Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 398
  • Last Modified:

Disable internet access on desktops

I have a policy that forces a non existing proxy when certain users log in. I've also disabled the option for the users to change the proxy settings.
What I want to do is block internet access on several pc's. I can put the desktop in AD in the OU that has the policy but that only works for the users in that OU.
Does anybody have an idea howe I can manage to disable internet access to certain pc's. I did google a lot. Also tried Make proxy settings per-machine (rather than per user) but I can't manage to get this working. I know that it can also be done by loginscript but I hope to find an easier solution...

0
NinovanHal
Asked:
NinovanHal
  • 3
  • 2
  • 2
  • +1
1 Solution
 
MSWarriorCommented:
What firewall do you use? If your firewall has the capability to restrict access to certain IPs or machines then you can do so that way (if these users always use the same machine on the network). You might have to assign them static IPs to these machines or the names might do.
0
 
NinovanHalAuthor Commented:
Thanks, I thought about that but the firewall is administered by the UK, so not available for local administrators. I also thought about static IP adresses but then I get issues with some applications.
0
 
MSWarriorCommented:
In that case you will have to try and do it via GPO. Have you checked this:
http://www.experts-exchange.com/Security/Misc/Q_21226658.html
I haven't gone through the complete doc, but it might help.

or this might help:
http://technet.microsoft.com/en-us/magazine/2005.05.grouppolicy.aspx
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
ahmedalnoohCommented:
if you have and isa you can block it from thier
if you don't have so put the users in ou and make gpo that prevent them from opening the ie tabs of opttions and provide them with wrong proxy this will prevent them from the internet
if specific pc's you can make dhcp reservation to thier mac and give them wrong default gateway so also they can't change thier ip and cant get to the net
0
 
EvilKnievelCommented:
You have to create a loopback policy, it's explained here:
http://support.microsoft.com/kb/231287

Good luck!
0
 
NinovanHalAuthor Commented:
I've enabled Loopback processing and set it to replace.

Under Computer Configuration -> Administrative Templates -> Windows Components -> Internet Explorer I've Enabled:
Make proxy settings per-machine (rather than per user)
Disable changing proxy settings

Under User Configuration -> Windows settings -> Internet Explorer Maintenance -> Coonnections I've added the non-existing proxy server.

GPUPDATE / FORCE
It still only works for users in that OU and not for the desktop in that OU. What am I doing wrong here ?

Thanks...
0
 
NinovanHalAuthor Commented:
It took a while for it to replicate along all servers. It Works now as described above...Thanks...
0
 
EvilKnievelCommented:
Maybe this document can help you out some more:

http://grouppolicy.editme.com/Loopback

Good luck!
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 3
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now