Solved

Block Internet Access by User using SBS 2012

Posted on 2014-04-29
7
962 Views
Last Modified: 2014-05-01
I have a simple network running SBS2012.  I would like to prevent one user from accessing the internet using IE.  I tried to use a GPO but I must have done something wrong b/c the user can still access websites.  Any ideas?
0
Comment
Question by:ddalrymple
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 35

Expert Comment

by:Bembi
ID: 40030777
Usuall one solution for this is realized by group policies. As the browser follows either the proxy setting of the browser or the default gateway, it is a usual solution to apply a group policy for such users, which point to dummy proxy server, which does not exist,

The browser then tries to contact the proxy, and as teh proxy is a non existing target, the request wil fail.
0
 

Author Comment

by:ddalrymple
ID: 40030792
Thanks!  That is what I tried to do, however, it did not work.  I created a brand new user which had never logged on before.  Then under user Configuration\preferences\Control Panel Settings\Internet settings I created a policy for both IE 10 and IE 8/9 that set the proxy to 127.0.0.1.  I added the newly created user to the Security Filtering.  When I then logged on as the user they were able to access sites w/ no problem.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40031137
You can create a DHCP reservation for that PC with non-existent gateway.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 35

Expert Comment

by:Bembi
ID: 40032432
127.0.0.1 is a loopback address to point on the local machine...
Take 10.10.10.10 or any other private address.

Make sure the GPO is applied to the client. Means you can see the settings in the browser settings.
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 40033342
Unfortunately Group Policy Preferences for this type of setting doesn't work most of the time.  Check out this blog post for how to just get it set in the registry of the workstation instead:

http://thommck.wordpress.com/2013/11/08/the-new-way-to-configure-internet-explorer-proxy-settings-with-group-policy/
0
 
LVL 35

Expert Comment

by:Bembi
ID: 40034225
The point for IE proxy settings is, that there are user and machine settings. And dependend what kind of settings you used or tried in the past, your client may havd something eaten what you can not reverse now anymore...

The client has user and machine settings for proxy setting.
In the GPO, you can set proxy settings to act as machine setting rather then user setting.
And thgey are two settings in GPO, one with templates and the other with preferences, and especially the newer preferences work more than templates and vice versa.

So, before you test your policies, try to find all settings on the clients pointing to a proxy. For this, check the registry, you find the same settings in HKCU and HKLM. Make sure that the settings are clean. Then test the GPO and where you can find the settings in the registry. --> Software\Microsoft\Windows\Current Version\Internet Settings.

So, dependend where you want to set the proxy (machine / user) and dependend from where you already have settings set.
And dependend from the setting to use machine / user settings for IE, the clients take the one or the other.

To set machine settings via GPO for IE also includes the need for Loop Back Procession Mode what affect all settings and is usually used for terminal servers.

The problem with IE GPOs is not, that they do not work, they just work different than you expect.

Your steps:
- Check the client, where (user / machine) you have proxy settings.
- Check if machine or user setttings are used (what is another reg key). Check with browser
- Clean up all settings
- apply policy
- check registry, where the settings reside and what the browser takes
0
 

Author Comment

by:ddalrymple
ID: 40034562
I am trying to block access at the user level not the computer level.  The settings I tried in the GPO work fine if I apply them manually but I just couldn't get them to apply via GPO.

Thanks, everyone!
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question