Solved

Block Internet Access by User using SBS 2012

Posted on 2014-04-29
7
969 Views
Last Modified: 2014-05-01
I have a simple network running SBS2012.  I would like to prevent one user from accessing the internet using IE.  I tried to use a GPO but I must have done something wrong b/c the user can still access websites.  Any ideas?
0
Comment
Question by:ddalrymple
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 35

Expert Comment

by:Bembi
ID: 40030777
Usuall one solution for this is realized by group policies. As the browser follows either the proxy setting of the browser or the default gateway, it is a usual solution to apply a group policy for such users, which point to dummy proxy server, which does not exist,

The browser then tries to contact the proxy, and as teh proxy is a non existing target, the request wil fail.
0
 

Author Comment

by:ddalrymple
ID: 40030792
Thanks!  That is what I tried to do, however, it did not work.  I created a brand new user which had never logged on before.  Then under user Configuration\preferences\Control Panel Settings\Internet settings I created a policy for both IE 10 and IE 8/9 that set the proxy to 127.0.0.1.  I added the newly created user to the Security Filtering.  When I then logged on as the user they were able to access sites w/ no problem.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40031137
You can create a DHCP reservation for that PC with non-existent gateway.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 35

Expert Comment

by:Bembi
ID: 40032432
127.0.0.1 is a loopback address to point on the local machine...
Take 10.10.10.10 or any other private address.

Make sure the GPO is applied to the client. Means you can see the settings in the browser settings.
0
 
LVL 74

Accepted Solution

by:
Jeffrey Kane - TechSoEasy earned 500 total points
ID: 40033342
Unfortunately Group Policy Preferences for this type of setting doesn't work most of the time.  Check out this blog post for how to just get it set in the registry of the workstation instead:

http://thommck.wordpress.com/2013/11/08/the-new-way-to-configure-internet-explorer-proxy-settings-with-group-policy/
0
 
LVL 35

Expert Comment

by:Bembi
ID: 40034225
The point for IE proxy settings is, that there are user and machine settings. And dependend what kind of settings you used or tried in the past, your client may havd something eaten what you can not reverse now anymore...

The client has user and machine settings for proxy setting.
In the GPO, you can set proxy settings to act as machine setting rather then user setting.
And thgey are two settings in GPO, one with templates and the other with preferences, and especially the newer preferences work more than templates and vice versa.

So, before you test your policies, try to find all settings on the clients pointing to a proxy. For this, check the registry, you find the same settings in HKCU and HKLM. Make sure that the settings are clean. Then test the GPO and where you can find the settings in the registry. --> Software\Microsoft\Windows\Current Version\Internet Settings.

So, dependend where you want to set the proxy (machine / user) and dependend from where you already have settings set.
And dependend from the setting to use machine / user settings for IE, the clients take the one or the other.

To set machine settings via GPO for IE also includes the need for Loop Back Procession Mode what affect all settings and is usually used for terminal servers.

The problem with IE GPOs is not, that they do not work, they just work different than you expect.

Your steps:
- Check the client, where (user / machine) you have proxy settings.
- Check if machine or user setttings are used (what is another reg key). Check with browser
- Clean up all settings
- apply policy
- check registry, where the settings reside and what the browser takes
0
 

Author Comment

by:ddalrymple
ID: 40034562
I am trying to block access at the user level not the computer level.  The settings I tried in the GPO work fine if I apply them manually but I just couldn't get them to apply via GPO.

Thanks, everyone!
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question