Solved

Group policy to restrict internet access

Posted on 2008-10-25
7
1,103 Views
Last Modified: 2012-05-05
How can I restrict access to the internet using group policy?  For instance, some businesses do not allow access to webmail sites.  If not through group policy, how is this accomplished?

Thanks
0
Comment
Question by:leftwing27
  • 2
  • 2
7 Comments
 
LVL 3

Expert Comment

by:leonjs
ID: 22804551
I am not sure if you seen this link:
http://www.experts-exchange.com/Security/Misc/Q_21226658.html

But you could also accomplish this with a subscription based URL filtering solution like Websence URL Filter

Or a hardware solution like this, http://www.barracudadeals.com/products/web-filter/
or a ISA Server
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 22804563
-There is the IEAK (internet Explorer Administration Kit) which can be deployed using Group Policy and within that you can create blocked or allowed sites, but it is difficult to maintain.
-Most often it is done using routers that have the capability of allowing or blocking sites
-The best method however is to set up a proxy server. The proxy server will allow you to easily control access to sites, monitor activity, and cache frequently accessed pages to improve efficiency. Some possibilities are:
http://www.computalynx.net/software/cproxy/features.asp
http://www.websense.com
http://www.surfcontrol.com/ 
http://www.rhinosoft.com/AllegroSurf/

0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22805648
1.To setup Group Policy to restrict Internet Access,

a. Active Directory Users and Computers to create a group policy.
b. Click User configuration>Windows Settings>Internet Explorer Maintenance>Connection
c. Check enable proxy Settings and type a fake IP address, for example 192.x.x.x on HTTP
d. Under exception, type the web server IP address, for example 192.xx.xx.xx (Figure).

You can also disable/hide the lan settings page in IE as well so savy users cannot change it.
If you need to restrict very few websites ,you can do this.

http://technet.microsoft.com/en-us/magazine/cc160780.aspx

2.This is actually a free tool called URLLock that might be useful https://www.moonlightdesign.org/urllock/Main_Page

3.Content Advisor
http://www.microsoft.com/technet/prodtechnol/ie/reskit/6/part2/c05ie6rk.mspx?mfr=true

Internet Explorer 6 Security and Privacy Essentials
http://www.microsoft.com/technet/prodtechnol/ie/reskit/6/part2/c05ie6rk.mspx?mfr=true

HOW TO: Use the Internet Explorer 6 Content Advisor to Control Access to Web Sites in Internet Explorer
http://support.microsoft.com/kb/310401

Browse the Web with Internet Explorer 6 and Content Advisor
http://www.microsoft.com/windows/ie/ie6/using/howto/security/contentadv/config.mspx


0
 
LVL 18

Accepted Solution

by:
sk_raja_raja earned 250 total points
ID: 22805663
1.http://www.novell.com/products/bordermanager/

This software is absolutely fantastic.  You can specify which sites any user can access, anything else will be blocked.  Great filters.  Tremendous product.

2.Try setting up NAt on your 2003 server,using the built in filters and the ability to filter based on IP address ports ect. here is a link to a step by step setup guide. Free- as cheap as it gets!
http://www.windowsnetworking.com/articles_tutorials/NAT_Windows_2003_Setup_Configuration.html

3.http://www.acmeconsulting.it/pagine/opensource/download/squid-2.5.STABLE12-NT-bin.zip
You can configure Squid to accept requests only from some specific computers, to some specific sites, at some specific hours or days, etc.
Give a try to Squid, it really worth. And the best, it is free.

4.http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/intmgmt/35_xpncw.mspx
http://www.experts-exchange.com/Operating_Systems/Win2000/Q_20731260.html

5.http://www.webattack.com/freeware/security/fwaccess.shtml
Found a totally freeware app that will restrict time - called iProtectYou - available at above address.  Have option to select the 21-day Pro Trial - or the basic Free program.  Installs on each individual machine.  Nothing in the EULA about restrictiion of free use - save for not to moify or sell - that I can see.  Works on all computer systems.  You need to scroll down page to find the program offered - or just download it from this link -
http://www.snapfiles.com/download/dliprotectyou.html
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 22805727
sk_raja_raja as mentioned before please quote your sources. Experts-Exchange does not condone plagiarism
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_2003_Active_Directory/Q_23059014.html
http://www.experts-exchange.com/Hardware/Misc/Q_21744087.html
and so on.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now