the domain admin on a Windows 2003 SBS R1 SP2 (R2 will not install) server.
I need to configure it so that certain users can only access the internet between certain times each day, but always have access to the domain, shared resources, email etc.  It's just surfing i need to limit, but only for some users (the ones that never get any work done).

Can i do this within 2003 SBS? I've noticed this kind of scheduling present in some Netgear routers, but we're using a Draytek Vigor 2800VG which is excellent kit, but doesn't appear to have this facility.

Perhaps there is some additional software that you can advise me on to do this?

Thanks for your suggestions.

Question by:eMicros
LVL 74

Accepted Solution

Jeffrey Kane - TechSoEasy earned 150 total points
ID: 19584453
Before embarking on this effort, I would ask that you read my lates blog post on the subject:  Imposing Parental Controls on your Employees.  (http://sbsurl.com/controls)

While I'm not sure what the regulations would require in your area, in the US you must issue a written policy regarding the use of company IT systems (example:  http://sbsurl.com/samplepolicy.pdf).  In my opinion that should be all that it takes and if employees don't follow the policy they are dealt with in the same manner as they would be for violating any other company policy.  

My views on this are fairly strong because I believe that there is much more good that can come from having Internet access than bad.  For instance... you have turned to the Internet to help you solve this problem, wouldn't it be good if your employees were empowered to do the same?  

Now I realize you didn't come here for that type of answer, but I know that sometimes we look for a technological solution to a problem which really may need a more human touch.  That being said, I can tell you that you will really only be able to have this kind of selective control if you use a proxy such as ISA Server.  If you have SBS 2003 Premium edition then you already have ISA Server, if not, it's a version upgrad that runs about US $700.00.

You wouldn't be able to block at the router in most cases because most routers of that class don't selectively filter by the user's IP Address.  There are web filtering appliances such as those provided by www.barracudanetworks.com but they are rather pricey (about 10 time the cost of your current router).

You could use Group Policy to block specific users, I've outlined a way to do that in this question:  http:Q_22644344.html.  The example shown in that thread would have to be modified to accommodate the "specific times".  I know there is a way to have group policies only apply during specific hours, but I've never done it so I can't give you much more on that.

But there may be a better way to handle this which would not be so restrictive on your employees, but would let them know you mean business about their Internet use.  If users aren't getting their work done, then perhaps you could just keep track of their web activity and providie them with a weekly usage report so that they know that you know both where and for how long they were on the Internet.

The one program I've used for this is Activity Monitor (http://www.softactivity.com/employee-monitoring.asp).  You can download a trial version which I think works for just a couple workstations, but the who program isn't terribly expensive.  You may need to check local privacy laws to be sure that you can use it, but it's best used when the employee is very aware of it.


Author Comment

ID: 19969505
Thanks Jeff,

This was a request put to me by a client of mine.  I have advised them appropriately and they have decided against nannying their employees afterall :)


Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Written by Glen Knight (demazter) as part of a series of how-to articles. Introduction One of the biggest consumers of disk space with Small Business Server 2008(SBS) is Windows Server Update Services, more affectionately known as WSUS. For t…
Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question