Solved

How can I block some PCs to the Internet ?

Posted on 2008-10-23
12
221 Views
Last Modified: 2013-12-08
My boss is asking me to block some PCs to the Internet but can still get email using POP3.
What's the easy way to do?

Environment :
Server : 1 x Windows 2003 Standard Server
PCs : 10 x PCs XP Professional SP2
PCs software: NAV version 10
Network Media: Standard Cat 5 Cable
Switch : Simple 16 ports 10/100 Mbps switch hub ( Non-management module )
Router : ADSL modem to Internet

0
Comment
Question by:Joe_LAI
12 Comments
 
LVL 1

Expert Comment

by:lk-data
ID: 22784517
You can do it with an IP Security Policy in Group Policy - Computer Configuration | Windows Settings | Security Settings | IP Security Policies. If you've already assigned an IP Security Policy then edit it to include the blocking of port 80 and 443.
0
 

Author Comment

by:Joe_LAI
ID: 22784590
Is it doing on the server ? All PCs are using manually IP address. No using DHCP at router or server.
PCs IP setting:
IP address 10.0.0.100 - 110
Subnet Mask 255.255.255.0
Default Gateway: 10.0.0.1
DNS : 10.0.0.10
Server  IP setting:
IP address 10.0.0.10
Subnet Mask 255.255.255.0
Default Gateway: 10.0.0.1
DNS : 10.0.0.1
0
 
LVL 1

Expert Comment

by:lk-data
ID: 22784738
Are yout PC's in a Domain?

If yes then you do it on the Server, and it will be put on the workstations at logon. Otherwise you have to do it on every local Workstation, then you have to be sure the users can't access the Group policy settings, or they can remake the settings if they know how to do that...

The IP address has nothing to do with this policy.
0
 

Author Comment

by:Joe_LAI
ID: 22785096
Yes, all PCs are in a Domain.
How to select block PCs to IP Security Policy
0
 
LVL 1

Expert Comment

by:lk-data
ID: 22785371
0
 
LVL 1

Expert Comment

by:lk-data
ID: 22785517
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:Joe_LAI
ID: 22785518
I tried to setup but not working. Any other way to do that ?
0
 
LVL 1

Accepted Solution

by:
lk-data earned 400 total points
ID: 22785613
I found this site, with some screendumps on:

http://www.petri.co.il/block_web_browsing_with_ipsec.htm

0
 
LVL 1

Assisted Solution

by:lk-data
lk-data earned 400 total points
ID: 22785650
The same site in the buttom there is this link:

http://www.petri.co.il/configuring_ipsec_policies_through_gpo.htm

This is the way to do it on the server, and let the logon distrubute it to the workstations, when the users logon the domain.

0
 
LVL 4

Assisted Solution

by:smittyboom
smittyboom earned 100 total points
ID: 22787002
Simple way to do it.
Open IE>Internet Options>Connections>LAN Settings>Check Use A Proxy Server>type 0.0.0.0. in the box and check the bypass proxy for local sites.
0
 
LVL 9

Expert Comment

by:Sci-Fi-Si
ID: 22790292
Nice one smittyboom, I like the cut of ya jib ma' boy what can I add to that?

Problem solved
0
 
LVL 1

Expert Comment

by:lk-data
ID: 22790375
That's too easy to undo, and the group policy this is one thing you only have to do once, then all there logon to the domain get this group policy, and can't browse the web.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Suggested Solutions

Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
A high-level exploration of how our ever-increasing access to information has changed the way we do our jobs.
This Micro Tutorial will demonstrate how to add subdomains to your content reports. This can be very importing in having a site with multiple subdomains.
Shows how to create a shortcut to site-search Experts Exchange using Google in the Chrome browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch the Search Engine Menu: In chrome, via you…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now