Avatar of shaw71
shaw71
Flag for United States of America asked on

Blocking all Internet access for a specific Domain user on Windows 2008R2 domain.

I have a domain controlled by a Windows 2008R2 server.  All users log into the domain utilizing Active Directories.  We also have an Exchange server and a Remote Desktop Server. All servers on the Domain utilize domain controller for authentication...etc.

I have a user that is utilizing a PC workstation as well as a Remote Desktop session on the Remote Desktop Server.

I have been able to block his PC workstation from accessing the Internet via the firewall.  I would like to take it a step further and block this domain user from accessing the Internet whether he signs onto remote desktop server or another PC on the domain.  

This user is to be allowed normal privileges on the LAN network.  File share, Remote Desktop Services, and Exchange.

I am assuming I would adjust group policies on the server.  Can this be done through group policies and if so, where would I adjust this?

Thank you
Shawn
Microsoft Server OSWindows Server 2008Active Directory

Avatar of undefined
Last Comment
Krzysztof Pytko

8/22/2022 - Mon
SOLUTION
Tony Giangreco

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
ASKER CERTIFIED SOLUTION
Krzysztof Pytko

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
shaw71

ASKER
Krzysztof,

I went into the MMC and pulled up the Group Policy Object editor which edits the Local Group Policy Objects. I found where I can enter in the Proxy settings.  My concern at this point is that this is a global change not a user change.  Can you confirm that I am in the correct location for the 127.0.0.1 implementation section of your instruction?

Thanks!
Shawn

ps the screen shot is attached.
GPO.JPG
Krzysztof Pytko

Yes, this is global change for local machine. Is that domain environment ? If so, you need to create GPO and apply GPO Security filtering.

To create GPO you need to use GPMC or Active Directory Users and Computers consoles.

If you're interested, I can prepare a short guide for you

Krzysztof
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23