Solved

Group policy to restrict internet access

Posted on 2008-10-25
7
1,099 Views
Last Modified: 2012-05-05
How can I restrict access to the internet using group policy?  For instance, some businesses do not allow access to webmail sites.  If not through group policy, how is this accomplished?

Thanks
0
Comment
Question by:leftwing27
  • 2
  • 2
7 Comments
 
LVL 3

Expert Comment

by:leonjs
ID: 22804551
I am not sure if you seen this link:
http://www.experts-exchange.com/Security/Misc/Q_21226658.html

But you could also accomplish this with a subscription based URL filtering solution like Websence URL Filter

Or a hardware solution like this, http://www.barracudadeals.com/products/web-filter/
or a ISA Server
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 22804563
-There is the IEAK (internet Explorer Administration Kit) which can be deployed using Group Policy and within that you can create blocked or allowed sites, but it is difficult to maintain.
-Most often it is done using routers that have the capability of allowing or blocking sites
-The best method however is to set up a proxy server. The proxy server will allow you to easily control access to sites, monitor activity, and cache frequently accessed pages to improve efficiency. Some possibilities are:
http://www.computalynx.net/software/cproxy/features.asp
http://www.websense.com
http://www.surfcontrol.com/
http://www.rhinosoft.com/AllegroSurf/

0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22805648
1.To setup Group Policy to restrict Internet Access,

a. Active Directory Users and Computers to create a group policy.
b. Click User configuration>Windows Settings>Internet Explorer Maintenance>Connection
c. Check enable proxy Settings and type a fake IP address, for example 192.x.x.x on HTTP
d. Under exception, type the web server IP address, for example 192.xx.xx.xx (Figure).

You can also disable/hide the lan settings page in IE as well so savy users cannot change it.
If you need to restrict very few websites ,you can do this.

http://technet.microsoft.com/en-us/magazine/cc160780.aspx

2.This is actually a free tool called URLLock that might be useful https://www.moonlightdesign.org/urllock/Main_Page

3.Content Advisor
http://www.microsoft.com/technet/prodtechnol/ie/reskit/6/part2/c05ie6rk.mspx?mfr=true

Internet Explorer 6 Security and Privacy Essentials
http://www.microsoft.com/technet/prodtechnol/ie/reskit/6/part2/c05ie6rk.mspx?mfr=true

HOW TO: Use the Internet Explorer 6 Content Advisor to Control Access to Web Sites in Internet Explorer
http://support.microsoft.com/kb/310401

Browse the Web with Internet Explorer 6 and Content Advisor
http://www.microsoft.com/windows/ie/ie6/using/howto/security/contentadv/config.mspx


0
 
LVL 18

Accepted Solution

by:
sk_raja_raja earned 250 total points
ID: 22805663
1.http://www.novell.com/products/bordermanager/

This software is absolutely fantastic.  You can specify which sites any user can access, anything else will be blocked.  Great filters.  Tremendous product.

2.Try setting up NAt on your 2003 server,using the built in filters and the ability to filter based on IP address ports ect. here is a link to a step by step setup guide. Free- as cheap as it gets!
http://www.windowsnetworking.com/articles_tutorials/NAT_Windows_2003_Setup_Configuration.html

3.http://www.acmeconsulting.it/pagine/opensource/download/squid-2.5.STABLE12-NT-bin.zip
You can configure Squid to accept requests only from some specific computers, to some specific sites, at some specific hours or days, etc.
Give a try to Squid, it really worth. And the best, it is free.

4.http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/intmgmt/35_xpncw.mspx
http://www.experts-exchange.com/Operating_Systems/Win2000/Q_20731260.html

5.http://www.webattack.com/freeware/security/fwaccess.shtml
Found a totally freeware app that will restrict time - called iProtectYou - available at above address.  Have option to select the 21-day Pro Trial - or the basic Free program.  Installs on each individual machine.  Nothing in the EULA about restrictiion of free use - save for not to moify or sell - that I can see.  Works on all computer systems.  You need to scroll down page to find the program offered - or just download it from this link -
http://www.snapfiles.com/download/dliprotectyou.html
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 22805727
sk_raja_raja as mentioned before please quote your sources. Experts-Exchange does not condone plagiarism
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_2003_Active_Directory/Q_23059014.html
http://www.experts-exchange.com/Hardware/Misc/Q_21744087.html
and so on.
0

Join & Write a Comment

My last post dealt with using group policy preferences to set file associations, a very handy usage for a GPP. Today I am going to share another cool GPP trick, this may be a specific scenario but I run into these situations frequently in my activit…
Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now