Solved

Block Internet for a Group of users in a OU

Posted on 2011-03-02
5
343 Views
Last Modified: 2012-05-11
Hi Experts,

Can you please let me how to block a bunch of users who are in a OU in AD. I need to block internet access to the outside world but allow internal webmail access to them.

Is there a way I can do this in the Server with out using a Hardware.

Thanks
0
Comment
Question by:gs1uk
5 Comments
 
LVL 15

Expert Comment

by:JBond2010
Comment Utility
Why not exclude the gateway address on their systems from your Router/Firewall. Or you could create a GPO and link it to the OU and configure the GPO to set a proxy address which would block internet access.
0
 
LVL 33

Accepted Solution

by:
paulmacd earned 500 total points
Comment Utility
There's nothing native in AD to do this, though I can imagine a script that removes the default gateway for a group of people.  Otherwise you're likely looking at configuring something in a firewall.
0
 
LVL 15

Expert Comment

by:JBond2010
Comment Utility
On your Router/Firewall you could block port 80 on the machines you do not want to have internet access, unless their are other users you access the PCs that need internet access.
0
 
LVL 6

Expert Comment

by:chuck-williams
Comment Utility
Just as JBond mentioned, I have done this by setting up a proxy server setting in group policy that points 1.1.1.1 and then using group policy filtering to apply to a restrict internet access group. Make sure you also set it up so they cannot change proxy server settings.

You can also set "Do not use proxy server for these addresses" if you need to allow them to get to a few web applications.



0
 
LVL 2

Expert Comment

by:danny1875
Comment Utility
I think the easiest way to do that would be to reserve a range of IP addresses for the clients and then exclude that range from internet access via your firewall.
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now