Solved

Block Internet Access by User using SBS 2012

Posted on 2014-04-29
7
941 Views
Last Modified: 2014-05-01
I have a simple network running SBS2012.  I would like to prevent one user from accessing the internet using IE.  I tried to use a GPO but I must have done something wrong b/c the user can still access websites.  Any ideas?
0
Comment
Question by:ddalrymple
7 Comments
 
LVL 35

Expert Comment

by:Bembi
ID: 40030777
Usuall one solution for this is realized by group policies. As the browser follows either the proxy setting of the browser or the default gateway, it is a usual solution to apply a group policy for such users, which point to dummy proxy server, which does not exist,

The browser then tries to contact the proxy, and as teh proxy is a non existing target, the request wil fail.
0
 

Author Comment

by:ddalrymple
ID: 40030792
Thanks!  That is what I tried to do, however, it did not work.  I created a brand new user which had never logged on before.  Then under user Configuration\preferences\Control Panel Settings\Internet settings I created a policy for both IE 10 and IE 8/9 that set the proxy to 127.0.0.1.  I added the newly created user to the Security Filtering.  When I then logged on as the user they were able to access sites w/ no problem.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40031137
You can create a DHCP reservation for that PC with non-existent gateway.
0
Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

 
LVL 35

Expert Comment

by:Bembi
ID: 40032432
127.0.0.1 is a loopback address to point on the local machine...
Take 10.10.10.10 or any other private address.

Make sure the GPO is applied to the client. Means you can see the settings in the browser settings.
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 40033342
Unfortunately Group Policy Preferences for this type of setting doesn't work most of the time.  Check out this blog post for how to just get it set in the registry of the workstation instead:

http://thommck.wordpress.com/2013/11/08/the-new-way-to-configure-internet-explorer-proxy-settings-with-group-policy/
0
 
LVL 35

Expert Comment

by:Bembi
ID: 40034225
The point for IE proxy settings is, that there are user and machine settings. And dependend what kind of settings you used or tried in the past, your client may havd something eaten what you can not reverse now anymore...

The client has user and machine settings for proxy setting.
In the GPO, you can set proxy settings to act as machine setting rather then user setting.
And thgey are two settings in GPO, one with templates and the other with preferences, and especially the newer preferences work more than templates and vice versa.

So, before you test your policies, try to find all settings on the clients pointing to a proxy. For this, check the registry, you find the same settings in HKCU and HKLM. Make sure that the settings are clean. Then test the GPO and where you can find the settings in the registry. --> Software\Microsoft\Windows\Current Version\Internet Settings.

So, dependend where you want to set the proxy (machine / user) and dependend from where you already have settings set.
And dependend from the setting to use machine / user settings for IE, the clients take the one or the other.

To set machine settings via GPO for IE also includes the need for Loop Back Procession Mode what affect all settings and is usually used for terminal servers.

The problem with IE GPOs is not, that they do not work, they just work different than you expect.

Your steps:
- Check the client, where (user / machine) you have proxy settings.
- Check if machine or user setttings are used (what is another reg key). Check with browser
- Clean up all settings
- apply policy
- check registry, where the settings reside and what the browser takes
0
 

Author Comment

by:ddalrymple
ID: 40034562
I am trying to block access at the user level not the computer level.  The settings I tried in the GPO work fine if I apply them manually but I just couldn't get them to apply via GPO.

Thanks, everyone!
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If, like me, you have a lot of Dell servers in the estate you manage this article should save you a little time. When attempting to login to iDrac on any server I would be presented with two errors. The first reads "Do you want to run this applicati…
Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

28 Experts available now in Live!

Get 1:1 Help Now