49ernut
asked on
Restricting User access on SBS 2011
I need to build a GPO/User Role that will restrict the user from accessing the Internet, games, etc. and limit their access to other system resources.
What do you wish to prevent access to? You could put a pit with spikes in front of the PCs - that would restrict the users...
Seriously though you need to identify exactly what you wish to allow and disallow. Do the users need any internet access at all? Do they need to access shared files? Which ones? Will they be allowed to copy files to a USB stick? Can they change their desktop background?
You might find it easiest if you broadly state the job role and the things that they will necesarily be allowed to do / access and then start closing off everything else.
Seriously though you need to identify exactly what you wish to allow and disallow. Do the users need any internet access at all? Do they need to access shared files? Which ones? Will they be allowed to copy files to a USB stick? Can they change their desktop background?
You might find it easiest if you broadly state the job role and the things that they will necesarily be allowed to do / access and then start closing off everything else.
ASKER
I have configured file sharing already. Thank you.
Some of the domain users are to have no Internet access on any of the computers on the domain, whereas there are other users who need Internet access. The firewall this company has will only restrict Internet access by MAC address and thus will not allow for some and not for others. I was hoping for help on how to build a group policy on a SBS 2011 box that could restrict program and/or port usage.
Some of the domain users are to have no Internet access on any of the computers on the domain, whereas there are other users who need Internet access. The firewall this company has will only restrict Internet access by MAC address and thus will not allow for some and not for others. I was hoping for help on how to build a group policy on a SBS 2011 box that could restrict program and/or port usage.
OK
You can use a GPO to restrict programs, and maybe you can block some ports, using the windows firewall parameters.
Anyway SBS has ISA, that can be used as firewall-proxy with authentication. Then you can fine controll the internet access. Do you have SBS Standard ou Premium?
Dan
You can use a GPO to restrict programs, and maybe you can block some ports, using the windows firewall parameters.
Anyway SBS has ISA, that can be used as firewall-proxy with authentication. Then you can fine controll the internet access. Do you have SBS Standard ou Premium?
Dan
ASKER
SBS Standard.
Some info about setting the firewall by GPO
http://technet.microsoft.com/en-us/library/bb490626.aspx
Another approach can be Squid as proxy with Windows authentication and access level
http://www.papercut.com/blog/matt/2005/02/07/squid-proxy-and-windows-active-directory-authentication/
http://www.cyberciti.biz/faq/how-deny-access-users-to-particular-websites/
Dan
http://technet.microsoft.com/en-us/library/bb490626.aspx
Another approach can be Squid as proxy with Windows authentication and access level
http://www.papercut.com/blog/matt/2005/02/07/squid-proxy-and-windows-active-directory-authentication/
http://www.cyberciti.biz/faq/how-deny-access-users-to-particular-websites/
Dan
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Don't have time to mess around with it right now and this will work until I find a more practicle solution.
That is a large subject....
For internet is better to do it with a firewall/antivirus solution or ISA server
For games an GPO that will allow only installed apps on program filles and Windows looks enough.
http://technet.microsoft.com/en-us/library/bb457006.aspx
another restriction I think you think of file sharing restriction?
PLease let me know if you need more.
Dan