Solved

Group policy to restrict internet access

Posted on 2008-10-25
7
1,117 Views
Last Modified: 2012-05-05
How can I restrict access to the internet using group policy?  For instance, some businesses do not allow access to webmail sites.  If not through group policy, how is this accomplished?

Thanks
0
Comment
Question by:leftwing27
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
7 Comments
 
LVL 3

Expert Comment

by:leonjs
ID: 22804551
I am not sure if you seen this link:
http://www.experts-exchange.com/Security/Misc/Q_21226658.html

But you could also accomplish this with a subscription based URL filtering solution like Websence URL Filter

Or a hardware solution like this, http://www.barracudadeals.com/products/web-filter/
or a ISA Server
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 22804563
-There is the IEAK (internet Explorer Administration Kit) which can be deployed using Group Policy and within that you can create blocked or allowed sites, but it is difficult to maintain.
-Most often it is done using routers that have the capability of allowing or blocking sites
-The best method however is to set up a proxy server. The proxy server will allow you to easily control access to sites, monitor activity, and cache frequently accessed pages to improve efficiency. Some possibilities are:
http://www.computalynx.net/software/cproxy/features.asp
http://www.websense.com
http://www.surfcontrol.com/ 
http://www.rhinosoft.com/AllegroSurf/

0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22805648
1.To setup Group Policy to restrict Internet Access,

a. Active Directory Users and Computers to create a group policy.
b. Click User configuration>Windows Settings>Internet Explorer Maintenance>Connection
c. Check enable proxy Settings and type a fake IP address, for example 192.x.x.x on HTTP
d. Under exception, type the web server IP address, for example 192.xx.xx.xx (Figure).

You can also disable/hide the lan settings page in IE as well so savy users cannot change it.
If you need to restrict very few websites ,you can do this.

http://technet.microsoft.com/en-us/magazine/cc160780.aspx

2.This is actually a free tool called URLLock that might be useful https://www.moonlightdesign.org/urllock/Main_Page

3.Content Advisor
http://www.microsoft.com/technet/prodtechnol/ie/reskit/6/part2/c05ie6rk.mspx?mfr=true

Internet Explorer 6 Security and Privacy Essentials
http://www.microsoft.com/technet/prodtechnol/ie/reskit/6/part2/c05ie6rk.mspx?mfr=true

HOW TO: Use the Internet Explorer 6 Content Advisor to Control Access to Web Sites in Internet Explorer
http://support.microsoft.com/kb/310401

Browse the Web with Internet Explorer 6 and Content Advisor
http://www.microsoft.com/windows/ie/ie6/using/howto/security/contentadv/config.mspx


0
 
LVL 18

Accepted Solution

by:
sk_raja_raja earned 250 total points
ID: 22805663
1.http://www.novell.com/products/bordermanager/

This software is absolutely fantastic.  You can specify which sites any user can access, anything else will be blocked.  Great filters.  Tremendous product.

2.Try setting up NAt on your 2003 server,using the built in filters and the ability to filter based on IP address ports ect. here is a link to a step by step setup guide. Free- as cheap as it gets!
http://www.windowsnetworking.com/articles_tutorials/NAT_Windows_2003_Setup_Configuration.html

3.http://www.acmeconsulting.it/pagine/opensource/download/squid-2.5.STABLE12-NT-bin.zip
You can configure Squid to accept requests only from some specific computers, to some specific sites, at some specific hours or days, etc.
Give a try to Squid, it really worth. And the best, it is free.

4.http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/intmgmt/35_xpncw.mspx
http://www.experts-exchange.com/Operating_Systems/Win2000/Q_20731260.html

5.http://www.webattack.com/freeware/security/fwaccess.shtml
Found a totally freeware app that will restrict time - called iProtectYou - available at above address.  Have option to select the 21-day Pro Trial - or the basic Free program.  Installs on each individual machine.  Nothing in the EULA about restrictiion of free use - save for not to moify or sell - that I can see.  Works on all computer systems.  You need to scroll down page to find the program offered - or just download it from this link -
http://www.snapfiles.com/download/dliprotectyou.html
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 22805727
sk_raja_raja as mentioned before please quote your sources. Experts-Exchange does not condone plagiarism
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_2003_Active_Directory/Q_23059014.html
http://www.experts-exchange.com/Hardware/Misc/Q_21744087.html
and so on.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

690 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question