Disable internet access on desktops

I have a policy that forces a non existing proxy when certain users log in. I've also disabled the option for the users to change the proxy settings.
What I want to do is block internet access on several pc's. I can put the desktop in AD in the OU that has the policy but that only works for the users in that OU.
Does anybody have an idea howe I can manage to disable internet access to certain pc's. I did google a lot. Also tried Make proxy settings per-machine (rather than per user) but I can't manage to get this working. I know that it can also be done by loginscript but I hope to find an easier solution...

NinovanHalAsked:
Who is Participating?
 
EvilKnievelCommented:
You have to create a loopback policy, it's explained here:
http://support.microsoft.com/kb/231287

Good luck!
0
 
MSWarriorCommented:
What firewall do you use? If your firewall has the capability to restrict access to certain IPs or machines then you can do so that way (if these users always use the same machine on the network). You might have to assign them static IPs to these machines or the names might do.
0
 
NinovanHalAuthor Commented:
Thanks, I thought about that but the firewall is administered by the UK, so not available for local administrators. I also thought about static IP adresses but then I get issues with some applications.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
MSWarriorCommented:
In that case you will have to try and do it via GPO. Have you checked this:
http://www.experts-exchange.com/Security/Misc/Q_21226658.html
I haven't gone through the complete doc, but it might help.

or this might help:
http://technet.microsoft.com/en-us/magazine/2005.05.grouppolicy.aspx
0
 
ahmedalnoohCommented:
if you have and isa you can block it from thier
if you don't have so put the users in ou and make gpo that prevent them from opening the ie tabs of opttions and provide them with wrong proxy this will prevent them from the internet
if specific pc's you can make dhcp reservation to thier mac and give them wrong default gateway so also they can't change thier ip and cant get to the net
0
 
NinovanHalAuthor Commented:
I've enabled Loopback processing and set it to replace.

Under Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer I've Enabled:
Make proxy settings per-machine (rather than per user)
Disable changing proxy settings

Under User Configuration -> Windows settings -> Internet Explorer Maintenance -> Coonnections I've added the non-existing proxy server.

GPUPDATE / FORCE
It still only works for users in that OU and not for the desktop in that OU. What am I doing wrong here ?

Thanks...
0
 
NinovanHalAuthor Commented:
It took a while for it to replicate along all servers. It Works now as described above...Thanks...
0
 
EvilKnievelCommented:
Maybe this document can help you out some more:

http://grouppolicy.editme.com/Loopback

Good luck!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.