?
Solved

Group policy to restrict internet access

Posted on 2008-10-25
7
Medium Priority
?
1,119 Views
Last Modified: 2012-05-05
How can I restrict access to the internet using group policy?  For instance, some businesses do not allow access to webmail sites.  If not through group policy, how is this accomplished?

Thanks
0
Comment
Question by:leftwing27
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
7 Comments
 
LVL 3

Expert Comment

by:leonjs
ID: 22804551
I am not sure if you seen this link:
http://www.experts-exchange.com/Security/Misc/Q_21226658.html

But you could also accomplish this with a subscription based URL filtering solution like Websence URL Filter

Or a hardware solution like this, http://www.barracudadeals.com/products/web-filter/
or a ISA Server
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 22804563
-There is the IEAK (internet Explorer Administration Kit) which can be deployed using Group Policy and within that you can create blocked or allowed sites, but it is difficult to maintain.
-Most often it is done using routers that have the capability of allowing or blocking sites
-The best method however is to set up a proxy server. The proxy server will allow you to easily control access to sites, monitor activity, and cache frequently accessed pages to improve efficiency. Some possibilities are:
http://www.computalynx.net/software/cproxy/features.asp
http://www.websense.com
http://www.surfcontrol.com/ 
http://www.rhinosoft.com/AllegroSurf/

0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22805648
1.To setup Group Policy to restrict Internet Access,

a. Active Directory Users and Computers to create a group policy.
b. Click User configuration>Windows Settings>Internet Explorer Maintenance>Connection
c. Check enable proxy Settings and type a fake IP address, for example 192.x.x.x on HTTP
d. Under exception, type the web server IP address, for example 192.xx.xx.xx (Figure).

You can also disable/hide the lan settings page in IE as well so savy users cannot change it.
If you need to restrict very few websites ,you can do this.

http://technet.microsoft.com/en-us/magazine/cc160780.aspx

2.This is actually a free tool called URLLock that might be useful https://www.moonlightdesign.org/urllock/Main_Page

3.Content Advisor
http://www.microsoft.com/technet/prodtechnol/ie/reskit/6/part2/c05ie6rk.mspx?mfr=true

Internet Explorer 6 Security and Privacy Essentials
http://www.microsoft.com/technet/prodtechnol/ie/reskit/6/part2/c05ie6rk.mspx?mfr=true

HOW TO: Use the Internet Explorer 6 Content Advisor to Control Access to Web Sites in Internet Explorer
http://support.microsoft.com/kb/310401

Browse the Web with Internet Explorer 6 and Content Advisor
http://www.microsoft.com/windows/ie/ie6/using/howto/security/contentadv/config.mspx


0
 
LVL 18

Accepted Solution

by:
sk_raja_raja earned 1000 total points
ID: 22805663
1.http://www.novell.com/products/bordermanager/

This software is absolutely fantastic.  You can specify which sites any user can access, anything else will be blocked.  Great filters.  Tremendous product.

2.Try setting up NAt on your 2003 server,using the built in filters and the ability to filter based on IP address ports ect. here is a link to a step by step setup guide. Free- as cheap as it gets!
http://www.windowsnetworking.com/articles_tutorials/NAT_Windows_2003_Setup_Configuration.html

3.http://www.acmeconsulting.it/pagine/opensource/download/squid-2.5.STABLE12-NT-bin.zip
You can configure Squid to accept requests only from some specific computers, to some specific sites, at some specific hours or days, etc.
Give a try to Squid, it really worth. And the best, it is free.

4.http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/intmgmt/35_xpncw.mspx
http://www.experts-exchange.com/Operating_Systems/Win2000/Q_20731260.html

5.http://www.webattack.com/freeware/security/fwaccess.shtml
Found a totally freeware app that will restrict time - called iProtectYou - available at above address.  Have option to select the 21-day Pro Trial - or the basic Free program.  Installs on each individual machine.  Nothing in the EULA about restrictiion of free use - save for not to moify or sell - that I can see.  Works on all computer systems.  You need to scroll down page to find the program offered - or just download it from this link -
http://www.snapfiles.com/download/dliprotectyou.html
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 22805727
sk_raja_raja as mentioned before please quote your sources. Experts-Exchange does not condone plagiarism
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_2003_Active_Directory/Q_23059014.html
http://www.experts-exchange.com/Hardware/Misc/Q_21744087.html
and so on.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses
Course of the Month13 days, 21 hours left to enroll

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question