• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 984
  • Last Modified:

Block Internet Access by User using SBS 2012

I have a simple network running SBS2012.  I would like to prevent one user from accessing the internet using IE.  I tried to use a GPO but I must have done something wrong b/c the user can still access websites.  Any ideas?
0
ddalrymple
Asked:
ddalrymple
1 Solution
 
BembiCEOCommented:
Usuall one solution for this is realized by group policies. As the browser follows either the proxy setting of the browser or the default gateway, it is a usual solution to apply a group policy for such users, which point to dummy proxy server, which does not exist,

The browser then tries to contact the proxy, and as teh proxy is a non existing target, the request wil fail.
0
 
ddalrympleAuthor Commented:
Thanks!  That is what I tried to do, however, it did not work.  I created a brand new user which had never logged on before.  Then under user Configuration\preferences\Control Panel Settings\Internet settings I created a policy for both IE 10 and IE 8/9 that set the proxy to 127.0.0.1.  I added the newly created user to the Security Filtering.  When I then logged on as the user they were able to access sites w/ no problem.
0
 
Rob WilliamsCommented:
You can create a DHCP reservation for that PC with non-existent gateway.
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
BembiCEOCommented:
127.0.0.1 is a loopback address to point on the local machine...
Take 10.10.10.10 or any other private address.

Make sure the GPO is applied to the client. Means you can see the settings in the browser settings.
0
 
Jeffrey Kane - TechSoEasyPrincipal ConsultantCommented:
Unfortunately Group Policy Preferences for this type of setting doesn't work most of the time.  Check out this blog post for how to just get it set in the registry of the workstation instead:

http://thommck.wordpress.com/2013/11/08/the-new-way-to-configure-internet-explorer-proxy-settings-with-group-policy/
0
 
BembiCEOCommented:
The point for IE proxy settings is, that there are user and machine settings. And dependend what kind of settings you used or tried in the past, your client may havd something eaten what you can not reverse now anymore...

The client has user and machine settings for proxy setting.
In the GPO, you can set proxy settings to act as machine setting rather then user setting.
And thgey are two settings in GPO, one with templates and the other with preferences, and especially the newer preferences work more than templates and vice versa.

So, before you test your policies, try to find all settings on the clients pointing to a proxy. For this, check the registry, you find the same settings in HKCU and HKLM. Make sure that the settings are clean. Then test the GPO and where you can find the settings in the registry. --> Software\Microsoft\Windows\Current Version\Internet Settings.

So, dependend where you want to set the proxy (machine / user) and dependend from where you already have settings set.
And dependend from the setting to use machine / user settings for IE, the clients take the one or the other.

To set machine settings via GPO for IE also includes the need for Loop Back Procession Mode what affect all settings and is usually used for terminal servers.

The problem with IE GPOs is not, that they do not work, they just work different than you expect.

Your steps:
- Check the client, where (user / machine) you have proxy settings.
- Check if machine or user setttings are used (what is another reg key). Check with browser
- Clean up all settings
- apply policy
- check registry, where the settings reside and what the browser takes
0
 
ddalrympleAuthor Commented:
I am trying to block access at the user level not the computer level.  The settings I tried in the GPO work fine if I apply them manually but I just couldn't get them to apply via GPO.

Thanks, everyone!
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now