[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Block Internet for a Group of users in a OU

Posted on 2011-03-02
5
Medium Priority
?
356 Views
Last Modified: 2012-05-11
Hi Experts,

Can you please let me how to block a bunch of users who are in a OU in AD. I need to block internet access to the outside world but allow internal webmail access to them.

Is there a way I can do this in the Server with out using a Hardware.

Thanks
0
Comment
Question by:gs1uk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 15

Expert Comment

by:JBond2010
ID: 35017388
Why not exclude the gateway address on their systems from your Router/Firewall. Or you could create a GPO and link it to the OU and configure the GPO to set a proxy address which would block internet access.
0
 
LVL 34

Accepted Solution

by:
Paul MacDonald earned 2000 total points
ID: 35017397
There's nothing native in AD to do this, though I can imagine a script that removes the default gateway for a group of people.  Otherwise you're likely looking at configuring something in a firewall.
0
 
LVL 15

Expert Comment

by:JBond2010
ID: 35017405
On your Router/Firewall you could block port 80 on the machines you do not want to have internet access, unless their are other users you access the PCs that need internet access.
0
 
LVL 6

Expert Comment

by:chuck-williams
ID: 35018988
Just as JBond mentioned, I have done this by setting up a proxy server setting in group policy that points 1.1.1.1 and then using group policy filtering to apply to a restrict internet access group. Make sure you also set it up so they cannot change proxy server settings.

You can also set "Do not use proxy server for these addresses" if you need to allow them to get to a few web applications.



0
 
LVL 2

Expert Comment

by:danny1875
ID: 35019066
I think the easiest way to do that would be to reserve a range of IP addresses for the clients and then exclude that range from internet access via your firewall.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Here's a look at newsworthy articles and community happenings during the last month.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question