• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 399
  • Last Modified:

Prevent users from Internet Access via an AD (Domain Controller)

How can I prevent certain users from having access to the internet via an AD (Domain Controller)?

What are the steps to do this please?
0
ben1211
Asked:
ben1211
  • 4
  • 2
3 Solutions
 
FireW0lfCommented:
2 options, both using a GPO:

1: Deny access to iexplore.exe
2: Set an IE proxy to an invalid IP address and hide the Connections tab in IE Options
0
 
ben1211Author Commented:
How do I start GPO?
0
 
FireW0lfCommented:
Administrative Tools / Group Policy Management Console

Create a new GPO, and name it
Edit it, add in the settings
Then apply it to an AD group
0
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

 
ben1211Author Commented:
Is there any other way to get this done, other than GPO?
0
 
FireW0lfCommented:
There probably are, but it would involve alot of work for you

GPO was created to make Admins jobs simple - you create a policy, assign it to an AD group, and it's all taken care of for you

1. Open Group Policy Management Console
2. Create a new policy, call it "No Internet" or something meaningful
3. Right click the new policy and select "Edit"

Navigate to User Configuration / Windows Settings / Internet Explorer Maintenance / Connection / Proxy Settings

Check "Enable proxy settings"
Check "Use the same proxy server for all addresses" at the bottom
Under "1. HTTP" Enter an address of 1.2.3.4 and a port of 54321 (this doesnt exist)

Now navigate to User COnfiguration / Administrative Templates / Windows Components / Internet Explorer and select Internet Control Panel
Double click "Disable the COnnections page" and select "Enable"

Close this GPO

4. Create an AD OU in Active Directory Users & Computers inside your Users OU, call it "No Internet Users" or similar
5. Put all the users who you do not wish to have Internet Access into this OU

The next time the Users log on (or when their PC does an automatic GPUpdate), the new settings will apply

You could also manually get each user to do a "GPUpdate /force" from a command prompt
0
 
FireW0lfCommented:
Of course, if you have an ISA server between you and the Internet, you could use this instead - but it will still involve creating access groups. The above way only takes 5 minutes to complete
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now