Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Block Internet Access by User using SBS 2012

Posted on 2014-04-29
7
Medium Priority
?
979 Views
Last Modified: 2014-05-01
I have a simple network running SBS2012.  I would like to prevent one user from accessing the internet using IE.  I tried to use a GPO but I must have done something wrong b/c the user can still access websites.  Any ideas?
0
Comment
Question by:ddalrymple
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 35

Expert Comment

by:Bembi
ID: 40030777
Usuall one solution for this is realized by group policies. As the browser follows either the proxy setting of the browser or the default gateway, it is a usual solution to apply a group policy for such users, which point to dummy proxy server, which does not exist,

The browser then tries to contact the proxy, and as teh proxy is a non existing target, the request wil fail.
0
 

Author Comment

by:ddalrymple
ID: 40030792
Thanks!  That is what I tried to do, however, it did not work.  I created a brand new user which had never logged on before.  Then under user Configuration\preferences\Control Panel Settings\Internet settings I created a policy for both IE 10 and IE 8/9 that set the proxy to 127.0.0.1.  I added the newly created user to the Security Filtering.  When I then logged on as the user they were able to access sites w/ no problem.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40031137
You can create a DHCP reservation for that PC with non-existent gateway.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 35

Expert Comment

by:Bembi
ID: 40032432
127.0.0.1 is a loopback address to point on the local machine...
Take 10.10.10.10 or any other private address.

Make sure the GPO is applied to the client. Means you can see the settings in the browser settings.
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 1500 total points
ID: 40033342
Unfortunately Group Policy Preferences for this type of setting doesn't work most of the time.  Check out this blog post for how to just get it set in the registry of the workstation instead:

http://thommck.wordpress.com/2013/11/08/the-new-way-to-configure-internet-explorer-proxy-settings-with-group-policy/
0
 
LVL 35

Expert Comment

by:Bembi
ID: 40034225
The point for IE proxy settings is, that there are user and machine settings. And dependend what kind of settings you used or tried in the past, your client may havd something eaten what you can not reverse now anymore...

The client has user and machine settings for proxy setting.
In the GPO, you can set proxy settings to act as machine setting rather then user setting.
And thgey are two settings in GPO, one with templates and the other with preferences, and especially the newer preferences work more than templates and vice versa.

So, before you test your policies, try to find all settings on the clients pointing to a proxy. For this, check the registry, you find the same settings in HKCU and HKLM. Make sure that the settings are clean. Then test the GPO and where you can find the settings in the registry. --> Software\Microsoft\Windows\Current Version\Internet Settings.

So, dependend where you want to set the proxy (machine / user) and dependend from where you already have settings set.
And dependend from the setting to use machine / user settings for IE, the clients take the one or the other.

To set machine settings via GPO for IE also includes the need for Loop Back Procession Mode what affect all settings and is usually used for terminal servers.

The problem with IE GPOs is not, that they do not work, they just work different than you expect.

Your steps:
- Check the client, where (user / machine) you have proxy settings.
- Check if machine or user setttings are used (what is another reg key). Check with browser
- Clean up all settings
- apply policy
- check registry, where the settings reside and what the browser takes
0
 

Author Comment

by:ddalrymple
ID: 40034562
I am trying to block access at the user level not the computer level.  The settings I tried in the GPO work fine if I apply them manually but I just couldn't get them to apply via GPO.

Thanks, everyone!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
An article on effective troubleshooting
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question