I have a domain controlled by a Windows 2008R2 server. All users log into the domain utilizing Active Directories. We also have an Exchange server and a Remote Desktop Server. All servers on the Domain utilize domain controller for authentication...etc.
I have a user that is utilizing a PC workstation as well as a Remote Desktop session on the Remote Desktop Server.
I have been able to block his PC workstation from accessing the Internet via the firewall. I would like to take it a step further and block this domain user from accessing the Internet whether he signs onto remote desktop server or another PC on the domain.
This user is to be allowed normal privileges on the LAN network. File share, Remote Desktop Services, and Exchange.
I am assuming I would adjust group policies on the server. Can this be done through group policies and if so, where would I adjust this?