Solved

Controling Internet Access

Posted on 2013-06-26
4
291 Views
Last Modified: 2013-08-13
I have a network that is primarily server 2008 R2 and windows 7  with a few xp machines still left.

We need to lock down internet access on production floor terminals to prevent abuse. Theere are several clound servics that all users need and thus need internet access for so I need help with a way to lock down access except these specific sites.

Also there are 2-3 users that need to use these same machines that need full unrestricted internet access when they log in.

There is really not a budget so it would be hard to buy any 3rd party warez. is there a way to do this in server 2008 with GPO's maybe?

I am very green on GPO's use and creation so I wanted to see if someone maybe had a example of something similar?
0
Comment
Question by:ATL74
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 19

Expert Comment

by:Miguel Angel Perez Muñoz
ID: 39278128
You can use linux with squid, you need any kind of proxy to control Internet access.
0
 

Author Comment

by:ATL74
ID: 39278631
Looking for more of a GPO method if possible to do this with what we have and not buy things or install additional items to the network.
0
 
LVL 12

Accepted Solution

by:
TomRScott earned 500 total points
ID: 39279906
When you reference "Internet access" do you really mean all Internet access, including e-mail, etc, or just web on the Internet?

What firewall are you using?

Depending on the firewall, you may be able to have it proxy web access based on user ID. Some firewalls support LDAP linkage to AD to acquire user names and may be able to restrict all but those in a given AD (or firewall) user group.

Because you wish to have permitted users accessing otherwise restricted sites from the otherwise restricted workstations, some proxy system is probably your best bet. If all you wanted was to restrict ALL Internet access, you could just drop the gateway address from the restricted workstations (if production does NOT need access to another LAN).

 - Tom
0
 

Author Comment

by:ATL74
ID: 39281049
I just wan to drop website access not email and such and only drop website access for some users. There about 10 sites for SaS applications that all users need access to.

Using Sonicwall Tz 200 firewall but we would rather handle it based on GPO if possible.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question