?
Solved

WINDOWS SERVER 2008 - Stop user/host accessing internet

Posted on 2011-03-18
11
Medium Priority
?
454 Views
Last Modified: 2012-08-13
Hi,

Is there an quick method to stop certain users within AD accessing the internet ort services?

Thanks

FF
0
Comment
Question by:FlyingFortress
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 3
11 Comments
 
LVL 4

Expert Comment

by:FireW0lf
ID: 35164408
You could set a GPO to deny it
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35164409
the easiest thing to do is to give Internet Explorer a fake proxy server. Something like 1.1.1.1 or any thing really it doesn't make a difference.

You can do this via group policy and apply the policy to a new OU with only that user in it.
0
 
LVL 1

Author Comment

by:FlyingFortress
ID: 35164421
Ok - how would i go about doing that?
0
Does Your Cloud Backup Use Blockchain Technology?

Blockchain technology has already revolutionized finance thanks to Bitcoin. Now it's disrupting other areas, including the realm of data protection. Learn how blockchain is now being used to authenticate backup files and keep them safe from hackers.

 
LVL 74

Expert Comment

by:Glen Knight
ID: 35164422
which one?!?
0
 
LVL 1

Author Comment

by:FlyingFortress
ID: 35164428
Sorry the first option. I thought they were very similar. Thanks
0
 
LVL 4

Expert Comment

by:FireW0lf
ID: 35164445
Hi

The GPO best to use would be Software Restriction - simply disallow the use of iexplore.exe to an AD group

http://technet.microsoft.com/en-us/library/bb457006.aspx tells you all about it
0
 
LVL 74

Accepted Solution

by:
Glen Knight earned 1000 total points
ID: 35164622
That would prevent the use of Internet explorer completely and any other application that relies on it!

Using a fake proxy will still allow Internet explorer to be used but would prevent access to the Internet unless you put exceptions in for specific sites.

See here for how to set it:  http://technet.microsoft.com/en-us/library/cc985352.aspx
0
 
LVL 4

Assisted Solution

by:FireW0lf
FireW0lf earned 1000 total points
ID: 35164805
And if all you do is set a proxy, then you'd need to set GPO to hide the connections tab so that users cant simply change the proxy back again

To do this its:

User Config / Admin Templates / Windows Components / Internet Explorer / Internet Control Panel

"Disable the Connections page"
0
 
LVL 74

Expert Comment

by:Glen Knight
ID: 35165040
That's all covered in the technet link I posted above.
0
 
LVL 4

Expert Comment

by:FireW0lf
ID: 35165180
There you go - 2 perfect choices  :-)

Mine stops selected people using Internet Explorer (just the program, not any of the dll's, ocx's, etc that other programs might use.... unless you have a program that actually opens iexplore.exe itself), and demazter's stops IE from getting out to the Internet

Take your pick - whichever works best for you

Personally, I use a hybrid of both within our Corp, certain groups are prevented from using iexplore.exe, and the ones who are allowed, it then has a fixed proxy, with exceptions, and the connections tab is hidden - although I have ISA servers as a real proxy instead of using a fake one - a very limited number of users are allowed access to the Internet - via strict content filtering of course
0
 
LVL 1

Author Closing Comment

by:FlyingFortress
ID: 35511581
Sorry for the delay - Thanks for this
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I was prompted to write this article after the recent World-Wide Ransomware outbreak. For years now, System Administrators around the world have used the excuse of "Waiting a Bit" before applying Security Patch Updates. This type of reasoning to me …
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses
Course of the Month12 days, 16 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question