Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Group policy to restrict internet access

Posted on 2008-10-25
7
1,110 Views
Last Modified: 2012-05-05
How can I restrict access to the internet using group policy?  For instance, some businesses do not allow access to webmail sites.  If not through group policy, how is this accomplished?

Thanks
0
Comment
Question by:leftwing27
  • 2
  • 2
7 Comments
 
LVL 3

Expert Comment

by:leonjs
ID: 22804551
I am not sure if you seen this link:
http://www.experts-exchange.com/Security/Misc/Q_21226658.html

But you could also accomplish this with a subscription based URL filtering solution like Websence URL Filter

Or a hardware solution like this, http://www.barracudadeals.com/products/web-filter/
or a ISA Server
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 22804563
-There is the IEAK (internet Explorer Administration Kit) which can be deployed using Group Policy and within that you can create blocked or allowed sites, but it is difficult to maintain.
-Most often it is done using routers that have the capability of allowing or blocking sites
-The best method however is to set up a proxy server. The proxy server will allow you to easily control access to sites, monitor activity, and cache frequently accessed pages to improve efficiency. Some possibilities are:
http://www.computalynx.net/software/cproxy/features.asp
http://www.websense.com
http://www.surfcontrol.com/ 
http://www.rhinosoft.com/AllegroSurf/

0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22805648
1.To setup Group Policy to restrict Internet Access,

a. Active Directory Users and Computers to create a group policy.
b. Click User configuration>Windows Settings>Internet Explorer Maintenance>Connection
c. Check enable proxy Settings and type a fake IP address, for example 192.x.x.x on HTTP
d. Under exception, type the web server IP address, for example 192.xx.xx.xx (Figure).

You can also disable/hide the lan settings page in IE as well so savy users cannot change it.
If you need to restrict very few websites ,you can do this.

http://technet.microsoft.com/en-us/magazine/cc160780.aspx

2.This is actually a free tool called URLLock that might be useful https://www.moonlightdesign.org/urllock/Main_Page

3.Content Advisor
http://www.microsoft.com/technet/prodtechnol/ie/reskit/6/part2/c05ie6rk.mspx?mfr=true

Internet Explorer 6 Security and Privacy Essentials
http://www.microsoft.com/technet/prodtechnol/ie/reskit/6/part2/c05ie6rk.mspx?mfr=true

HOW TO: Use the Internet Explorer 6 Content Advisor to Control Access to Web Sites in Internet Explorer
http://support.microsoft.com/kb/310401

Browse the Web with Internet Explorer 6 and Content Advisor
http://www.microsoft.com/windows/ie/ie6/using/howto/security/contentadv/config.mspx


0
 
LVL 18

Accepted Solution

by:
sk_raja_raja earned 250 total points
ID: 22805663
1.http://www.novell.com/products/bordermanager/

This software is absolutely fantastic.  You can specify which sites any user can access, anything else will be blocked.  Great filters.  Tremendous product.

2.Try setting up NAt on your 2003 server,using the built in filters and the ability to filter based on IP address ports ect. here is a link to a step by step setup guide. Free- as cheap as it gets!
http://www.windowsnetworking.com/articles_tutorials/NAT_Windows_2003_Setup_Configuration.html

3.http://www.acmeconsulting.it/pagine/opensource/download/squid-2.5.STABLE12-NT-bin.zip
You can configure Squid to accept requests only from some specific computers, to some specific sites, at some specific hours or days, etc.
Give a try to Squid, it really worth. And the best, it is free.

4.http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/intmgmt/35_xpncw.mspx
http://www.experts-exchange.com/Operating_Systems/Win2000/Q_20731260.html

5.http://www.webattack.com/freeware/security/fwaccess.shtml
Found a totally freeware app that will restrict time - called iProtectYou - available at above address.  Have option to select the 21-day Pro Trial - or the basic Free program.  Installs on each individual machine.  Nothing in the EULA about restrictiion of free use - save for not to moify or sell - that I can see.  Works on all computer systems.  You need to scroll down page to find the program offered - or just download it from this link -
http://www.snapfiles.com/download/dliprotectyou.html
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 22805727
sk_raja_raja as mentioned before please quote your sources. Experts-Exchange does not condone plagiarism
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_2003_Active_Directory/Q_23059014.html
http://www.experts-exchange.com/Hardware/Misc/Q_21744087.html
and so on.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This article shows how to deploy dynamic backgrounds to computers depending on the aspect ratio of display
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

861 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question