We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
Course Of The Month
Become a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Block Internet Access, Allow Intranet, No Proxy Server
Posted on 2013-01-24
Hello
I'm currently working with a company to change their group policy.
They have a group policy that sets a proxy server address off 0.0.0.0
The GP is then assigned to an OU and any user in that OU gets the proxy address and is therefore unable to access the Internet.
Now, we have a new Intranet system but because the vast majority of users have the above proxy set, they are unable to access the Intranet.
What is the best way of allowing access to the intranet, but still blocking Internet Access?
The company does not have a proxy server
Thanks in advance
I'm currently working with a company to change their group policy.
They have a group policy that sets a proxy server address off 0.0.0.0
The GP is then assigned to an OU and any user in that OU gets the proxy address and is therefore unable to access the Internet.
Now, we have a new Intranet system but because the vast majority of users have the above proxy set, they are unable to access the Intranet.
What is the best way of allowing access to the intranet, but still blocking Internet Access?
The company does not have a proxy server
Thanks in advance
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2-
2
- +2
7 Comments
Hello
Fix the GP so everyone have access and from your DHCP server publish only the subnet and DNS server. Do not publish the gateway
Fix the GP so everyone have access and from your DHCP server publish only the subnet and DNS server. Do not publish the gateway
But wouldn't that then block Internet for every user?
For instance the GPO isn't applied to one OU, which contains managers, and they are allowed Internet access
For instance the GPO isn't applied to one OU, which contains managers, and they are allowed Internet access
If everything including the intranet web server is on the same subnet , and you don;t need to route any IP traffic to other sites, you could set all the client computers to have no default gateway ( or set it to an IP address that doesn't exist). They would still be able to communicate on the local subnet but not beyond.
Then you don't need to set up any proxy server settings.
EDIT - re your comment above: if you want the managers to have different behaviour they would need to have either different IP configuration (such as pointing to a real default gateway) or different browser behaviour ( either them or the other staff pointing to a proxy server address). Depending on how many managers there are, you may be able to set up fixed IP info for them, or maybe a DHCP scope with different options and with reserved IP addresses for these computers.
Or the managers could run a script which adds (manually) an IP route to the internet, pointing at the default gateway.
Then you don't need to set up any proxy server settings.
EDIT - re your comment above: if you want the managers to have different behaviour they would need to have either different IP configuration (such as pointing to a real default gateway) or different browser behaviour ( either them or the other staff pointing to a proxy server address). Depending on how many managers there are, you may be able to set up fixed IP info for them, or maybe a DHCP scope with different options and with reserved IP addresses for these computers.
Or the managers could run a script which adds (manually) an IP route to the internet, pointing at the default gateway.
In addition with my answer aflockhart's suggestion is correct
Further on that the best solution will be a UTM device but with a cost of course...
Further on that the best solution will be a UTM device but with a cost of course...
Featured Post
Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Ever visit a website where you spotted a really cool looking Font, yet couldn't figure out which font family it belonged to, or how to get a copy of it for your own use? This article explains the process of doing exactly that, as well as showing how…
- Microsoft Applications
- Windows OS
- Fonts Typography
- Web Browsers
- Microsoft Word
Microsoft Office 365 is a subscriptions based service which includes services like Exchange Online and Skype for business Online. These services integrate with Microsoft's online version of Active Directory called Azure Active Directory.
In this video, viewers are given an introduction to using the Windows 10 Snipping Tool, how to quickly locate it when it's needed and also how make it always available with a single click of a mouse button, by pinning it to the Desktop Task Bar.
Int…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month5 days, 7 hours left to enroll
627 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.