?
Solved

Prevent users from Internet Access via an AD (Domain Controller)

Posted on 2011-03-23
6
Medium Priority
?
396 Views
Last Modified: 2012-05-11
How can I prevent certain users from having access to the internet via an AD (Domain Controller)?

What are the steps to do this please?
0
Comment
Question by:ben1211
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 4

Accepted Solution

by:
FireW0lf earned 2000 total points
ID: 35205223
2 options, both using a GPO:

1: Deny access to iexplore.exe
2: Set an IE proxy to an invalid IP address and hide the Connections tab in IE Options
0
 

Author Comment

by:ben1211
ID: 35205587
How do I start GPO?
0
 
LVL 4

Assisted Solution

by:FireW0lf
FireW0lf earned 2000 total points
ID: 35206112
Administrative Tools / Group Policy Management Console

Create a new GPO, and name it
Edit it, add in the settings
Then apply it to an AD group
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:ben1211
ID: 35275889
Is there any other way to get this done, other than GPO?
0
 
LVL 4

Assisted Solution

by:FireW0lf
FireW0lf earned 2000 total points
ID: 35276091
There probably are, but it would involve alot of work for you

GPO was created to make Admins jobs simple - you create a policy, assign it to an AD group, and it's all taken care of for you

1. Open Group Policy Management Console
2. Create a new policy, call it "No Internet" or something meaningful
3. Right click the new policy and select "Edit"

Navigate to User Configuration / Windows Settings / Internet Explorer Maintenance / Connection / Proxy Settings

Check "Enable proxy settings"
Check "Use the same proxy server for all addresses" at the bottom
Under "1. HTTP" Enter an address of 1.2.3.4 and a port of 54321 (this doesnt exist)

Now navigate to User COnfiguration / Administrative Templates / Windows Components / Internet Explorer and select Internet Control Panel
Double click "Disable the COnnections page" and select "Enable"

Close this GPO

4. Create an AD OU in Active Directory Users & Computers inside your Users OU, call it "No Internet Users" or similar
5. Put all the users who you do not wish to have Internet Access into this OU

The next time the Users log on (or when their PC does an automatic GPUpdate), the new settings will apply

You could also manually get each user to do a "GPUpdate /force" from a command prompt
0
 
LVL 4

Expert Comment

by:FireW0lf
ID: 35276123
Of course, if you have an ISA server between you and the Internet, you could use this instead - but it will still involve creating access groups. The above way only takes 5 minutes to complete
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hallo! I guess almost every Windows Administrator must have got stumped with this question "Where does WINDOWS store a users cached credentials? Every user who had once logged onto a Server/Desktop while it was connected to the domain could sti…
This is a little timesaver I have been using for setting up Microsoft Small Business Server (SBS) in the simplest possible way. It may not be appropriate for every customer. However, when you get a situation where the person who owns the server is i…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question